Settings for Boot Configuration Data (BCD) to install Bitlocker on Win 10
Situation: Win 10 Pro on an EVO 850 SSD drive. OS was cloned to SSD (which is new) from orig HD in the machine. TPM exists on machine, and is active. Used Samsun Magician to allow encryption (not exact wording) before cloning occurred. Wish to install Bitlocker on both drives. Tried to install on C: and got this error:
The path specified in the Boot Configuration Data (BCD) for a Bitlocker Drive Encryption integrity-protected application is incorrect. Please verify and correct your BCD settings and try again.
Installation on D: (a pure data drive) seems to have worked.
- What is the correct path for this?
- What are the correct BCD settings?
- Is this going to require re-doing the partitions / re-installing Windows?
- [edit] Might this be as simple as needing to do a BIOS pwd and turn on Secure Boot in the BIOS (which I turned off in the process of making the SSD the boot disk)? See question here.
I suspect that the partitions are not correct to permit this (which the BCD reference suggests), but cannot seem to verify. Partition setup, as created by Samsung cloning s/w, is:
- Recovery
- System (EFI System)
- Reserved (MSR)
- Primary (OS)
Recovery is active (i.e. reagentc was told to enable, and it's usable).
Solution 1:
It makes sense that Secure Boot must be on for BitLocker, at least if you're using the self-encrypting drive option (hardware encryption). However, this message may appear even if Secure Boot is enabled.
I got the same error message after a recent Server 2016 reboot. BitLocker had been working, but it suddenly lost track of the BCD info and would not resume.
Microsoft KB929834 discusses the issue but doesn't explain how to fix it if your System volume doesn't have a drive letter (which it normally won't).
Finally found a Veritas article that explains how to extract the correct volume number using diskpart
> list volume
, then use bcdedit to fix the BCD. Based on the OP's description of his partitions, the commands would be:
bcdedit -set {BOOTMGR} device partition=\Device\HarddiskVolume2
bcdedit -set {MEMDIAG} device partition=\Device\HarddiskVolume2
I blogged this with screen shots here:
https://www.mcbsys.com/blog/2019/01/bitlocker-wizard-initialization-has-failed/
Solution 2:
I spent the whole day trying to solve this, and I have to say that I am amazed at how poorly Windows handles this.
All of the research I did said to use bootrec
to essentially tell Windoze where the C:
drive was located...
Unfortunately, Windows 10 did not present me with any recovery options that would allow me to use any such utility.
So this is what finally worked for me:
- Use a Windows 7 install/recovery disk & select "Repair my Computer"
- "Windows detected a problem with your configuration. Fix and restart?" -> yes.
- Bitlocker now reports that it "Could not find the specified file"
- Make a backup of
C:\Windows\system32\Recovery\REAgent.xml
in case this fix doesn't work for you. -
Put the following into the
REAgent.xml
file: (( For some reason, i can't get the XML to format properly / show up in the final post - view the edit page to see the XML ))<!-- language: xml --> <?xml version='1.0' encoding='utf-8' standalone='yes'?> <WindowsRE version="2.0"> <WinreBCD id=""></WinreBCD> <WinreLocation path="" id="0" offset="0"></WinreLocation> <ImageLocation path="" id="0" offset="0"></ImageLocation> <PBRImageLocation path="" id="0" offset="0" index="0"></PBRImageLocation> <PBRCustomImageLocation path="" id="0" offset="0" index="0"></PBRCustomImageLocation> <InstallState state="0"></InstallState> <OsInstallAvailable state="0"></OsInstallAvailable> <CustomImageAvailable state="0"></CustomImageAvailable> <WinREStaged state="0"></WinREStaged> <ScheduledOperation state="4"></ScheduledOperation> <OperationParam path=""></OperationParam> <OsBuildVersion path=""></OsBuildVersion> <OemTool state="0"></OemTool> </WindowsRE>
Now, Bitlocker works without fussing.
Special thanks to these guys for the REAgent.xml
tip.