BitLocker is a Microsoft encryption product designed to protect user data on a computer. If there is a problem with BitLocker, the BitLocker recovery mode will be prompted. If you do not have a working recovery key for the BitLocker command prompt, you will not be able to access the computer. BitLocker encryption is often intentionally enabled by or on behalf of a user with full administrator access to your device. This user can be you, another user, or an organization that manages your device. In this article, you will learn about “Unable to find my BitLocker Recovery Key”. Please see these guides: Find saved Wi-Fi Passwords in Windows 10 and 11, RDP Users are unable to change Passwords, How to get the Windows 10 Version 22H2 Update, and how to Create a Windows 10 or 11 bootable USB with UEFI support.
The BitLocker encryption process occurs in the background and often goes unnoticed by users until a recovery event occurs. If you wish to Disable BitLocker, please see these guides: How to correctly disable Microsoft BitLocker Administration and Monitoring encrypted devices, how to view BitLocker Disk Encryption Status in Windows, how to query MBAM to display the report for BitLocker Recovery for a specified period of time, and how to determine why an MBAM protected device is non-compliant.
Why was this BitLocker Recovery Key mode Prompted?
Note: For Dell devices, Dell BIOS updates suspend BitLocker before flashing, so a BitLocker recovery event cannot occur due to the firmware update. There are a number of reasons why the BitLocker recovery mode will be prompted. Some of these are as follows
But for some other device types, a BIOS update can trigger a BitLocker recovery event because the PCR changes between when Windows is running and when the BIOS is updated. If the computer enters recovery mode, it is likely because an external drive is connected because the boot drive enumeration is changed. I will be covering various reasons for the BitLocker recovery prompt in another guide. Here is a guide on how to deploy MBAm client as part of Windows deployment process.
Storage options for BitLocker recovery keys
Recovery keys can be saved in different ways depending on the version of Windows installed. Before we proceed in resolving this issue. You must have previously saved your BitLocker recovery key in one of these locations below. Here is a guide on how and where to find your BitLocker recovery key in Windows.
- Microsoft account
- On a printout
- USB flash drive
- Azure Active Directory account.
- Copied and saved in a text file on another PC. You can remotely connect to the PC and view the text file from another device. Make sure that each backed-up recovery key is accessible from another computer or phone. You can access a remote PC this way without remotely connecting to it.
Also, if you are using MBAM to manage BitLocker. This will be saved in the MBAM database and you will be able to query the database via the Help Desk or Advanced help desk. Also via the self-service portal. You can determine if you have MBAM installed from the following link.
Access the BitLocker Recovery Tab in Active Directory
Additionally, if you have configured the BitLocker recovery keys to be saved to Active Directory. You will also be able to find your keys there. Here is a guide on how to backup existing and new BitLocker recovery keys to Active Directory using a simple script. And how to fix the missing BitLocker Recovery Tab in Active Directory Users and Computers. If you have enabled BitLocker for a device, this will be found under the BitLocker Recovery Tab as shown below.
If you have the keys saved in AD, you will require Domain Admin rights to view this and also install the BitLocker Drive Encryption Administration Utilities on a Server.
I do not have a BitLocker Recovery Key Saved (Not in my Microsoft account too)
But if you do not have a working recovery key for the BitLocker command prompt. You will not be able to access the computer. Please see MDT Warning: Unable to set working directory, the application returned an unexpected code 2, Unable to execute: The application GUID not found in the application list, and how to Mount remote directory using sshfs.
The BitLocker Setup process forces the creation of a recovery key at the time of activation, and if you are unable to find a required BitLocker recovery key, you’ll need to reinstall your device. Reinstalling your device removes all files or have it re-installed entirely via the WDS and MDT. Here is a guide on how to Install ADK, MDT, and WDS: Deploy Windows images via Microsoft Deployment Toolkit and Windows Deployment Services.
I hope you found this blog post helpful on Unable to find my BitLocker Recovery Key. Please let me know in the comment session if you have any questions.