Microsoft KB Archive/928201

= How to use the BitLocker Repair Tool to help recover data from an encrypted volume in Windows Vista =

Article ID: 928201

Article Last Modified on 9/12/2007

-

APPLIES TO


 * Windows Vista Ultimate
 * Windows Vista Enterprise
 * Windows Vista Ultimate 64-bit Edition
 * Windows Vista Enterprise 64-bit Edition

-



INTRODUCTION
This article describes how to use the BitLocker Repair Tool. You can use this tool to help access encrypted data if the hard disk has been severely damaged. This tool can reconstruct critical parts of the drive and salvage recoverable data. A recovery password or recovery key is required to decrypt the data.

Use this command-line tool if the following conditions are true:
 * You have encrypted the volume by using BitLocker Drive Encryption.
 * Windows Vista does not start, or you cannot start the BitLocker recovery console.
 * You do not have a copy of the data that is contained on the encrypted volume.

The BitLocker Repair Tool package contains the following files:
 * Software License Terms.rtf
 * Executables\repair-bde.exe
 * Executables\bderepair.dll
 * Executables\en-us\repair-bde.exe.mui

To obtain the BitLocker Repair Tool
If you have a Premier support account with Microsoft, visit the following Microsoft Premier Online Web site to obtain the tool:

https://premier.microsoft.com/troubleshoot.aspx?taid=tools

You can also obtain the tool by contacting Microsoft Customer Support Services. Telephone (800) 936-5700 to speak to a Technical Router professional who can send you the tool. For a complete list of Microsoft Customer Support Services telephone numbers, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;[LN;CNTACTMS]



Overview
You may experience a problem that damages an area of a hard disk on which BitLocker stores critical information. This kind of problem may be caused by a hard disk failure or if Windows Vista exits unexpectedly.

Windows Vista can no longer start
If a drive is damaged, Windows Vista may no longer start. In this situation, you may be prompted to repair the computer. Some computers are configured to enter a recovery environment automatically in this situation. However, if the computer is not configured to enter a recovery environment automatically, you receive the following error message:

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your Windows installation disc and restart your computer.

2. Choose your language settings, and then click &quot;Next.&quot;

3. Click &quot;Repair your computer.&quot;

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \Windows\system32\winload.exe

Status: 0xc00000001

Info: The selected entry could not be loaded because the application is missing or corrupt.

Windows Vista can no longer read the drive
Damage may occur on a drive that is not used to start Windows Vista. In this situation, you cannot unlock the damaged drive even when you use the correct recovery password or recovery key. Therefore, you cannot use another computer or another copy of Windows Vista to access the encrypted contents of the drive. In this scenario, the damaged drive may not appear in the BitLocker Drive Encryption Control Panel.

Note Damage to the volume may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the volume before you use the BitLocker Repair Tool. The Windows Vista DVD includes the Windows Recovery Environment (WinRE) together with an option to repair the computer. For more information about how to troubleshoot Windows Vista startup problems, visit the following Microsoft Web site:

http://windowshelp.microsoft.com/Windows/en-US/Help/f768809f-ed90-415f-a83f-89b42108b3551033.mspx

To use the BitLocker Repair Tool
To use the BitLocker Repair Tool, follow these steps.

Step 1: Gather required materials
Obtain the following items to help you recover encrypted data from the affected volume:
 * The drive on which the damaged volume is located. This is the drive that contains the encrypted volume that you want to repair.
 * The recovery password or the recovery key for the encrypted volume. This is the recovery information that you saved when you enabled BitLocker.
 * An external hard disk. Use this drive to store the recovered data. This drive must be at least as large as the drive from which you want to recover the data.

Caution All the data on the external drive will be removed when you perform the recovery operation.
 * A USB flash drive. Use this storage device to store the BitLocker Repair Tool files. You can also store recovery information on this drive.
 * The Windows Vista DVD. This enables you to start a command prompt.

Step 2: Review the license terms for the BitLocker Repair Tool
Examine the Software License Terms.rtf document to review the terms of the BitLocker Repair Tool license.

Step 3: Copy the BitLocker Repair Tool files to a removable device

 * 1) Extract the BitLocker Repair Tool files from the .zip archive file.
 * 2) Open the Executables folder, and then copy all the files from this folder to a USB flash drive. The following three files are copied:
 * :\repair-bde.exe
 * :\bderepair.dll
 * :\en-US\repair-bde.exe.mui

Step 4: Open a Command Prompt window

 * 1) Use the Windows Vista DVD to start the computer.
 * 2) Select the appropriate language settings, and then click Next.
 * 3) At the bottom of the Install Windows page, click Repair your computer.
 * 4) Follow the steps until you receive the option to click Choose a recovery tool, and then click Command Prompt.

Step 5: Determine which drives are present

 * 1) Verify that all the appropriate drives are connected to the computer. These connections include the external drive to which you want to copy the recovered data and the USB flash drive on which the BitLocker Repair Tools files are located.
 * 2) At the command prompt, type diskpart, and then press ENTER.
 * 3) At the diskpart prompt, type list volume, and then press ENTER.

Use the output that is generated to establish the identification of the drive letters that are assigned to the following items:
 * The damaged volume
 * The external hard disk
 * The USB flash drive

Notes
 * An encrypted volume has the file system label of RAW. Use this label to help establish the identification of the damaged volume.
 * Use the drive size together with the label of Removable to help establish the identification of the external hard disk and the USB flash drive.

The following example output illustrates some of the information that may be generated when you run the diskpart list volume command:

DISKPART> list volume Volume ### Ltr  Label        Fs     Type        Size     Status     Info -- ---  ---  -  --  ---  -  - Volume 0     E   LR1CFRE_EN_  UDF    DVD-ROM     2584 MB  Healthy Volume 1    F   Flash-1      FAT    Removable    243 MB  Healthy Volume 2    C   SYSTEM       NTFS   Partition   1500 MB  Healthy Volume 3    D                RAW    Partition     73 GB  Healthy Volume 4    G   EMPTY VOL    NTFS   Removable    149 GB  Healthy

In this example, the output refers to the following items:
 * Drive D is the damaged volume.
 * Drive G is the external hard disk.
 * Drive F is the USB flash drive.

Note To exit the diskpart prompt, type exit, and then press ENTER.

Step 6: Locate the BitLocker Repair Tool files
At the command prompt, change directory to the drive on which the BitLocker Repair Tool files are located. For example, change to drive F.

Step 7: Use the BitLocker Repair Tool to decrypt the data
To decrypt the encrypted data, type the following command, and then press ENTER:

repair-bde   -RecoveryPassword  

In this command, replace the placeholders with the following drive letters and password:
 * Replace  with the drive letter of the damaged volume.
 * Replace  with the drive letter of the external hard disk.
 * Replace  with the recovery password for the encrypted volume.

Note For more information about how to use a recovery password that is stored on a USB flash drive, see the &quot;References&quot; section.

For example, type the following command, and then press ENTER:

repair-bde D: G: -RecoveryPassword 111111-111111-111111-111111-111111-111111-111111-111111

Step 8: Verify and then examine the decrypted data
When the data decryption operation is complete, follow the instructions to run the chkdsk command. After the chkdsk tool examines the hard disk for errors, you can then connect the external hard disk to another computer to view the data.

BitLocker Repair Tool recovery options
Sometimes, you cannot recover the data from the damaged volume by using the steps in the &quot;To use the BitLocker Repair Tool&quot; section. Sometimes, the data may be unrecoverable, regardless of the recovery effort. Therefore, we recommend that you perform regular backups of all the data on the hard disk.

To use the BitLocker Repair Tool without a Windows Vista DVD
You can use a Windows Vista DVD to provide a command prompt to run the BitLocker Repair Tool. You can also use other ways to start a command prompt. But the command prompt that you use must be running in a Windows Vista-based environment. Command prompts that you start from Microsoft Windows XP or from other environments that are not running Windows Vista are not supported. If another computer that is running Windows Vista is available, you can remove the damaged drive from the original computer and attach it to the Windows Vista-based computer to perform repairs.

To use the BitLocker Repair Tool without an external hard disk
We recommend that you use an external hard disk as the destination location for the data that you recover from a damaged encrypted volume. The steps described in the &quot;To use the BitLocker Repair Tool&quot; section enhance the ability to recover the data. This is because the steps in the &quot;To use the BitLocker Repair Tool&quot; section do not modify the damaged encrypted volume.

You can also use the BitLocker Repair Tool without using an external hard disk. This kind of repair may be successful if the damage is limited to the drive locations that are used to start Windows. However, there is an increased risk of data loss if you use this kind of repair operation on a volume that is extensively damaged. To perform this kind of repair, use the -NoOutputVolume option when you run the repair-bde command. For more information about how to use this option, see the &quot;References&quot; section.

To use the BitLocker Repair Tool together with a key package
Sometimes, if you use a key package, this gives you another opportunity to recover data from a damaged volume. In this scenario, you receive the following error message when you run the repair-bde command to perform a standard repair operation:

ERROR: The input volume has suffered damages to critical information related to the decryption key.

Please try the -KeyPackage option to specify a key package. The volume may not be recoverable.

To better understand the role of the key package, it may help to understand how the BitLocker Repair Tool works without the -KeyPackage option.

BitLocker helps protect against unexpected damage by scattering multiple copies of critical information on the volume. To decrypt data, the BitLocker Repair Tool scans the volume to locate a usable copy of this critical information. If all the copies of the critical information are lost, the only way for the BitLocker Repair Tool to continue the recovery operation is to use a copy of this critical information that has been exported as a key package.

If you already save BitLocker recovery information to Active Directory Domain Services, the key package is stored in the same location in Active Directory Domain Services. Also, any user who has local Administrator rights can save the key package by running a script on the functioning encrypted drive.

To use the -KeyPackage option, you must verify that the key package is available. Then you must provide this key package as a file to the BitLocker Repair Tool.

To use the BitLocker Repair Tool on a partially-encrypted volume
You can use the BitLocker Repair Tool on a partially-encrypted volume. This situation can result when the BitLocker encryption operation was not completed successfully. To do this, follow the same procedure that is described in the &quot;To use the BitLocker Repair Tool&quot; section.

Note When you specify the -KeyPackage option to recover data from a partially-encrypted volume, the BitLocker Repair Tool considers all the data on the volume as encrypted data that must be recovered. Therefore, the BitLocker Repair Tool tries to decrypt all the data from the volume. If you do not specify the -KeyPackage option, the BitLocker Repair Tool differentiates between the encrypted data on the volume and the data on the volume that is not encrypted.

Error message 1
The system cannot execute the specified program.

You receive this error message if you are running the BitLocker Repair Tool in an unsupported environment. For example, you receive the error message if you are running the 32-bit version of the BitLocker Repair Tool in a 64-bit environment. The BitLocker Repair Tool must run in a supported Windows Vista environment.

Error message 2
Failed to open  (0x80310000).

You receive this error message if the BitLocker Repair Tool cannot perform operations on a volume. In some cases, the -Force option can help gain access to the volume. Also, make sure that you are running the tool in a supported Windows Vista environment.

Error message 3
The file or directory is corrupted and unreadable.

You might receive this error message if the volume information that catalogs files and folders is damaged or is missing. For example, formatting a volume destroys the catalog information. However, recoverable file contents might remain when the catalog is damaged. You can use the BitLocker Repair Tool to decrypt any file contents that remain on the volume. However, because the corresponding volume catalog information is not available, individual files and folders will not be easily available from the output volume. Check additional resources to determine whether the now-decrypted volume can fully be recovered.



BitLocker Repair Tool usage information
The following usage information is generated when you run the repair-bde -? command: Usage:

repair-bde[.exe] InputVolume { OutputVolumeOrImage | {-NoOutputVolume|-nov} } { {-RecoveryPassword|-rp} NumericalPassword | {-RecoveryKey|-rk} PathToExternalKeyFile } [{-KeyPackage|-kp} PathToKeyPackage] [{-LogFile|-lf} PathToLogFile] [{-?|/?}]

Description: Attempts to repair or decrypt a damaged BitLocker-encrypted volume using the supplied recovery information.

WARNING! To avoid additional data loss, you should have a spare hard drive available. Use this spare drive to store decrypted output or to back up the contents of the damaged volume.

Parameters: InputVolume The BitLocker-encrypted volume to repair. Example: &quot;C:&quot;.

OutputVolumeOrImage Optional. The volume to store decrypted contents, or the file location to create an image file of the contents. Examples: &quot;D:&quot;, &quot;D:\imagefile.img&quot;.

WARNING! All information on this output volume will be               overwritten.

-nov or -NoOutputVolume Attempt to repair a BitLocker-encrypted volume by modifying the boot sector to point to a valid copy of BitLocker metadata.

WARNING! To avoid additional data loss, use a sector backup utility to back up the input volume before using this option. If you do not have such a utility available, specify an output volume or image instead.

-rk or -RecoveryKey Provide an external key to unlock the volume. Example: &quot;F:\RecoveryKey.bek&quot;.

-rp or -RecoveryPassword Provide a numerical password to unlock the volume. Example: &quot;111111-222222-333333-...&quot;.

-kp or -KeyPackage Optional. Provide a key package to unlock the volume. Example: &quot;F:\ExportedKeyPackage&quot;

If this option is blank, the tool will look for the key package automatically. This option is needed only if required by the tool.

-lf or -LogFile Optional. Provide a path to a file that will store progress information. Example: &quot;F:\log.txt&quot;.

-f  or -Force Optional. When used, forces a volume to be dismounted even if               it cannot be locked. This option is needed only if required by               the tool.

-?  or /? Shows this screen.

Examples: repair-bde C: -NoOutputVolume -rk F:\RecoveryKey.bek repair-bde C: D: -rp 111111-222222-[...] -lf F:\log.txt repair-bde C: D: -kp F:\KeyPackage -rp 111111-222222-[...] repair-bde C: D:\imagefile.img -kp F:\KeyPackage -rk F:\RecoveryKey.bek

Keywords: kbhowto kbinfo KB928201

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.