Some devices running Windows 10 with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000

Applies to: Windows 10 Version 1607Windows Server 2016Windows 10 Version 1703

Summary


After installing an affected update and restarting, some devices running Windows 10, Version 1703, Windows 10, version 1607 or Windows Server 2016 with Hyper-V enabled may enter BitLocker recovery mode and receive an error, "0xC0210000".

Workaround


If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE) using the following steps:

  1. Retrieve the 48-digit BitLocker recovery password for the OS volume from your organization's portal or from wherever the key was stored when BitLocker was first enabled.
  2. From the recovery screen, press the enter key and enter the recovery password when prompted.
  3. If your device starts in the Windows Recovery Environment and asks for recovery key again, select Skip the drive to continue to WinRE.
  4. Select Advanced options then Troubleshoot then Advanced options then Command Prompt.
  5. Unlock drive using the command: Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
  6. Suspend BitLocker using the command: Manage-bde -protectors -disable c:
  7. Exit the command window using the command: exit
  8. Select Continue from recovery environment.
  9. The device should now start Windows.
  10. Once started, launch an elevated Command Prompt (i.e. run Command Prompt as administrator) and resume the BitLocker to ensure the system remains protected, using the command: Manage-bde -protectors -enable c:

Note The steps in this workaround need to be followed on every system start unless BitLocker is suspended before restarting.

To prevent this issue, execute the following command to temporarily suspend BitLocker just before restarting the system: Manage-bde -protectors -disable c: -rc 1

Note This command will suspend BitLocker for one restart of the device (-rc 1 option only works inside OS and does not work from recovery environment).

Next steps


This issue is now resolved for all platforms in the following updates:

  • KB4507450 LCU for Windows 10, version 1703.
  • KB4507460 LCU for Windows 10, version 1607 and Windows Server 2016.

Affected updates


The affected updates are the following latest cumulative update (LCU) released on May 14, 2019 or later for the affected platforms:

  • KB4499181 or later LCU for Windows 10, version 1703.
  • KB4494440 or later LCU for Windows 10, version 1607 and Windows Server 2016.