1
I was attempting to configure Bitlocker on my laptop which has two volumes: a boot SSD (C:) and a larger spinning disk (D:). When I first tried to encrypt the entire C: (boot) drive, it told me that it couldn't do it at that time and required a reboot. I saved the recovery key information to a secure location, and moved on to encrypting my spinning disk. The encryption of that volume completed in about 16 hours with no errors.
I then rebooted the laptop to allow it to do the encryption of the boot volume. I was greeted with the password prompt to decrypt the Bitlocker volume, and I entered the password I chose when setting up the encryption, but it immediately started booting into the recovery partition. After trying to get the system to boot multiple times, I finally entered the command prompt in the recovery partition, and used manage-bde to try and decrypt the C: drive.
manage-bde reports that it is unable to decrypt the partition using both the password I created (and was accepted by the original Bitlocker boot screen), nor the recovery password (yes, I tried entering them multiple times, even using a copy-and-paste in the terminal window for the recovery password after copying the recovery file to a USB key and mounting it on the computer). manage-bde has no issue with decrypting and mounting my spinning disk that encrypted without error.
Next, I booted up on System Rescue CD from a USB stick, and used dd piped to hexdump -C of the original NTFS partition to investigate what is going on. Sure enough the partition header matches that of a
Bitlocker volume header. However, the contents at offset 00a0 do not match the "magic header" as described in the previous link (whereas it does on my correctly-encrypted volume). As I delve even further into the volume, I can see plain-text contents of files and even what appear to be file entry headers with filenames! I use the same process to explore the contents of the volume that was successfully encrypted, and I can't find any meaningful information as I page through the blocks of the device.
What can I do to restore the partition header so everything recognizes this partition as an NTFS volume? ntfs-3g doesn't like the partition, and I'd rather get advice before attempting to manually edit the partition header on my own.
Thanks in advance for reading my long issue!
scwagner
Posted 2017-11-11T06:32:45.193
Reputation: 111
If someone ends up here as a result of a Google search, it is my sad duty to inform you that I was not able to solve this problem on my own. I also posted on the Bitlocker forums on TechNet, and the only reply I received suggested running some commands that made zero changes to the system. After a week without my laptop I finally gave up and had to reformat the volume and reinstall Windows. Best of luck to you if you're in the same boat; sorry I don't have better news. – scwagner – 2017-11-27T21:14:27.683
1I'm voting to close this question because the OP ended up reformatting the system making further troubleshooting impossible. – I say Reinstate Monica – 2018-02-15T03:31:35.397