bitlocker fails at boot
Bitlocker considers docking and undocking from a dell docking station as a change in configuration and requires the key. Any one else having this problem? Any suggestion?
December 1st, 2007 7:58am

Hi, If you use BitLocker Drive Encryption on a computer that has the Trusted Platform Module (TPM) security hardware (a special microchip in some newer computers that supports advanced security features), version 1.2 or higher, the TPM checks the system during startup for conditions that could indicate a security risk. These conditions could include disk errors, changes to the basic input/output system (BIOS) , changes to other startup components, or evidence that the hard disk is being started in a different computer. If the TPM detects such a condition, BitLocker will not unlock the drive with Windows installed on it and will enter a recovery mode that requires the BitLocker recovery password to unlock it. Notes Some BitLocker features and settings can be enabled by Group Policy settings. Assistive technology software that runs on Windows, such as screen reading software, cannot read BitLocker startup screens because they are displayed during BIOS startup and before Windows runs. This includes screens used when you type a PIN or recovery password, and any BitLocker error messages. Additional Reference Windows BitLocker Drive Encryption Step-by-Step Guide http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true Windows BitLocker Drive Encryption Frequently Asked Questions http://technet2.microsoft.com/WindowsVista/en/library/58358421-a7f5-4c97-ab41-2bcc61a58a701033.mspx?mfr=true Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
December 6th, 2007 9:24am

I appreciate the response. I may be missing it, but I am not seeing anything here that addresses the problem. I understand how bitlocker fails. The problem here is that it is flagging a dock/undock as a change in configuration. Let me know if I missed the answer to my problem in the response. I had already read all the various guides and links and didn't see anything anywhere concerning a docking station. To me, a laptop would be the prime candidate for bitlocker, so I would think it would be able to accomodate a dock/undock without triggering a change event.
December 6th, 2007 4:29pm

Hi, I'm not well know aboutdell docking station,maybe something we have missed. I recommend you to contact dell support to get more information on PC booting with dell docking station. Thanks for your understanding.
Free Windows Admin Tool Kit Click here and download it now
December 7th, 2007 5:25am

Why would Dell have to support a MS product? there is not a problem with the PC booting on the docking station, the problem is with Bitlocker thinking the docking station is a new pc.
December 13th, 2007 4:22pm

Hi, Thanks for your post! Regarding the issue of Bitlocker requiring the pass key on inserting a notebook into a docking station is something I think is by design as it is a hardware change to the system. BitLocker is designed to keep system data secure if there is a hardware change on the system, a docking station is considered a hardware change when attached to a notebook. BitLocker does not support laptops with docking stations that use options ROMs. I find a work-around for this issue. It would make sense that building the image in a docked configuration would keep BitLocker from detecting a new/Added hardware device to the machine when inserting it into the docking station. Also you can follow the below steps totemporarily disable BitLocker or decrypt the BitLocker-protected volume. 1. You must be logged on as an administrator. 2. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption. 3. From the BitLocker Drive Encryption page, find the volume on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker Drive Encryption. 4. From the What level of decryption do you want dialog box, click either Disable BitLocker Drive Encryption or Decrypt the volume as needed. Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2007 11:08am

The most acceptable workaround I have found is actually the opposite. Build the configuration key with the machine undocked and then save the key to a USB drive. Then plug the USB drive into the docking station and just leave it there. This way as long as your office is physically secure you are OK, but you will definitely be protected on the road which was my main concern should a hard drive be stolen. I state this with the fact that I believe bitlocker should have been designed to work with docking stations and laptops. Extremely short-sighted in my view.
December 14th, 2007 4:38pm

Thanks for your's sharing experience here. It would be helpful to others who mayhas the same problem in the future.
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2007 6:19am

I am having the same problem on a Lenovo X200 tablet. After adding a multi-writer DVD to my docking station I started getting prompted for the bitlocker key on docked boot. I followed instructions to suspend bitlocker, make changes, then resume. Now get prompted for bitlocker key when booting undocked. This Technet article covers the issue. http://technet.microsoft.com/en-us/library/ee449438%28WS.10%29.aspx in the section titled: What causes BitLocker to start into recovery mode when attempting to start the operating system drive? "Docking or undocking a portable computer. In some instances (depending on the computer manufacturer and the BIOS), the docking condition of the portable computer is part of the system measurement and must be consistent to validate the system status and unlock BitLocker." The article does not offer any solution.
March 30th, 2010 5:44pm

I had the same problem at my Company and here is what I did to correct the issue. 1. Suspend Bitlocker 2. Reboot into the bios settings 3. Removed the cd rom drive from the boot priority list 4. Rebooted and enabled bitlocker again So far no issues and the x200 boots fine docked or undocked. I assume you can do this with other devices that cause issues but have not tried.
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2010 4:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics