bitlocker fails at boot
Bitlocker considers docking and undocking from a dell docking station as a change in configuration and requires the key. Any one else having this problem? Any suggestion?
December 1st, 2007 7:58am

Hi, If you use BitLocker Drive Encryption on a computer that has the Trusted Platform Module (TPM) security hardware (a special microchip in some newer computers that supports advanced security features), version 1.2 or higher, the TPM checks the system during startup for conditions that could indicate a security risk. These conditions could include disk errors, changes to the basic input/output system (BIOS) , changes to other startup components, or evidence that the hard disk is being started in a different computer. If the TPM detects such a condition, BitLocker will not unlock the drive with Windows installed on it and will enter a recovery mode that requires the BitLocker recovery password to unlock it. Notes Some BitLocker features and settings can be enabled by Group Policy settings. Assistive technology software that runs on Windows, such as screen reading software, cannot read BitLocker startup screens because they are displayed during BIOS startup and before Windows runs. This includes screens used when you type a PIN or recovery password, and any BitLocker error messages. Additional Reference Windows BitLocker Drive Encryption Step-by-Step Guide http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true Windows BitLocker Drive Encryption Frequently Asked Questions http://technet2.microsoft.com/WindowsVista/en/library/58358421-a7f5-4c97-ab41-2bcc61a58a701033.mspx?mfr=true Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
December 6th, 2007 9:24am

I appreciate the response. I may be missing it, but I am not seeing anything here that addresses the problem. I understand how bitlocker fails. The problem here is that it is flagging a dock/undock as a change in configuration. Let me know if I missed the answer to my problem in the response. I had already read all the various guides and links and didn't see anything anywhere concerning a docking station. To me, a laptop would be the prime candidate for bitlocker, so I would think it would be able to accomodate a dock/undock without triggering a change event.
December 6th, 2007 4:29pm

Hi, I'm not well know aboutdell docking station,maybe something we have missed. I recommend you to contact dell support to get more information on PC booting with dell docking station. Thanks for your understanding.
Free Windows Admin Tool Kit Click here and download it now
December 7th, 2007 5:25am

Why would Dell have to support a MS product? there is not a problem with the PC booting on the docking station, the problem is with Bitlocker thinking the docking station is a new pc.
December 13th, 2007 4:22pm

Hi, Thanks for your post! Regarding the issue of Bitlocker requiring the pass key on inserting a notebook into a docking station is something I think is by design as it is a hardware change to the system. BitLocker is designed to keep system data secure if there is a hardware change on the system, a docking station is considered a hardware change when attached to a notebook. BitLocker does not support laptops with docking stations that use options ROMs. I find a work-around for this issue. It would make sense that building the image in a docked configuration would keep BitLocker from detecting a new/Added hardware device to the machine when inserting it into the docking station. Also you can follow the below steps totemporarily disable BitLocker or decrypt the BitLocker-protected volume. 1. You must be logged on as an administrator. 2. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption. 3. From the BitLocker Drive Encryption page, find the volume on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker Drive Encryption. 4. From the What level of decryption do you want dialog box, click either Disable BitLocker Drive Encryption or Decrypt the volume as needed. Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2007 11:08am

The most acceptable workaround I have found is actually the opposite. Build the configuration key with the machine undocked and then save the key to a USB drive. Then plug the USB drive into the docking station and just leave it there. This way as long as your office is physically secure you are OK, but you will definitely be protected on the road which was my main concern should a hard drive be stolen. I state this with the fact that I believe bitlocker should have been designed to work with docking stations and laptops. Extremely short-sighted in my view.
December 14th, 2007 4:38pm

Thanks for your's sharing experience here. It would be helpful to others who mayhas the same problem in the future.
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2007 6:19am

I am having the same problem on a Lenovo X200 tablet. After adding a multi-writer DVD to my docking station I started getting prompted for the bitlocker key on docked boot. I followed instructions to suspend bitlocker, make changes, then resume. Now get prompted for bitlocker key when booting undocked. This Technet article covers the issue. http://technet.microsoft.com/en-us/library/ee449438%28WS.10%29.aspx in the section titled: What causes BitLocker to start into recovery mode when attempting to start the operating system drive? "Docking or undocking a portable computer. In some instances (depending on the computer manufacturer and the BIOS), the docking condition of the portable computer is part of the system measurement and must be consistent to validate the system status and unlock BitLocker." The article does not offer any solution.
March 30th, 2010 5:44pm

I had the same problem at my Company and here is what I did to correct the issue. 1. Suspend Bitlocker 2. Reboot into the bios settings 3. Removed the cd rom drive from the boot priority list 4. Rebooted and enabled bitlocker again So far no issues and the x200 boots fine docked or undocked. I assume you can do this with other devices that cause issues but have not tried.
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2010 4:11am

This doesn't solve the problem. You're just reitirating what we already knew about BL. This is an issue that many enterprise users are facing when using a USB docking station. A more acceptable solution is required. We have this problem as well. Thanks.
May 8th, 2012 10:04am

This workaround is promising but still when you remove the laptop from the USB dock, and somehow reboot/restart the machine, it then goes back to the BL key screen asking for the key to be typed in. When we had ProBooks that don't have TPM chips, we solve this issue by saving the key to the USB drive (we got the tiny USB drives) and have it plugged in permanently into the laptop's USB port. Since the USB footprint was so tiny, our users never even noticed that it was there. The only risk we told our users is that it must not be removed from the laptop or they will not be able to logon without contacting the help desk for the encryption key if they restart the computer. Seemed to work since. Our issue right now is using the ultrabooks with only 2 USB ports available.
Free Windows Admin Tool Kit Click here and download it now
May 8th, 2012 10:11am

My HP Folio 13 does not have the option to remove the USB/OPTICAL DISC option from the boot priority so this won't work on my current setup. Sigh! Anyone else have other workaround?
May 8th, 2012 10:13am

did you get anywhere with this, I have no dock but my Folio 13 won't start without the key. We've happily bitlockered 100+ laptops before this one.
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 8:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics