How to Verify BitLocker Recovery Keys in SQL DB using MBAM

Customers using BitLocker Drive Encryption to protect a volume might be curious to know, how to verify BitLocker Recovery keys in SQL database for MBAM.

Consider this scenario: A Volume is already BitLocker encrypted and recovery information is backed up in Active Directory. We install the MBAM client on a Windows 7 client machine and the MBAM agent back’s up the recovery key for all encrypted volumes in the SQL DB.

To verify the 48 digit recovery password was saved within SQL do the following:

  1. Open SQL Management Studio.
  2. Expand the MBAMAndRecoveryHardware Database.
  3. Under Tables, Select RecoveryAndHardwareCore.Keys
  4. Right Click RecoveryAndHardwareCore.Keys and Select Top 1000 Rows.
  5. Once you see the Query, execute it.

clip_image002

SQL Query:

SELECT TOP 1000 [Id]

      ,[LastUpdateTime]

      ,[VolumeId]

      ,[RecoveryKeyId]

      ,[RecoveryKey]

      ,[Disclosed]FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys]

 

If you want to search for a specific recovery key id then use this query.

 

clip_image004

 SQL Query: 

SELECT TOP 1000 [Id]

      ,[LastUpdateTime]

      ,[VolumeId]

      ,[RecoveryKeyId]

      ,[RecoveryKey]

      ,[Disclosed]

  FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys] WHERE RecoveryKeyId LIKE 'a0b84b65%'

 

For further information on MBAM and how it can help your environment, please consult the following documentation.

Planning Guide: https://onlinehelp.microsoft.com/en-us/mdop/hh285653.aspx

Deployment Guide: https://onlinehelp.microsoft.com/en-us/mdop/hh285644.aspx

Operations Guide: https://onlinehelp.microsoft.com/en-us/mdop/hh285664.aspx

Troubleshooting MBAM: https://onlinehelp.microsoft.com/en-us/mdop/hh352745.aspx

 

Manoj Sehgal
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support