BitLocker Failure with Hyper-V after May 2019 Updates

Posted on by

A week ago, on my Server 2016 Hyper-V host, after installing the May 14, 2019 Cumulative Update (KB4494440) and restarting, I got BitLocker error 0xc0210000, “A required file couldn’t be accessed because your BitLocker key wasn’t loaded correctly.” I was able to enter the key manually and the machine proceeded to boot.

Today, after installing the May 19 Cumulative Update  (KB4505052), I got the same error, but the machine did not boot but went into the recovery environment. Fortunately, by now this is a well-known issue with a thread and its own knowledge base article KB4505821. I was able to use the steps in KB4505821 to start the server, with one exception:  the instructions say to unlock and suspend protection on the C: drive, but in my recovery environment, the TPM-protected boot drive came up as the D: drive. Some screen shots will illustrate.

Original error:

KB4505821 Bitlocker Error 01

Try to boot to OS:

KB4505821 Bitlocker Error 02

Type in the recovery key – this works:

KB4505821 Bitlocker Error 03

Instructions say to skip this. I tried skipping and filling in, got into recovery environment either way. However when skipped, you also have to skip BitLocker on all other drives:

KB4505821 Bitlocker Error 04

Instructions say to run manage-bde unlock C: but that failed:

KB4505821 Bitlocker Error 05

manage-bde –status shows that drive D: is the one protected by the TPM:

KB4505821 Bitlocker Error 06

Confirm with manage-bde –protectors –get D:. The Numerical Password ID matches what I know is really the OS drive C:

KB4505821 Bitlocker Error 07

manage-bde –unlock D: works:

KB4505821 Bitlocker Error 08

Now we can suspend protection with manage-bde –protectors –disable D::

KB4505821 Bitlocker Error 09

And now the OS boots:

KB4505821 Bitlocker Error 10

Note that protection is still suspended after boot. I manually resumed protection. Hope I can remember to suspend it before the next boot.

Update June 17, 2019

Still happening after installing the 201906 Cumulative Update:  “…your BitLocker key wasn’t loaded correctly.” This month, though, entering the BitLocker recovery key (third black screen above) was enough to continue and get the OS to boot–I did not have to get into the recovery environment and manually unlock the drive.

Update August 2, 2019

The issue was finally resolved with the KB4507460 update released July 9, 2019.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.