Fix: BitLocker Recovery Key not Found
Your system may show the Recovery key issue due to the wrong configuration of the system’s BIOS settings. Moreover, an unwanted change in the system’s circuitry may also trigger the issue at hand.
The issue arises when the user powers on his system but the system asks for a BitLocker key (many of the affected users were unaware that BitLocker was active on their system/drive) to proceed. The issue is mainly triggered by a Windows/BIOS update or as a result of a change of a motherboard component (or the motherboard itself). For some of the users, the issue was limited to a single drive only. The issue is reported on (nearly) all the PC brands and is not limited to specific ones.
Before moving one to try the solutions to bypass BitLocker, disconnect your system from the Internet and check the issue is not a result of a ransomware attack. Also, make sure your Microsoft account in the system’s Settings is verified (no button of Verify Your Identity is shown). Moreover, check if you can use the BitLocker Repair Tool to solve the issue. Last but not least, check if you can use the Control Panel in the Safe Mode of your system to disable BitLocker.
Keep in mind that whenever (during the troubleshooting process) you succeed in logging-in to the system, either try to disable BitLocker or backup the recovery key to a safe location like your Microsoft Account.
Solution 1: Unplug the Power Cable (of Your System) or Remove the Battery (of the Laptop)
The BitLocker issue could be triggered due to any unwanted change in the system’s circuitry. In this case, unplugging the power cable or removing the battery (if using a laptop) may let the motherboard’s components completely discharge and thus solve the problem.
- Power off your system or perform a force shut down of your system by pressing and holding the power button.
- Then remove the system’s power cable from the power source. If the issue is with a laptop, then try to remove its battery.
- Wait for at least 5 minutes and then plug back the power cable (in case of a laptop, reconnect the battery).
- Now boot your system and check if the BitLocker issue is resolved. If so, then disable BitLocker in the system’s Control Panel and make sure to decrypt the problematic drive.
Solution 2: Use the Command Prompt
If you are one of those lucky users who could log in to the system and the issue is only limited to only one of the drives, you may find the BitLocker key using the Command Prompt and thus solve the problem.
- Hit the Windows key and in the search box, type Command Prompt. Then, right-click on the result of Command Prompt and select Run as Administrator.
- Now execute the following command:
manage-bde -protectors X: -get
where X is the problematic drive encrypted by the BitLocker
- Then, in the resulting window, note down the Recovery ID and Recovery Key.
- Now check if you can use that key to remove the BitLocker encryption.
- If that did not do the trick, open the Notepad and copy the following code to it:
$BitlockerVolumers = Get-BitLockerVolume $BitlockerVolumers | ForEach-Object {$MountPoint = $_.MountPoint $RecoveryKey = [string]($_.KeyProtector).RecoveryPassword if ($RecoveryKey.Length -gt 5) { Write-Output ("The drive $MountPoint has a BitLocker recovery key $RecoveryKey.") } }
- Now open the File menu and choose Save As.
- Then change the dropdown of Save as Type to All Files and write the file name with the extension .ps1 (e.g., RecoveryKey.ps1).
- Now right-click on the Windows button and in the Power User menu, choose Windows PowerShell (Admin).
- Now navigate to the file in the PowerShell using CD command and execute the PowerShell file created previously (e.g., RecoveryKey.ps1).
- Then check if the BitLocker Recovery Key is shown. If so, then check if using that key unlocks the BitLocker encryption.
Solution 3: Recover the BitLocker Key from the Online Backup Locations
If you do not have or cannot find the BitLocker recovery key in your system/USB devices or any of the printed papers, then you can use any of the undermentioned locations to recover your BitLocker key. But keep in mind that if the key is not in the undermentioned locations or the found key did not work, then check if you are or have used any other Microsoft (personal, work, school/university) account on the problematic system. If so, then use that account (you may have to try all the Microsoft accounts one by one, used on your system) to sign in to the undermentioned locations and check if there is a recovery key present. If so, then use that key to check if that resolves the BitLocker issue.
Use OneDrive Link
- Launch a web browser and navigate here (you may have to use your Microsoft Credentials to login):
- Now check if the recovery key is there, if so, then use that key to check if that resolves the issue (or otherwise try another Microsoft account, if the account was used on the problematic system).
Use Microsoft Account Page
- Navigate here through a web browser:
- Then, in the left navigation bar, click on Devices (usually, the 3rd option) and check if the problematic device is shown there.
- If so, then click on the View BitLocker key for the problematic device and check if that key resolves the issue.
- If that did not do the trick, then check if the key is present here:
- If that key did not show there, then make sure that the problematic device is selected. Then use that key to check if that resolves the issue.
Use Office 365/Azure Active Directory
- Navigate here through a web browser (if you are a user of Office 365 or your organization used/using the Azure Active Directory):
- Then, in the left navigation bar, click on the Azure Active Directory, and once again, in the left pane, click on Azure Active Directory.
- Now, click on Devices, and then in the All-Devices tab (you may use the BitLocker keys tab), open the problematic device (if shown).
- Now copy (you may click on the “click to copy” icon) the BitLocker Recovery key of the problematic device and check if the found key resolves the BitLocker issue.
You may have to contact the IT administrator of your organization if the security protocols of your organization do not let you recover the key from the Azure directory. If your system is part of a domain network, then contact the network administrator for the BitLocker Recovery key (the key may have been backed up on the local server).
Solution 4: Edit the BIOS Settings
You may encounter the BitLocker issue if any of the system’s BIOS options are changed by the user or as a result of a BIOS update as it can create the environmental change (e.g. enabling/disabling the TPM feature) that is essential for the operation of the BitLocker. In this case, making the undermentioned BIOS changes may solve the problem.
Warning: Move forward at your own risk as editing the system’s BIOS requires a particular level of proficiency and if not done correctly, you may brick your PC and cause undying harm to your data.
Boot your system into BIOS and check if changing the following BIOS settings resolve the BitLocker issue. Keep in mind that the following instructions might not be the same for all users.
Enable/Disable the TPM Module
- In the system’s BIOS, expand the Security tab and select TPM Security.
- Now, checkmark the option of TPM Security and apply your changes.
- Then check if the system is clear of the BitLocker issue.
If TPM is already enabled, then check if disabling the TPM feature solves the problem.
Enable/Disable the Secure Boot Feature
- Boot into the system’s BIOS and navigate to the System Configuration tab.
- Now enable the Secure Boot and check if the BitLocker issue is resolved. If Secure Boot is already enabled, then check if disabling it resolves the issue.
Enable Platform Trust Technology (PTT)
- In the system’s BIOS, navigate to the Configuration tab and enable the Platform Trust Technology.
- Then apply your changes and check if the BitLocker issue is resolved.
Update the System’s BIOS to the Latest Build
- Before updating, check if reverting to an older version of the BIOS solves the BitLocker problem (if so, then make sure to disable the BitLocker in the system’s Control Panel as it may create the issue in the future if the BIOS gets updated again).
- If not, update the system’s BIOS as per the system’s manufacturer (you may have to remove the problematic drive or use a USB to update the BIOS and check if that resolves the BitLocker issue):
Edit the Boot Sequence
- In the system’s BIOS, expand General and select the Boot Sequence option.
- Now, in the right pane, uncheck the boot options that you do not use. For example, uncheck Windows Boot Manager and any other UEFI/device that is not required. Make sure only the drive that has your Windows on it is check-marked.
- Then apply your changes and check if the BitLocker issue is resolved.
Change the Boot Mode
- In the system’s BIOS, navigate to the Boot tab and set the Boot mode to UEFI.
- Then check if the BitLocker issue is resolved. If not, then check if enabling TPM/PTT and Secure Boot (discussed above) solves the BitLocker problem (make sure that the Legacy Boot option is unchecked).
Reset the Different BIOS Settings
- In the BIOS of your system, expand Secure Boot and select Expert Key Management.
- Now click on the Restore Settings button and then select Factory Settings.
- Then select OK and exit BIOS.
- Now check if the system is clear of the BitLocker issue.
- If not, then boot your system into the BIOS and in the General tab, click on Restore Settings.
- Then click on Custom User Setting and click OK.
- Now check if the BitLocker issue is resolved.
- If not, then repeat steps 5 to 6 but this time, select Factory Settings and check if the system is clear of the BitLocker problem.
- If not, then repeat the same but this time, choose BIOS Defaults and check if the system’s BitLocker problem is solved.
If the issue is still there and you cannot find the BitLocker key, then either you may use a 3rd party data recovery agency to get your data back or reformat the drive/system and then perform the data recovery by using data recovery tools (but keep in mind that you may lose your data).