Unable to get Bitlocker working

[Mastiff]

I had to replace my Surface because of bad gluing of the screen to the rest, and I shure as heck wasn't going to set it all up again! Setting up a computer is something I only do once for each OS. So I simply took the latest TrueImage backup and restored that. Most of the stuff worked at once. I had a few problems with the IR camera for Hello, but fixed that by removing the latest firmware from Windows and installing it again. But I have one big problem. Bitlocker. I really need to get that working, it's too easy to get "Surface-lifted". So I went through the necessary stuff and rebooted to start the encryption. And before the actual boot I was to enter the recovery key as part of a test for a working system. So I input the numberical key from the file that Bitlocker had saved to my directory on the main house server (protected by a very good firewall). Nope. "The recovery key is incorrect, please enter it again". So I had to press escape to get out of the process and try again. I reset the TPM from Windows, in case it was the change of Surface (which would be equivalent to changing a motherboard) and tried again. New code, still same answer. Does anybody have any idea what this can be?

 

[jnjroach]

Local or Microsoft Account? If you are using a Microsoft Account the recovery keys are also stored online here Microsoft OneDrive - Access files anywhere. Create docs with free Office Online.

 

[Mastiff]

Local. I will never ever trust anything to cloud storage except for my cell phone pictures.

Edit: I do of course have my own "cloud" on the server, with VPN access, but that's something else.

 

[jnjroach]

Have you reset the TPM from the UEFI?

 

[Mastiff]

No, only from Windows. I will try that, thanks!

 

[Mastiff]

There was no way of resetting it from the UEFI. I rebooted, went into the BIOS (UEFI, but I'm old school...) and checked. The only options were to turn TPM on and off, and to accept 3rd party keys in addition to Microsoft's keys.

 

[jnjroach]

The only thing I can think if is that your old image has left the boot partition in a untrusted state with trying to use the old key. Did you wipe the GPT disk prior to applying the backup image?

 

[Mastiff]

No, that would remove the recovery partition and all that. I just deleted the partition with Windows 10 on it and then recovered the image to parts of that (I use only 60 gig for Windows and have all my documents on a separate D drive). But should that make it impossible to get he recovery key to match? I can enter the key, it's just interpreted as wrong.

 

[jnjroach]

The Surface Devices (actually all Connected Standby Machines) come with their drives encrypted out of the box, the setup process is completed through the setup if using a Microsoft Account (transparent to the user). Using a local account the process most be completed manually, using your key from the previous install won't work, it needs to be a new key.

Do you still have the 300MB Boot Partition? Did you clear and recreate that one as well? If it is a single partition you can try:

1. Shrink your C (assuming that is your root partition) drive, give it 500MB

2. Format the new volume and call it E:\ (at least for this example)

3. From an elevated command prompt, run Robocopy.exe C:\Windows\System32\Recovery\ E:\Recovery\WindowsRE\Winre.

4. reagentc /setreimage /path e:\Recovery\WindowsRE\Winre.

5. reagentc /enable

Reboot and try to enable BitLocker

Use the above cautiously and be ready to restore if anything runs awry

 

[Mastiff]

Thanks! I will try this during the weekend, it seems like I will need a bit of time on that one. As for restore, I'm totally anal. I don't do anything to my computer before I have at least two working image backups, and all my files are at the "personal cloud" on my server.

 

[ramiss]

You do realize that using a Microsoft account does not actually store anything on the cloud by default. It simply uses Microsoft to authenticate logging into your pc.

 

[Mastiff]

My password for the pc is of the "40 000 years to crack on a desktop" type, and I don't trust my main password to Microsoft. Or Google. Or anybody else. My wife's the only other person in the world who knows it. I am one step removed from tin foil hat....