Can't get Bitlocker to work - Path specified in BCD is incorrect

[LordX]

Have a customer system - it is a prebuild from Newegg - so I assume a cloned Windows 11 Install. It was Windows 11 home, in place upgraded to Windows 11 Pro.

I keep getting the Bitlocker error - even followed the steps from the following web page: https://www.mcbsys.com/blog/2019/01/bitlocker-wizard-initialization-has-failed/

Still not working... I still think there is something wrong with the BCD - but I don't know nearly enough about it to fix it. Literally don't know what else to look for.

The system has three volumes on the main hard drive: Volume 0 = boot, Volume 1 = system, Volume 2 = hidden/recovery. I have tried the settings from the above web site for both volume 1 and 2.

I have also followed steps from a MS article for setting the Hibernate device to = C:, but it keeps reverting after every reboot......

I notice some entries call for a Volume 4 from a ramdisk.... again, don't know enough....

Below is my entire BCD info using the bcdedit /enum all command:

C:\Windows\System32>bcdedit /enum all

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {e11cefd3-827d-11ef-8a33-f2f037813d87}
{f0703d94-ef8e-11ef-aed9-806e6f6e6963}
{bootmgr}
timeout 1

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Wind￿￿s Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {e11cefd4-827d-11ef-8a33-f2f037813d87}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {e11cefd3-827d-11ef-8a33-f2f037813d87}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager

Firmware Application (101fffff)
-------------------------------
identifier {f0703d94-ef8e-11ef-aed9-806e6f6e6963}
device partition=D:
description UEFI: SanDisk, Partition 1

Windows Boot Loader
-------------------
identifier {current}
device locate=\WINDOWS\system32\winload.efi
path \WINDOWS\system32\winload.efi
description Windows 11
locale en-US
inherit {bootloadersettings}
recoverysequence {e11cefd8-827d-11ef-8a33-f2f037813d87}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice locate=\WINDOWS
systemroot \WINDOWS
resumeobject {e11cefd4-827d-11ef-8a33-f2f037813d87}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {e11cefd8-827d-11ef-8a33-f2f037813d87}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{e11cefd9-827d-11ef-8a33-f2f037813d87}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{e11cefd9-827d-11ef-8a33-f2f037813d87}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {e11cefd4-827d-11ef-8a33-f2f037813d87}
device locate=\WINDOWS\system32\winresume.efi
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {e11cefd8-827d-11ef-8a33-f2f037813d87}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
custom:21000026 partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {e11cefd9-827d-11ef-8a33-f2f037813d87}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi

 

[LordX]

Would doing an in place 'keep my files' recovery of Windows 11 reset the BCD?? Or does that require a full wipe/reload?

 

[Sky-Knight]

The problem is the partitioning, the reset while keeping files doesn't redo that, it can't. That may cure the issue if it's a Windows corruption. But honestly, when I get odd junk like this I resort to reiminaging the platform. It simply takes too much time to troubleshoot this sort of thing, and a nuke and pave is a known quantity.

 

[LordX]

Is Veracrypt a decent alternative to bitlocker? The system just got setup with all the customer's data back on it - would be a shame to start all over.

 

[seashore]

Is Veracrypt a decent alternative to bitlocker?

Yes. Easy, free, reliable, and your encryption key stays totally private.

 

[GTP]

+1 Vera Crypt.

 

[Sky-Knight]

I do not believe in 3rd party security solutions anymore. Too many integration failures.

Also, the partitioning issues will eventually cause other problems than BitLocker. BCD not being present is an odd one, and is an indicator of WinRot.

 

[LordX]

I do not believe in 3rd party security solutions anymore. Too many integration failures.

Also, the partitioning issues will eventually cause other problems than BitLocker. BCD not being present is an odd one, and is an indicator of WinRot.

It's not that BCD isn't there - it's that bitlocker doesn't like the settings in BCD... most likely due to the cloning process that newegg must use for their systems.

 

[Sky-Knight]

It's not that BCD isn't there - it's that bitlocker doesn't like the settings in BCD... most likely due to the cloning process that newegg must use for their systems.

Again, WinRot. If that one component of Windows doesn't work, other security functionality won't work. The changes to support Windows 11 harping on TPM are welded into this consideration. Bitlocker isn't just encryption of the volumes, it's also the verification and trust engine that protects the boot sector.

Slapping on 3rd party encryption software is like putting new siding up on rotting timber.

 

[LordX]

Again, WinRot. If that one component of Windows doesn't work, other security functionality won't work. The changes to support Windows 11 harping on TPM are welded into this consideration. Bitlocker isn't just encryption of the volumes, it's also the verification and trust engine that protects the boot sector.

Slapping on 3rd party encryption software is like putting new siding up on rotting timber.

I guess....

I tend to think of it like if an onboard NIC fails, I just put in a PCIe NIC card instead of replacing the entire mobo... sure other things can fail eventually - but ALL tech will fail eventually.....

 

[Philippe]

device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{e11cefd9-827d-11ef-8a33-f2f037813d87}

Maybe this: pointing to a non-existent device...