In this article I will present you a solution to recover your files and entire Windows 10 or Windows 11 installation if you are stuck with a BitLocker encrypted boot drive that doesn't unlock even if you use the right key, without reinstalling Windows and losing any files.
One sure way to get a corrupted BitLocker drive is by trying to encrypt the drive and ticking the "Run BitLocker system check" checkbox.
If you click on Start encrypting it will ask you to restart your computer and on the next boot it will ask you for the recovery key.
Even if you enter the correct recovery key it will fail to boot with the UNMOUNTABLE BOOT VOLUME error. If you enter into recovery mode it will tell you that your recovery key is invalid. If you get into a second Windows installation and use manage-bde to try to unlock your drive it will also refuse to unlock. If you try to use chkdsk to repair the partition it will ask you to decrypt the drive first before doing anything.
The reason why this happens is because Windows 10/11 will not write the keys to TPM if you check Run BitLocker system check and will refuse to boot. It can also happen if your TPM got disabled by the BIOS for some reason or if another installation overwrote your existing TPM keys. (If the drive was already fully encrypted when this happened this guide will not work for you)
Requirements
- You need a partition at least as large as your Windows installation to save a .bin file of the C: partition of your corrupted Windows installation.
- You need to download the free edition of DMDE from https://dmde.com/download.html (I used version 3.8.0 (2020) Free Edition)
- You need a second Windows installation to run DMDE from (dual boot), or move the SSD/HDD to another device.
- This will take at least an hour, or a few hours if you backup to a HDD, not an SSD.
You need BitLocker to be corrupted before the partition was encrypted, otherwise this will not work.
Disclaimer:
By continuing to read the guide below you fully agree that you will not hold me accountable for any data loss or damage incuring after following this guide, this is an advanced guide and you have high chances of permanently losing data (or losing even more data) if you are not extremely careful or you don't understand what you are doing.
Note: Even if you do everything right, you could still lose data, if it's extremely valuable data you should hire a professional to do the recovery. I do not provide any guarantee that this will work for you, it's your sole decision if you do any step from this guide, you should double check everything from multiple sources (this guide might get outdated), and you understand, accept all the risks of losing data and doing damage if you proceed.
Instructions
- Open DMDE and select your drive that contains the "encrypted" Windows partition
- Select your NTFS partition that contains the Windows installation and click "Open Volume"
In my case it would be $Noname01
- Click Open Volume, if your Open Volume button is greyed out when you click the partition and says Data in F.System it means that your drive is actually fully encrypted and you are out of luck without a recovery key.
If you have a recovery key (and the partition is fully encrypted) you should be able to use that key to just disable bitlocker from a windows install/recovery cmd prompt or another Windows installation. There is also a repair-bde command that might help you if decryption with correct recovery key still doesn't work. (it will not work with a corrupted unencrypted bitlocker partition as in this guide)
You should now see your files from the Windows installation
- Go to Disk→ Partitions (CTRL+P) in the menubar and right click the previously selected partition to open the following menu
- Click on Create Image/Clone...
Set the Destination to a .bin file
- Click Ok, it will take some time to save your partition to the .bin file, make sure you have enough space for the bin file, which will be as large as the source partition.
- After the cloning has finished close DMDE and repoen it, you can go to Disk images/logs instead of Physical drives and select the .bin image you just saved.
You should see your NTFS partition and when you click Open Volume you should have all your folders and files.
- Open Windows menu and search for Create and format hard disk partitions
- Right click on the BitLocker encrypted drive that was corrupted and format it (quick format). WARNING: Make sure you selected the right partition to format or you could lose the data from another partition, check at least 3 times.
DO NOT FORMAT IF YOU SKIPPED STEPS 5, 6, 7 OR RECEIVED ANY ERROR AND HAVE ANY DOUBTS ABOUT THE .BIN IMAGE INTEGRITY - GO BACK TO STEPS 5, 6 AND 7
- Go back in DMDE and in the Partitions view, click the Menu button and go to Create image/clone...
Select the source as the .BIN file you previously saved and set the destination to the Partition that you formatted at step 8. It should look like this:
WARNING: Double check that you selected the right partition for the destionation or you could overwrite something else.
- Click OK and go to Parameters
- Tick the Allow Write checkbox, click OK, select "I understand the risks" and click Yes
- Tick Confirm overwriting N GB and click Yes
- The image will be written to the partition, wait until it completes, if anything happens or you get an error start again from step 10 - might take a few hours depending on the size of the partition.
- After the writing finished fully close DMDE. - IMPORTANT
- If you try to go from Explorer to your drive you will receive an error:
To fix this error (corrupted NTFS file system) we'll use chkdsk.
- Open Command Prompt with Run as administrator - IMPORTANT
- Write
chkdsk /f G:(replace G: with your drive letter) in the console, if you receive the Access denied error close DMDE and Explorer or anything using the drive.
You should see the Windows has made corrections to the file system after the command finished running.
- Now if you open the drive in Explorer you should have all your files.
- Reboot into the Windows that you recovered, if it says that windows encountered errors in the previous starts press Enter to try again. You should be back in your unencrypted Windows installation.
That's all, thanks Microsoft for having to go through all of this to get my data back.
A thousand thanks to Dmitry Sidorov, who made DMDE, and allows us to recover our data.
If you want to try encrypting your drive again with BitLocker (given that you have a backup .bin image to do this all over again from step 8), make sure you do not check "Run BitLocker system check" and encrypt the entire drive. If the wizard closes and starts to encrypt the drive, when you restart you should either get a "Enter BitLocker password" blue screen or just boot into Windows if TPM works on your device. Keep in mind that you need to enable fTPM in the BIOS before using BitLocker on all devices."
You might get "The system cannot find the file specified." error when you try to turn on BitLocker. To fix this you need to go to C:\Windows\System32\Recovery\ and delete all ReAgent.xml files