Repair-bde.exe Parameter Reference

Applies To: Windows 7, Windows Server 2008 R2

You may experience a problem that damages an area of a hard disk on which BitLocker stores critical information. This kind of problem may be caused by a hard disk failure or if Windows exits unexpectedly.

The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive has become corrupt, you must be able to supply a backup key package in addition to the recovery password or recovery key. This key package is backed up in Active Directory Domain Services (AD DS) if you used the default setting for AD DS backup. With this key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected drive if the disk is corrupted. Each key package will work only for a drive that has the corresponding drive identifier. You can use the BitLocker Recovery Password Viewer to obtain this key package from AD DS. For more information, see BitLocker Recovery Password Viewer for Active Directory.

If you are not backing up recovery information to AD DS or if you want to save key packages alternatively, the BitLocker Windows Management Instrumentation (WMI) provider Win32_EncryptableVolume can be used to back up the key package to a file location that you specify. For more information about using the GetKeyPackage method to accomplish this, see GetKeyPackage Method of the Win32_EncryptableVolume Class (https://go.microsoft.com/fwlink/?LinkId=169347).

The Repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. You should use Repair-bde if the following conditions are true:

1. You have encrypted the drive by using BitLocker Drive Encryption.

2. Windows does not start, or you cannot start the BitLocker recovery console.

3. You do not have a copy of the data that is contained on the encrypted drive.

Note

Damage to the drive may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the drive before you use the BitLocker Repair Tool. The Windows Recovery Environment (Windows RE) provides additional options to repair computers.

This section describes how to use Repair-bde.exe in Windows 7, as well how to use the Windows Preinstallation Environment (Windows PE) and Windows RE.

The BitLocker Repair Tool package contains the following files:

• Software License Terms.rtf

• Executables\repair-bde.exe

• Executables\bderepair.dll

• Executables\en-us\repair-bde.exe.mui

The following parameters are available for the Repair-bde.exe command:

• InputVolume

• OutputVolumeOrImage

• -RecoveryKey (-rk)

• -RecoveryPassword (-rp)

• -KeyPackage (-kp)

• -LogFile (-lf)

• -f or -Force

Note

The Repair-bde command-line tool uses the term volume; in Windows 7, most BitLocker features use the term drive. When used with BitLocker, you can consider these terms to be synonymous.

Limitations

The following limitations exist for Repair-bde:

• The Repair-bde command-line tool cannot repair a drive that failed during the encryption or decryption process.

• The Repair-bde command-line tool assumes that if the drive has any encryption, then the drive has been fully encrypted.

• The Windows 7 installation of Repair-bde is unable to perform repairs involving key packages obtained from Windows Vista, although the Windows 7 installation of Repair-bde is able to repair drives provisioned with BitLocker in Windows Vista.

InputVolume

This is the drive letter of the BitLocker-encrypted drive you want to repair.

Syntax

repair-bde InputVolume

Parameters

InputVolume

Represents a drive letter followed by a colon; for example, C:.

Examples

repair-bde C:

OutputVolumeOrImage

This parameter details the drive to store decrypted contents, or the path to create an image file of the contents. This parameter may be omitted if you are attempting an in-place repair of a Windows Vista BitLocker drive by using the -NoOutputVolume (-nov) parameter instead.

Warning

All information on this output drive will be overwritten.

Syntax

repair-bde {OutputVolumeOrImage|OutputVolumeOrImage:PathToImageFile}

Parameters

OutputVolumeOrImage	Represents a drive letter followed by a colon.
OutputVolumeOrImage:PathToImageFile	Represents a path to an image file.

Examples

repair-bde C: D:

repair-bde C: D:\imagefile.img

-NoOutputVolume (-nov)

This parameter attempts to repair a Windows Vista BitLocker-protected drive by modifying the boot sector to point to a valid copy of BitLocker metadata. This parameter is not supported for attempting in-place repairs of a Windows 7 BitLocker drive.

Warning

To avoid additional data loss, you should have a spare hard drive available. Use this spare drive to store decrypted output or to back up the contents of the damaged volume.

Syntax

repair-bde -NoOutputVolume

repair-bde -nov

Parameters

None

Examples

repair-bde G: -nov

repair-bde G: -NoOutputVolume

-RecoveryKey (-rk)

Syntax

repair-bde -RecoveryKey Volume:PathToRecoveryKey

repair-bde -rk Volume:PathToRecoveryKey

Parameters

Volume:PathToRecoveryKey

Represents a path to an external key to unlock the drive.

Examples

repair-bde C: D: -rk F:\RecoveryKey.bek

repair-bde C: D: -RecoveryKey F:\RecoveryKey.bek

-RecoveryPassword (-rp)

Syntax

repair-bde -RecoveryPassword RecoveryPassword

repair-bde -rp RecoveryPassword

Parameters

RecoveryPassword

Represents a numerical password to unlock the drive.

Examples

repair-bde C: D: -rp 111111-222222-333333-…

repair-bde C: D: -RecoveryPassword 111111-222222-333333-…

-KeyPackage (-kp)

If this option is blank, the tool will search for the key package automatically. If Repair-bde is unable to find the key package, it will request one by displaying the following message:

The input volume has suffered damages to critical information related to the decryption key. Please try the -KeyPackage option to specify a key package. The volume may not be recoverable.

Syntax

repair-bde -KeyPackage Volume:ExportedKeyPackage

repair-bde -kp Volume:ExportedKeyPackage

Parameters

Volume:ExportedKeyPackage

Represents a key package to unlock the drive.

Examples

repair-bde C: D: -kp F:\ExportedKeyPackage

repair-bde C: D: -KeyPackage F:\ExportedKeyPackage

-LogFile (-lf)

Syntax

repair-bde -LogFile Volume:LogFile

repair-bde -lf Volume:LogFile

Parameters

Volume:LogFile

Represents a path to the file that will store Repair-bde error, warning, and information messages.

Examples

repair-bde C: D: -lf F:\log.txt

repair-bde C: D: -LogFile F:\log.txt

-f or -Force

This optional parameter forces a drive to be dismounted, even if it cannot be locked. This parameter is used to obtain consent from the user to dismount the drive, even if it is being used by another process.

Syntax

repair-bde -f

repair-bde -Force

Parameters

None

Examples

repair-bde C: D: -f

repair-bde C: D: -Force