Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, December 12, 2018 8:53 PM
So, after doing a clean installation of Windows from an USB plagued of problems (even BSOD during installation) and resetting the device, I think I managed to get Windows working. But there is one thing that is still bothering me. Device encryption tab in settings showed that " encryption was temporarily suspended" in every moment. So I decided to type manage-bde -status. There were no keys and protection was off. I followed the steps mentioned in this forum, and typed
manage-bde -protectors -add c: -tpm
and
manage-bde -protectors -add c: -rp
The thing is, I think I have device encryption running, as per the output of manage-bde -status, but there is no recovery key showing up in https://onedrive.live.com/RecoveryKey.
What is happening? Would appreciate any kind of help, thanks.
All replies (17)
Thursday, December 20, 2018 10:08 AM ✅Answered
Hi PabloZia2,
If your WinRE status is showing "Enabled", you can try to press Shift then click Start to choose Reboot, to try if the WinRE is available.
I have also tested on my Windows 10 1809 machine, first the command "reagentc /info" reported that the WinRE status was “Disabled” and in System Information it also said “winre is not configured”. Then I ran the command "reagentc /enable", the output of "reagentc /info" show that the WinRE status was “Enabled” and System Information is no longer reporting of “winre is not configured”. You can also try to "reagentc /disable" and then "reagentc /enable" it manually, to see if it can refresh the result in system information.
Also please be aware of this, the BitLocker can be turned on automatically or manually either, just depending on your choice. And both of them can complete the device encryption and make it working. Since you have turned on the BitLocker manually, and if you confirm the WinRE is enabled, I suspect that the device encryption has been done and is working fine now, don’t worry for this. You can also confirm this with the disk icon, with BitLocker enabled it should display with a lock on it, similar with below snapshot.
If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, December 13, 2018 8:56 AM
Hi PabloZia2,
What’s the OS version you are using? And what’s the current output of command manage-bde -status for your device? Please provide a screenshot after you run the command manage-bde -status, and a screenshot of the message in Device Encryption.
If the device encryption is totally completed and running fine, it should display similar as below snapshot 1; and if not, it may display similar like below snapshot 2.
Since your drive is suspend, you could enter the command manage-bde -protectors -enable c: to resume it.
Also, Is your device connected to a domain? Which one did you see and select while back up the recovery key, “Save to your Microsoft account” or “Save to your could domain account”? If it’s cloud domain account option, recovery key will not be saved in Microsoft account, but saved in Azure Active Directory. You can check this link for more details: https://social.technet.microsoft.com/Forums/en-US/63c4df28-813a-420c-aa44-4f4b6b72b81d/bitlocker-recovery-key-not-saving-to-microsoft-account?forum=win10itprosecurity .
If it’s MS account option, then It may be possible that the issue is due to incorrect user account information. Are you sure you're signing in with the correct Microsoft account to check the recovery key, that is same with the one you signed in the Windows while back up the recovery key?
If you use the correct MS account, but still can’t find the recovery key, then what’s the message displaying on the page? Is it showing message like “we don't have anything for you at this URL”? If so, maybe you need to check the status of your OneDrive account. We found some similar situations that reporting this message, and a guy found out that his OneDrive account was over the storage limit - due to a free trial ending. Then by purchasing a OneDrive subscription he found the recovery key URL worked again. You can check more details following below links:
If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, December 13, 2018 1:31 PM
I have tried with two Microsoft accounts, each of them having plenty of available storage.
I already got device encryption to say it was turned on after inputting manage-bde -protectors -add c: -tpm, manage-bde -protectors -enable c: and manage-bde -protectors -add c: -rp (followed the steps another person followed at https://social.technet.microsoft.com/Forums/en-US/abcd2478-1401-4d1a-a29c-3042faa9aacf/bitlocker-protection-off-and-no-key-protectors-but-drive-is-encrypted?forum=win10itprosecurity)
In system information, the section "reasons for failed automatic device encryption" says "winre is not configured".
Manage-bde-status gives me exactly the output you attached as first image (the one with black background) and my Microsoft Account "Find my BitLocker Key" states the following: "you don't have BitLocker keys uploaded to your Microsoft account."
I forgot to tell you that, when accessing BitLocker backup window in control panel, there is no option for uploading key to Microsoft Account, only print it or save it as a text file.
Thursday, December 13, 2018 1:38 PM
Hi,
Download the TPM version 2+ from your laptop manufacturer website and install it.
Momominta
I already installed all the drivers from Lenovo's website. There is no specific driver for TPM, though, and this is controlled by Microsoft's driver.
Friday, December 14, 2018 10:03 AM
Hi PabloZia2,
Is this a domain joined machine? Are you using Microsoft Account to login the machine? I think save to Microsoft Account should be the option available on the system that a MS account has been logged on. I have tested on my Windows 10 Pro 1803 environment(it's a virtual machine without TPM), and the option "Save to your Microsoft account" is available there. You can check below snapshots of steps to turn on BitLocker and backup recovery key for reference:
Snapshot 1: Begin to turn on BitLocker.
Snapshot 2: Choose the method to unlock the drive at startup, at this case I selected the “Enter a password” and setup a password.
Snapshot 3: Choose the method of back up the recovery key. You can see the MS Account option is available here.
Snapshot 4: After BitLocker has been configured and turned on, if you want to make any change, such as back up the recovery key with another method, you can use the Manage BitLocker.
Snapshot 5: Select the option Back up your recovery key, it will again lead you to the page of above snapshot 3. The MS Account option is still available there.
If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Sunday, December 16, 2018 11:16 AM
No, the option is not there, and I am signed with my Microsoft account since the first moment.
I don't know what would be the problem. I finally installed recovery media from Lenovo and Bitlocker is working as intended again.
Thank you all for your support.
Monday, December 17, 2018 1:35 AM
Hi PabloZia2,
Emmm....guess if there may be any misconfiguration of your previous BitLocker. Anyway, I am glad to hear that your issue was successfully resolved. Please remember to mark the replies as answers if they help, any other questions please feel free to post back. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, December 18, 2018 6:37 PM
Just to know, what would I have to do if under system information it says "Reasons for failed automatic device encryption: winre is not configured"?
I've searched along all the web and did not found anything of help.
Wednesday, December 19, 2018 10:02 AM
Hi PabloZia2,
It should not mean you have any issues with the hard drive, just the system may automatically encrypt devices if meeting certain hardware requirements. BitLocker automatic device encryption uses BitLocker drive encryption technology to automatically encrypt internal drives after the user completes the Out Of Box Experience (OOBE) on Modern Standby or HSTI-compliant hardware. I found one of the requirements saying that "You must have 250MB of free space on top of everything you need to boot (and recover Windows, if you put WinRE on the system partition)". I guess that's why your System information reminding of WinRE need to be configured.
You can check following link for more details: /en-us/windows-hardware/design/device-experiences/oem-bitlocker .
So you can check the links Calgary shared above, and try to configure and enable the WinRE on your machine, then let's check the system information again if everything goes well. :)
If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, December 19, 2018 10:50 AM
The thing is, I had WinRE enabled when I checked command line. But system information still said it was not configured.
Wednesday, December 19, 2018 11:23 AM
I think we are getting into some more advance concepts that I cannot completely understand. If you meant there could be no space enough in my disk, I can tell you that I deleted every partition and then let Windows installation partition the disk by itself. This way, Windows should be capable enough to configure WinRE when installing, right?
Thursday, December 20, 2018 12:09 PM
Ok, I think almost all my doubts all clear now. As I am not running the Windows image provided right from Microsoft but Lenovo's I cannot test it.
The only doubt I am still keeping is why the Bitlocker key was not available in my Microsoft account or why I could not upload it from the control panel.
Friday, December 21, 2018 9:23 AM
Hi PabloZia2,
Have you tried to change another Microsoft account to login and check the results?
If you are using the Windows image provided from Lenovo, I guess if they have done any modifications in this image for the BitLocker, may be to skip the selection "Save to your Microsoft account" while backing up the recovery key. You can try to contact the Lenovo support to confirm this.
In addition, recovery keys may be saved in a number of ways depending on the version of Windows installed, and the MS account option seems only available after Windows 8.1. If you are using an earlier OS, such as Windows 7, unfortunately it is unavailable while backing up the recovery key. You can check this link for more details: https://www.dell.com/support/article/sg/en/sgdhs1/sln298282/bitlocker-is-prompting-for-a-recovery-key-and-you-do-not-have-the-bitlocker-key?lang=en 。
If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Saturday, December 22, 2018 6:03 PM
Windows 10 latest versión downloaded by Media Creation Tool.
No option for uploading keys to Microsoft Account was available, and I even tried with a new account, but the results were the same: no automatic encryption and no keys in my account.
Monday, December 24, 2018 9:26 AM
Hi PabloZia2,
Could you please share some snapshots and logs for our reference? You can upload them to a network disk, and share the link here.
Information need to be collected as below:
- Snapshot of selection options for the BitLocker recovery key page.
- Snapshot of your login MS Account, Start -> Settings -> Accounts -> Your info.
- Policy of BitLocker on your machine, you can use the command “GPRESULT /H GPReport.html” to collect them.
- Open an elevated CMD prompt and type the following commands to collect the event logs.
wevtutil epl System C:\system.evtx
wevtutil epl Application C:\app.evtx
If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, December 27, 2018 2:46 PM
I am so sorry I cannot do this since I am not in the build that had the problems aforementioned.But, could this be the cause? I just stepped upon it:
https://www.reddit.com/r/Windows10/comments/a55x7c/w10_1809_oct_release_default_installation_cant/
(sorry because I cannot post links yet)
Friday, December 28, 2018 9:42 AM
Hi PabloZia2,
It's be on the cards, are you using the latest W10 1809 (Oct Release)? As I mentioned previously, you can check the WinRE.win file’s location in the output of command "reagentc /info". Below snapshot is an example from my test Windows 10 1803, you can see it's under the Recovery Partition.
If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.
Best regards,
Zoe Mo
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].