BitLocker on my USB Drives for Multiple Devices

Question

_{Thursday, August 9, 2018 2:03 PM}

I placed a few of our USB drives on BitLocker to secure them.  When I placed this USB in BitLocker mode I did so by doing the following as it was suggested for multiple devices to access it. 

1. Choose how you want to unlock this drive - I chose to use a password to unlock the drive

2. How do you want to back up your recovery key?  I chose to save to file

3. Choose how much of your drive to encrypt - I have tried both and get same result

  a. Encrypt used disk space only (faster and best for new PCs and drives)

  b. Encrypt entire drive (slower but best for PCs and drives already in use)

4. Choose which encryption mode to use - I use Compatible mode (best for drives that can be moved from this device)

5. Then I encrypt the drive.

But when they are on other devices besides the host machine I created them on I found that they partially work.  Meaning that they ask for the password and then they say they unlock and are given a drive letter.  Next, I go to open the drive then I get an error stating "Please insert a disk into USB Drive (Drive Letter).

Image was to be here.

I have tried to use:

local administrator access on the domain accounts,

changing the drive letter,

automatically unlock on this PC,

remove the auto unlock,

Reboot the computer with the drive still in. 

Nothing seems to get past this message though.

Image was to be here.

I then take it back to the host where BitLocker was placed on the drive and it works perfectly.  

I have read some sites that say the drive needs to be recovered and I do not think that is right.  If it were then it would not work on the host machine after trying to place on another first.

Has anyone else had this issue and is there a way to get it to work as it supposedly was designed?

All replies (22)

_{Friday, August 10, 2018 8:57 AM}

Since we use bitlocker 2 go in our company (about 100 devices) and proceed the same way as you do, and never had that problem on windows 10, nor on 8.1, I wonder what OS' you are using.

You should try a different USB device (different model altogether), this could be some weird incompatibility of hardware.

_{Friday, August 10, 2018 9:48 AM}

Hi Dennis S South Dakota,
Please try the following ways to troubleshoot the issue:

1. It may be caused by a problem with the operating system version. When accessing Bitlocker encrypted drive on another Windows PC, it requires this Windows computer supports Bitlocker. Bitlocker is available in the following Windows Operating Systems:

Windows 10 - Professional or Enterprise edition
Windows 8 - Professional or Enterprise edition, including Windows 8.1
Windows 7 - Enterprise or Ultimate edition
Windows Vista - Enterprise or Ultimate edition
Windows Server 2008 R2 - All editions
Windows Server 2012 - All editions

What is the version of the operating system that has the error of "Please insert a disk into USB Drive (Drive Letter)"?

2. If the computer reports an error, open the disk management on this computer to see if the computer recognizes the USB device.

3. Please check the Event Viewer for any related errors in the logs, such as application, system, and hardware.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Friday, August 10, 2018 10:41 AM}

Daisy, we are talking about Bitlocker to go.

BLTG is accessible by all Microsoft OS' XP and up, so your list is rather misleading. It does not need to be a certain edition to *access *a BLTG encrypted stick, it would only need such an edition to *encrypt *it.

_{Friday, August 10, 2018 1:35 PM}

Why type of USB drives are you using that is working?  Are there any particular sizes or make models you would suggest trying?

_{Friday, August 10, 2018 1:37 PM}

Daisy,

It did recognize the USB device.  I see it populate in the Device Management.  This is not a can you see it.  it is as Ronald is suggesting a possibility of compatibility.  I have asked him further questions.

_{Friday, August 10, 2018 1:43 PM}

We use several (dozens) of models. Most sticks are from corsair, since they offer fast usb3 performance at little cost. For example Corsair voyager slider x2 32 GB.

_{Friday, August 10, 2018 3:24 PM}

Thank you Ronald.  I have ordered a Corsair 16GB Voyager Slider X1 USB 3.0 Flash Drive.  We will see if this helps.  It is going to take a week to get it though.

_{Saturday, August 11, 2018 11:49 AM}

Good luck. We use the x1 slider as well, although in 32 GB - no problems so far.

_{Thursday, August 16, 2018 9:05 PM}

No Luck today.  But was able to gather some further information.  

USB Event Logged the following Warning:

Log Name:      Microsoft-Windows-Kernel-PnP/Configuration
Source:        Microsoft-Windows-Kernel-PnP
Date:          8/16/2018 1:40:18 PM
Event ID:      442
Task Category: None
Level:         Warning
Keywords:     
User:          SYSTEM
Computer:      PCL250.RPM-Innovations.RPMI
Description:
Device USBSTOR\Disk&Ven_Corsair&Prod_Voyager_SliderX1&Rev_000A\07087C0EAC1DDF30&0 was not migrated due to partial or ambiguous match.

Last Device Instance Id: USBSTOR\Disk&Ven_JetFlash&Prod_Transcend_8GB&Rev_8.07\B86A827D&0
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Location Path:
Migration Rank: 0xF000FC000000F120
Present: false
Status: 0xC0000719
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
    <EventID>442</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2018-08-16T19:40:18.128481300Z" />
    <EventRecordID>649</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="1440" />
    <Channel>Microsoft-Windows-Kernel-PnP/Configuration</Channel>
    <Computer>PCL250.RPM-Innovations.RPMI</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="DeviceInstanceId">USBSTOR\Disk&Ven_Corsair&Prod_Voyager_SliderX1&Rev_000A\07087C0EAC1DDF30&0</Data>
    <Data Name="LastDeviceInstanceId">USBSTOR\Disk&Ven_JetFlash&Prod_Transcend_8GB&Rev_8.07\B86A827D&0</Data>
    <Data Name="ClassGuid">{4D36E967-E325-11CE-BFC1-08002BE10318}</Data>
    <Data Name="LocationPath">
    </Data>
    <Data Name="MigrationRank">0xf000fc000000f120</Data>
    <Data Name="Present">false</Data>
    <Data Name="Status">0xc0000719</Data>
  </EventData>
</Event>

USB Device Properties Events showed the following:

8/16/2018 1:40:18 PM
Device USBSTOR\Disk&Ven_Corsair&Prod_Voyager_SliderX1&Rev_000A\07087C0EAC1DDF30&0 was not migrated due to partial or ambiguous match.

Last Device Instance Id: USBSTOR\Disk&Ven_JetFlash&Prod_Transcend_8GB&Rev_8.07\B86A827D&0
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Location Path:
Migration Rank: 0xF000FC000000F120
Present: false
Status: 0xC0000719

8/16/2018 1:40:18 PM
Device USBSTOR\Disk&Ven_Corsair&Prod_Voyager_SliderX1&Rev_000A\07087C0EAC1DDF30&0 was configured.

Driver Name: disk.inf
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Driver Date: 06/21/2006
Driver Version: 10.0.17134.1
Driver Provider: Microsoft
Driver Section: disk_install.NT
Driver Rank: 0xFF0006
Matching Device Id: GenDisk
Outranked Drivers: disk.inf:GenDisk:00FF2002
Device Updated: false
Parent Device: USB\VID_1B1C&PID_1A15\07087C0EAC1DDF30

8/16/2018 1:40:18 PM
Device USBSTOR\Disk&Ven_Corsair&Prod_Voyager_SliderX1&Rev_000A\07087C0EAC1DDF30&0 was started.

Driver Name: disk.inf
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Service: disk
Lower Filters:
Upper Filters: 

And when checking Sharing it said not shared so I selected to Share it and still did not work:

Ended up with the same error as before.

When putting the USB back on the original PC that placed the BitLocker on it, it works fine and I can see all the files and folders on the drive.

_{Friday, August 17, 2018 6:20 AM}

Please retry on a freshly installed computer without any additional software on it.

_{Friday, August 17, 2018 8:29 AM}

Hi,
We can try the following ways to troubleshoot the issue:

1. On what operating system do we create a Bitlocker for the USB driver, and on which operating system the USB driver is not recognized, is there any rule to follow? For example, which specific operating system does not recognize the encrypted USB driver.

2. For the same USB drive, can the same computer recognize it before and after encryption? We can test multiple USB drives to see if it's related to Bitlocker encryption.

3. Based on the USB event log you provided, we find maybe the following log causes the issue.

So we try to view corresponding USB driver properties in Device Manager. If it is Device migrated or Device not migrated in Event of device manager.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Friday, August 17, 2018 2:02 PM}

Ronald,

I did try this morning with a freshly rebuilt computer and it had the basics installed that we generally install.  It worked like it should have.  Not sure why that would matter, but I cannot rebuild every computer to get this process working.  

What would you recommend?

Dennis

_{Friday, August 17, 2018 2:07 PM}

1. On what operating system do we create a Bitlocker for the USB driver, and on which operating system the USB driver is not recognized, is there any rule to follow? For example, which specific operating system does not recognize the encrypted USB driver.

--The system I have been testing on is Windows 10 Pro.  All systems are in our organization and also on the latest major update from this last spring.

2. For the same USB drive, can the same computer recognize it before and after encryption? We can test multiple USB drives to see if it's related to Bitlocker encryption.

--Yes the USB is recognizable before, during and after encryption.  This has been the case for all types tried.  The issue seems to be when the drive goes to another PC that has not been freshly rebuilt.  But I cannot just rebuild every computer in my organization as an answer to this issue.

_{Friday, August 17, 2018 2:16 PM}

Dennis, I would add software by software so that the fresh machine will build up and try after each software/each GPO (if any) that you apply, if it still works. I see no other way to find out and I have no idea which software could interfere. Possibly security software that tries to prevent any USB based attack (?).

_{Friday, August 17, 2018 2:54 PM}

Ronald,

So, I have tried 2 things.  I first tried the old laptop that was just rebuilt as a spare with basic software.  I then took the drive after the post to the sales guy whose Laptop we just purchased in the last 2 weeks and it has all software on it that we would use and in the same OU as the old Laptop.  In both instances it worked fine.  I am not sure at this point what would be causing it.  I do have one more test to see if I can break it though as I have a program I am using that locks down USB and then allows only USB with Encryption through.  I will test that and let you know.

Dennis

_{Friday, August 17, 2018 4:50 PM}

Ronald,

I have gone around and found yet another common denominator.  So far, all laptops work with it whether recently rebuilt or new or not rebuilt in well over a year, but all desktops do not work in any of these scenarios that I can see.  I did rebuild a desktop a few months back and we purchased one about 6 months ago both of which still have the same issue.  I thought that maybe my FortiClient was the issue with the profiles being slightly different based on H/W as desktops do not VPN access.  But that does not seem to be it as I have tried placing a desktop with the same profile as the laptops and the issue still was there.

Dennis S. from South Dakota

_{Monday, August 20, 2018 4:14 PM}

Ronald,

Any ideas?  You have been very helpful so far.  But I am baffled as to why the desktops and laptops would react differently.

Dennis

Dennis S. from South Dakota

_{Wednesday, August 22, 2018 8:13 AM}

Dennis, you need to test with clean systems with no security software involved.

Desktops would not behave differently (we have mostly desktops of several kind (10 different mainboard types even).

_{Wednesday, August 22, 2018 9:26 PM}

Ronald,

I pulled a system.  I rebuilt with clean windows 10.  Applied same S/W and tested between each.  No issues.  So, to fix this I am going to have to rebuild every PC in our organization.

Dennis

Dennis S. from South Dakota

_{Wednesday, August 22, 2018 9:33 PM}

Yeah, that's what you would do? Oh no.

Probably some security software is malfunctioning. Just uninstall the security softwares and mechanisms and retry.

_{Wednesday, August 22, 2018 9:53 PM}

We have had a lot of changes over the past 2 years.  Migrations of networks, domains, etc... so probably won't hurt to rebuild everyone's.  It will just take a long time.

Dennis S. from South Dakota

_{Monday, September 3, 2018 8:02 AM}

Hi, Dennis
I am very glad that our issue has a new breakthrough. If there are any updates or any other issues in the future, please feel free to update or consult here. We are happy to assist you!

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].