How to Use BitLocker Repair Tool to Recover Encrypted Drive in Windows
When you turn on BitLocker for a fixed data drive, you can choose to unlock the drive using a password or smart card. If you turned on BitLocker for the OS drive, then you could also choose to automatically unlock a fixed data drive when you sign in to Windows.
When you turn on BitLocker for a removable data drive, you can choose to unlock the drive using a password, smart card, or automatically unlock when connected.
When you turn on BitLocker for an OS drive, you can choose to unlock the drive at startup with a password, USB flash drive, PIN (with TPM), or automatically unlock.
You may experience a problem that damages an area of a hard disk on which BitLocker stores critical information, and can no longer unlock the OS drive, fixed drive, or removable drive normally. This kind of problem may be caused by a hard disk failure or if Windows exits unexpectedly.
The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid BitLocker password, recovery key, or startup key (.BEK file) is used to decrypt the data.
To recover a damaged OS drive with the BitLocker Repair Tool, the OS drive will need to be connected to another PC if you are not multi-booting with another Windows on the same PC to run the BitLocker Repair Tool from.
You will need to have an empty output volume (drive) of equal or larger size than the damaged BitLocker encrypted drive. The contents of the output volume will be completely deleted and overwritten by the decrypted contents of the damaged BitLocker drive.
The following limitations exist for Repair-bde:
- The Repair-bde command-line tool cannot repair a drive that failed during the encryption or decryption process.
- The Repair-bde command-line tool assumes that if the drive has any encryption, then the drive has been fully encrypted.
This tutorial will show you how to use the BitLocker Repair Tool (repair-bde) to recover the contents of a damaged drive encrypted by BitLocker in Windows 7, Windows 8, and Windows 10.
You must be signed in as an administrator to use the BitLocker Repair Tool.
For Windows 7, BitLocker Drive Encryption is only available in the Windows 7 Professional and Windows 7 Enterprise editions.
For Windows 8/8.1, BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.
For Windows 10, BitLocker Drive Encryption is only available in the Windows 10 Pro, Enterprise, and Education editions.
Contents
- Option One: Recover Damaged BitLocker Drive with BitLocker Repair Tool using Password
- Option Two: Recover Damaged BitLocker Drive with BitLocker Repair Tool using Recovery Key
- Option Three: Recover Damaged BitLocker OS Drive with BitLocker Repair Tool using Startup Key
EXAMPLE: Before and after using BitLocker Repair Tool
1 Open an elevated command prompt.
2 Type the command below into the elevated command prompt, and press Enter. (see screenshot below)
repair-bde <source drive letter>: <output drive letter>: -pw -f
Substitute <source drive letter> in the command above with the actual drive letter (ex: "H") of the damaged BitLocker drive you want to recover.
Substitute <output drive letter> in the command above with the actual drive letter (ex: "E") of the empty drive you want to copy the contents of the BitLocker drive to. The output drive needs to be of equal or larger size than the damaged BitLocker encrypted drive. The contents of the output drive will be completely deleted and overwritten by the decrypted contents of the damaged BitLocker drive.
For example:repair-bde H: E: -pw -f
3 When prompted, enter the BitLocker password used to unlock this drive, and press Enter. (see screenshot below)
4 Run chkdsk on the output drive (ex: "E") if ACTION REQUIRED. (see screenshot above and below)
5 You can now close the elevated command prompt.
1 Open an elevated command prompt.
2 Type the command below into the elevated command prompt, and press Enter. Make note of the first section of numbers (ex: "1C689B42") for the Numerical Password ID. This is the key ID to help ID the recovery key for this drive. (see screenshot below)
manage-bde -protectors -get <drive letter>:
Substitute <drive letter> in the command above with the actual drive letter (ex: "H") of the BitLocker drive you want to recover.
For example:manage-bde -protectors -get H:
3 Go to where you backed up the BitLocker recovery key for this drive. Look for the 48-digit recovery key for this drive that matches its key ID (ex: "1C689B42") from step 2 above. (see screenshot below)
4 Type the command below into the elevated command prompt, press Enter. (see screenshot below)
repair-bde <source drive letter>: <output drive letter>: -rp <recovery key> -f
Substitute <source drive letter> in the command above with the actual drive letter (ex: "H") of the damaged BitLocker drive you want to recover.
Substitute <output drive letter> in the command above with the actual drive letter (ex: "E") of the empty drive you want to copy the contents of the BitLocker drive to. The output drive needs to be of equal or larger size than the damaged BitLocker encrypted drive. The contents of the output drive will be completely deleted and overwritten by the decrypted contents of the damaged BitLocker drive.
Substitute <recovery key> in the command above with the 48-digit recovery key from step 3 above for the BitLocker drive (ex: "H").
For example:
repair-bde H: E: -rp 659395-153670-001177-404635-666061-005951-081125-304997 -f
5 Run chkdsk on the output drive (ex: "E") if ACTION REQUIRED. (see screenshot above and below)
6 You can now close the elevated command prompt.
1 Open an elevated command prompt.
2 Type the command below into the elevated command prompt, and press Enter. Make note of the External Key File Name. This is the name of the BitLocker startup key file for this OS drive. (see screenshot below)
manage-bde -protectors -get <drive letter>:
Substitute <drive letter> in the command above with the actual drive letter (ex: "C") of the BitLocker OS drive you want to recover.
For example:manage-bde -protectors -get C:
3 Type the command below into the elevated command prompt, press Enter. (see screenshot below)
repair-bde <source OS drive letter>: <output drive letter>: -rk "<Full path of startup key .BEK file>" -f
Substitute <source OS drive letter> in the command above with the actual drive letter (ex: "C") of the damaged BitLocker OS drive you want to recover.
Substitute <output drive letter> in the command above with the actual drive letter (ex: "E") of the empty drive you want to copy the contents of the BitLocker drive to. The output drive needs to be of equal or larger size than the damaged BitLocker encrypted drive. The contents of the output drive will be completely deleted and overwritten by the decrypted contents of the damaged BitLocker drive.
Substitute <Full path of startup key .BEK file> in the command above with the actual full path of where the startup key .BEK file from step 2 above is saved at for the BitLocker OS drive (ex: "C").
For example:
repair-bde C: E: -rk "G:\CFB586D0-6A39-422E-B232-1BE2EDDFA0D6.BEK" -f
4 Run chkdsk on the output drive (ex: "E") if ACTION REQUIRED. (see screenshot above and below)
5 You can now close the elevated command prompt.
That's it,
Shawn
Related Tutorials
- How to Turn On or Off BitLocker for Fixed Data Drives in Windows 10
- How to Turn On or Off BitLocker for Removable Data Drives in Windows 10
- How to Turn On or Off BitLocker for Operating System Drive in Windows 10
- How to Unlock a Fixed or Removable BitLocker Drive in Windows
- How to Unlock an OS Drive Encrypted by BitLocker in Windows 10
- How to Backup BitLocker Recovery Key for Drive in Windows 10
- How to Find BitLocker Recovery Key in Windows 10
- How to Copy Startup Key of OS Drive Encrypted by BitLocker in Windows
- How to Create BitLocker Encrypted Container File with a VHD or VHDX File in Windows
Use BitLocker Repair Tool to Recover Encrypted Drive in Windows
-
New #1
please help find solution to this
i have tried option one which wasn't successful after several hour of waiting to finished. after it was finished it reported unsuccessful that there was critical damage during disencrypting so it was not successful.
now i tried option three and it was saying this so i snapshot it as attached file for perusal
Last edited by Brink; 19 Dec 2017 at 17:50. Reason: attached your image
-
New #2
Hello micoam, and welcome to Ten Forums. :)
What is the drive letter of your BitLocker drive?
You would need to substitute "H" at the end in the command with your drive letter instead.
-
-
New #4
In that case, it may mean that your "H" drive is not available. This is most likely from whatever cause the critical damage.
You may have to format the "H" drive to be able to use it again.
Do you have backups?
-
New #5
No i dont have a backup of those file, that is why i have reading different post to get it fix but no solution yet,
please what can you do for me?
-
New #6
Do you have the recovery key or startup key for the drive?
If you do and know which one it is for the drive, you can try continuing with the steps using the key.
-
New #7
i have a txt file saved during the encryption, the recovery key inside the file was what i used first before trying the third option,
please see the file save then, help me EXPLAIN IN DETAIL HOW I CAN USE THAT FILE TO GET MY DATA BACK with other option that can help out because i have use different bitlock tools that help but doesn't work for it. easus and 3M
Last edited by Brink; 19 Dec 2017 at 19:48. Reason: attached your image
-
-
-
New #9
sorry i just check the difference between option one and two
option one gave a feedback of password error not correct
option two scanned completely but not successful during des-encrypting and was saying critical damage occur during des-encryption. is there still any solution to it.
Use BitLocker Repair Tool to Recover Encrypted Drive in Windows
How to Use BitLocker Repair Tool to Recover Encrypted Drive in WindowsPublished by Shawn BrinkCategory: Security System
20 Nov 2019
QuoteTutorial Categories
Related Discussions
