BitLocker won't accept correct disk password after… somethingHow to I set up the TPM module to give the...
How to prevent "they're falling in love" trope
Did 'Cinema Songs' exist during Hiranyakshipu's time?
In the UK, is it possible to get a referendum by a court decision?
How to compactly explain secondary and tertiary characters without resorting to stereotypes?
files created then deleted at every second in tmp directory
What are the G forces leaving Earth orbit?
Avoiding the "not like other girls" trope?
Do creatures with a listed speed of "0 ft., fly 30 ft. (hover)" ever touch the ground?
How to remove border from elements in the last row?
What does the same-ish mean?
Can compressed videos be decoded back to their uncompresed original format?
Blending or harmonizing
What historical events would have to change in order to make 19th century "steampunk" technology possible?
What Exploit Are These User Agents Trying to Use?
How can a day be of 24 hours?
Machine learning testing data
How can saying a song's name be a copyright violation?
How badly should I try to prevent a user from XSSing themselves?
What is the opposite of "eschatology"?
Is there a hemisphere-neutral way of specifying a season?
How does a dynamic QR code work?
Obtaining database information and values in extended properties
Unlock My Phone! February 2018
Pact of Blade Warlock with Dancing Blade
BitLocker won't accept correct disk password after… something
How to I set up the TPM module to give the correct password to the hard drive?Win7 --> Win8 = Bitlocker won't ask for passwordTrigger Recoverable BitLocker LockoutWindows 10 - Bitlocker - Not prompting for password on startupBitlocker not asking for password?Is Linux full-disk encryption with seamless user experience ala FileVault (macOS) or BitLocker (Windows) possible?Getting data off Bitlocker drive restrictions where Bitlocker uses TPM and no passwordHow can Windows boot with Bitlocker after clearing the TPM?How to relink bitlocker and TPM? (veracrypt's encrypted disk)How to fix BitLocker password input freeze?
The company I work for has computers with TPM chips and Windows 10 Enterprise, and uses BitLocker for full-disk encryption. They have BitLocker configured to require a password at boot (which I believe means the TPM is not involved in the decryption, and the disk should only be encrypted by the password itself; is this wrong?).
A coworker has his computer off the network for a while and they removed his computer's access. To get access back, IT had to do "stuff" to it.
In the process of this, they had to
Make BIOS accept USB boot drive
Do something, maybe including updates to stuff (they weren't able to explain what the thing they ran did, only that it "did stuff")
Boot the computer
Noticed BitLocker password wasn't working
Went back into BIOS and re-initialized the TPM (because "sometimes that makes it accept the recovery key")
But the BitLocker password still didn't work... and the extraordinarily-competent IT people (the same ones who re-initialized the TPM) also lost the recovery key from their database.
What is actually causing it to reject the correct password?
Is the TPM relevant to this at all? (does password-protection require both the password to be correct AND the TPM to have the correct PCR state, or is it independent of the TPM?)
How can he unlock the drive with the password? (if the above question is that it still requires the TPM, then this is probably a worthless question because it's impossible)
windows-10 bitlocker tpm
asked 2 hours ago
iAdjunctiAdjunct
1,103613
add a comment |
The company I work for has computers with TPM chips and Windows 10 Enterprise, and uses BitLocker for full-disk encryption. They have BitLocker configured to require a password at boot (which I believe means the TPM is not involved in the decryption, and the disk should only be encrypted by the password itself; is this wrong?).
A coworker has his computer off the network for a while and they removed his computer's access. To get access back, IT had to do "stuff" to it.
In the process of this, they had to
Make BIOS accept USB boot drive
Do something, maybe including updates to stuff (they weren't able to explain what the thing they ran did, only that it "did stuff")
Boot the computer
Noticed BitLocker password wasn't working
Went back into BIOS and re-initialized the TPM (because "sometimes that makes it accept the recovery key")
But the BitLocker password still didn't work... and the extraordinarily-competent IT people (the same ones who re-initialized the TPM) also lost the recovery key from their database.
What is actually causing it to reject the correct password?
Is the TPM relevant to this at all? (does password-protection require both the password to be correct AND the TPM to have the correct PCR state, or is it independent of the TPM?)
How can he unlock the drive with the password? (if the above question is that it still requires the TPM, then this is probably a worthless question because it's impossible)
windows-10 bitlocker tpm
asked 2 hours ago
iAdjunctiAdjunct
1,103613
add a comment |
The company I work for has computers with TPM chips and Windows 10 Enterprise, and uses BitLocker for full-disk encryption. They have BitLocker configured to require a password at boot (which I believe means the TPM is not involved in the decryption, and the disk should only be encrypted by the password itself; is this wrong?).
A coworker has his computer off the network for a while and they removed his computer's access. To get access back, IT had to do "stuff" to it.
In the process of this, they had to
Make BIOS accept USB boot drive
Do something, maybe including updates to stuff (they weren't able to explain what the thing they ran did, only that it "did stuff")
Boot the computer
Noticed BitLocker password wasn't working
Went back into BIOS and re-initialized the TPM (because "sometimes that makes it accept the recovery key")
But the BitLocker password still didn't work... and the extraordinarily-competent IT people (the same ones who re-initialized the TPM) also lost the recovery key from their database.
What is actually causing it to reject the correct password?
Is the TPM relevant to this at all? (does password-protection require both the password to be correct AND the TPM to have the correct PCR state, or is it independent of the TPM?)
How can he unlock the drive with the password? (if the above question is that it still requires the TPM, then this is probably a worthless question because it's impossible)
windows-10 bitlocker tpm
asked 2 hours ago
iAdjunctiAdjunct
1,103613
The company I work for has computers with TPM chips and Windows 10 Enterprise, and uses BitLocker for full-disk encryption. They have BitLocker configured to require a password at boot (which I believe means the TPM is not involved in the decryption, and the disk should only be encrypted by the password itself; is this wrong?).
A coworker has his computer off the network for a while and they removed his computer's access. To get access back, IT had to do "stuff" to it.
In the process of this, they had to
Make BIOS accept USB boot drive
Do something, maybe including updates to stuff (they weren't able to explain what the thing they ran did, only that it "did stuff")
Boot the computer
Noticed BitLocker password wasn't working
Went back into BIOS and re-initialized the TPM (because "sometimes that makes it accept the recovery key")
But the BitLocker password still didn't work... and the extraordinarily-competent IT people (the same ones who re-initialized the TPM) also lost the recovery key from their database.
What is actually causing it to reject the correct password?
Is the TPM relevant to this at all? (does password-protection require both the password to be correct AND the TPM to have the correct PCR state, or is it independent of the TPM?)
How can he unlock the drive with the password? (if the above question is that it still requires the TPM, then this is probably a worthless question because it's impossible)
windows-10 bitlocker tpm
windows-10 bitlocker tpm
asked 2 hours ago
iAdjunctiAdjunct
1,103613
asked 2 hours ago
iAdjunctiAdjunct
1,103613
asked 2 hours ago
iAdjunctiAdjunct
1,103613
asked 2 hours ago
iAdjunctiAdjunct
1,103613
asked 2 hours ago
iAdjunctiAdjunct
1,103613
1,103613
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Is the TPM relevant to this at all?
Yes; BitLocker absolutely was using the TPM to store the key. When the TPM configuration was wiped this key was permanently lost. The only way to access the drive currently is with the recovery key.
What is actually causing it to reject the correct password?
The password would only be accepted after the applicable recovery key was provided.
How can he unlock the drive with the password?
This is not possible in the current condition the system is in.
The recovery key is required, in order for the password to be used, in order to enable BitLocker again. BitLocker was automatically suspended when the TPM configuration was wiped. The data is still encrypted but the recovery key is required in order to access the data.
answered 2 hours ago
RamhoundRamhound
21k156287
Ah, so BitLocker puts the password through the TPM too? How does it do this (and how can I have multiple drives with different passwords which can be unlocked in any order I choose)?
– iAdjunct
2 hours ago
Does this mean that the actual underlying AES key is stored both encrypted byhash(Password,TPM-PCRs)andhash(Password,RecoveryKey), so in either case the password is required?
– iAdjunct
2 hours ago
Unfortunately, the company does not allow photography and the computer is pre-boot, so no screen-shots. Can the drive be unlocked with only the recovery key, or does it need both the password and the key? He tells me it is now only asking for the recovery key; it asked for the password before, but after the TPM-reset, it started asking for the recovery key. Did I mention our IT department is stellar?
– iAdjunct
1 hour ago
Thank you for reminding me that I hadn't hit the check mark yet. Also, thank you for your answer - it has been very helpful! (naturally, he's not happy about the answer, but at least he can stop trying to find a way to fix it)
– iAdjunct
38 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1420622%2fbitlocker-wont-accept-correct-disk-password-after-something%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is the TPM relevant to this at all?
Yes; BitLocker absolutely was using the TPM to store the key. When the TPM configuration was wiped this key was permanently lost. The only way to access the drive currently is with the recovery key.
What is actually causing it to reject the correct password?
The password would only be accepted after the applicable recovery key was provided.
How can he unlock the drive with the password?
This is not possible in the current condition the system is in.
The recovery key is required, in order for the password to be used, in order to enable BitLocker again. BitLocker was automatically suspended when the TPM configuration was wiped. The data is still encrypted but the recovery key is required in order to access the data.
answered 2 hours ago
RamhoundRamhound
21k156287
Ah, so BitLocker puts the password through the TPM too? How does it do this (and how can I have multiple drives with different passwords which can be unlocked in any order I choose)?
– iAdjunct
2 hours ago
Does this mean that the actual underlying AES key is stored both encrypted byhash(Password,TPM-PCRs)andhash(Password,RecoveryKey), so in either case the password is required?
– iAdjunct
2 hours ago
Unfortunately, the company does not allow photography and the computer is pre-boot, so no screen-shots. Can the drive be unlocked with only the recovery key, or does it need both the password and the key? He tells me it is now only asking for the recovery key; it asked for the password before, but after the TPM-reset, it started asking for the recovery key. Did I mention our IT department is stellar?
– iAdjunct
1 hour ago
Thank you for reminding me that I hadn't hit the check mark yet. Also, thank you for your answer - it has been very helpful! (naturally, he's not happy about the answer, but at least he can stop trying to find a way to fix it)
– iAdjunct
38 mins ago
add a comment |
Is the TPM relevant to this at all?
Yes; BitLocker absolutely was using the TPM to store the key. When the TPM configuration was wiped this key was permanently lost. The only way to access the drive currently is with the recovery key.
What is actually causing it to reject the correct password?
The password would only be accepted after the applicable recovery key was provided.
How can he unlock the drive with the password?
This is not possible in the current condition the system is in.
The recovery key is required, in order for the password to be used, in order to enable BitLocker again. BitLocker was automatically suspended when the TPM configuration was wiped. The data is still encrypted but the recovery key is required in order to access the data.
answered 2 hours ago
RamhoundRamhound
21k156287
Ah, so BitLocker puts the password through the TPM too? How does it do this (and how can I have multiple drives with different passwords which can be unlocked in any order I choose)?
– iAdjunct
2 hours ago
Does this mean that the actual underlying AES key is stored both encrypted byhash(Password,TPM-PCRs)andhash(Password,RecoveryKey), so in either case the password is required?
– iAdjunct
2 hours ago
Unfortunately, the company does not allow photography and the computer is pre-boot, so no screen-shots. Can the drive be unlocked with only the recovery key, or does it need both the password and the key? He tells me it is now only asking for the recovery key; it asked for the password before, but after the TPM-reset, it started asking for the recovery key. Did I mention our IT department is stellar?
– iAdjunct
1 hour ago
Thank you for reminding me that I hadn't hit the check mark yet. Also, thank you for your answer - it has been very helpful! (naturally, he's not happy about the answer, but at least he can stop trying to find a way to fix it)
– iAdjunct
38 mins ago
add a comment |
Is the TPM relevant to this at all?
Yes; BitLocker absolutely was using the TPM to store the key. When the TPM configuration was wiped this key was permanently lost. The only way to access the drive currently is with the recovery key.
What is actually causing it to reject the correct password?
The password would only be accepted after the applicable recovery key was provided.
How can he unlock the drive with the password?
This is not possible in the current condition the system is in.
The recovery key is required, in order for the password to be used, in order to enable BitLocker again. BitLocker was automatically suspended when the TPM configuration was wiped. The data is still encrypted but the recovery key is required in order to access the data.
answered 2 hours ago
RamhoundRamhound
21k156287
Is the TPM relevant to this at all?
Yes; BitLocker absolutely was using the TPM to store the key. When the TPM configuration was wiped this key was permanently lost. The only way to access the drive currently is with the recovery key.
What is actually causing it to reject the correct password?
The password would only be accepted after the applicable recovery key was provided.
How can he unlock the drive with the password?
This is not possible in the current condition the system is in.
The recovery key is required, in order for the password to be used, in order to enable BitLocker again. BitLocker was automatically suspended when the TPM configuration was wiped. The data is still encrypted but the recovery key is required in order to access the data.
answered 2 hours ago
RamhoundRamhound
21k156287
answered 2 hours ago
RamhoundRamhound
21k156287
answered 2 hours ago
RamhoundRamhound
21k156287
answered 2 hours ago
RamhoundRamhound
21k156287
21k156287
Ah, so BitLocker puts the password through the TPM too? How does it do this (and how can I have multiple drives with different passwords which can be unlocked in any order I choose)?
– iAdjunct
2 hours ago
Does this mean that the actual underlying AES key is stored both encrypted byhash(Password,TPM-PCRs)andhash(Password,RecoveryKey), so in either case the password is required?
– iAdjunct
2 hours ago
Unfortunately, the company does not allow photography and the computer is pre-boot, so no screen-shots. Can the drive be unlocked with only the recovery key, or does it need both the password and the key? He tells me it is now only asking for the recovery key; it asked for the password before, but after the TPM-reset, it started asking for the recovery key. Did I mention our IT department is stellar?
– iAdjunct
1 hour ago
Thank you for reminding me that I hadn't hit the check mark yet. Also, thank you for your answer - it has been very helpful! (naturally, he's not happy about the answer, but at least he can stop trying to find a way to fix it)
– iAdjunct
38 mins ago
add a comment |
Ah, so BitLocker puts the password through the TPM too? How does it do this (and how can I have multiple drives with different passwords which can be unlocked in any order I choose)?
– iAdjunct
2 hours ago
Does this mean that the actual underlying AES key is stored both encrypted byhash(Password,TPM-PCRs)andhash(Password,RecoveryKey), so in either case the password is required?
– iAdjunct
2 hours ago
Unfortunately, the company does not allow photography and the computer is pre-boot, so no screen-shots. Can the drive be unlocked with only the recovery key, or does it need both the password and the key? He tells me it is now only asking for the recovery key; it asked for the password before, but after the TPM-reset, it started asking for the recovery key. Did I mention our IT department is stellar?
– iAdjunct
1 hour ago
Thank you for reminding me that I hadn't hit the check mark yet. Also, thank you for your answer - it has been very helpful! (naturally, he's not happy about the answer, but at least he can stop trying to find a way to fix it)
– iAdjunct
38 mins ago
Ah, so BitLocker puts the password through the TPM too? How does it do this (and how can I have multiple drives with different passwords which can be unlocked in any order I choose)?
– iAdjunct
2 hours ago
Ah, so BitLocker puts the password through the TPM too? How does it do this (and how can I have multiple drives with different passwords which can be unlocked in any order I choose)?
– iAdjunct
2 hours ago
Does this mean that the actual underlying AES key is stored both encrypted by
hash(Password,TPM-PCRs) and hash(Password,RecoveryKey), so in either case the password is required?– iAdjunct
2 hours ago
Does this mean that the actual underlying AES key is stored both encrypted by
hash(Password,TPM-PCRs) and hash(Password,RecoveryKey), so in either case the password is required?– iAdjunct
2 hours ago
Unfortunately, the company does not allow photography and the computer is pre-boot, so no screen-shots. Can the drive be unlocked with only the recovery key, or does it need both the password and the key? He tells me it is now only asking for the recovery key; it asked for the password before, but after the TPM-reset, it started asking for the recovery key. Did I mention our IT department is stellar?
– iAdjunct
1 hour ago
Unfortunately, the company does not allow photography and the computer is pre-boot, so no screen-shots. Can the drive be unlocked with only the recovery key, or does it need both the password and the key? He tells me it is now only asking for the recovery key; it asked for the password before, but after the TPM-reset, it started asking for the recovery key. Did I mention our IT department is stellar?
– iAdjunct
1 hour ago
Thank you for reminding me that I hadn't hit the check mark yet. Also, thank you for your answer - it has been very helpful! (naturally, he's not happy about the answer, but at least he can stop trying to find a way to fix it)
– iAdjunct
38 mins ago
Thank you for reminding me that I hadn't hit the check mark yet. Also, thank you for your answer - it has been very helpful! (naturally, he's not happy about the answer, but at least he can stop trying to find a way to fix it)
– iAdjunct
38 mins ago
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1420622%2fbitlocker-wont-accept-correct-disk-password-after-something%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
