@Arielmus Since you mentioned that you're using Command Prompt, can you post exactly what you're seeing? You might be looking in the wrong place. But as an example, I have BitLocker enabled for my C drive, and while I am inside Windows (meaning BitLocker is unlocked), I can run "manage-bde -protectors -get C:", and I get this output:
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume C: [OS]
All Key Protectors
TPM:
ID: {5071BF62-731A-459D-9DE9-1ADA2BF7F813}
PCR Validation Profile:
7, 11
(Uses Secure Boot for integrity validation)
Numerical Password:
ID: {86668C05-3D0E-4705-BB96-2545D6BFBBA6}
Password:
111111-111111-111111-111111-111111-111111-111111-111111
The Recovery Key is the last line of the above output, i.e. the "Password" for the "Numerical Password" protector. I have obviously replaced my actual Recovery Key password with all 1's for the purpose of making the above post, but that would be your Recovery Key, and it is all numeric. But again, this only works when the BitLocker partition is already unlocked.
@Arielmus Your BitLocker Recovery Key is supposed to be backed up when you first enable BitLocker. If this is for your Windows disk and you linked your Windows logon to your Microsoft account, it might be backed up to the cloud in your Microsoft account, but otherwise you would have been prompted to back up your Recovery Key when you first enabled BitLocker on this disk. If you don't have the Recovery Key, then there's no way to just "find" it while the drive is locked. If you had some OTHER way to unlock the drive, then you could back up or check the Recovery Key while it is unlocked, but that isn't possible while the drive is locked because otherwise anyone who wanted to access your encrypted data could do that. If you can't find your Recovery Key in your Microsoft account or anywhere else and you can't get your drive unlocked some other way, then your data is effectively gone.
the paswword i typed above is exactly the recovery id returned by the manage-bde -protectors c:get that i typed, is the syntax of the command i typed correct? why does it continue to have that ERROR
@Arielmus You are typing the ID of the Recovery Key protector. That is not the actual Recovery Key itself. As I said above, take a look at the example output I provided above. The actual Recovery Key is shown as the bottom line, under the word "Password". The ID is just a random ID for the protector itself. Every type of BitLocker protector has one. But you can't use that to unlock a BitLocker volume. And you can't see the actual Recovery Key (the Password line) unless the volume is already unlocked, because as I also said above, if you could do that, then ANYONE would be able to unlock your BitLocker partition, which would defeat the entire point of encryption. If you don't know your system's Recovery Key, then the system isn't just going to tell you. The only way to see a Recovery Key is to unlock the volume first.
@Arielmus Here, I'll give you another example to show the difference.
I just enabled BitLocker on my system's E drive. The command to show protectors is "manage-bde -protectors -get E:". If I run that command while my E drive is locked, like your BitLocker partition is, then this is the output that I get:
C:\WINDOWS\system32>manage-bde -protectors -get e:
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume E: [Label Unknown]
All Key Protectors
Password:
ID: {0EDD48AC-4FCF-45EC-A16A-AA45E56CBE01}
Numerical Password:
ID: {14ECA5FE-6583-4CA9-9BAD-8D8994A5A64D}
The Recovery Key protector is the one called "Numerical Password". But the ID is NOT the actual Recovery Key itself. But if I unlock the E drive and then run that same manage-bde command, now I get this output:
C:\WINDOWS\system32>manage-bde -protectors -get e:
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume E: [Test]
All Key Protectors
Password:
ID: {0EDD48AC-4FCF-45EC-A16A-AA45E56CBE01}
Numerical Password:
ID: {14ECA5FE-6583-4CA9-9BAD-8D8994A5A64D}
Password:
230274-516340-692021-570977-024409-227953-114290-599918
Notice that the "Numerical Password" protector information now includes an actual Password line underneath the ID. That is the actual Recovery Key, and as you can see it is 48 digits long and completely numeric. But again, you can only see that after the partition is unlocked. So if you don't have another way to unlock that partition, then you won't be able to see the Recovery Key, and therefore unfortunately you will not be able to access your data.
@Arielmus A Recovery USB drive isn't going to do anything at all to help you here. As I've said repeatedly now, if you don't have the Recovery Key and don't have any other way to unlock the drive, then you are not going to be able to access your data -- because again, if that were possible, then anybody would be able to access your data, which defeats the entire point. BitLocker's encryption is well-designed and does not have any known major vulnerabilities, so you're not going to be able to hack into it. The only hacking tools that exist are designed to help you access BitLocker volumes that are protected by a weak password, but your system would have used a TPM protector and a Recovery Key protector, which are not feasible to brute force today.
You never explained why you started seeing a Recovery Key prompt in the first place, but if you can't fix whatever issue caused that AND your Recovery Key isn't backed up in your Microsoft account in the cloud, AND you didn't back it up yourself, then you should consider your data lost. If you don't have any backups, then that is extremely unfortunate, but that doesn't mean you'll be able to get your data back from BitLocker. Either way, you will need to wipe your system and reinstall everything from scratch. And then of course make sure you back up your data on a regular basis going forward.
An Encrypted HDD with Bit Locker can only be unlocked via Numeric Bit Locker Key/ Key saved on a Flash drive / Microsoft Account password (conditional) .
In order to access your Bit Locker Key you can visit and use same Microsoft account password which was used to
If you don't know what your Microsoft account is and you have tried every possible email, you can not save any data and HDD will have to be formatted there are no workarounds.
Now once you have Figured out what your Bit Locker key is and you want to save data,
Reboot from USB, on the screen where to install windows, use shift + F10 to launch CMD
manage-bde -unlock C: -RecoveryPassword YOUR-BITLOCKER-RECOVERY-KEY-HERE with Dashes
If successful you will get The password has successfully unlocked the Volume C
Now you can decrypt the Drive
manage-bde -off
Make a note that it takes 15 minutes to a few hours to completely decrypt the drive.. So you will have to check the Decryption status again and again using this command.
manage-bde -status
Once drive is fully decrypted, you can try a Reboot to check if machine boots to windows. Even if it doesn't, now have several options like system restore, reset keeping files, Safe mode to choose from
jphughan
9 Legend
•
14K Posts
0
July 12th, 2020 09:00
@Arielmus Since you mentioned that you're using Command Prompt, can you post exactly what you're seeing? You might be looking in the wrong place. But as an example, I have BitLocker enabled for my C drive, and while I am inside Windows (meaning BitLocker is unlocked), I can run "manage-bde -protectors -get C:", and I get this output:
The Recovery Key is the last line of the above output, i.e. the "Password" for the "Numerical Password" protector. I have obviously replaced my actual Recovery Key password with all 1's for the purpose of making the above post, but that would be your Recovery Key, and it is all numeric. But again, this only works when the BitLocker partition is already unlocked.
jphughan
9 Legend
•
14K Posts
0
July 12th, 2020 09:00
@Arielmus Your BitLocker Recovery Key is supposed to be backed up when you first enable BitLocker. If this is for your Windows disk and you linked your Windows logon to your Microsoft account, it might be backed up to the cloud in your Microsoft account, but otherwise you would have been prompted to back up your Recovery Key when you first enabled BitLocker on this disk. If you don't have the Recovery Key, then there's no way to just "find" it while the drive is locked. If you had some OTHER way to unlock the drive, then you could back up or check the Recovery Key while it is unlocked, but that isn't possible while the drive is locked because otherwise anyone who wanted to access your encrypted data could do that. If you can't find your Recovery Key in your Microsoft account or anywhere else and you can't get your drive unlocked some other way, then your data is effectively gone.
Arielmus
5 Posts
0
July 15th, 2020 17:00
no
Arielmus
5 Posts
0
July 15th, 2020 19:00
Hi team
i did this
x:\windows\system32>manage-bde -unlock -recoverypassword 3C778C4D-AED7-4DC9-927E-A3F736292B31
ERROR The password failed to unlock volume C:.
the paswword i typed above is exactly the recovery id returned by the manage-bde -protectors c:get that i typed, is the syntax of the command i typed correct?
why does it continue to have that ERROR
hoping for your continuos help
arielmus
jphughan
9 Legend
•
14K Posts
0
July 15th, 2020 20:00
@Arielmus You are typing the ID of the Recovery Key protector. That is not the actual Recovery Key itself. As I said above, take a look at the example output I provided above. The actual Recovery Key is shown as the bottom line, under the word "Password". The ID is just a random ID for the protector itself. Every type of BitLocker protector has one. But you can't use that to unlock a BitLocker volume. And you can't see the actual Recovery Key (the Password line) unless the volume is already unlocked, because as I also said above, if you could do that, then ANYONE would be able to unlock your BitLocker partition, which would defeat the entire point of encryption. If you don't know your system's Recovery Key, then the system isn't just going to tell you. The only way to see a Recovery Key is to unlock the volume first.
jphughan
9 Legend
•
14K Posts
0
July 15th, 2020 21:00
@Arielmus Here, I'll give you another example to show the difference.
I just enabled BitLocker on my system's E drive. The command to show protectors is "manage-bde -protectors -get E:". If I run that command while my E drive is locked, like your BitLocker partition is, then this is the output that I get:
The Recovery Key protector is the one called "Numerical Password". But the ID is NOT the actual Recovery Key itself. But if I unlock the E drive and then run that same manage-bde command, now I get this output:
Notice that the "Numerical Password" protector information now includes an actual Password line underneath the ID. That is the actual Recovery Key, and as you can see it is 48 digits long and completely numeric. But again, you can only see that after the partition is unlocked. So if you don't have another way to unlock that partition, then you won't be able to see the Recovery Key, and therefore unfortunately you will not be able to access your data.
Arielmus
5 Posts
0
July 17th, 2020 00:00
im creating a recovery usb drive
what should be the first thing to do as soon as i have the usb recovery
jphughan
9 Legend
•
14K Posts
0
July 17th, 2020 07:00
@Arielmus A Recovery USB drive isn't going to do anything at all to help you here. As I've said repeatedly now, if you don't have the Recovery Key and don't have any other way to unlock the drive, then you are not going to be able to access your data -- because again, if that were possible, then anybody would be able to access your data, which defeats the entire point. BitLocker's encryption is well-designed and does not have any known major vulnerabilities, so you're not going to be able to hack into it. The only hacking tools that exist are designed to help you access BitLocker volumes that are protected by a weak password, but your system would have used a TPM protector and a Recovery Key protector, which are not feasible to brute force today.
You never explained why you started seeing a Recovery Key prompt in the first place, but if you can't fix whatever issue caused that AND your Recovery Key isn't backed up in your Microsoft account in the cloud, AND you didn't back it up yourself, then you should consider your data lost. If you don't have any backups, then that is extremely unfortunate, but that doesn't mean you'll be able to get your data back from BitLocker. Either way, you will need to wipe your system and reinstall everything from scratch. And then of course make sure you back up your data on a regular basis going forward.
Xuanbinh
1 Message
0
August 15th, 2021 02:00
Hi everry one,
i have same problem, after reset my laptop. i can not access my hard drive.
Can you please help me
XPS_Man
5 Practitioner
•
2.4K Posts
0
August 15th, 2021 04:00
An Encrypted HDD with Bit Locker can only be unlocked via Numeric Bit Locker Key/ Key saved on a Flash drive / Microsoft Account password (conditional) .
In order to access your Bit Locker Key you can visit and use same Microsoft account password which was used to
www.onedrive.com/recoverykey
If you don't know what your Microsoft account is and you have tried every possible email, you can not save any data and HDD will have to be formatted there are no workarounds.
Now once you have Figured out what your Bit Locker key is and you want to save data,
Reboot from USB, on the screen where to install windows, use shift + F10 to launch CMD
manage-bde -unlock C: -RecoveryPassword YOUR-BITLOCKER-RECOVERY-KEY-HERE with Dashes
If successful you will get The password has successfully unlocked the Volume C
Now you can decrypt the Drive
manage-bde -off
Make a note that it takes 15 minutes to a few hours to completely decrypt the drive.. So you will have to check the Decryption status again and again using this command.
manage-bde -status
Once drive is fully decrypted, you can try a Reboot to check if machine boots to windows. Even if it doesn't, now have several options like system restore, reset keeping files, Safe mode to choose from