Windows 10 bitlocker protected drive is not working.

[jillianwyatt46]

Hi,

Detailed Case Information:
I have Windows 10 and BitLocker enabled.

HDD, Seagate 3TB, partitioned into 5 drives.

I did this mistake, I created a bootable USB by easy bcd and tested on host window during boot. Reached to the point where windows setup asks for disk selection, I clicked on the drive(setup says drive encrypted and can't continue) but didn't go further.

Then I boot nothing shows up.

Tried to connect 3tb hard to another PC to unlock drive but it's not accepting correct password and recovery key.

I made windows image before encryption. After restoring that 2nd and 4th drives are not accessible, 5th is formatted and 3rd drive data is intact with minor data loss.

I ran testdisk-7.0 and found no drive in the quick search. The log file is pasted below.
Fri Jul 1 23:56:11 2016
Command line: TestDisk

TestDisk 7.0, Data Recovery Utility, April 2015
Christophe GRENIER <grenier@cgsecurity.org>
CGSecurity - Data recovery: TestDisk & PhotoRec
OS: Windows 8 (9200)
Compiler: GCC 4.8, Cygwin 1007.34
Compilation date: 2015-04-18T13:01:55
ext2fs lib: 1.42.8, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20120504, curses lib: ncurses 5.9
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sda)=2199023255552
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sdb)=801567145984
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive0)=2199023255552
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive1)=801567145984
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\C=536481890304
filewin32_getfilesize(\\.\D GetFileSize err Incorrect function.

filewin32_setfilepointer(\\.\D SetFilePointer err Incorrect function.

Warning: can't get size for \\.\D:
filewin32_getfilesize(\\.\E GetFileSize err Incorrect function.

filewin32_setfilepointer(\\.\E SetFilePointer err Incorrect function.

Warning: can't get size for \\.\E:
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\F=1232570679296
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\G=801564000256
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\H=214748364800
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\I=214746267648
Hard disk list
Disk /dev/sda - 2199 GB / 2048 GiB - CHS 267349 255 63, sector size=512
Disk /dev/sdb - 801 GB / 746 GiB - CHS 97451 255 63, sector size=512
Drive C: - 536 GB / 499 GiB - CHS 65223 255 63, sector size=512
Drive F: - 1232 GB / 1147 GiB - CHS 149851 255 63, sector size=512
Drive G: - 801 GB / 746 GiB - CHS 97451 255 63, sector size=512
Drive H: - 214 GB / 200 GiB - CHS 26108 255 63, sector size=512
Drive I: - 214 GB / 199 GiB - CHS 26108 255 63, sector size=512

Partition table type default to None
Drive F: - 1232 GB / 1147 GiB
Partition table type: Intel

Analyse Drive F: - 1232 GB / 1147 GiB - CHS 149851 255 63
Current partition structure:

Partition sector doesn't have the endmark 0xAA55

search_part()
Drive F: - 1232 GB / 1147 GiB - CHS 149851 255 63

Results

interface_write()

No partition found or selected for recovery
simulate write!

write_mbr_i386: starting...
Store new MBR code
write_all_log_i386: starting...
No extended partition

TestDisk exited normally.

Note:

How I can repair BitLocker/boot sector on 2nd drive?

Thanking you anticipation.

 

[AndyCalling]

This is tricky to advise on. I am assuming that you successfully enabled hardware encryption on the Seagate drive (when you encrypted it, it would not have taken any time to achieve as opposed to hardware encryption) which means if this is the boot drive (another assumption, looks like you're talking about it like it is the boot drive?) you originally installed Windows to it whilst uninitialized (or you did a Diskpart Clean on it before installing) otherwise it would not be hardware encrypted.

I am also assuming you have a TPM installed, since you give few details.

The TPM means you CANNOT transfer this drive into another PC and unlock it. That's the point of a TPM.

It is not clear whether you are trying to recover the data on the drive, or just to wipe it and do a clean install. If you are trying to wipe it, bring up the command line (via the USB boot stick, it is an option in there somewhere) and run Diskpart Clean on the drive concerned (make sure to select the right drive). If this will not work, use the Seagate utility (can be made as a bootable USB stick too) to do a secure erase. Then it should work.

If it is hardware encrypted, the USB boot stick should ask you to enter the Bitlocker Key before unlocking. I'm not sure why it is not doing so. This really ought to happen with software Bitlocker too, but I don't use that for boot drives so I can't speak from experience. Hard to work out without getting my hands on it. You may find it easier to wipe the drive and reach for your backup.

Note that I use the h/w encrypted 3TB Seagate HDD (it comes in encrypted and non-encrypted models) with none of these issues, but then I do use it as a secondary drive. Well worth considering an SSD as your primary drive. Crucial and Samsung provide some nice h/w Bitlocker SSDs for just this purpose (using a Crucial 512gig MX100 myself).

Note that this post is assuming you are talking about the h/w encrypted Seagate drive. If you have a software encrypted drive (or a h/w encryption capable one that has been encrypted via software due to an installation mistake) then you will need to adapt your thinking accordingly. No secure erase available on the non-h/w encrypted version, for example.

 

[jillianwyatt46]

Hi,
Andy,

Thanks a lot for your time.

Sorry, in advance for my dumb questions.

I am going to try my best to answer you questions so you can help me properly.
1-
Encryption was completed successfully and I was using the drives.
2-
TPM was enabled.

3-
I enabled encryption on all drives including OS drive.

4- When my encrypted OS drive failed, I attached it to other PC to see the status of other encrypted drives. No encryption logo was showing on other drives.

Can TPM effect non-OS drives?

5-
I have system image before encryption, I restored OS through it and maybe drives were re-created by it.

6-
Here you can see TPM cmd log.


7-
"The TPM means you CANNOT transfer this drive into another PC and unlock it. That's the point of a TPM.
"

OK, not. What about non-OS drives?

8-

Is it possible if I fix BitLocker and get non-os drives in old states with data?

9-
As I enabled TPM, so my all drives are hardware encrypted?

I also want to mention that due to some issue I was not able to use TPM. So, I turned it off and configured it again. Will it loose my TPM keys for drives?

10-
Are you talking about SSD or SED?

11-
My drive is not capable of h/w encryption. Here is its model
ST3000DM001.

Stay blessed.

 

[jillianwyatt46]

An update to the case.

I repaired Bitlocker using the following command


repair-bde H: J: -rp KEY -f -lf I:\log.txt


The following errors showed up


Log file link is also given below.
log.txt :: Free File Hosting - File Dropper: File Host for Mp3, Videos, Music, Documents.
Thanks.