Recover data from external USB, locked by bitlocker
Latest update: THIS IS NOT A GENERAL DISCUSSION. Its an unanswered question that moderaters have no clue about. I encrypted an external usb drive (140GB data) with bitlocker. I have the recovery key and the password. But ever since I encrypted the drive with bitlocker, I am unable to access any data. Windows 7 ultimate When I try to unlock, I get a prompt for entering pass. I enter the pass (wrong pass throughs error within a minute, so I know that I am entering the right password if I am not erroring out) and then the GUI freezes for ever! I left the system for about 3 hours, and it dint manage to open the files until then. Bitlocker screen was frozen. Now, I killed that process and tried to unlock again. This time, I used the recover key option and I supplied the key that I had stored in a file on my system. I get the same behavior with it too! The GUI freezes and I cant get past it. A little digging around, and I get to kb928201. So, now I try to recover data using the command: repair-bde.exe g: h: -rp 231858-224422-xxxxxx-xxxxxx-395065-XXXXXX-063415-131890 I get the following on the prompt: BitLocker Drive Encryption: Repair Tool version 6.0.6000 Copyright (C) 2006-2007 Microsoft Corporation. Beginning scan for BitLocker metadata. Scanning boot sectors for pointer to metadata: 100% Scanning cluster boundaries for metadata: 100% Scanning sector boundaries for metadata: 100% Finished scanning for BitLocker metadata. ERROR: The input volume has suffered damages to critical information related to the decryption key. Please try the -KeyPackage option to specify a key package. The volume may not be recoverable. Now, I am really stuck. I cant figure out how to use the -keypackage option, becuase I dont remember saving any key package. I was prompted to store information in a file, and I did that. So I have the recovery key and I remember the pass too. I read a few other threads related to the same topic and dint find anyone that would help me get my data back. So reaching out to all the geniuses who have solved this problem before for F1! Help! F1! Help!
November 4th, 2010 9:17pm

I watched your video. So when you use GUI, your system freeze. Lets do this: Open elevated command prompt and run the below command. >manage-bde -protectors -get H: where H is the drive letter of the USB device. >manage-bde -unlock H: -rp "xxxx-xxxx-xxxx-xxxx" Let me know results of these 2 commands. ThanksManoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
December 3rd, 2010 9:22pm

Ron, C:\Users\Administrator>manage-bde -protectors -get H: Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. Volume H: [Label Unknown] All Key Protectors ERROR: No key protectors found. There are no key protectors for bitlocker on this volume. Did you delete the protectors manually by using manage-bde command. When we encrypt a bitlocker to go volume, we add Password and Numerical Password as a key protector. Since you have 48 digit recovery password with you, this protector should have been listed here in the results. Are you looking at the correct drive? Manoj Sehgal
December 4th, 2010 10:24am

Manoj, It may be because I am running your commands on a different OS (win2k8) rather than win7. I had formatted my computer drive (not the usb) a couple of weeks back and havent got everything in place yet. Surprisingly, when I connect my usb drive, bitlocker does not recognise it (on win2k8..will check on win7 after factory restore) and prompts for formatting it. I dint get this behavior a month back. Even win2k8 would recognise the bitlocker drive and prompt for pass (and eventually freeze). But give me a couple of days to get back to you after I repeat your steps on win7. The drive is still the same. I did run some manage-bde commands listed in the msdn resources, a month back when all of this had happened. I am sure I did not use the delete command in manage-bde. Most of the usage was around recovery.
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2010 1:22pm

Manoj, Thanks for looking into this. Here is the output: C:\Users\Administrator>manage-bde -protectors -get H: Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. Volume H: [Label Unknown] All Key Protectors ERROR: No key protectors found. C:\Users\Administrator>manage-bde -unlock H: -rp 31858-22-33-02-35-36-05-10 Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. C:\Windows\system32\manage-bde.wsf(1831, 6) SWbemObjectEx: The parameter is incorrect. note: I have changed the key deliberately here.
December 4th, 2010 2:57pm

Manoj, I was able to do a factory restore. On win7, when I plug in the device, it prompts me for a password to unlock the drive. I do that, and the bitlocker-app screen hangs. I was able to run your commands from a win7 installation. Here is the output: C:\Windows\system32>manage-bde -protectors -get H: BitLocker Drive Encryption: Configuration Tool version 6.1.7600 Copyright (C) Microsoft Corporation. All rights reserved. Volume H: [Label Unknown] All Key Protectors Password: ID: {FDCBC62C-F810-4D91-BFEE-06B98F4043A1} Numerical Password: ID: {C3EADE92-5379-41E4-857C-D9A0E5205359} C:\Windows\system32>manage-bde -unlock H: -rp 231858-224422-3XXXX3-0XXXX2-3XXXX5-3XXXX6-0XXXX5-1XXXX0 BitLocker Drive Encryption: Configuration Tool version 6.1.7600 Copyright (C) Microsoft Corporation. All rights reserved. This prompt stays like this forever, unless I exit it (ctrl + c). I had this same behavior a month back too when I was exploring manage-bde. Now what do I do? Also, are there any logs generated during this process that can be looked at? My USB light is blinking, indicating some activity, but that will go on for ever.
Free Windows Admin Tool Kit Click here and download it now
December 5th, 2010 1:15am

Ron, So you have two protectors for this volume. You have tried 48 digit recovery password. Can you try the numerical password and send me the results. >manage-bde -unlock H: -pw "xxxxxxxxx" Manoj Sehgal
December 6th, 2010 9:01am

C:\Windows\system32>manage-bde -unlock H: -pw "XXXXXXXXX" BitLocker Drive Encryption: Configuration Tool version 6.1.7600 Copyright (C) Microsoft Corporation. All rights reserved. ERROR: Invalid Syntax. "XXXXXXXX" was not understood. Type "manage-bde -?" for usage. C:\Windows\system32>manage-bde -unlock H: -pw BitLocker Drive Encryption: Configuration Tool version 6.1.7600 Copyright (C) Microsoft Corporation. All rights reserved. Enter the password to unlock this volume: I entered the password at this prompt. The password was accepted and then that's where it stops/hangs. The device is still unlocked; even though there seems to be some activity with it.
Free Windows Admin Tool Kit Click here and download it now
December 6th, 2010 10:42am

You said: I entered the password at this prompt. The password was accepted and then that's where it stops/hangs. The device is still unlocked; even though there seems to be some activity with it. If you open Disk Management, do you see it as RAW or it has NTFS file system. Also what is the output of this command: >manage-bde -status H: Manoj Sehgal
December 6th, 2010 11:15am

I was about to add information on the Disk management bit in my previous post :) Well, the Disk management shows this drive as healthy. The file system is showing up as "Unknown (Bitlocker Encrypted)" Here's the exact text: (H:) 465.76 GB Unknown (Bitlocker Encrypted) Healthy (Active, Primary Partition) C:\Windows\system32>manage-bde -status H: BitLocker Drive Encryption: Configuration Tool version 6.1.7600 Copyright (C) Microsoft Corporation. All rights reserved. Volume H: [Label Unknown] [Data Volume] Size: Unknown GB BitLocker Version: Windows 7 Conversion Status: Unknown Percentage Encrypted: Unknown% Encryption Method: AES 128 with Diffuser Protection Status: Unknown Lock Status: Locked Identification Field: Unknown Automatic Unlock: Disabled Key Protectors: Password Numerical Password C:\Windows\system32>
Free Windows Admin Tool Kit Click here and download it now
December 6th, 2010 11:30am

Ron, Your drive is still locked. Install this patch first and then try if you can unlock your device using the GUI. http://support.microsoft.com/kb/975496 You can try this latest patch which if for fvevol.sys. http://support.microsoft.com/kb/979344 Let me know if it helps you or not. Manoj Sehgal
December 6th, 2010 4:29pm

The first hotfix does not work for me. When I install it, I get a prompt that the update is not applicable for my sys. The second hotfix installs. I made the change in the registry and restarted the system. But all these changes does not affect anything, effectively. The GUI hangs (goes into "not responding" mode), and the command-line does not return the prompt. Disk-manager reports the drive as healthy. Wrong passwords throw back an error indicating that. The right password just dosent do it. With the right password, there is continuos activity on the external drive (blinking lights indicating IO, can feel the spinning disk), but the drive does not decrypt back. What else can I try?
Free Windows Admin Tool Kit Click here and download it now
December 7th, 2010 10:46am

Ron, The only option we have now is to use repair-bde with -kp option. http://technet.microsoft.com/en-us/library/ee706528(WS.10).aspx#BKMK_keypackage If the path to the key package is not specified, Repair-bde will search the drive for a key package. However, if the hard drive has been damaged, the tool may not be able to find the package and will prompt you to provide the path. We recommend that you include the key package in the Active Directory key storage so that you can export the key package if needed. Do you have additional disk where we can try to extract the data? we require same space as H drive. I know you tried this repair-bde.exe g: h: -rp 231858-224422-xxxxxx-xxxxxx-395065-XXXXXX-063415-131890 but you did not mention -kp, since you were not aware where the -kp is located. Also specify -lf log file location when you execute the command. let me know how it goes. Also keep in mind, if we make progress when you use repair-bde command you need to run chkdsk /f on the volume where you point the data to. Manoj Sehgal
December 8th, 2010 12:14pm

HI manoj I have the same problem because the encryption process didn't complete, but when I write your commands I have two diffrent feedback than RON C:\users\administrator>manage-bde -protectors -get I: http://img857.imageshack.us/img857/1886/73108305.jpg C:\users\administrator>manage-bde -unlock I: -rp 067793-640464-412566-408958-711975-050721-466444-318934 no feedback for last command waiting your advice thank you mkady7
Free Windows Admin Tool Kit Click here and download it now
April 21st, 2011 8:21am

RON Did you find a solution for your problem?? because I have the Same problem if your answer yes please reply thank you mkady7
April 21st, 2011 1:24pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics