Bitlocker Drive Recovery

I kicked off a BitLocker encryption process on one of my organizations new production servers's drives ("D:") yesterday evening at 7:00PM and left for the day. For reasons known only to God, my partner hard-killed that server at 10:00PM.

When I arrived at the office this morning I saw the machine was off, powered it up and gave it a once-over...and saw that it's "D:" drive showed as BitLocker "Locked". I right-clicked, selected "Unlock" and was prompted for the key, which I provided. It rejected the key as not being the correct key for that drive. I double checked the key's GUID, and tried again, and it failed with the same error message. I rebooted and repeated the procedure twice more and got the same result the first time, but the second returned an error code of 0X8007007a.

Accepting that the volume was likely corrupt, I attempted to run repair-bde, and while it accepted the key and evaluated the volume's metadata, it returned the message below:

C:\Windows\system32>repair-bde D: Z: -rp 000000-000000-000000-000000-000000-000000-000000-000000 -F
BitLocker Drive Encryption: Repair Tool version 6.3.9600
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Beginning scan for BitLocker metadata.

Scanning boot sectors for pointer to metadata: 100%
Finished scanning for BitLocker metadata.
LOG INFO: 0x0000002a
Valid metadata at offset 39647494144 found at scan level 1.
LOG INFO: 0x0000002b
Successfully created repair context.
ACTION REQUIRED: Run 'chkdsk Z: /f' before viewing decrypted data.

The parameter is incorrect.


Open in new window

My questions are these:

1. Which parameter is the utility reporting incorrect? Assuming the this correct?
2. Given that the volume had only been partially encrypted, is there any hope that there might be clean files on that volume that a recovery utility might be able to save?
3. What other options might you know of, if any, aside from nuking and paving that drive?

Thanks for the assist in advance!

Christopher BruckerDeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Well this is unfortunate.  Having been in your spot a few times and had corruption with bitlocker. You can look at 3rd party decryption solutions (your mileage, cost and success will vary.
Personally I'd tackle it the following way

Try drive recovery software on either an image or physical drive to see if data is salvageable. I like r-t tools but that's my preference.
You can use a good hex editor to view the drive and see what is available. Either hexwin or Linux or your flavor hex editor will do.
You can also use Linux as a good tool for different recovery and complete drive deep dive review.
I'd look to see what caused the failure.  Something in the logs may help you (drive failure, power, physical cables)
I've had some luck with this.
I won't as the obvious question

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Christopher BruckerDeveloperAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.