Bitlocker key "returned no results". Unable to unlock drive.

orsty3001 1

I have a user's machine that is prompting for the BitLocker key for his second hard drive (D:). When I search for it in AD using the 8 digit Password ID I get "returned no results". I can see 2 other BitLocker keys associated with this machine but none of them work. How can I get the BitLocker key for this drive?

2 answers

MTG 1,196 Reputation points

2021-10-29T08:28:54.943+00:00

1st of all, your admin (or yourself) should change the Bitlocker policy so that this cannot happen in the future.
Set that encryption may only start after the key was successfully saved to AD:

When encrypting d:, windows will have urged you to save the key or print it, there's no way around that, so it will be somewhere, but windows does not record where you decide to put it.
Please sign in to rate this answer.
orsty3001 1 Reputation point

2021-10-29T13:00:04.243+00:00

That is enabled by group policy here to require BitLocker backup to AD. I now have a second user with the same issue. I was just told by the group that the administrators our Windows servers that there isn't a way to get the BitLocker keys right now. I think they are working with Microsoft on this. Not sure that group is in a different country.

I was just trying everything I could to get this user's data back but looks like that is going to be a nogo. I searched the machine for a BEK file, which I'm understanding is the key file?? I could look again if it's another file.

Thank you for your response.

MTG 1,196 Reputation points

2021-10-29T13:53:53.057+00:00

"That is enabled by group policy" - what is? The crucial part is the checkbox next to "Require Bitlocker backup to AD DS", which is NOT selected by default. So turning on the policy alone without checking that box may result in what you see.

The recovery key would not be saved as .bek file, but a .bek file (if someone created one) would help as well.
The recovery It would be a .txt file, see https://adamtheautomator.com/bitlocker-recovery-key/ for the process of creating it in pictures.

orsty3001 1 Reputation point

2021-10-29T14:01:01.963+00:00

So the user did get a TXT file but the bitlocker key in that file doesn't work. The policy is set to require bitlocker backup to AD DS.

MTG 1,196 Reputation points

2021-10-29T14:34:59.23+00:00

Ok, so in that text file, there's a different recovery key ID than what you see when using the command
manage-bde -protectors -get d:
Than that text file was for another drive.
If that box is checked and that policy was applied to the client before encryption was started, the key would be found in AD, but it wasn't, so you should make sure that this policy is really in effect on all clients you expect it to be.
Sign in to comment
Limitless Technology 39,371 Reputation points

2021-10-29T09:48:42.513+00:00

Hello @Orsty3001,

This topic has been discussed in length, with different approach and troubleshooting ideas in the next thread: https://learn.microsoft.com/en-us/answers/questions/108726/help-to-decrypt-the-34d34-drive-without-recovery-k.html

---------------------------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--
Please sign in to rate this answer.

0 comments No comments
Sign in to comment