locked
Bitlocker for Removable Drives Attached to Windows 2008 R2 Servers RRS feed

  • Question

  • We have the Bitlocker feature installed on a Windows 2008 R2 server.  Bitlocker only displays drive C: as available for encryption.  We use a Dell RD1000 external drive connected to the server via USB.  Windows explorer and disk management sees the external drive which is mapped as I: but Bitlocker manager does not display it as a drive to encrypt.  It does not show any drives other than C:  We would like to be able to move the encrypted media from this server to other servers which have the same RD1000 external drive, so I believe this is the "on the go" feature of Bitlocker.  We enabled local group policy for removable media and rebooted but the Bitlocker feature does not list the drive for encryption. How do we get the removable drive to display so we can encrypt it using Bitlocker?

    JOBII

    Thursday, December 6, 2012 4:30 PM

Answers

  • Broke down and called Microsoft.  Summary of call and resolution below.

    We have Dell PowerEdge servers which create a small (1.4GB) FAT32 partition during a Windows 2008 install.  This partition has no drive mapping.  Dell uses this partition for its drivers and other purposes.  The Windows Operating System files are installed on C:  which in our case was about 250GB in size.

    Bitlocker requires an active NTFS partition to work.  So we shrank the C drive to free up some space to create a small 500MB NTFS partition for Bitlocker as our server had no unallocated drive space.  We were able to create a new partition but Bitlocker couldn't see it as it wasn’t a boot partition (I’m guessing).

    So we ran the script below on the small FAT32 partition and converted it to NTFS which enabled Bitlocker all the other drives on the server including the removable drive we wanted to enable Bitlocker on.  Summary below.

    Issue: Unable to view removable media under Bitlocker drive encryption tool on Windows 2008 Server.

           As we were unable to see the removable USB media attached to the Windows 2008 server using Bitlocker Manager we tried to check if we can encrypt the drive via command

    cscript manage-bde.wsf -on R: -recoverykey d:\ -recoverypassword

            We got error  error 0x80070057

           We found a KB article describing the error and the resolution to it. http://support.microsoft.com/kb/2019926

           The above mentioned KB suggests the problem occurs if you do not have a separate active system partition on the operating system drive. (And it should be Formatted with NTFS if it is present)

           On our machine we found an active system partition, however it was not formatted with NTFS. It was FAT32.

           After research we found that we can convert the current active system partition to NTFS.

           We used the command

    e: /fs:ntfs (Where E is the FAT32 volume which need to be converted to NTFS).

    After performing the above mentioned steps, we were able to view all the disk and removable disk in bitlocker encryption tool.

    For more information follow these articles:

    http://blogs.msdn.com/b/askdavid/archive/2007/06/08/enabling-bitlocker-on-removable-drives-usb-flash-drives-usb-hard-drives.aspx

    http://support.microsoft.com/kb/2019926

    http://support.microsoft.com/kb/307881


    JOBII



    • Marked as answer by CMDR Shears Wednesday, December 19, 2012 9:30 PM
    • Edited by CMDR Shears Wednesday, December 19, 2012 9:31 PM
    Wednesday, December 19, 2012 9:20 PM