BitLocker Startup

Applies To: Windows Server 2008 R2

When a computer protected with BitLocker Drive Encryption is restarted, the early startup components perform a series of integrity checks and, if the system passes, attempts to retrieve the needed key information to unlock any BitLocker-protected volumes. Success depends on the availability of configured key protectors, such as the TPM or a user-supplied PIN, and the existence of volume metadata stored within the encrypted drive.

If Windows cannot unlock the Windows operating system volume, BitLocker enters recovery mode. If the user can supply a recovery password or insert a USB flash drive with a recovery key, BitLocker will unlock the volume.

After the Windows operating system volume has been successfully unlocked, BitLocker uses encrypted information stored in the volume metadata and Windows registry to unlock any data volumes configured for automatic unlocking.

Events

Event ID Source Message

24585

Microsoft-Windows-BitLocker-Driver

Auto-unlock enabled for volume %2.

24587

Microsoft-Windows-BitLocker-Driver

Auto-unlock disabled for volume %2.

24589

Microsoft-Windows-BitLocker-Driver

Failed to enable auto-unlock for volume %2.

24590

Microsoft-Windows-BitLocker-Driver

Failed to disable auto-unlock for volume %2.

24591

Microsoft-Windows-BitLocker-Driver

Auto-unlocking failed for volume %2.

24596

Microsoft-Windows-BitLocker-Driver

No key file was found for Volume %2 during restart.

24597

Microsoft-Windows-BitLocker-Driver

A corrupt key file was encountered for Volume %2 during restart.

24598

Microsoft-Windows-BitLocker-Driver

No volume master key was retrieved in a key file during restart.

24599

Microsoft-Windows-BitLocker-Driver

The TPM was not enabled during restart.

24600

Microsoft-Windows-BitLocker-Driver

The SRK was found to be invalid during restart.

24601

Microsoft-Windows-BitLocker-Driver

The PCRs did not match during restart.

24602

Microsoft-Windows-BitLocker-Driver

No volume master key was retrieved from a key file during restart.

24603

Microsoft-Windows-BitLocker-Driver

A boot application hash did not match expected value during restart.

24604

Microsoft-Windows-BitLocker-Driver

The boot configuration options did not match expected values during restart.

24605

Microsoft-Windows-BitLocker-Driver

No volume master key was retrieved from a PIN during restart.

24606

Microsoft-Windows-BitLocker-Driver

No volume master key was retrieved from a recovery password during restart.

24607

Microsoft-Windows-BitLocker-Driver

A valid key was found during the last restart.

24608

Microsoft-Windows-BitLocker-Driver

An unexpected error was encountered attempting to retrieve the volume master key during restart.

24609

Microsoft-Windows-BitLocker-Driver

A key was not available from required sources during restart.

24620

Microsoft-Windows-BitLocker-Driver

Encrypted volume check: Volume information on %2 cannot be read.

24625

Microsoft-Windows-BitLocker-Driver

A valid key was found during the last restart.

BitLocker Filter Driver

Core Security