Symptoms
Assume that you have a tablet or slate device, and you're trying to test the recovery method by running the following command:
Manage-bde -forcerecovery
However, when you enter the recovery password, your device goes into a no-boot state.
Note Running Manage-bde -forcerecovery is not supported on tablet devices.
Cause
This issue occurs because boot manager cannot handle touch input during pre-boot time. If boot manager detects that the machine profile is for a tablet or slate device, it redirects to the Windows Recovery Environment (WinRE), which can handle touch input. WinRE then performs a PCR reseal if the TPM protector on the disk is present. If the Manage-bde -forcerecovery command is used, the TPM protectors are deleted. Therefore, WinRE cannot reseal the PCRs. This triggers an infinite BitLocker recovery cycle, and therefore you can't boot to Windows.
This behavior is by design for all versions of Windows.
Note This issue may occur on any Windows 8-based tablet device, not just on Surface devices.
Resolution
To resolve this issue, follow these steps:
-
On the BitLocker recovery screen, select Skip this drive.
-
Select Troubleshoot > Advanced Options > Command Prompt.
-
Enter the following commands in the Command Prompt window:
-
manage-bde –unlock C: -rp <48-digit numerical recovery key>
-
manage-bde -protectors -disable C:
-
-
Exit the command prompt.
-
Shut down the device.
When you reboot the device, it should boot into Windows.
More Information
If you want to test this recovery method, use one of the following methods:
-
Turn off Secure Boot.
-
Enable test signing by running the BCDEDIT /set testsigning on command.
-
Enable debugging by running BCDEDIT /set debug on.
-
Enable Boot or boot manager debugging by running BCDEDIT /set boot debug on or (BCDEDIT /set {bootmgr} debug on)).
These methods have been tested and are supported. If you use any of these methods, remember to turn them off afterward. You should not run your computers in these modes long-term.
