Windows 8 BitLocker issue resolution–recovery key needed after BIOS update
As I mentioned in a previous post, I’ve been running Windows 8 RTM since the early August 2012 timeframe and doing so on older hardware with good stability and performance. I was doing my routine check up of my current Windows 8 hardware and while checking to see if there were any driver updates for my video (recent and ongoing stability issues with the BETA NVidia Driver) and other devices, I had noticed that there was a BIOS update for my HP 8530w laptop. Much to my surprise, the BIOS update had come out last December, almost a year after the majority of the driver updates stopped receiving regular updates on HP’s site as this laptop is three years old. I reviewed the tiny bit of information on what the BIOS update contained, read the Release Notes and after completing my analysis decided it made sense for me to go through with this BIOS update to ensure I was current in case I had any issues. HP has had a very quick and easy Windows-based BIOS update tool for years, so I downloaded and ran the BIOS update tool much like I had in the past and then rebooted. After my reboot, I entered my security credentials at the lock screen to get past the BitLocker drive protection and then the fun began - I was prompted to enter my BitLocker recovery Key. This was a surprise as I had THOUGHT I had done BIOS updates with Windows 7 and have never had to enter the recovery Key. Oh well, no matter, I keep all of my BitLocker recovery keys on a USB stick for just such an occasion. These keys are identified with a long hexadecimal sequence to differentiate the devices I have recovery keys for and saved as text files. I locate the USB stick where I store these keys and its blank. OK, maybe I moved them to the larger key I’ve been using of late. Nope, not there either. Oh right, I put everything on SkyDrive or SkyDrive Pro these days, let me look there. Ahh, there they are. Wait a minute! None of the keys here match the hexadecimal sequence for my Windows 8 work machine. Uh oh! What to do? As this was a Sunday night, fear of a complete rebuild was starting to set in at this point…
Thankfully the BitLocker Recovery Key screen points you to a website to get more information on this process, namely http://windows.microsoft.com/recoverykeyfaq. I checked this site and clicked on the “How can I get my BitLocker recovery key? link. Since my primary work computer is indeed domain joined to the Microsoft domain, the site says I can get the recovery key from my administrator. I called the help desk and they sent me the recovery key via email which I pulled off of my shiny new Nokia Lumia 920. I entered the code and “viola!”, I was able to get into Windows 8 (and write this blog post, among many other things…)
So what’s an IT Pro to do to get this working on Windows Server for his/her enterprise? Well the answer is the Microsoft Desktop Optimization Pack or MDOP. One of the many features of MDOP is the Microsoft BitLocker Administration and Monitoring or MBAM toolset. This tool will allow you do go through the architecture, setup and deployment of this set of features inside of your enterprise and was the exact toolset they used to get me back up and running. If you’re NOT domain joined, the recovery key faq points you to other resources including the ability to do a complete reset to factory defaults where you can avoid a complete rebuild.