BitLocker Bug Is Locking Out Some Surface 2 Owners

PC Pro reports that firmware updates to Microsoft Surface 2 tablets are having issues with the BitLocker recovery key configuration, thus leaving many users with locked devices. For many, the only way to get back into the tablet is to know the lengthy BitLocker recovery key. To find answers, these owners have turned to Microsoft's Community Forums to post their problems.

"At the weekend our two Surface 2 devices got a firmware update installed," reads one post from forum member Andrew. "My Surface 2 updated and rebooted fine with no issues. But my wife's Surface 2 (64GB model) asked for the Bitlocker recovery key at boot after the update, and now every time it reboots. Although I have the key this is very poor end user experience. Especially as I am trying to sell her the Surface 2 over an iPad."

"Whenever it reboots - let's say for updates or things like that - I have to enter the BitLocker key. This is really starting to annoy me," said another user, Nsmet.

In a number of cases, many users had no idea BitLocker was enabled, and was forced to find a nearby PC and log into their Microsoft account to recover their BitLocker key. Others have simply decided to write down the lengthy key and stash it into their wallets in case the tablet needs the key again while away from a trusted computer.

"This is the second time this stupid BitLocker has ask me to enter the key. I don't really mind if it is like 10 numbers, but it is like 25," another owner complains. "This is annoying, I may have to return this surface for an IPad if this happens all the time one more time then I am done."

As PC Pro points out, Microsoft provides a support page acknowledging that Surface tablets do on occasion ask for BitLocker recovery keys if there are issues during the boot-up process. But currently, there are no instructions on how to deal with multiple key requests. One Microsoft adviser said to turn off BitLocker, but owners claim that isn't possible with Windows RT 8.1.

To see if BitLocker is enabled on your Surface 2 device, perform the following at the desktop:

1. Swipe Right to Left to bring up the Charm.
2. Choose Settings
3. Choose Control Panel
4. Select BitLocker Drive Encryption
5. Verify whether BitLocker is on or off on each device.

  • southernshark
    sad news for the hundreds of survace Rt users out there.
  • ddpruitt
    12103351 said:
    sad news for the five surface Rt users out there.

    Fixed it!
  • Darkk
    Not surprised. Typical Microsoft not to fully test these things.
  • timaahhh
    This is not restricted to Surface.... I have seen this 'bug' in bitlocker from many vendors (and on Windows 7 and 8). Its the way bitlocker works. Bitlocker identifies that your harddrive is connected to the correct motherboard by verifying the TPM chip that is on the motherboard. Any firmware update that may cause any changes may trigger a prompt from bitlocker.

    The way to prevent that is to disable bitlocker BEFORE you do then firmware update then re enable after.

    'manage-bde.exe -protectors -disable c: <or whatever drive is encrypted>
    update firmware reboot
    'manage-bde.exe -protectors -enable c:'
    reboot again and you shouldn't be prompted

    I think Lenovo warns you when you try to do a firmware update to disable encryption. Microsoft should do the same but if this is the same issue I've run into its not a bug its how bitlocker works.
  • dextermat
    More facepalming microsoft :(
  • abbadon_34
    Just ask the NSA for the backdoor
  • Tweaker1234
    NSA allready got all the info from Google. I know lots of Surface RT users and none had this issue. I guess more people have to restart theit scroogled device every minute the users are affected by this hickup.
  • TodEdwards

    Microsoft recently posted a support article that looks like it matches this issue. Please see for more information.

  • ubercake
    Still happening on Surface 2 devices. I gave one to a relative for Xmas. Now she can't get past the bitlocker prompt on start up.

    Bitlocker must be a default option on these tablets as she just OK'd through the setup screens.

    The unfortunate part here is the Hotmail account she used to sign in to this tablet has a secondary mail account that is no longer active. In order to get the bitlocker code, you need access to the secondary account (even though you can login to the primary).

    Woopsies Microsoft?! No wonder people aren't catching the Surface wave! When simply logging into a device is a support call, your device is not going to gain in popularity.