cancel
Showing results for 
Search instead for 
Did you mean: 

Restoring SSR Image to a Hardware Encrypted BitLocker Drive

nuance3
Level 4

We are deploying HP8300 computers with Samsung self-encrypting Solid State Drives, using Windows 8.1.  BitLocker in Windows 8.1 encrypts the drive using the intrinsic hardware encryption of the drive.  The key is stored in the TPM chip in the computer.

Symantec System Recovery can create images of the C: drive, but testing the restore fails.  An error comes up stating that the drive is BitLocked and to unlock the drive using the control panel first.

But this won't work in the case of a system failure-- I wouldn't be able to get to the control panel, the computer would be dead.

Has anyone successfully found a way around this?

I'm guessing I would have to wipe the drive using the Samsung DOS-based erase, reload Windows 8.1, don't bit lock the drive, then write over it.

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

nuance3
Level 4

Thanks for the link.

Deleting the journal (first tip in the document) did not work, it produced the same error.

I didn't pursue the link out to Microsoft documentation.  That's too involved.  I'm going to wait for Symantec to sort this out.

Because Win 8.1 installs (especially to SSDs) are very fast-- I find the following works.

Install Win8.1 to a fresh disk-- let Windows create the 3 partitions (UEFI, recovery, OS)

Then use Symantec restore disk to recover the OS partition only.

View solution in original post

18 REPLIES 18

Markus_Koestler
Moderator
Moderator
   VIP   

Have a look at this post: https://www-secure.symantec.com/connect/forums/besr-85-server-2008-bitlocker

Its for an older version, but i should think it is still valid.

nuance3
Level 4

Hi-- I clicked on the link and it could not find the object.  Can you try clicking on it in your forum message and see if it works for you.

sfh
Not applicable

sounds convoluted, as if you have both a bios ata hard drive password and bitlocker enabled.  or maybe it's me, but in any case bitlocker can be managed from a command prompt. (manage-bde)

Markus_Koestler
Moderator
Moderator
   VIP   

Sorry, this is the working link: https://www-secure.symantec.com/connect/forums/besr-85-server-2008-and-bitlocker

nuance3
Level 4

I think the link is too old to be pertinent; I am using hardware encription built into the Solid State Drive.

Windows 8.1 BitLocker interacts with hardware encrypted drives intrinsically-- you don't need to use the computer overhead to encrypt the drive.  Encryption and decryption are immediate.  Many advantages.

 

However, you must perform a UEFI boot into Window 8.1

I've noticed that SSR will not backup the Windows Recovery Environment partition

Markus_Koestler
Moderator
Moderator
   VIP   

So I'm out of luck to be honest. By the way: Windows 8.1 is not yet supported. http://www.symantec.com/business/support/index?page=content&id=TECH201318 Support is supposed to be added with SP3 of SSR 2013. So you should wait a litte bit before opening a support ticket.

criley
Moderator
Moderator
Employee Accredited

I've noticed that SSR will not backup the Windows Recovery Environment partition

Can you expand on this a little? What error?

As Markus has already said, Windows 8.1 is not supported yet - it will be supported when SP2 (not SP3 as Markus said) is released later this month.

Markus_Koestler
Moderator
Moderator
   VIP   

Ups, sorry Chris !

nuance3
Level 4

Hi--

Yes I know it is not supported yet, but I thought I might get it to work.

I can image all volumes except Windows Recovery Environment partition.  If I include this in the group of drives to image, the entire backup fails.

If I try it on its own, it fails; but the other partitions C:(OS) and UEFI backup fine.

 

I've attached the error window.  I tried tracking it down with the link, but unless you have some good ideas, this looks too time consuming.

VSS_E_insufficient_storage

Using Windows 8.1 and SSR 2013 11.0.1.47662

Markus_Koestler
Moderator
Moderator
   VIP   

HM, you might set the VSS storage space to unlimited for this volume ?!

criley
Moderator
Moderator
Employee Accredited

This is probably because the partition does not have enough space for VSS to create a snapshot.

This may help: http://www.symantec.com/docs/TECH205081

nuance3
Level 4

Thanks for the link.

Deleting the journal (first tip in the document) did not work, it produced the same error.

I didn't pursue the link out to Microsoft documentation.  That's too involved.  I'm going to wait for Symantec to sort this out.

Because Win 8.1 installs (especially to SSDs) are very fast-- I find the following works.

Install Win8.1 to a fresh disk-- let Windows create the 3 partitions (UEFI, recovery, OS)

Then use Symantec restore disk to recover the OS partition only.

criley
Moderator
Moderator
Employee Accredited

From the article I mentioned above:

NOTE: Another possible cause is that the volume does not have enough free space to create a VSS snapshot. As per Microsoft, if the volume is less than 500MB in size, VSS requires 32MB of free space. If the volume is 500MB or greater, VSS requires 320MB of free space.

You should really check to see if this is the cause. If it is, this is an issue with the way the machine has been setup and is due to the requirements for VSS.

Either way, I believe we are making some changes in SP2 (due later this month) that will help with this situation (assuming the above is the cause of your failure).

nuance3
Level 4

Chris-- I hear what you are saying, but these are all fresh installs of Windows 8.1 using Microsoft defaults.  Blank GPT drives, UEFI boot and I let Windows 8.1 do the install with no modifications on my part.  Problem is, Win8.1 creates the recovery parition and UEFI parition with no possible input from the user (creates them after you tell Windows how large you want the OS partition-- which you CAN adjust).

If it is a problem with the free space on the recovery volume, then it is happening/will be happening for all Windows 8.1 users.

In Windows disk management,  the recovery partition says 100% free space (as does the UEFI partition which DID back up). 

When I assign a drive letter to the recovery parition and look for files using dir /a-- I do see files on recovery and there are 33,259,520 bytes free (slightly less than 32mb?).

There are 3 files

boot.sdi   3,170,304

Reagent.xml   1,013

Winre.wim   249,784,789

diskpart run by command line lists recovery partition as NTFS and hidden (info column); UEFI partition is fat32 and "system".

 

criley
Moderator
Moderator
Employee Accredited

I suspect the best cause of action here is to wait for SP2 which will bring official support for Windows 8.1

However, if you can run the below executable and then provide the resulting debug.txt file, I will have a quick look for you:

C:\Program Files\Symantec\Symantec System Recovery\Utility\SmpDump.exe

nuance3
Level 4

HI--

Here is the debug.txt file

 

Markus_Koestler
Moderator
Moderator
   VIP   

Is your issue resolved now?

nuance3
Level 4

Markus:

Resolved, in that to restore the OS on a Windows 8.1 machine, you must first reinstall Windows 8.1 fresh from a Microsoft installation disk.

 

Then you can bring back the image of the UEFI and OS partitions.  Windows Recovery Environment can't be backed up to an image, thus can't be restored.

 

So the true solution to the problem must await formal support for v8.1.  Symantec will probably fix things when they make that release.