Restor mit Bitlocker

Willy, if you are using the Windows ADK option for creating the rescue media, then you should see a further option to create WinPE using your system language (instead of the EN-US default).  You should opt to use your system language.

::=============================================================::
::      We've detected that that your system is not using      ::
::            English [EN-US] as the default language.         ::
::                                                             ::
::  Would you like to create WinPE using your system language? ::
::               [EN-US is default for all ADK.]               ::
::=============================================================::
::                                                             ::
:: [1.] Yes - Build WinPE using my system language             ::
:: [2.] No  - Build WinPE with the default language [English]  ::
::                                                             ::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
1

       -------------------------------------------------
      [Changing the WinPE language to match your system.]
       -------------------------------------------------

Deployment Image Servicing and Management tool
Version: 10.0.18362.1

Image Version: 10.0.18362.1

Processing 1 of 1 - Adding package Microsoft-Windows-WinPE-Fonts-Legacy-Package~31bf3856ad364e35~amd64~~10.0.18362.1
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.18362.1

Image Version: 10.0.18362.1

Processing 1 of 1 - Adding package Microsoft-Windows-WinPE-LanguagePack-Package~31bf3856ad364e35~amd64~en-GB~10.0.18362.1
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.18362.1

Image Version: 10.0.18362.1

Input locale has been set to: en-GB
System locale has been set to: en-GB
User locale has been set to: en-GB
UI language has been set to: en-GB
The operation completed successfully.

=================================================================

Steve, that's how I did it and created a new stick.
So far so good, but the command manage-bde status does not work. Code 0x80073bc3. Too bad I can't upload a snipp to you :-(
There is no problem with it at the Windows level.

wisch wrote:

Steve, that's how I did it and created a new stick.
So far so good, but the command manage-bde status does not work. Code 0x80073bc3. Too bad I can't upload a snipp to you :-(
There is no problem with it at the Windows level.

Willy, please make sure that the command is  manage-bde -status (with the - before the word status).

You can share files via OneDrive, Dropbox etc if you wish..

Steve, ok, I'd share a folder with you in OneDrive.
All you have to do is tell me where to send the link.

Click on the option to "Send message" under my name / image in the forum.

Steve to send you the link to a shared folder in OneDrive, I need your email address.
Or how did you think that?

If you use the 'Send message' option and just send me a link to a zipped file with any images etc.  That is what works with other users who share files such as the Acronis System Report zip files etc.

Did you get the link and does it work?

Willy, the link was only to a local file on your PC, not a cloud shared link which should be in the format of https://1drv.ms/u/s!An-I-wjRLMQJmXCc59999AHxT6xP?e=xxxxxx which you get by right-clicking on the file to be shared, then on the Share option.

But now it should work (?)

Sorry Willy, but now it needs an email address that is listed in the gpvmbh-my.sharepoint.com directory which my email is not registered for!

I don't need access to your OneDrive folder, only to be able to link to a single shared zip file which shouldn't need me to sign in to anything.

Has that worked? I changed the access without restrictions.

Edit:

Dear Steve,

I get into trouble with my family. Can we continue tomorrow? Do you still like?

Willy, thanks for the latest link.  I wonder if the issue may be down to the low level of Windows 10 involved here?

From my own computer (running manage-bde -status) from within Windows (to compare to your image). Translated from English to German via Google Translate.

Microsoft Windows [Version 10.0.19042.610]
(c) 2020 Microsoft Corporation. Alle Rechte vorbehalten.

C:\WINDOWS\system32>manage-bde -status
BitLocker-Laufwerkverschlüsselung: Konfigurationstool Version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. Alle Rechte vorbehalten.

Datenträger, mit denen geschützt werden kann
BitLocker-Laufwerkverschlüsselung:
Band C: [Windows]
[OS Volume]

    Größe: 200,83 GB
    BitLocker-Version: Keine
    Conversion-Status: Vollständig entschlüsselt
    Verschlüsselter Prozentsatz: 0,0%
    Verschlüsselungsmethode: Keine
    Schutzstatus: Schutz aus
    Sperrstatus: Entsperrt
    Identifikationsfeld: Keine
    Schlüsselschutz: Keine gefunden

Band G: [SSD-Daten]
[Datenvolumen]

    Größe: 263,29 GB
    BitLocker-Version: Keine
    Conversion-Status: Vollständig entschlüsselt
    Verschlüsselter Prozentsatz: 0,0%
    Verschlüsselungsmethode: Keine
    Schutzstatus: Schutz aus
    Sperrstatus: Entsperrt
    Identifikationsfeld: Keine
    Automatische Entsperrung: Deaktiviert
    Schlüsselschutz: Keine gefunden

Band D: [Daten]
[Datenvolumen]

    Größe: 919,57 GB
    BitLocker-Version: Keine
    Conversion-Status: Vollständig entschlüsselt
    Verschlüsselter Prozentsatz: 0,0%
    Verschlüsselungsmethode: Keine
    Schutzstatus: Schutz aus
    Sperrstatus: Entsperrt
    Identifikationsfeld: Keine
    Automatische Entsperrung: Deaktiviert
    Schlüsselschutz: Keine gefunden

Band E: [Backup]
[Datenvolumen]

    Größe: 943,32 GB
    BitLocker-Version: Keine
    Conversion-Status: Vollständig entschlüsselt
    Verschlüsselter Prozentsatz: 0,0%
    Verschlüsselungsmethode: Keine
    Schutzstatus: Schutz aus
    Sperrstatus: Entsperrt
    Identifikationsfeld: Keine
    Automatische Entsperrung: Deaktiviert
    Schlüsselschutz: Keine gefunden

Band F: [Label unbekannt]
[Datenvolumen]

    Größe: Unbekannt GB
    BitLocker Version: 2.0
    Conversion-Status: Unbekannt
    Verschlüsselter Prozentsatz: Unbekannt%
    Verschlüsselungsmethode: AES 128
    Schutzstatus: Unbekannt
    Sperrstatus: Gesperrt
    Identifikationsfeld: Unbekannt
    Automatische Entsperrung: Deaktiviert
    Schlüsselschutz:
        Passwort
        Numerisches Passwort

Drücken Sie eine beliebige Taste, um fortzufahren . . .

Geben Sie den BitLocker-verschlüsselten Laufwerksbuchstaben ein, um [D:] zu entsperren. F:
BitLocker-Laufwerkverschlüsselung: Konfigurationstool Version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. Alle Rechte vorbehalten.

Geben Sie das Passwort ein, um dieses Volume zu entsperren:
Das Passwort hat Volume F: erfolgreich entsperrt.
Drücken Sie eine beliebige Taste, um fortzufahren . . .
Möchten Sie ein anderes Laufwerk entsperren (J / N)? n

C:\WINDOWS\system32>

Enjoy your time with your family Willy, chat again tomorrow!

I may know why you're having problems with manage-bde in WinPE but not in Windows. It's possible you have an older version of the ADK installed. BitLocker now gives two options for encryption. Essentially, it is the new version or the old version. If your drives are encrypted using the new version and you are using an older ADK, the ADK doesn't support the new version of encryption. You can either switch to the old version of encryption or install the latest ADK and build the WinPE again.

Paul, thanks for your comment, I believe you are correct as the screen image that Willy shared with me showed:

So Windows 10.0.17763 looks to be from the ADK version here versus Version 10.0.19042.610 from my own system with #20H2 installed.

Hey guys

My windows version is exactly the same: 20H2, Build 10.0.19042.610.
And ADK is currently 10.1.17763.1

It has to be another factor that bothers.
If I boot with the USB stick that I created with the help of you Steve about 2 years ago, then "manage-bde -status" displays correctly.

Edit:
I just generated a stick with 32 bits for the test. It doesn't work because I can't control the mouse.

Willy, checking in the Control Panel > Programs & Features list, my ADK shows as 10.1.18362.1 for the 2 required kits.

See Microsoft ADK webpage for the latest kits for download (Win 10 #2004):

Steve, am currently uninstalling ADK and then reinstalling it again because the installation exe always said ADK would be up to date.

Edit:
Strange, because now I have the version 10.1.14393.0

Willy, please ensure you download the two separate parts of the ADK that are needed.

• Download the Windows ADK for Windows 10, version 2004

• Download the Windows PE add-on for the ADK, version 2004

Steve, I uninstalled and reinstalled both. And now they are both showing me the version 10.1.19041.1.
I'm now making a new USB stick and then we'll see.

Steve, still the same error code.
I also used the sfc /scannow command in between.
Do you think it would be worth trying if I generate a new stick without Bitlocker support?

Edit:

Without Bitlocker support, the manage-bde -status command is not recognized.
If you're building a new stick with your script, does it all work?

Edit 2:
I booted again with the USB stick, which I created with your help about 2 years ago.
The command works perfectly. I took a photo of it and copied it into OneDrive. You still have access.

Edit 3:
I also copied the log file to OneDrive

Willy, I have updated my own ADK & PE Kits to the latest 2004 version and just recreated my rescue media, so next step will be to run a new test of this, but expect that this will work correctly.

Manage-bde will only be recognised when BitLocker support is included in the WinPE rescue media.

Tested the new media and ran the batch file which had no errors...!

Microsoft Windows [Version 10.0.19041.1]
(c) 2019 Microsoft Corporation. All rights reserved.

X:\Program Files\Extra>bitlockerunlock.bat
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Windows]
[Data Volume]

    Size:                 200.83 GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Automatic Unlock:     Disabled
    Key Protectors:       None Found

Volume H: [Label Unknown]
[Data Volume]

    Size:                 Unknown GB
    BitLocker Version:    2.0
    Conversion Status:    Unknown
    Percentage Encrypted: Unknown%
    Encryption Method:    AES 128
    Protection Status:    Unknown
    Lock Status:          Locked
    Identification Field: Unknown
    Automatic Unlock:     Disabled
    Key Protectors:
        Password
        Numerical Password

Press any key to continue . . .
Enter BitLocker encrypted drive letter to unlock [D:]  H:
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Enter the password to unlock this volume:
The password successfully unlocked volume H:.
Press any key to continue . . .
Do you want to unlock another drive (Y/N)? n

X:\Program Files\Extra>

Steve, was ist das nur mit meinem Laptop???
Magst du bitte in meine Log-Datei schauen?

Willy, can we try to narrow this down more please?

When booted from the MVP rescue media:

Is it only the manage-bde -status  command that is failing with the error code?

Can you unlock the C: drive by using  manage-bde -unlock C:  with either -pw  or  -rp  ?

Unfortunately not successful. I copied a photo to you in OneDrive. Have you already looked at the log file?

Willy, your new image files show that you have been able to run manage-bde -status without error and this lists your C: D: & F: drives as being locked Bitlocker drives.

The second image shows an issue with the method being used to unlock the C: drive.

Which unlock method did you choose when you setup the encryption for the C: drive?

Steve, the first picture shows what it's like when I boot with the stick I created with your help about 2 years ago.

With -pw and -rp.

Have you seen my supplements above?

Willy, sorry but you need to focus on the new rescue media created today with ATI 2021 and BitLocker, which comes back to my earlier questions:

Does the manage-bde -status  command work or fail with the new rescue media?

Can you use  manage-bde -unlock C:  with either -pw  or  -rp manually to unlock this drive?  The values that you use with these parameters will be different.

Steve, of course, but I just wanted to know again.

sorry, manage-bde -status is not working :-(

Have you looked at the log file?

And -pw and -rp I test afterwards, because I'm just making a system backup with Windows on-board equipment. That will take a moment.

Do you think it makes sense when I try to repair my Windows with the ISO file to make sure that Windows is absolutely clean?

Steve, of course, but I just wanted to know again.

sorry, manage-bde -status is not working :-(

Have you looked at the log file?

And -pw and -rp I test afterwards, because I'm just making a system backup with Windows on-board equipment. That will take a moment.

Do you think it makes sense when I try to repair my Windows with the ISO file to make sure that Windows is absolutely clean?

Steve, I tried it again, it doesn't work with the two commands -pw and -rp.
Also not with manage-bde -status.
I'm pretty desperate.

I admire your patience. Do you still like?

I'm going to refresh my Windows and then try again.

Until tomorrow best regards,
Willy

Steve, it took a bit with the Inplace update because there is a bug in Windows 20H2, see

https://www.drwindows.de/windows-10-desktop/172367-inplace-update.html

https://www.deskmodder.de/blog/2020/10/28/windows-10-20h2-inplace-upgra…

After the workaround, I performed the Inplace update and created a new USB stick. But unfortunately the command manage-bde -status still does not work :-(
I notice that my version of Windows with command winver build displays 19042.630, but in the screenshot the version 19041.1. I copied the photo to OneDrive. The same in programs and features at ADK.
This could be the cause of the problems.
I think I should wait until a patch is available from M'soft, and as long as I create system backups using the Windows own resources.
Or do you have a better idea?

Willy, winver on my laptop shows 19042.610 which I expect will change to .630 after the latest KB4586781 update finishes being installed.  The version shown in WinPE is taken from the ADK version for which there is no 20H2 version, so will be taken from the older 2004 build.

The next test I would suggest is to open an Administrator command prompt in Windows 10 and test whether the same manage-bde -status command works or gives an error?  This will help show if the problem lies with WinPE or is more general.

Steve, please be patient. I'm doing a backup right now.

Steve, in running Windows, the manage-bde state command runs correctly.
But with the USB stick with error code 0x80073bc3.
I copied a photo of it to OneDrive.
I'll test it on another device. I just have to see if I can find one with 20H2. Could the problem be with my version of Windows for Workstations?

Willy, it is good that the command is working within Windows but a real puzzle as to why it fails when used in the rescue media!

I am running Windows 10 Pro #20H2 on my own laptop and where I have made my own rescue media which is working fine.  My only BitLocker drive is an external USB drive.

It would be interesting to know how your rescue media works on a different PC and it shouldn't matter if that PC has the same version / build of Windows 10 provided it has a BitLocker drive, but the manage-bde -status command still works on systems without any encrypted drives provided the rescue media has BitLocker support or the OS is not the Home edition which doesn't have BL support.

Steve, tonight my son-in-law brings me his laptop so I can test it with it.

I don't think the version of Windows on your system has anything to do with the problem.

I would like to see you create a Windows Recovery USB drive from Control Panel/Recovery. This will give you WinRE media with BitLocker support. You can get to a command prompt by going through the Troubleshooting option. If manage-bde.exe works, that should help to pinpoint which direction to go next.

Mustang, es geht aber nur auf CD/DVD, oder habe ich dich falsch verstanden?

Sorry:
Mustang, but it's only possible on CD/DVD, or did I misunderstand you?

You need to go to Control Panel and select the Recovery option. You also need to have a USB flash drive inserted in the PC. Windows will find the USB drive and use it.

Mustang, ah, you mean a system backup?
I thought of a ystem repair disk.

Willy, when booted from the Recovery drive, you then need to choose the Advanced option and then open a Command prompt window to be able to test the manage-bde -status command in that environment.

Steve, understood. I'm in the process of creating the USB stick, which takes a little bit.
I've never used this before, only TrueImage.

Unfortunately, the copying process is painfully slow.

Hello Steve,
hello Mustang,

I did it as proposed. The manage-bde -status command works perfectly.

Your next step is to make an Acronis Recovery media using the Simple option. This will give you a WinRE media which will have BitLocker support. Boot it up and close the TI GUI. Then test the manage-bde -status command.

Mustang, manage-bde status is displayed without errors, but not as complete as in Windows. For example, not the disk size.
I copy you a photo in OneDrive (IMG_3796).

Don't worry about the manage-bde -status output. We have no control over that.

Let's work on why the MVP Tool isn't working for you when you select the build from WinRE option. I have a later version of the tool available for you to test. It is version 19.0 and one of the additions is improved language support. You can download it at http://www.mechrest.com/plugins/MVP_ATIPEBuilder/Advanced/MVP_ATIPEBuilder_v190.zip

This version hasn't been digitally signed by Acronis, so you will need to tell your system to trust it when it is blocked.