cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 4,791
Message 21 of 79

Re: X270 Bitlocker requests recovery key every time

Thanks. We are seeing this issue only on X270 but not on others. Like we have X1 Carbon G5, G4, G3 and X240 and X250's. We are using the same process to build the images. As soon as the image is build with SCCM and a reboot happens for any Software update, it keeps asking the Recovery key. 

I am going to Suspend/Resume the Bitlocker, but would be an tedious job for all the 300 devices that we are planning for. Any suggestions please ?

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 4,789
Message 22 of 79

Re: X270 Bitlocker requests recovery key every time

If suspend/resume works, it means BitLocker somehow sealed the encryption key to some temporary HW/BIOS configuration that was later changed.  Such as BIOS update, boot order, some setting, etc.   If suspend/resume doesn't work, and BitLocker still prompts for recovery key after every reboot, something else is going on.

 

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 4,787
Message 23 of 79

Re: X270 Bitlocker requests recovery key every time

Can i use the command line manage-bde -pause c: and manage-bde -resume c: commands to do it ?

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 4,783
Message 24 of 79

Re: X270 Bitlocker requests recovery key every time

I think that will do it.  But I know for sure that suspend/resume from the BitLocker control panel utility will do it.  So why don't you try it that way?

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 4,757
Message 25 of 79

Re: X270 Bitlocker requests recovery key every time

It still prompts for recovery key after resume/suspend. So what else needs to be checked ?

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 4,750
Message 26 of 79

Re: X270 Bitlocker requests recovery key every time


@kuvinod7 wrote:

It still prompts for recovery key after resume/suspend. So what else needs to be checked ?


Can you post a screenshot of diskmgmt.msc, and a screenshot of tpm.msc?

DRW1
Fanfold Paper
Posts: 8
Registered: ‎10-02-2015
Location: GB
Views: 4,748
Message 27 of 79

Re: X270 Bitlocker requests recovery key every time

I'm in the process of re-deploying my T470s with different BIOS configuration - aiming to seeif there is a reliable / repeatable failure state. But following up on kuvinod7's last post - I had a T470s displayiong the issue, if I did a FULL decrypt / soft reboot / encrypt it would then soft reboot ok. However as soon as I cold boot the problem came back.

 

Just FYI, out North American team have reported that Win10 + legacy mode also cuases the recovery key prompt - if they go back to UEFI its fine. Not wanting to jump to conclusions on that basis, but for us its definietly works better under UEFI / Win10. Also I should have pointed out our SKU (20JT) - this is a so-called 'Skabylake' model Smiley Happy

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 4,741
Message 28 of 79

Re: X270 Bitlocker requests recovery key every time

Please find the file attached

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 4,740
Message 29 of 79

Re: X270 Bitlocker requests recovery key every time

TPM Screenshoot attached.

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 4,728
Message 30 of 79

Re: X270 Bitlocker requests recovery key every time

kuvinod7

 

Your screenshots are showing Win7 legacy boot with TPM 1.2.  Same config on X270 works here.  So I have no idea what the problem is.  But we can do one more test.

 

1.  download this .zip and extract to your system that is failing:  https://www.dropbox.com/s/mxl53f2dpl5vuwn/readPcr.zip?dl=0

2.  suspend BitLocker

3.  open command prompt as admin

4.  run "readPcr.exe > 1.txt"   and save 1.txt

5.  resume BitLocker

6.  reboot the system.  I guess you see a recovery prompt.  enter the recovery key and boot Windows

7.  open command prompt as admin

8.  run "readPcr.exe > 2.txt"   and save 2.txt

9.  create a .zip file with 1.txt and 2.txt, and post it here

Check out current deals!


Shop current deals

Top Kudoed Authors