Microsoft Windows Server | WI415990

Impact: Some devices might require BitLocker Recovery key to start up after installing Security update for Secure Boot DBX. Originating KB URL: https://support.microsoft.com/en-us/topic/5012170 Originating KB Release Date: 2022-08-09T10:00:00-07:00 Originating Build: 22000.850 Resolved KB URL: https://support.microsoft.com/en-us/topic/5022905 Date Resolved: 2023-02-21T14:00:00-08:00 Vendor Message History: ======================= Published: 2023-08-01T01:21:58.887+00:00 ---------------------------------------- Some devices might enter BitLocker Recovery on the first or second restart after attempting to install Security update for Secure Boot DBX (KB5012170 (https://support.microsoft.com/help/5012170)), released August 9, 2022. Note: This issue only affects the Security update for Secure Boot DBX (KB5012170 (https://support.microsoft.com/help/5012170)) and does not affect the latest cumulative security updates, monthly rollups, or security only updates released on August 9, 2022. Workaround: If your device is prompting for a BitLocker Recovery key, you will need to supply it to start up Windows. For more information, see Finding your BitLocker recovery key in Windows (https://support.microsoft.com/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6). If you have not installed KB5012170 (https://support.microsoft.com/help/5012170) yet and have BitLocker enabled on your device, follow the instructions below to temporarily suspend BitLocker before installing. If you have installed KB5012170 (https://support.microsoft.com/help/5012170) and have not yet restarted your device or have only restarted your device once, temporarily suspend BitLocker using the instructions below. Important: If you have restarted your device two times or more after installing KB5012170 (https://support.microsoft.com/help/5012170), your device is not affected by this issue To temporarily suspend BitLocker, or to avoid a BitLocker recovery when deploying KB5012170 (https://support.microsoft.com/help/5012170), follow these steps: 1. Run the following command from Administrator command prompt: Manage-bde -protectors -disable %systemdrive% -rebootcount 2 2. Install the update KB5012170 (https://support.microsoft.com/help/5012170), if not already installed 3. Restart the device. 4. Restart the device again. 5. BitLocker should automatically be enabled after two boots. If you want to manually resume BitLocker to verify that it is enabled, use the following command: Manage-bde -protectors -Enable %systemdrive% Resolution: This issue was resolved in KB5022905 (https://support.microsoft.com/help/5022905) and later updates. Affected platforms: - Client: Windows 11, version 21H2 - Server: None Published: 2022-08-20T02:42:31.08+00:00 ---------------------------------------- Some devices might enter BitLocker Recovery on the first or second restart after attempting to install Security update for Secure Boot DBX (KB5012170 (https://support.microsoft.com/help/5012170)), released August 9, 2022. Note: This issue only affects the Security update for Secure Boot DBX (KB5012170 (https://support.microsoft.com/help/5012170)) and does not affect the latest cumulative security updates, monthly rollups, or security only updates released on August 9, 2022. Workaround: If your device is prompting for a BitLocker Recovery key, you will need to supply it to start up Windows. For more information, see Finding your BitLocker recovery key in Windows (https://support.microsoft.com/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6). If you have not installed KB5012170 (https://support.microsoft.com/help/5012170) yet and have BitLocker enabled on your device, follow the instructions below to temporarily suspend BitLocker before installing. If you have installed KB5012170 (https://support.microsoft.com/help/5012170) and have not yet restarted your device or have only restarted your device once, temporarily suspend BitLocker using the instructions below. Important: If you have restarted your device two times or more after installing KB5012170 (https://support.microsoft.com/help/5012170), your device is not affected by this issue To temporarily suspend BitLocker, or to avoid a BitLocker recovery when deploying KB5012170 (https://support.microsoft.com/help/5012170), follow these steps: 1. Run the following command from Administrator command prompt: Manage-bde -protectors -disable %systemdrive% -rebootcount 2 2. Install the update KB5012170 (https://support.microsoft.com/help/5012170), if not already installed 3. Restart the device. 4. Restart the device again. 5. BitLocker should automatically be enabled after two boots. If you want to manually resume BitLocker to verify that it is enabled, use the following command: Manage-bde -protectors -Enable %systemdrive% Next steps: We are working on a resolution and will provide an update in an upcoming release. Affected platforms: - Client: Windows 11, version 21H2 - Server: None