In the Control Panel, go to BitLocker Drive Encryption and manually unlock encrypted data volumes. This apparently creates the auto-unlock master key on the system volume. Leave the encrypted data volumes in their locked state for now. In the Control Panel, go to BitLocker Drive Encryption and enable Bitlocker on C.From an administrative command prompt, run manage-bde -autounlock -clearallkeys C.Do bare metal restore of system volume C.System Volume Restore with BitLocker Data Volumesīased on that experience, here is what I think should work next time for system volume restore: Maybe the master key will be re-created by a reboot? Sure enough, after rebooting and manually unlocking the drives again, I was finally able to enable auto-unlock on the encrypted data volumes.
The auto-unlock master key was not available from the operating system drive. So I tried manage-bde -autounlock -clearallkeys C.Īfter this, manage-bde -status correctly lists all volumes, but manage-bde -autounlock -enable S: fails with the message:ĮRROR: An error occurred (code 0x80310054): When I saw that error code 0x80070017 can mean that a file is missing or corrupt, it occurred to me that the old BitLocker auto-unlock keys are still on the restored system volume, but they cannot be accessed. Here I found that manage-bde –status listed two volumes out of about eight before aborting with the same error:
Instead, it displayed “Data error (cyclic redundancy check).” But even after re-encrypting the system volume, I was unable to set the data volumes to automatically unlock. As expected, after the restore, the system volume was no longer encrypted. I used Windows Backup to do a bare metal restore of only the system volume. Today I did a disaster recovery test on my Windows Server 2008 R2 Hyper-V host.
0 kommentar(er)
