If it is BitLocker encrypted OS drive, the recovery key is the only way to decrypt data from BitLocker encrypted OS drive. Step 1: Download M3 BitLocker Recovery WinPE edition. The Surface device appears to be in an infinite restart loop. For more information, see System Guard Secure Launch and SMM protection: Requirements Met by System Guard Enabled Machines, For more information about this technology, see Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10. The BitLocker and Active Directory Domain Services (AD DS) FAQ addresses situations that may produce this symptom, and provides information about how to resolve the issue: You have a Windows 10 Home-based laptop, and you have to recover its hard disk. This failure triggers an infinite BitLocker recovery cycle and prevents Windows from starting. Step 2: Connect the BitLocker encrypted OS hard disk to another Windows computer as an external drive. After you install the firmware updates, restart the computer, open an elevated PowerShell window, and then run the following cmdlet: For Windows 10, version 1607 and Windows Server 2016: Remove any device that uses TPM 1.2 from any group that is subject to Group Policy Objects (GPOs) that enforce Secure Launch. Surface BitLocker Recovery: Recover BitLocker recovery key or recover lost data from BitLocker encrypted Surface. to do this, open an elevated Windows PowerShell window, and run the following cmdlet: Restart the device, and then edit the BIOS to set the. ... No Num Lock key on the surface pro keyboard. You can avoid this scenario when you install updates to system firmware or TPM firmware by temporarily suspending BitLocker before you apply such updates. To keep BitLocker suspended during this process, you must use Suspend-BitLocker and set the Reboot Count parameter to either of the following values: To suspend BitLocker while you install TPM or UEFI firmware updates: To re-enable BitLocker Drive Encryption, select Start, type Manage BitLocker, and then press Enter. When you are prompted, enter the recovery password. In its default configuration on such systems, BitLocker binds to PCR 7 and PCR 11 if PCR 7 and Secure Boot are correctly configured. You have a device that runs Windows 10, version 1703, Windows 10, version 1607, or Windows Server 2016. Your keyboard layout. In this situation, BitLocker encrypted OS drive has been corrupted due to some reasons (For example, Windows update, motherboard change, virus attack) so that BitLocker doesn't accept correct recovery key. If some recovered files cannot be opened, please check "Revert decryption" option and recover them again. To prevent this issue from recurring, we strongly recommend that you restore the default configuration of Secure Boot and the PCR values. However, the BitLocker recovery password was not backed up, and the usual user of the laptop is not available to provide the password. However, you did not configure a BitLocker recovery password. For more information about how to use this command, see manage-bde: unlock. Step 6: M3 Data Recovery is scanning the data from BitLocker encrypted OS drive. You'll need to use recovery tools. For more information about the these commands, see the Windows commands. In the Command Prompt window, run the following commands: These commands unlock the drive and then suspend BitLocker by disabling the TPM protectors on the drive. Step 7: After the lost data is found, preview the found files, select them and click "Recover" to save. If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE). If the password is not working either, please try solution 3 to recover lost data from BitLocker encrypted drive. It's working as intended. Windows should start as usual. How to disable, turn off, remove BitLocker drive encryption in Windows 10/8/7? Also, Hyper-V is enabled on the device. If Boot Manager detects that the device is a tablet, it redirects the startup process to the Windows Recovery Environment (WinRE), which can process touch input. Step 4: Select the corrupted BitLocker encrypted drive and click Next to continue. Before that (BIOS) and after that (Win) the keyboard works. If your device starts in the (WinRE) and prompts you for the recovery password again, select Skip the drive. Therefore, WinRE cannot reseal the PCRs. The disk was encrypted by using BitLocker Driver Encryption. In an elevated Command Prompt window, use the manage-bde command to back up the information. Step 4: Once M3 Data Recovery is loaded, choose BitLocker Recovery module. I am trying to access the files on my external hard drive that I encrypted using BitLocker, but when I paste in the recovery key it states that BitLocker recovery key or password is not working. For more information, see "About the Platform Configuration Register (PCR)" at BitLocker Group Policy Settings). When the laptop is docked in the keyboard stops working at the BitLocker password screen. Step 3: Boot your computer from M3 Data Recovery WinPE boot disk. To enable Secure Boot on a Surface device, follow these steps: To reset the PCR settings on the TPM, follow these steps: Disable any Group Policy Objects that configure the PCR settings, or remove the device from any groups that enforce such policies. I have many important files in that hard drive. Follow the steps to encrypt your drive. Tutorial to recover lost data from corrupted BitLocker encrypted drive: Step 1: Download, install and launch M3 BitLocker Recovery on your computer. You have a tablet or slate device, and you try to test BitLocker Recovery by running the following command: However, after you enter the recovery password, the device cannot start. To resolve the restart loop, follow these steps: You have a Surface device that has BitLocker Drive Encryption turned on. This behavior then loops. Obtain your BitLocker recovery password from, Use another computer to download the Surface recovery image from. Here are some instructions on what you can do when BitLocker recovery key is not working in Windows 10. It works in BIOS and in Windows itself, but not in Bitlocker. Especially it means that you can't access data on this BitLocker encrypted drive. Insert the USB Surface recovery image drive into the Surface device, and start the device. This behavior is by design for all versions of Windows. After Windows has started, open an elevated Command Prompt window and run the following command: Unless you suspend BitLocker before you start the device, this issue recurs. When starting up Windows 10/8/7 or Surface Pro 2/3/4, Windows keeps asking for recovery key, but BitLocker recovery key is not working even if the correct recovery key is entered. Download a recovery image for your Surface, July 9, 2019—KB4507450 (OS Build 15063.1928), July 9, 2019—KB4507460 (OS Build 14393.3085), System Guard Secure Launch and SMM protection: Requirements Met by System Guard Enabled Machines, Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10. How to remove BitLocker password from USB drive, pen drive, external HDD on Windows? To do this, follow these steps: Retrieve the 48-digit BitLocker recovery password for the operating system drive from your organization's portal or from wherever the password was stored when BitLocker Drive Encryption was first turned on. It feels dreadful when Microsoft BitLocker recovery key is not working. External Keyboard not working in BitLocker screen (E6330) Jump to solution. All Rights Reserved. Suspend BitLocker. Every time that you start the device, the device enters BitLocker Recovery mode and you see error code 0xc0210000, and a message that resembles the following. Follow the steps to encrypt your drive. There are three solutions to solve 'BitLocker recovery key not working for data drive' in Windows 10/8/7: If BitLocker recovery key is not working, please try the password, the password is another option to unlock BitLocker encrypted drive. However, the BitLocker recovery password was not backed up, and the usual user of the laptop is not available to provide the password. For more information, see BitLocker Drive Encryption Provider. I have the BitLocker ID, but because my Microsoft account is locked (changing the security email) I can't do anything till the end of the month. Also, the device uses Virtualization-based Security features such as Device Guard and Credential Guard. Bitlocker uses only numbers for the recovery key. If you have installed a TPM or UEFI update and your device cannot start, even if you enter the correct BitLocker recovery password, you can restore the ability to start by using the BitLocker recovery password and a Surface recovery image to remove the TPM protectors from the boot drive.