BitLocker Repair Tool - Recover Drive in Windows 7 and 8

How to Use BitLocker Repair Tool to Recover a Drive in Windows 7 and Windows 8

​

The BitLocker Repair Tool (Repair-bde) is a command-line tool included with Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. This tool attempts to repair or decrypt a damaged BitLocker-encrypted volume using the supplied recovery information to reconstruct critical parts of the drive and salvage recoverable data to another volume.

This tutorial will show you how to use the BitLocker Repair Tool to recover your data from a damaged encrypted operating system (OS) drive, fixed data drive (ex: internal volume/drive), or removable data drive (ex: USB drive) in Windows 7 and Windows 8.

You must be signed in as an administrator to be able to do the steps in this tutorial.

   Note

• You must have at least one of the following for the BitLocker encrypted drive:
  • Password
  • Recovery key
  • Startup key .BEK file location
• You will need to have an empty output volume (drive) of equal or larger size than the damaged BitLocker encrypted drive. The contents of the output volume will be completely deleted and overwritten by the decrypted contents of the damaged BitLocker drive.

   Warning

The BitLocker Repair Tool should only be used as a last resort when you were unable to decrypt or unlock the encrypted drive using either the password, recovery key, USB flash drive, or BitLocker Recovery.

   Tip

If you were signed in to your Microsoft account when you encrypted a drive with BitLocker, then you can get your recovery key from your OneDrive at the link below.

Microsoft account: BitLocker recovery keys

EXAMPLE: Before and After using BitLocker Repair Tool
NOTE: In this example, the BitLocker encrypted drive is F: and the output volume is E: .





Here's How:

1. Do step 2, 3, or 4 below depending on what you would like to do.

2. To Use the Password in Windows 8
NOTE: This option is only available in Windows 8, and would be for an OS drive, fixed data drive, or removable data drive that you have configured to be unlocked by a password.

A) Open an elevated command prompt.

B) In the elevated command prompt, type the command below, and press Enter. (see screenshot below)

repair-bde F: E: -pw -F

   Note

For only items in red in the command above:

Substitute F for the drive letter of the Bitlocker encrypted drive. Not the last F.

Substitute E for the drive letter of the output volume you want to have the contents of the Bitlocker encrypted drive decrypted and copied to.

C) When prompted in the command prompt, type the recovery password for this encrypted drive, press Enter, and go to step 5 below.
NOTE: You will not see the password as you type it.



3. To Use the Recovery Key in Windows 7 and 8
NOTE: This would be for an OS drive, fixed data drive, or removable data drive that you still have the recovery key either saved to your Microsoft account, saved to a file, saved to a USB flash drive, or printed.

A) Open an elevated command prompt.

B) In the elevated command prompt, type the command below, press Enter, and go to step 5 below. (see screenshot below)

repair-bde F: E: -rp BitLockerRecoveryKey -F


For example:

repair-bde F: E: -rp 261173-522599-237072-583517-442068-316811-199375-623755 -F

   Note

For only items in red in the command above:

Substitute F for the drive letter of the Bitlocker encrypted drive.

Substitute E for the drive letter of the output volume you want to have the contents of the Bitlocker encrypted drive decrypted and copied to.

Substitute BitLockerRecoveryKey for the actual 48 digit recovery key for the encrypted drive like below.

Saved to USB or File:




Saved to Microsoft account:

4. To Use the Startup Key in Windows 7 and 8
NOTE: This would only be for an OS drive that you have configured to be unlocked by a USB flash drive.

A) Since you will not be able to boot from the OS drive, you will need to first connect it to another Windows Server 2008 R2, Windows 7, Windows Server 2012, or Windows 8 PC.

B) Open an elevated command prompt in the other PC.

C) In the elevated command prompt, type the command below, press Enter, and go to step 5 below. (see screenshot below)

repair-bde F: E: -rk I:\StartupKey.BEK -F


For example:

repair-bde Z: E: -rk I:\AFA58D77-94CD-4300-8009-68B36AE53276.BEK -F

   Note

For only items in red in the command above:

Substitute F for the drive letter of the Bitlocker encrypted drive.

Substitute E for the drive letter of the output volume you want to have the contents of the Bitlocker encrypted drive decrypted and copied to.

Substitute I for the USB drive letter that the startup key has been saved or copied to.

Substitute StartupKey for the actual file name of the startup key for the encrypted drive like below. The BEK file (startup key) will be a hidden protected OS file.

5. When finally successfully finished, follow any given "ACTION REQUIRED" first. For example, to run chkdsk on the output volume before opening. (see screenshots below step 2, 3, and 3 above)

NOTE: The BitLocker Repair Tool may take a long time to finish, but you will still be able to use your PC during the recovery process. Just do not turn off the PC until it has finished.

6. You will now be able to open the output volume (ex: E) to view the decrypted files from the BitLocker encrypted drive (ex: F).


That's it,
Shawn

Related Tutorials

---

• How to Unlock a Windows 7 Computer Locked by BitLocker Drive Encryption
• How to Unlock a Data or Removable Drive Locked by BitLocker Drive Encryption
• How to Back Up the BitLocker Recovery Key of a Drive in Windows 8
• How to Unlock a Drive using BitLocker Recovery in Windows 8
• How to Turn On or Off BitLocker for Fixed Data Drives in Windows 8
• How to Turn On or Off BitLocker for Windows 8 OS Drive with or without TPM
• How to Copy the BitLocker Startup Key for the OS Drive in Windows 8
• How to Turn On or Off BitLocker To Go for Removable Data Drives in Windows 8
• How to Turn On or Off Auto-unlock of BitLocker Encrypted Data Drives in Windows 8
• How to Suspend or Resume BitLocker Protection of a Drive in Windows 8
• How to Choose BitLocker Drive Encryption Method and Cipher Strength in Windows 8
• Add "Lock Drive" to Unlocked BitLocker Drives Context Menu in Windows 7 and Windows 8
• How to Change or Reset the BitLocker Password of a Drive in Windows 8
• Allow or Prevent Standard Users from Changing BitLocker Password or Pin in Windows 8
• How to Check BitLocker Status of Drive in Windows 7 and Windows 8

 

[Rcreators]

Hi Brink,

That is what i am worried about most. Basically Drive is not password protected. its just encrypted and having issue with decryption. I also have recover key separately copied. so is there any chances now ?

 

[Brink]

It'll just depend on if it will be able to successfully finish decrypting.

 

[iMalcolm]

Houston we have a problem...

I enabled bitlocker for boot volume and after "test" restart got blank screen. Some commands:

Microsoft Windows [Version 10.0.10586]

X:\Sources>manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Label Unknown]
[Data Volume]

    Size:                 Unknown GB
    BitLocker Version:    2.0
    Conversion Status:    Unknown
    Percentage Encrypted: Unknown%
    Encryption Method:    XTS-AES 128
    Protection Status:    Unknown
    Lock Status:          Locked
    Identification Field: Unknown
    Automatic Unlock:     Disabled
    Key Protectors:
        External Key
        Numerical Password

Volume D: [Buffer]
[Data Volume]

    Size:                 215.34 GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Automatic Unlock:     Disabled
    Key Protectors:       None Found


X:\Sources>manage-bde c: -protectors
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: Missing required parameter.

Type "manage-bde -?" for usage.

X:\Sources>manage-bde c: -protectors -get
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume C: [Label Unknown]
All Key Protectors

    External Key:
      ID: {C93D1B3D-6F11-4B08-AC97-0A712133AF9B}
      External Key File Name:
        C93D1B3D-6F11-4B08-AC97-0A712133AF9B.BEK

    Numerical Password:
      ID: {375BFF3F-D9F6-4FA8-B730-9035DF899625}
Microsoft Windows [Version 10.0.10586]

X:\Sources>repair-bde c: d: -F
BitLocker Drive Encryption: Repair Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Beginning scan for BitLocker metadata.

Scanning boot sectors for pointer to metadata: 100%
Scanning sector boundaries for metadata:   1%
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 172789760. (0x80310000)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 1132462080. (0x80310000)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 2510430208. (0x80310000)
Scanning sector boundaries for metadata:  18%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 37528612352. (0x80310010)
Scanning sector boundaries for metadata:  96%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 192927018496. (0x80310010)
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 193114650624. (0x80310010)
Scanning sector boundaries for metadata: 100%
Finished scanning for BitLocker metadata.

ERROR: BitLocker is not suspended on this volume. Try another key protector.

X:\Sources>repair-bde c: d: -F -rp 715429-199276-105765-436755-535469-717453-578611-538736
BitLocker Drive Encryption: Repair Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Beginning scan for BitLocker metadata.

Scanning boot sectors for pointer to metadata: 100%
Scanning sector boundaries for metadata:   1%
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 172789760. (0x80070057)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 1132462080. (0x80070057)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 2510430208. (0x80070057)
Scanning sector boundaries for metadata:  18%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 37528612352. (0x80310010)
Scanning sector boundaries for metadata:  96%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 192927018496. (0x80310010)
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 193114650624. (0x80310010)
Scanning sector boundaries for metadata: 100%
Finished scanning for BitLocker metadata.

ERROR: Cannot use '715429-199276-105765-436755-535469-717453-578611-538736' to
unlock the input volume. Please try a different recovery password, recovery key
or password.

Thank you in advance for any suggestions because I don't have a backup(

 

[Brink]

Hello Malcolm, and welcome to Eight Forums.

That doesn't sound good at all. You might try restarting the computer again to see if you may get a BitLocker failed message, and then return to Windows.

Otherwise, it's looking like it may be time to clean install.

 

[PaladinLeonitus]

Thank you!! This code saved my files:

repair-bde F: E: -rp BitLockerRecoveryKey -F

 

[Brink]

I'm glad it could help PaladinLeonitus, and welcome to Eight Forums.

 

[Soulkeep]

IMPORTANT!
Make sure you try Brinks recovering guide before you try anything else!

I learned the hard way.
Getting recovery programs is usually not the best. I basically dug my own grave on this. Wish I found this guide earlier.

Thank you Brink for still being active and just as helpful via PM as this thread. I appreciate it all.

 

[As.97]

Houston we have a problem...

I enabled bitlocker for boot volume and after "test" restart got blank screen. Some commands:

Microsoft Windows [Version 10.0.10586]

X:\Sources>manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Label Unknown]
[Data Volume]

    Size:                 Unknown GB
    BitLocker Version:    2.0
    Conversion Status:    Unknown
    Percentage Encrypted: Unknown%
    Encryption Method:    XTS-AES 128
    Protection Status:    Unknown
    Lock Status:          Locked
    Identification Field: Unknown
    Automatic Unlock:     Disabled
    Key Protectors:
        External Key
        Numerical Password

Volume D: [Buffer]
[Data Volume]

    Size:                 215.34 GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Automatic Unlock:     Disabled
    Key Protectors:       None Found


X:\Sources>manage-bde c: -protectors
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: Missing required parameter.

Type "manage-bde -?" for usage.

X:\Sources>manage-bde c: -protectors -get
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume C: [Label Unknown]
All Key Protectors

    External Key:
      ID: {C93D1B3D-6F11-4B08-AC97-0A712133AF9B}
      External Key File Name:
        C93D1B3D-6F11-4B08-AC97-0A712133AF9B.BEK

    Numerical Password:
      ID: {375BFF3F-D9F6-4FA8-B730-9035DF899625}
Microsoft Windows [Version 10.0.10586]

X:\Sources>repair-bde c: d: -F
BitLocker Drive Encryption: Repair Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Beginning scan for BitLocker metadata.

Scanning boot sectors for pointer to metadata: 100%
Scanning sector boundaries for metadata:   1%
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 172789760. (0x80310000)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 1132462080. (0x80310000)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 2510430208. (0x80310000)
Scanning sector boundaries for metadata:  18%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 37528612352. (0x80310010)
Scanning sector boundaries for metadata:  96%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 192927018496. (0x80310010)
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 193114650624. (0x80310010)
Scanning sector boundaries for metadata: 100%
Finished scanning for BitLocker metadata.

ERROR: BitLocker is not suspended on this volume. Try another key protector.

X:\Sources>repair-bde c: d: -F -rp 715429-199276-105765-436755-535469-717453-578611-538736
BitLocker Drive Encryption: Repair Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Beginning scan for BitLocker metadata.

Scanning boot sectors for pointer to metadata: 100%
Scanning sector boundaries for metadata:   1%
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 172789760. (0x80070057)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 1132462080. (0x80070057)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 2510430208. (0x80070057)
Scanning sector boundaries for metadata:  18%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 37528612352. (0x80310010)
Scanning sector boundaries for metadata:  96%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 192927018496. (0x80310010)
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 193114650624. (0x80310010)
Scanning sector boundaries for metadata: 100%
Finished scanning for BitLocker metadata.

ERROR: Cannot use '715429-199276-105765-436755-535469-717453-578611-538736' to
unlock the input volume. Please try a different recovery password, recovery key
or password.

Thank you in advance for any suggestions because I don't have a backup(

I did this and it said decryption complete and when i checked the status of the disk it was still encrypted.... bitlocker is really annoying i need the help

 

[Brink]

I did this and it said decryption complete and when i checked the status of the disk it was still encrypted.... bitlocker is really annoying i need the help

Hello As.97, and welcome to Eight Forums.

What does it show as the status of the drive in Control Panel > BitLocker Drive Encryption (BitLocker Manager)?

 

[As.97]

Hello As.97, and welcome to Eight Forums.

What does it show as the status of the drive in Control Panel > BitLocker Drive Encryption (BitLocker Manager)?

I cant access control panel my laptop is in bitlocker recovery i downloaded a installation media and i am in cmd...trying to unlock my bitlocker.

 

[Brink]

I cant access control panel my laptop is in bitlocker recovery i downloaded a installation media and i am in cmd...trying to unlock my bitlocker.

Since you are in BitLocker Recovery, you might look over the guide below from Microsoft to see if it may help.

BitLocker recovery guide (Windows 10) - Microsoft 365 Security

This article for IT professionals describes how to recover BitLocker keys from AD DS.

docs.microsoft.com

 

[As.97]

thisis what i see, im trying to unlock my drive so i can reinstall windows, ive tried manage-bde -off c: , ive tried unlocking with manage-bde -off -rp (my psswd) but it wont work either

 

[As.97]

Since you are in BitLocker Recovery, you might look over the guide below from Microsoft to see if it may help.

BitLocker recovery guide (Windows 10) - Microsoft 365 Security

This article for IT professionals describes how to recover BitLocker keys from AD DS.

docs.microsoft.com

Thank you for the recommendation but it did not help

 

[Brink]

Thank you for the recommendation but it did not help

It looks like volume "D" is decrypted.

I assume the top volume is for the Windows "C" drive?

Is the TPM enabled in your BIOS for it to use to unlock the drive?

Verify Trusted Platform Module (TPM) Chip on Windows PC

How to Check if Windows PC has a Trusted Platform Module (TPM) Chip

www.tenforums.com

 

[As.97]

It looks like volume "D" is decrypted.

I assume the top volume is for the Windows "C" drive?

Is the TPM enabled in your BIOS for it to use to unlock the drive?

Verify Trusted Platform Module (TPM) Chip on Windows PC

How to Check if Windows PC has a Trusted Platform Module (TPM) Chip

www.tenforums.com

D is my installation media and c is the hard drive, i tried the link but it says 'tmptool' is recogonized as an internal or external command

 

[As.97]

B

It looks like volume "D" is decrypted.

I assume the top volume is for the Windows "C" drive?

Is the TPM enabled in your BIOS for it to use to unlock the drive?

Verify Trusted Platform Module (TPM) Chip on Windows PC

How to Check if Windows PC has a Trusted Platform Module (TPM) Chip

www.tenforums.com

But when i put manage-bde -protectors -get c: it says tmp:
Id:.....
Pcr validation profile: 7 ; 11

 

[Brink]

D is my installation media and c is the hard drive, i tried the link but it says 'tmptool' is recogonized as an internal or external command

Are you able to boot into BIOS to verify the TPM setting?

 

[As.97]

Are you able to boot into BIOS to verify the TPM setting?

Yes but i click on windows to go to boot settings and turn off windows bios so it can restart n use the usb boot , thats how im able to access cmd

 

[Brink]

Yes but i click on windows to go to boot settings and turn off windows bios so it can restart n use the usb boot , thats how im able to access cmd

Do you have a restore point or system image available that you can use to go back to before this happened?

 

[As.97]

Do you have a restore point or system image available that you can use to go back to before this happened?

I dont i use onedrive to save my data i dont have any physical restore point