Windows 10: Bitlocker Recovery apparently after KB5012170 & UEFI update

Lenovo Yoga 920-13ikbbios 5NCN41WWcurrently with Win11, likely upgraded from Win10 in the pastFrom approximately 2017-2018TPM 2.0, Intel PTTBitlocker Recovery: “You need to enter your recovery key because Secure Boot policy has unexpectedly changed.”I was helping someone with their Laptop, it was working fine no problems, I went to the Windows Upda

:)

 

BitLock Recovery Key Problem

Hello Anne,

Please check keys on the other Microsoft accounts configured in the machine in the past as well.

Microsoft has said they are working on it - however no guarantees that they would allow you to rescue your data. Some information MS has provided is below, but that does not apply to you.

https://docs.microsoft.com/en-us/wi...evices-might-start-up-into-bitlocker-recovery

Some devices might start up into BitLocker Recovery

[table][tr]StatusOriginating updateHistory[/tr][tr][td]Confirmed[/td][td]OS Build 22000.850KB50121702022-08-09[/td][td]Last updated: 2022-08-19, 19:36 PTOpened: 2022-08-19, 19:36 PT[/td][/tr][/table]
Some devices might enter BitLocker Recovery on the first or second restart after attempting to install Security update for Secure Boot DBX ( KB5012170), released August 9, 2022. Note: This issue only affects the Security update for Secure Boot DBX ( KB5012170) and does not affect the latest cumulative security updates, monthly rollups, or security only updates released on August 9, 2022.

Workaround: If your device is prompting for a BitLocker Recovery key, you will need to supply it to start up Windows. For more information, see Finding your BitLocker recovery key in Windows.

If you have not installed KB5012170 yet and have BitLocker enabled on your device, follow the instructions below to temporarily suspend BitLocker before installing.

If you have installed KB5012170 and have not yet restarted your device or have only restarted your device once, temporarily suspend BitLocker using the instructions below.

Important: If you have restarted your device two times or more after installing KB5012170, your device is not affected by this issue

To temporarily suspend BitLocker, or to avoid a BitLocker recovery when deploying KB5012170, follow these steps:

1. Run the following command from Administrator command prompt:

2. Install the update KB5012170, if not already installed

3. Restart the device.

4. Restart the device again.

5. BitLocker should automatically be enabled after two boots. If you want to manually resume BitLocker to verify that it is enabled, use the following command:

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Affected platforms:

• ​Client: Windows 11, version 21H2
  
• ​Server: None
  

 

KB5012170: Security update for Secure Boot DBX: August 9, 2022 - Install error - 0x800f0922

I've been fighting the same issues all day. KB5012170 fails to install with error 0x800f0922. Looking through C:\Windows\Logs\CBS\CBS.log reveals errors pointing to BitLocker (which is a red herring) and Secure Boot (the real culprit).

I finally got it to install successfully as follows:

1. Open a cmd.exe or powershell.exe window running as Administrator

2. dism.exe /online /cleanup-image /restorehealth

3. sfc /scannow

4. Reboot

5. Manually download the MSU appropriate for your Windows version directly from the Microsoft Update Catalog here: Microsoft Update Catalog

6. Double click the MSU file to install

This still didn't work for me, but it did clean up the CBS store and allowed me to successfully install the August 2022 Cumulative Update. However, manually installing KB5012170 still failed with the same error as Windows Update in Settings: 0x800f0922

Next, I also performed these additional steps:

7. Reboot into UEFI BIOS

8. Enabled Secure Boot (it was disabled in my case) => Note: This alone didn't work for me. I also needed to do the next step.

9. Clear Secure Boot keys (i.e. reset the Secure Boot keys to default factory settings)

10. Save and exit UEFI BIOS

After this, I repeated Steps 1-6 above and the KB5012170 MSU package successfully installed.

Not sure if this will work for everyone, but since KB5012170 updates the Secure Boot Forbidden Signature Database (DBX) in UEFI, clearing the old and potentially stale boot keys and resetting to factory defaults allowed the update to install required changes to DBX.

Motherboard: Asrock Z87 Extreme6/ac

 

bitlocker recovery key

Hi Singh,

Thank you for writing to Microsoft Community Forums.

In order to get clarity on this issue and assist you with appropriate troubleshooting steps, please reply with the answers to the questions below.

1. Are you not able login to your computer due to BitLocker Recovery Key?
2. Did you ever setup BitLocker Recovery Key on your computer?
3. Are you not able to login to your Microsoft Account to find the BitLocker Recovery Key?
4. Are you using Windows 10 Home or Windows 10 Professional?

Meanwhile, try finding BitLocker Recovery Key if you have ever setup BitLocker Recovery Key for your computer.

Please elaborate on the issue, so that we can understand the concern and get back to us to help you further.