Repair-bde.exe Parameter Reference
Applies To: Windows 7, Windows Server 2008 R2
You may experience a problem that damages an area of a hard disk on which BitLocker stores critical information. This kind of problem may be caused by a hard disk failure or if Windows exits unexpectedly.
The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive has become corrupt, you must be able to supply a backup key package in addition to the recovery password or recovery key. This key package is backed up in Active Directory Domain Services (AD DS) if you used the default setting for AD DS backup. With this key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected drive if the disk is corrupted. Each key package will work only for a drive that has the corresponding drive identifier. You can use the BitLocker Recovery Password Viewer to obtain this key package from AD DS. For more information, see BitLocker Recovery Password Viewer for Active Directory.
If you are not backing up recovery information to AD DS or if you want to save key packages alternatively, the BitLocker Windows Management Instrumentation (WMI) provider Win32_EncryptableVolume can be used to back up the key package to a file location that you specify. For more information about using the GetKeyPackage method to accomplish this, see GetKeyPackage Method of the Win32_EncryptableVolume Class (https://go.microsoft.com/fwlink/?LinkId=169347).
The Repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. You should use Repair-bde if the following conditions are true:
You have encrypted the drive by using BitLocker Drive Encryption.
Windows does not start, or you cannot start the BitLocker recovery console.
You do not have a copy of the data that is contained on the encrypted drive.
Note
Damage to the drive may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the drive before you use the BitLocker Repair Tool. The Windows Recovery Environment (Windows RE) provides additional options to repair computers.
This section describes how to use Repair-bde.exe in Windows 7, as well how to use the Windows Preinstallation Environment (Windows PE) and Windows RE.
The BitLocker Repair Tool package contains the following files:
Software License Terms.rtf
Executables\repair-bde.exe
Executables\bderepair.dll
Executables\en-us\repair-bde.exe.mui
The following parameters are available for the Repair-bde.exe command:
InputVolume
OutputVolumeOrImage
-RecoveryKey (-rk)
-RecoveryPassword (-rp)
-KeyPackage (-kp)
-LogFile (-lf)
-f or -Force
Note
The Repair-bde command-line tool uses the term volume; in Windows 7, most BitLocker features use the term drive. When used with BitLocker, you can consider these terms to be synonymous.
Limitations
The following limitations exist for Repair-bde:
The Repair-bde command-line tool cannot repair a drive that failed during the encryption or decryption process.
The Repair-bde command-line tool assumes that if the drive has any encryption, then the drive has been fully encrypted.
The Windows 7 installation of Repair-bde is unable to perform repairs involving key packages obtained from Windows Vista, although the Windows 7 installation of Repair-bde is able to repair drives provisioned with BitLocker in Windows Vista.
InputVolume
This is the drive letter of the BitLocker-encrypted drive you want to repair.
Syntax
repair-bde InputVolume
Parameters
InputVolume |
Represents a drive letter followed by a colon; for example, C:. |
Examples
repair-bde C:
OutputVolumeOrImage
This parameter details the drive to store decrypted contents, or the path to create an image file of the contents. This parameter may be omitted if you are attempting an in-place repair of a Windows Vista BitLocker drive by using the -NoOutputVolume (-nov) parameter instead.
Warning
All information on this output drive will be overwritten.
Syntax
repair-bde {OutputVolumeOrImage|OutputVolumeOrImage:PathToImageFile}
Parameters
OutputVolumeOrImage |
Represents a drive letter followed by a colon. |
OutputVolumeOrImage:PathToImageFile |
Represents a path to an image file. |
Examples
repair-bde C: D:
repair-bde C: D:\imagefile.img
-NoOutputVolume (-nov)
This parameter attempts to repair a Windows Vista BitLocker-protected drive by modifying the boot sector to point to a valid copy of BitLocker metadata. This parameter is not supported for attempting in-place repairs of a Windows 7 BitLocker drive.
Warning
To avoid additional data loss, you should have a spare hard drive available. Use this spare drive to store decrypted output or to back up the contents of the damaged volume.
Syntax
repair-bde -NoOutputVolume
repair-bde -nov
Parameters
None |
Examples
repair-bde G: -nov
repair-bde G: -NoOutputVolume
-RecoveryKey (-rk)
Syntax
repair-bde -RecoveryKey Volume:PathToRecoveryKey
repair-bde -rk Volume:PathToRecoveryKey
Parameters
Volume:PathToRecoveryKey |
Represents a path to an external key to unlock the drive. |
Examples
repair-bde C: D: -rk F:\RecoveryKey.bek
repair-bde C: D: -RecoveryKey F:\RecoveryKey.bek
-RecoveryPassword (-rp)
Syntax
repair-bde -RecoveryPassword RecoveryPassword
repair-bde -rp RecoveryPassword
Parameters
RecoveryPassword |
Represents a numerical password to unlock the drive. |
Examples
repair-bde C: D: -rp 111111-222222-333333-…
repair-bde C: D: -RecoveryPassword 111111-222222-333333-…
-KeyPackage (-kp)
If this option is blank, the tool will search for the key package automatically. If Repair-bde is unable to find the key package, it will request one by displaying the following message:
The input volume has suffered damages to critical information related to the decryption key. Please try the -KeyPackage option to specify a key package. The volume may not be recoverable.
Syntax
repair-bde -KeyPackage Volume:ExportedKeyPackage
repair-bde -kp Volume:ExportedKeyPackage
Parameters
Volume:ExportedKeyPackage |
Represents a key package to unlock the drive. |
Examples
repair-bde C: D: -kp F:\ExportedKeyPackage
repair-bde C: D: -KeyPackage F:\ExportedKeyPackage
-LogFile (-lf)
Syntax
repair-bde -LogFile Volume:LogFile
repair-bde -lf Volume:LogFile
Parameters
Volume:LogFile |
Represents a path to the file that will store Repair-bde error, warning, and information messages. |
Examples
repair-bde C: D: -lf F:\log.txt
repair-bde C: D: -LogFile F:\log.txt
-f or -Force
This optional parameter forces a drive to be dismounted, even if it cannot be locked. This parameter is used to obtain consent from the user to dismount the drive, even if it is being used by another process.
Syntax
repair-bde -f
repair-bde -Force
Parameters
None |
Examples
repair-bde C: D: -f
repair-bde C: D: -Force