Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

BitLocker is Prompting for a Recovery Key, and You Cannot Locate the Key

Summary: To help with locating previously stored BitLocker recovery keys, this article describes the different storage options that each Windows operating system supports.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Symptoms

BitLocker Overview

BitLocker is a Microsoft encryption product that is designed to protect the user data on a computer. If a problem with BitLocker occurs, you will encounter a prompt for a BitLocker recovery key. If you do not have a working recovery key for the BitLocker prompt, you are unable to access the computer.

NOTE: Because BitLocker is a Microsoft encryption security product, Dell neither stores nor possesses the ability to provide a recovery key. Dell cannot circumvent the Microsoft BitLocker Recovery Key process. Dell devices are NOT encrypted when shipped from the factory.

Cause

How Was BitLocker Activated On My Device?

There are three common ways for BitLocker to start protecting your device:
  1. Your device is a modern device that meets certain requirements to automatically enable device encryption: In this case, your BitLocker recovery key is automatically saved to your Microsoft account before protection is activated.
  2. An owner or administrator of your device activated BitLocker protection (also called device encryption on some devices) through the Settings app or Control Panel: In this case the user activating BitLocker either selected where to save the key or (in the case of device encryption) it was automatically saved to their Microsoft account.
  3. A work or school organization that is managing your device (currently or in the past) activated BitLocker protection on your device: In this case, the organization may have your BitLocker recovery key.
Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 10 and 11, Microsoft offers BitLocker Device Encryption support on a broader range of devices. These include those that support Modern Standby, and devices that run Windows 10 Home Edition or Windows 11. All computers that Dell currently ships are Modern Standby compliant and the above applies. A registry key that Dell leaves in a neutral state controls this behavior, neither prohibiting nor enforcing encryption. Windows interprets this as approval to encrypt.

BitLocker encryption is often intentionally activated by or on behalf of a user with full administrative access to your device. This user could be you, another user, or an organization managing your device. Dell does not enable BitLocker on any device, BitLocker is enabled by the user during setup or domain configuration by an administrator.

A BIOS update can trigger a BitLocker Recovery event as the PCR banks between the time Windows runs, and the time the BIOS is flashed, changes. However, all Dell BIOS updates suspend BitLocker before the flash so a BitLocker Recovery event cannot occur as a result of updating the firmware. If the computer goes into recovery mode, it is likely due to an external drive being connected as it changes the boot drive enumeration. Users can configure this in the BIOS. Outside of this specific scenario, there is not an event that triggers BitLocker encryption unexpectedly. The BitLocker encryption process happens in the background and often goes unnoticed by users until a Recovery event occurs,

The BitLocker setup process enforces the creation of a recovery key at the time of activation. If you are unable to locate a required BitLocker recovery key and are unable to revert a configuration change that might have caused it to be required, you must reset your device using one of the Windows 10 recovery options. Resetting your device removes all your files.

Resolution

BitLocker Recovery Key Storage Options

Recovery keys may be saved in several ways depending on the version of Windows installed. The following list describes the supported options to save a key per each operating system version and may aid in locating a saved key (if present):

For Windows 7:

  • A key may be manually saved to a USB flash drive.
  • A key may be manually saved as a file (Network drive or other location).
  • A key may be physically printed manually. 

For Windows 8.1:

  • A key may be saved to your Microsoft Account by default (Access your Microsoft account from a different computer to retrieve the key).
  • A key may be manually saved to a USB flash drive.
  • A key may be manually saved as a file (Network drive or other location).
  • A key may be physically printed manually. 

For Windows 10:

  • A key may be saved to your Microsoft Account by default (search BitLocker Recovery Keys to retrieve the key). 
    • If you have a modern device that supports automatic device encryption, the recovery key will most likely be in your Microsoft account. For more, see Device encryption in Windows 10
    • If the device was set up or BitLocker protection was activated by another user, the recovery key may be in that user’s Microsoft account.
  • A key may be saved to a USB flash drive (Plug the USB flash drive in to your locked personal computer and follow the instructions. If you saved the key as a text file on the flash drive, use a different computer to read the text file)
  • A key may be saved to your Azure Active Directory account (for business PCs where you sign in with an Azure Active Directory account, to get your recovery key, see the device info for your Microsoft Azure account).
  • A key may be manually saved as a file (Network drive or other location).
  • A key may be physically printed manually.
NOTE: The option to save as a file is the most commonly used option and can sometimes cause recovery issues when the user saves the file on the drive of the computer that is needing to be recovered (recommend saving to a network drive or another physical hard drive to prevent hard drive corruption from preventing retrieval of the recovery key.
 
Caution: If the recovery key is lost, the drive cannot be unlocked by other means. To return the computer to operation, reinstalling Windows is the only option (this leads to the loss of all data and configurations of the encrypted hard drive).

 



For additional information about BitLocker and the process of recovery, see the following articles:
 

Find my BitLocker recovery key:
https://support.microsoft.com/help/4026181/windows-10-find-my-bitlocker-recovery-key SLN298282_en_US__1iC_External_Link_BD_v1

How to decrypt BitLocker: Automatic Windows Device Encryption or BitLocker on Dell Systems | Dell US

For additional information about BitLocker Encryption and how it is installed on Dell computers, see Dell Knowledgebase article KB124701 - Automatic Windows Device Encryption/BitLocker on Dell Systems.

For additional information about BitLocker Encryption Keys and recovery, see Microsoft Knowledgebase article Finding your BitLocker recovery key in Windows SLN298282_en_US__1iC_External_Link_BD_v1

Known BitLocker issues: BitLocker recovery known issues - Windows security | Microsoft Docs SLN298282_en_US__1iC_External_Link_BD_v1

 


Out of Warranty support Out of warranty? No problem. Browse the Dell.com/support website and enter your Dell Service Tag and view our offers.

NOTE: Offers are only available for US, Canada, UK, France, Germany, and China personal computer customers. Server and Storage not applicable.

Article Properties


Last Published Date

17 Aug 2022

Version

11

Article Type

Solution