Microsoft KB Archive/928201

From BetaArchive Wiki

Article ID: 928201

Article Last Modified on 9/12/2007


APPLIES TO

  • Windows Vista Ultimate
  • Windows Vista Enterprise
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition


INTRODUCTION

This article describes how to use the BitLocker Repair Tool. You can use this tool to help access encrypted data if the hard disk has been severely damaged. This tool can reconstruct critical parts of the drive and salvage recoverable data. A recovery password or recovery key is required to decrypt the data.

Use this command-line tool if the following conditions are true:

  • You have encrypted the volume by using BitLocker Drive Encryption.
  • Windows Vista does not start, or you cannot start the BitLocker recovery console.
  • You do not have a copy of the data that is contained on the encrypted volume.

The BitLocker Repair Tool package contains the following files:

  • Software License Terms.rtf
  • Executables\repair-bde.exe
  • Executables\bderepair.dll
  • Executables\en-us\repair-bde.exe.mui

To obtain the BitLocker Repair Tool

If you have a Premier support account with Microsoft, visit the following Microsoft Premier Online Web site to obtain the tool:

https://premier.microsoft.com/troubleshoot.aspx?taid=tools


You can also obtain the tool by contacting Microsoft Customer Support Services. Telephone (800) 936-5700 to speak to a Technical Router professional who can send you the tool. For a complete list of Microsoft Customer Support Services telephone numbers, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;[LN;CNTACTMS]


MORE INFORMATION

Overview

You may experience a problem that damages an area of a hard disk on which BitLocker stores critical information. This kind of problem may be caused by a hard disk failure or if Windows Vista exits unexpectedly.

Windows Vista can no longer start

If a drive is damaged, Windows Vista may no longer start. In this situation, you may be prompted to repair the computer. Some computers are configured to enter a recovery environment automatically in this situation. However, if the computer is not configured to enter a recovery environment automatically, you receive the following error message:

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your Windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer."

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \Windows\system32\winload.exe

Status: 0xc00000001

Info: The selected entry could not be loaded because the application is missing or corrupt.

Windows Vista can no longer read the drive

Damage may occur on a drive that is not used to start Windows Vista. In this situation, you cannot unlock the damaged drive even when you use the correct recovery password or recovery key. Therefore, you cannot use another computer or another copy of Windows Vista to access the encrypted contents of the drive. In this scenario, the damaged drive may not appear in the BitLocker Drive Encryption Control Panel.

Note Damage to the volume may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the volume before you use the BitLocker Repair Tool. The Windows Vista DVD includes the Windows Recovery Environment (WinRE) together with an option to repair the computer. For more information about how to troubleshoot Windows Vista startup problems, visit the following Microsoft Web site:

http://windowshelp.microsoft.com/Windows/en-US/Help/f768809f-ed90-415f-a83f-89b42108b3551033.mspx


To use the BitLocker Repair Tool

To use the BitLocker Repair Tool, follow these steps.

Step 1: Gather required materials

Obtain the following items to help you recover encrypted data from the affected volume:

  • The drive on which the damaged volume is located. This is the drive that contains the encrypted volume that you want to repair.
  • The recovery password or the recovery key for the encrypted volume. This is the recovery information that you saved when you enabled BitLocker.
  • An external hard disk. Use this drive to store the recovered data. This drive must be at least as large as the drive from which you want to recover the data.


Caution All the data on the external drive will be removed when you perform the recovery operation.

  • A USB flash drive. Use this storage device to store the BitLocker Repair Tool files. You can also store recovery information on this drive.
  • The Windows Vista DVD. This enables you to start a command prompt.

Step 2: Review the license terms for the BitLocker Repair Tool

Examine the Software License Terms.rtf document to review the terms of the BitLocker Repair Tool license.

Step 3: Copy the BitLocker Repair Tool files to a removable device

  1. Extract the BitLocker Repair Tool files from the .zip archive file.
  2. Open the Executables folder, and then copy all the files from this folder to a USB flash drive. The following three files are copied:
    • drive:\repair-bde.exe
    • drive:\bderepair.dll
    • drive:\en-US\repair-bde.exe.mui

Step 4: Open a Command Prompt window

  1. Use the Windows Vista DVD to start the computer.
  2. Select the appropriate language settings, and then click Next.
  3. At the bottom of the Install Windows page, click Repair your computer.
  4. Follow the steps until you receive the option to click Choose a recovery tool, and then click Command Prompt.

Step 5: Determine which drives are present

  1. Verify that all the appropriate drives are connected to the computer. These connections include the external drive to which you want to copy the recovered data and the USB flash drive on which the BitLocker Repair Tools files are located.
  2. At the command prompt, type diskpart, and then press ENTER.
  3. At the diskpart prompt, type list volume, and then press ENTER.

Use the output that is generated to establish the identification of the drive letters that are assigned to the following items:

  • The damaged volume
  • The external hard disk
  • The USB flash drive

Notes

  • An encrypted volume has the file system label of RAW. Use this label to help establish the identification of the damaged volume.
  • Use the drive size together with the label of Removable to help establish the identification of the external hard disk and the USB flash drive.

The following example output illustrates some of the information that may be generated when you run the diskpart list volume command: 

DISKPART> list volume
Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
----------  ---  -----------  -----  ----------  -------  ---------  -----
Volume 0     E   LR1CFRE_EN_  UDF    DVD-ROM     2584 MB  Healthy
Volume 1     F   Flash-1      FAT    Removable    243 MB  Healthy
Volume 2     C   SYSTEM       NTFS   Partition   1500 MB  Healthy
Volume 3     D                RAW    Partition     73 GB  Healthy
Volume 4     G   EMPTY VOL    NTFS   Removable    149 GB  Healthy

In this example, the output refers to the following items:

  • Drive D is the damaged volume.
  • Drive G is the external hard disk.
  • Drive F is the USB flash drive.

Note To exit the diskpart prompt, type exit, and then press ENTER.

Step 6: Locate the BitLocker Repair Tool files

At the command prompt, change directory to the drive on which the BitLocker Repair Tool files are located. For example, change to drive F.

Step 7: Use the BitLocker Repair Tool to decrypt the data

To decrypt the encrypted data, type the following command, and then press ENTER:

repair-bde InputVolume OutputVolume -RecoveryPassword NumericalPassword


In this command, replace the placeholders with the following drive letters and password:

  • Replace InputVolume with the drive letter of the damaged volume.
  • Replace OutputVolume with the drive letter of the external hard disk.
  • Replace NumericalPassword with the recovery password for the encrypted volume.


Note For more information about how to use a recovery password that is stored on a USB flash drive, see the "References" section.

For example, type the following command, and then press ENTER:

repair-bde D: G: -RecoveryPassword 111111-111111-111111-111111-111111-111111-111111-111111


Step 8: Verify and then examine the decrypted data

When the data decryption operation is complete, follow the instructions to run the chkdsk command. After the chkdsk tool examines the hard disk for errors, you can then connect the external hard disk to another computer to view the data.

BitLocker Repair Tool recovery options

Sometimes, you cannot recover the data from the damaged volume by using the steps in the "To use the BitLocker Repair Tool" section. Sometimes, the data may be unrecoverable, regardless of the recovery effort. Therefore, we recommend that you perform regular backups of all the data on the hard disk.

To use the BitLocker Repair Tool without a Windows Vista DVD

You can use a Windows Vista DVD to provide a command prompt to run the BitLocker Repair Tool. You can also use other ways to start a command prompt. But the command prompt that you use must be running in a Windows Vista-based environment. Command prompts that you start from Microsoft Windows XP or from other environments that are not running Windows Vista are not supported. If another computer that is running Windows Vista is available, you can remove the damaged drive from the original computer and attach it to the Windows Vista-based computer to perform repairs.

To use the BitLocker Repair Tool without an external hard disk

We recommend that you use an external hard disk as the destination location for the data that you recover from a damaged encrypted volume. The steps described in the "To use the BitLocker Repair Tool" section enhance the ability to recover the data. This is because the steps in the "To use the BitLocker Repair Tool" section do not modify the damaged encrypted volume.

You can also use the BitLocker Repair Tool without using an external hard disk. This kind of repair may be successful if the damage is limited to the drive locations that are used to start Windows. However, there is an increased risk of data loss if you use this kind of repair operation on a volume that is extensively damaged. To perform this kind of repair, use the -NoOutputVolume option when you run the repair-bde command. For more information about how to use this option, see the "References" section.

To use the BitLocker Repair Tool together with a key package

Sometimes, if you use a key package, this gives you another opportunity to recover data from a damaged volume. In this scenario, you receive the following error message when you run the repair-bde command to perform a standard repair operation:

ERROR: The input volume has suffered damages to critical information related to the decryption key.
Please try the -KeyPackage option to specify a key package. The volume may not be recoverable.

To better understand the role of the key package, it may help to understand how the BitLocker Repair Tool works without the -KeyPackage option.

BitLocker helps protect against unexpected damage by scattering multiple copies of critical information on the volume. To decrypt data, the BitLocker Repair Tool scans the volume to locate a usable copy of this critical information. If all the copies of the critical information are lost, the only way for the BitLocker Repair Tool to continue the recovery operation is to use a copy of this critical information that has been exported as a key package.

If you already save BitLocker recovery information to Active Directory Domain Services, the key package is stored in the same location in Active Directory Domain Services. Also, any user who has local Administrator rights can save the key package by running a script on the functioning encrypted drive.

To use the -KeyPackage option, you must verify that the key package is available. Then you must provide this key package as a file to the BitLocker Repair Tool.

To use the BitLocker Repair Tool on a partially-encrypted volume

You can use the BitLocker Repair Tool on a partially-encrypted volume. This situation can result when the BitLocker encryption operation was not completed successfully. To do this, follow the same procedure that is described in the "To use the BitLocker Repair Tool" section.

Note When you specify the -KeyPackage option to recover data from a partially-encrypted volume, the BitLocker Repair Tool considers all the data on the volume as encrypted data that must be recovered. Therefore, the BitLocker Repair Tool tries to decrypt all the data from the volume. If you do not specify the -KeyPackage option, the BitLocker Repair Tool differentiates between the encrypted data on the volume and the data on the volume that is not encrypted.

BitLocker Repair Tool troubleshooting help

Error message 1

The system cannot execute the specified program.

You receive this error message if you are running the BitLocker Repair Tool in an unsupported environment. For example, you receive the error message if you are running the 32-bit version of the BitLocker Repair Tool in a 64-bit environment. The BitLocker Repair Tool must run in a supported Windows Vista environment.

Error message 2

Failed to open Drive_letter (0x80310000).

You receive this error message if the BitLocker Repair Tool cannot perform operations on a volume. In some cases, the -Force option can help gain access to the volume. Also, make sure that you are running the tool in a supported Windows Vista environment.

Error message 3

The file or directory is corrupted and unreadable.

You might receive this error message if the volume information that catalogs files and folders is damaged or is missing. For example, formatting a volume destroys the catalog information. However, recoverable file contents might remain when the catalog is damaged. You can use the BitLocker Repair Tool to decrypt any file contents that remain on the volume. However, because the corresponding volume catalog information is not available, individual files and folders will not be easily available from the output volume. Check additional resources to determine whether the now-decrypted volume can fully be recovered.

REFERENCES

BitLocker Repair Tool usage information

The following usage information is generated when you run the repair-bde -? command: 

Usage:

repair-bde[.exe] InputVolume
                  { OutputVolumeOrImage | {-NoOutputVolume|-nov} }
                  { {-RecoveryPassword|-rp} NumericalPassword |
                    {-RecoveryKey|-rk} PathToExternalKeyFile }
                  [{-KeyPackage|-kp} PathToKeyPackage]
                  [{-LogFile|-lf} PathToLogFile]
                  [{-?|/?}]

Description:
  Attempts to repair or decrypt a damaged BitLocker-encrypted volume using the
  supplied recovery information.

  WARNING! To avoid additional data loss, you should have a spare hard drive
  available. Use this spare drive to store decrypted output or to back up the
  contents of the damaged volume.


Parameters:
  InputVolume
                The BitLocker-encrypted volume to repair. Example: "C:".

  OutputVolumeOrImage
                Optional. The volume to store decrypted contents, or the file
                location to create an image file of the contents.
                Examples: "D:", "D:\imagefile.img".

                WARNING! All information on this output volume will be
                overwritten.

  -nov or -NoOutputVolume
                Attempt to repair a BitLocker-encrypted volume by modifying the
                boot sector to point to a valid copy of BitLocker metadata.

                WARNING! To avoid additional data loss, use a sector backup
                utility to back up the input volume before using this option.
                If you do not have such a utility available, specify an output
                volume or image instead.

  -rk  or -RecoveryKey
                Provide an external key to unlock the volume.
                Example: "F:\RecoveryKey.bek".

  -rp  or -RecoveryPassword
                Provide a numerical password to unlock the volume.
                Example: "111111-222222-333333-...".

  -kp  or -KeyPackage
                Optional. Provide a key package to unlock the volume.
                Example: "F:\ExportedKeyPackage"

            If this option is blank, the tool will look for the key package
            automatically. This option is needed only if required by the tool.

  -lf  or -LogFile
                Optional. Provide a path to a file that will store progress
                information. Example: "F:\log.txt".

  -f   or -Force
                Optional. When used, forces a volume to be dismounted even if
                it cannot be locked. This option is needed only if required by
                the tool.

  -?   or /?
                Shows this screen.

Examples:
  repair-bde C: -NoOutputVolume -rk F:\RecoveryKey.bek
  repair-bde C: D: -rp 111111-222222-[...] -lf F:\log.txt
  repair-bde C: D: -kp F:\KeyPackage -rp 111111-222222-[...]
  repair-bde C: D:\imagefile.img -kp F:\KeyPackage -rk F:\RecoveryKey.bek

Keywords: kbhowto kbinfo KB928201



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/928201&oldid=336582
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki