Symptoms
A Hyper-V user with BitLocker enabled may encounter a restart failure if the Device Guard or Credential Guard feature has not been disabled or has not been uninstalled cleanly. Specifically, upon restart, you receive following error message on a blue screen:
Your PC/Device needs to be repaired.
A required file couldn’t be accessed because your BitLocker key wasn’t loaded correctly. Error code: 0xc0210000 You’ll need to use recovery tools. If you don’t have any installation media (like a disc or USB device), contact your PC administrator or PC/Device manufacturer. Press Enter to try again Press F8 for Startup SettingsResolution
To fix this issue, install Cumulative update for Windows 10 Version 1607: August 23, 2016 (KB3176934).
How to avoid getting into this situation
-
Keep Hyper-V disabled during the operating system upgrade.
-
Reset the Device Guard registry keys (delete the Device Guard registry key node) and then enabled Hyper-V in Windows 10 Version 1607.
-
Reset the Device Guard registry keys (delete the Device Guard registry key node) and then upgrade to Windows 10 Version 1607.
-
Disable BitLocker until you install update 3176934.
How to recover from this issue
-
Start into another operating system on the computer and then start the Command Prompt window
-
from the Windows Recovery Environment by selecting Troubleshoot > Advanced Options > Command Prompt
-
Or from a bootable Windows 10 Setup. You can follow this instruction to prepare a bootable USB drive.
-
-
Unlock the operating system drive by running:
Manage-bde-unlock-rp <recovery password> <operating system drive:>
get your recovery password. You need to get the recovery ID first by running the following command:
Note The operating system drive may be a different letter than in the main operating system. To do this, you should first recover your BitLocker key. See information about this fromManage-bde-status <opertaing system drive:>
-
Suspend BitLocker by running the following command at the command prompt:
Manage-bde-protectors-disable <operating system drive:>
-
Restart and set below registry key from the main operating system:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard
DWORD EnableVirtualizationBasedSecurity set to 0 DWORD RequirePlatformSecurityFeatures set to 0
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
Learn about the terminology that Microsoft uses to describe software updates.