Surface Bitlocker recovery and how to retreive recovery key
Since the release of the latest Surface revision, problems are continuing to be reported Surface boots into a BitLocker recovery screen asking for recovery Key before it can continue.
What causes Surface asking for recovery key?
Surface BitLocker recovery screen can be caused by a wide range of things such as corrupted drivers or Windows updates not able to install successfully. Whatever the reason, you'd like to be able to get past the BitLocker recovery screen, how to find Surface BitLocker recovery key, or how to reset Surface Pro without recovery key?
How to find Surface BitLocker recovery key?
There are two solutions to find Surface BitLocker recovery key:
Solution 1: In your Microsoft Account
Bitlocker is shipped by default in Surface Pro 3 and later version.
The recovery key is generated during the out-of-box experience sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is uploaded to onedrive of your Microsoft account and won't be deleted without explicit user command. So using a working computer connected to the Internet and logging into your Microsoft account to find BitLocker recovery key.
Steps to retreive the recovery key in Microsoft account:
Step 1: Log into Microsoft website: https://onedrive.live.com with your Microsoft account used when the Surface was setup.
Step 2: If you do not know your password, or if you do not remember the email address, then click the blue link "Can't access your account?" and then follow the wizard to complete the verifying process.
Step 3: Once you get log into Onedrive, then type down this site URL: https://onedrive.live.com/recoverykey
Step 4: There you you will see something that looks like this:
BitLocker recovery keys
Username you have chosen
Key ID: 5634AB5C
Recovery key: 597795-347886-541236-789456-456789-124567-543216-894567
Solution 2: Using command prompt
If you can still log into your Surface Pro tablet as administrator, you can find and recover BitLocker recovery key by using Command Prompt:
Step 1: Press the Windows key + X to open the Power User menu and select "Command Prompt (Admin)".
Step 2: At the Command Prompt window, type the command: manage-bde -protectors C: -get and press Enter.
Step 3: You'll see the output screen. The 48-digit password is the BitLocker recovery key that is used to unlock your Surface when seeing Surface BitLocker recovery screen.
How to get past BitLocker screen on Surface Pro?
There are three solutions to get past Surface keeps asking for BitLocker recovery key and goes to BitLocker recovery loop:
Solution 1: Suspend BitLocker protection and resume
In this solution, you must have 48-digit recovery key so that you can suspend BitLocker protection and resume it.
Step 1: Start your Windows Surface.
Step 2: Enter the recovery key when seeing BitLocker recovery screen.
If you don't know where to find Bitlocker recovery key, see how to find Surface BitLocker recovery key?
Step 3: Once your Surface is started, go to Start -> Control Panel -> BitLocker Drive Encryption.
Step 4: Click "Suspend protection" option next to the C drive (Or click "Turn off BitLocker" to disable BitLocker drive encryption on C drive).
Step 5: A dialog box window will open asking "Do you want to suspend BitLocker protection?", please press the Yes button to confirm.
Step 6: Wait a few minutes after suspending protection and then click the "Resume protection" option to update BitLocker TPM.
Step 7: Click "Change password" to reset the invalid password.
Step 8: Restart your Surface and check if BitLocker recovery screen or loop persists.
Solution 2: Remove the protectors from the boot drive
If you've entered the correct BitLocker recovery key multiple times, and are still unable to continue past the BitLocker recovery screen, follow these steps to break out of the BitLocker recovery loop.
Step 1: On the BitLocker recovery screen, press Esc for more BitLocker recovery options on Surface.
Step 2: Preparing Bitlocker recovery, then select Skip this drive at the right corner.
Step 3: On the next screen, select Troubleshoot.
Step 4: On the Troubleshoot screen, select Advanced options.
Step 5: On the Advanced options screen, select Command prompt.
Step 6: From the WinRE command prompt, manually type the commad: manage-bde -unlock C: -rp recoverypassword to unlock your drive and press Enter.
Step 7: Type the command: manage-bde -protectors -disable C: to remove the protectors from the boot drive.
Once the last command is run, you can safely exit the command prompt and continue to boot into your Surface.
Solution 3: Enable the secure boot
Step 1: On the BitLocker recovery screen, press Esc for more BitLocker recovery options on Surface.
Step 2: Preparing Bitlocker recovery, then select Skip this drive at the right corner.
Step 3: On the next screen, select Troubleshoot.
Step 4: On the Troubleshoot screen, select Advanced options.
Step 5: On the Advanced options screen, select UEFI Firmware Settings, and then select Restart.
Step 6: Your Surface will be restarted to UEFI firmware settings window, select the Security section.
Step 7: Click Change Configuration under "Secure Boot".
Step 8: Select Microsoft Only and click OK.
Step 9: Select Exit, and then Restart to reboot your Surface.