Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Using the BitLocker DRA protector may cause MBAM to incorrectly show the Encryption Status as OFF after a BitLocker PIN reset


View products that this article applies to.

Symptoms

When you reset the BitLocker PIN using BitLocker Encryption Option in Control Panel, if the BitLocker Data Recovery Agent (DRA) is present then MBAM may incorrectly show the Encryption State of Operating System Drive Volume as OFF even though it remains fully encrypted.



↑ Back to the top


Cause

This happens if you have implemented BitLocker DRA (Data Recovery Agent) as an additional protector for BitLocker Protected volumes.

MBAM v1.0 is designed to handle TPM and TPM+PIN protectors only.

↑ Back to the top


Resolution

Reset the BitLocker PIN twice, MBAM will then report the state of the drive correctly. Follow the steps below to correctly reset the BitLocker PIN, leave the DRA in-place, and correctly view the drive status.

How to reset the BitLocker PIN:

You can change or reset the BitLocker PIN anytime by following steps below.

Note: During the PIN reset process, your Windows 7 computer must be connected to your Corporate Network. If the system is at a remote location (home, hotel, etc.), you need to initiate a VPN session to connect the computer to the Corporate Network.
  1. Click on Start and then click Control Panel
    Click the “BitLocker Encryption Options” to launch,
    or
    Click on Start and open Computer and then navigate to the folder “%ProgramFiles%\Microsoft\MDOP MBAM”. Locate and double click on the file “MBAMControlUI.exe”.
  2. At the Microsoft BitLocker Administration and Monitoring screen, click on Manage your PIN.
    Important: If the option Manage your PIN is not found, you need to perform steps #8, 9, 10, 11 and 12 below and come back to step #2.

  3. Enter your new PIN.
    • Note: Your PIN must include Numeric (0,1,2….9) or alpha-numeric (including uppercase, lowercase and numbers) and anywhere between 4-20 characters. This is governed by GPO under Operating System Drive.
    • Special characters (i.e. #, $, %, etc.) and International characters (i.e. à, è, ì, ò, ù, etc.) are not accepted.
    • The PIN may contain only numbers from 0 to 9.
    • The PIN may contain only alphabets.

  4. Click Reset PIN.
  5. Confirm the PIN reset was completed successfully.

  6. Click the Close button to exit the Microsoft BitLocker Administration and Monitoring screen.
  7. Click on Start and then click Control Panel
    Click the “BitLocker Encryption Options” to launch,
    or
    Click on Start and open Computer and then navigate to the folder “C:\Program Files\Microsoft\MDOP MBAM”. Locate and double click on the file “MBAMControlUI.exe”.
  8. At the Microsoft BitLocker Administration and Monitoring window, click on the Start button.

  9. Enter the same PIN you have just entered above.
  10. Click on Create PIN.
  11. Confirm the result: “Create PIN successful”. Then, click on Exit.
  12. Finish.
  13. Now you can see “Manage your PIN” option available in BitLocker Encryption Option in Control Panel.


↑ Back to the top


Keywords: kbtshoot, kb

↑ Back to the top

Article Info
Article ID : 2714313
Revision : 1
Created on : 1/7/2017
Published on : 3/3/2015
Exists online : False
Views : 560