Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. "Manage-bde -forcerecovery" command is unsupported for testing recovery mode on tablet devices

"Manage-bde -forcerecovery" command is unsupported for testing recovery mode on tablet devices

View products that this article applies to.

Symptoms

Assume that you have a tablet or slate device, and you're trying to test the recovery method by running the following command:

Manage-bde -forcerecovery

However, when you enter the recovery password, your device goes into a no-boot state.

Note Running Manage-bde -forcerecovery is not supported on tablet devices.

↑ Back to the top

Cause

This issue occurs because boot manager cannot handle touch input during pre-boot time. If boot manager detects that the machine profile is for a tablet or slate device, it redirects to the Windows Recovery Environment (WinRE), which can handle touch input. WinRE then performs a PCR reseal if the TPM protector on the disk is present. If the Manage-bde -forcerecovery command is used, the TPM protectors are deleted. Therefore, WinRE cannot reseal the PCRs. This triggers an infinite BitLocker recovery cycle, and therefore you can't boot to Windows.

This behavior is by design for all versions of Windows.

Note This issue may occur on any Windows 8-based tablet device, not just on Surface devices.

↑ Back to the top

Resolution

To resolve this issue, follow these steps:
  1. On the BitLocker recovery screen, select Skip this drive.
  2. Select Troubleshoot > Advanced Options > Command Prompt.
  3. Enter the following commands in the Command Prompt window:
    • manage-bde –unlock C: -rp <48-digit numerical recovery key>
    • manage-bde -protectors -disable C:

  4. Exit the command prompt. 
  5. Shut down the device.
When you reboot the device, it should boot into Windows.

↑ Back to the top

More Information

If you want to test this recovery method, use one of the following methods:
  • Turn off Secure Boot.
  • Enable test signing by running the BCDEDIT /set testsigning on command.
  • Enable debugging by running BCDEDIT /set debug on.
  • Enable Boot or boot manager debugging by running BCDEDIT /set boot debug on or (BCDEDIT /set {bootmgr} debug on)).

These methods have been tested and are supported. If you use any of these methods, remember to turn them off afterward. You should not run your computers in these modes long-term.

↑ Back to the top

Keywords: kbportal388, kb, kbportal421

↑ Back to the top

Article Info
Article ID : 3119451
Revision : 3
Created on : 7/19/2019
Published on : 7/20/2019
Exists online : False
Views : 470