question

orsty3001-9858 avatar image
0 Votes"
orsty3001-9858 asked MTG-3890 commented

Bitlocker key "returned no results". Unable to unlock drive.

I have a user's machine that is prompting for the BitLocker key for his second hard drive (D:). When I search for it in AD using the 8 digit Password ID I get "returned no results". I can see 2 other BitLocker keys associated with this machine but none of them work. How can I get the BitLocker key for this drive?

windows-active-directorywindows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MTG-3890 avatar image
0 Votes"
MTG-3890 answered MTG-3890 commented

1st of all, your admin (or yourself) should change the Bitlocker policy so that this cannot happen in the future.
Set that encryption may only start after the key was successfully saved to AD:
require-bitlocker-backup-to-ad-ds.png



When encrypting d:, windows will have urged you to save the key or print it, there's no way around that, so it will be somewhere, but windows does not record where you decide to put it.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

That is enabled by group policy here to require BitLocker backup to AD. I now have a second user with the same issue. I was just told by the group that the administrators our Windows servers that there isn't a way to get the BitLocker keys right now. I think they are working with Microsoft on this. Not sure that group is in a different country.

I was just trying everything I could to get this user's data back but looks like that is going to be a nogo. I searched the machine for a BEK file, which I'm understanding is the key file?? I could look again if it's another file.

Thank you for your response.

0 Votes 0 ·

"That is enabled by group policy" - what is? The crucial part is the checkbox next to "Require Bitlocker backup to AD DS", which is NOT selected by default. So turning on the policy alone without checking that box may result in what you see.

The recovery key would not be saved as .bek file, but a .bek file (if someone created one) would help as well.
The recovery It would be a .txt file, see https://adamtheautomator.com/bitlocker-recovery-key/ for the process of creating it in pictures.

0 Votes 0 ·

So the user did get a TXT file but the bitlocker key in that file doesn't work. The policy is set to require bitlocker backup to AD DS.

0 Votes 0 ·
Show more comments
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @Orsty3001,

This topic has been discussed in length, with different approach and troubleshooting ideas in the next thread: https://docs.microsoft.com/en-us/answers/questions/108726/help-to-decrypt-the-34d34-drive-without-recovery-k.html



--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.