What are the Top Issues for Bitlocker?

rwagg-white small
Rob Waggoner


Q: (from Anthony)

I want to know the top issues (problems) in BitLocker and their solutions.  What should I be aware of from an architectural perspective as well?



I’ve spent a lot of time with BitLocker and I think it has addressed a big need in our industry.  With that said, of course BitLocker requires planning, and it has some unique concerns we need to be aware of. 

Here are a few past articles that will help set the stage for the value of BitLocker

From an architectural perspective, there are a few things we need to consider. Instead of duplicating all of that here, I’ve listed a few key articles you should review.

  1. How do I use Active Directory for backup of BitLocker Drive Encryption recovery information?
  2. Windows Trusted Platform Module Management Step-by-Step Guide
  3. How can I tell if my BIOS supports BitLocker Drive Encryption?


As far as problems with BitLocker; the biggest problem I’ve seen in past issues is that the recovery key is not properly archived.  Without that key, your data is lost in the event of a failure.  With the recovery key, BitLocker will not hinder the recovery of data from a hard drive.  If your computer is a member of Active Directory, archiving the key is straight forward.  If your computer is not part of AD, you need to take some additional steps to either 1) print the recovery key(s) and store them in a safe place or 2) save the recovery key to a USB thumb drive and store the thumb drive in a safe place.

We also have the BitLocker Repair tool, the link to the instructions are here.  The Repair tool is included with Windows 7 and Windows Server 2008 R2, for Windows Vista and Windows Server 2008, the tool can be downloaded here.  Take note that the Repair Tool will not recover a recover key from a failed drive, it needs this recovery key to assist in troubleshooting.


I found a great article on the BitLicker Architecture:


It’s part of the over all BitLocker Drive Encryption Technical Overview, located here.


Here is a great FAQ on BitLocker, I think this article will address the majority of your concerns.

BitLocker Drive Encryption in Windows 7: Frequently Asked Questions

While all of this information is very useful as you architect your BitLocker solution, please pay special attention to these questions and responses in the FAQ:

Is the BitLocker recovery information stored in plaintext in AD DS?

Yes, the recovery information is stored unencrypted in AD DS, but the entries have access control lists (ACLs) that limit access to only domain administrators.

What if BitLocker is enabled on a computer before the computer has joined the domain?

If BitLocker is enabled on a drive before Group Policy has been applied to enforce backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. (read on, this can be mitigated)…

Is Microsoft pursuing any security certification for BitLocker?

BitLocker Drive Encryption in Windows Vista has Federal Information Processing Standard (FIPS) 140-2 certification. BitLocker is included in the Common Criteria (EAL4+) certification process for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Can I access my BitLocker-protected drive if I insert the hard disk into a different computer?

Yes, if the drive is a data drive, you can unlock it from the BitLocker Drive Encryption Control Panel item just as you would any other data drive by using a password or smart card. If the data drive was configured for automatic unlock only, you will have to unlock it by using the recovery key. If it is an operating system drive mounted on another computer running Windows 7, the encrypted hard disk can be unlocked by a data recovery agent if one was configured or it can be unlocked by using the recovery key.

If I lose my recovery information, will the BitLocker-protected data be unrecoverable?

BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive. Therefore, we highly recommend that you store the recovery information in AD DS or in another safe location.

When it comes to recovering a hard drive after some type of hardware failure…  Simply put, if you don’t have your recovery key, all you have left is a hard drive ready to be reformatted!

We also have a new tool, the BitLocker Administration and Monitoring tool that simplifies the provisioning and deployment of BitLocker.



I hope this helps.

Until next time,Rob


Comments (18)
  1. Karan says:

    sir i need your help.

    my external hard disk drive is lock with bitlocker drive encryption,i lost my password and recovery key too.my hdd contains lost of important data which is necessary for me i do not want to delete the data.kindly help me for unlocking the hdd…..

    plz plz

    please mail me if there any solution of this problem.

    my email id-karanraj6342@gmail.com

  2. teja says:

    i had password and recovery key, but while decrycpting i shut down my laptop, now its not working , plz help

  3. The Beav says:

    One of the biggest issues with BL is the horror of bit locking a HDD which in turn has a hardware failure…completely screwed.

  4. TAHIR BABU says:

    Dear Sir,

    I have not bitlocker  in  window7 Professional  please tell me its solution …………..

    my email id mtahir_tahir62@yahoo.com

  5. John says:

    john the ripper is the solution google that nuff said

  6. HardOne says:

    What when I copied (not push) just one file (archive.pst) trough the Network on another PC. I got the recovery key but cannot encrypt only one file with it?

  7. mayank mukul joshi says:

    sir i forgot my password of bit locker and unfortunately formatted the c drive where recovery key was stored.

    though i found my recovery key through cmd but not able to type or paste the alphabetical letters in recovery key panel.
    requires your help with some affevtive solutions plz.

    mayank mukul joshi
    email: mayankjoshi40@gmail.com

  8. Naveed says:

    i lost my password and recovery key too.my hdd contains lost of important data which is necessary for me i do not want to delete the data.kindly help me for unlocking the hdd.. plz solve this problem

  9. Jose says:

    Bitlocker will not allow the laptop to recognize the external keyboard and mouse connected to the docking station that the laptop is docked in until the password is typed in from the laptop keyboard. We are sure its Bitlocker because, after suspending
    Bitlocker and restarting the machine, the external devices will work. What to do?

  10. Andre Powroznik says:

    When I enabled Bitlocker on my Surface, upon restart, some drivers were damaged.

  11. sir my bitlocker is show on C drive d,e,f is not is there to lock

  12. sir my bitlocker is show on C drive d,e,f is not is there to lock

  13. AAN says:

    I can’t complete my encryption.. this error "this disk has one or more errors. Run "chkdsk /r". If the error persist this may be indicative of a hardware fault.Contact the administrator of your system.
    How can this be resolved?

  14. Lol says:

    I don’t know why this stupid thing exist

  15. Percy Subden says:

    Chateau’d myself

  16. Mel says:

    Hello from the Middle-East!
    My 1st experience with Bitlocker was somehow a failure, and I really wish to know the cause.
    Locking and unlocking were perfect.
    Nevertheless, it looked IMPOSSIBLE to delete a file from the Encrypted drive. Furthermore, each time when the drive is unlocked, a prompt for scan-disk was launch indicating that bad sectors needed to be cared for. Another alarming problem is loss of data soon after the scan-disk was completed, making some Programs on the locked nonoperational.
    I coppied all my important files from the Locked drive, formatted it and run scan-disk. I relaunched Encryption on this same drive hoping this time no errors will show.
    Hoping this step solves this problem.
    Your guidance and help are most appreciated Sir.

  17. I suggest using Enigma from BlackSquare Technologies. It is a two factor authentication tool, works at the file and folder level, and is very simple to use. (Works with WIN or Mac). So it protects files when the PC is on unlike BitLocker. Also, the files or folders can be anywhere (cloud) to encrypt or decrypt. Just make sure you log your key as there is no back door (not even big brother) that has a reset.

Comments are closed.

Skip to main content