Sunday, June 21, 2015

windows - Bitlocker: While copying a file to drive, the power was cut off and the password and recovery key got changed



Two days ago, I unlocked my 1TB BitLocker encrypted drive to copy a big file into it. Unfortunately the power got cut off during the copy. Today I'm trying to unlock the drive but it says wrong password. I'm trying to unlock it with the recovery key but it says Key does not match this drive.



I've been using the password for one year so I'm pretty sure I'm using the correct password. The key ID and my recovery key identifier are the same.



The last log entry (from 2 days ago) by BitLocker in the Event Viewer is:




The BitLocker protected volume G: was unlocked.
Protector GUID: {123d1a62-6682-47f5-9c50-bd2384cc144f}
Identification GUID: {b80e620b-d107-4a43-a51b-4f92a8ba3694}


But the drive won't unlock. What do I do?


Answer



Having the power cut in the middle of an I/O operation to a drive will not change its BitLocker protectors (e.g. password). However, this could lead to corruption on the disk that could prevent you from unlocking the drive even through you're using the correct key.




For such a scenario you can use Microsoft's Bitlocker Repair Tool. Here's a description from Microsoft's site:




This tool can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker Drive Encryption. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data.




The Bitlocker Repair Tool is a command-line program that's included with Windows Windows 7 and Windows Server 2008 R2. It's also available for download for Windows Vista and Server 2008 SP1.







Note: These instructions are from Microsoft's website. The article is written for Windows 7 but applies to any version of Windows that supports the Repair-bde command.




To complete the procedure in this scenario:




  • Your test computer must have a BitLocker-protected drive.


  • You must be able to provide administrative credentials.


  • You must have at least one of the following:





    • Recovery password


    • Recovery key file location


    • Recovery package file location and the corresponding recovery password


    • Recovery package file location and the corresponding recovery key file location


    • You must have an empty output volume of equal or larger size than the BitLocker-protected drive (whose contents will be completely overwritten after the repair operation).






The following procedure provides the command-line syntax for using each type of recovery information with the Repair-bde tool. For this procedure, we recover access to the data stored on drive C: and write the recovered data to an output volume on Z: by using the parameters in the following table.




Recovery information              Value
--------------------              -----
Recovery password                 062612-026103-175593-225830-027357-086526-362263-513414
Recovery key file location        F:\RecoveryKey.bek
Recovery package file location    F:\ExportedKeyPackage



Replace these parameters as appropriate for your test environment.



To repair a BitLocker-protected drive by using Repair-bde




  1. Open a Command Prompt window as an administrator.



    a. To do this, click Start, type cmd in the Search programs and files box, right-click cmd.exe, and then click Run as administrator.



    b. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.



  2. At the command prompt, type one of the following commands, depending on which recovery information you want to use:



    a. To repair using a recovery password:



    repair-bde C: Z: -rp 062612-026103-175593-225830-027357-086526-362263-513414


    b. To repair using a recovery key:



    repair-bde C: Z: -rk F:\RecoveryKey.bek



    c. To repair using a recovery package and the corresponding recovery password:



    repair-bde C: Z: -kp F:\ExportedKeyPackage -rp 062612-026103-175593-225830-027357-086526-362263-513414


    d. To repair using a recovery package and the corresponding recovery key:



    repair-bde C: Z: -kp F:\ExportedKeyPackage -rk F:\RecoveryKey.bek



    Note: If the path to the key package is not specified, Repair-bde will search the drive for a key package. However, if the hard drive has been damaged, the tool may not be able to find the package and will prompt you to provide the path. We recommend that you include the key package in the Active Directory key storage so that you can export the key package if needed.



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...