Bitlocker Recovery: Swapped Hard Drive

TL;DR

If you’ve swapped a hard drive in your Windows computer and Bitlocker recovery won’t work, it’s likely because the recovery key is tied to the original hardware. You need to unlock Bitlocker using the correct TPM (Trusted Platform Module) or by adding the recovery key manually through the command line before attempting recovery on the new drive.

Bitlocker Recovery: Swapped Hard Drive – Step-by-Step Guide

1. Understand the Problem
   • Bitlocker encrypts your hard drive and ties the encryption to specific hardware components, including the TPM.
   • Swapping the hard drive changes this hardware configuration.
   • The recovery key may not automatically work on the new drive because Bitlocker is looking for the original hardware.
2. Check Your Recovery Key
   • Locate your Bitlocker recovery key. This could be in:
     • Your Microsoft Account: https://account.microsoft.com/recovery-services
     • A USB drive
     • Printed out and saved securely
     • Saved in Active Directory (if your computer is part of a domain)
3. Attempt Recovery Through the Bitlocker Interface
   • Restart your computer.
   • When prompted for the Bitlocker recovery key, enter it carefully.
   • If this fails, proceed to step 4.
4. Use the Command Line to Unlock Bitlocker

   This is often necessary when hardware changes have occurred.

   1. Boot into Windows Recovery Environment (WinRE). You can usually do this by repeatedly turning your computer on and off during startup, or through Settings > Update & Security > Recovery.
   2. Open Command Prompt: Navigate to Troubleshoot > Advanced options > Command Prompt.
   3. Identify the drive letter of your encrypted volume. Use the following command:

      diskpart

      list volume

      Note the drive letter associated with your Bitlocker-encrypted partition.

      exit

   4. Unlock the drive using manage-bde. Replace ‘C:’ with the correct drive letter:

      manage-bde -unlock C: -recoverykey {Your Recovery Key}

      Replace {Your Recovery Key} with your actual 48-digit recovery key.

5. Check TPM Status (If Applicable)
   • Open Command Prompt as an administrator.
   • Type the following command to check if the TPM is enabled:

     tpm.msc

   • Ensure that the TPM status shows “The TPM is ready for use.” If it’s not, you may need to enable it in your BIOS/UEFI settings.
6. Suspend and Resume Bitlocker (If Applicable)

   Sometimes suspending and resuming Bitlocker can help re-establish the connection with the new hardware.

   • Open Command Prompt as an administrator.
   • To suspend Bitlocker:

     manage-bde -suspend C:

     Replace ‘C:’ with your encrypted drive letter.

   • Restart your computer.
   • After restarting, resume Bitlocker:

     manage-bde -resume C:

     Replace ‘C:’ with your encrypted drive letter.

7. If All Else Fails
   • Contact Microsoft Support for assistance. They may be able to help you recover the key or provide further troubleshooting steps.
   • Consider data recovery services as a last resort, but these can be expensive and not always successful.