Share via

How to Verify BitLocker Recovery Keys in SQL DB using MBAM

  • Article

Customers using BitLocker Drive Encryption to protect a volume might be curious to know, how to verify BitLocker Recovery keys in SQL database for MBAM.

Consider this scenario: A Volume is already BitLocker encrypted and recovery information is backed up in Active Directory. We install the MBAM client on a Windows 7 client machine and the MBAM agent back’s up the recovery key for all encrypted volumes in the SQL DB.

To verify the 48 digit recovery password was saved within SQL do the following:

  1. Open SQL Management Studio.
  2. Expand the MBAMAndRecoveryHardware Database.
  3. Under Tables, Select RecoveryAndHardwareCore.Keys
  4. Right Click RecoveryAndHardwareCore.Keys and Select Top 1000 Rows.
  5. Once you see the Query, execute it.

clip_image002

SQL Query:

SELECT TOP 1000 [Id]

      ,[LastUpdateTime]

      ,[VolumeId]

      ,[RecoveryKeyId]

      ,[RecoveryKey]

      ,[Disclosed]FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys]

 

If you want to search for a specific recovery key id then use this query.

 

clip_image004

 SQL Query: 

SELECT TOP 1000 [Id]

      ,[LastUpdateTime]

      ,[VolumeId]

      ,[RecoveryKeyId]

      ,[RecoveryKey]

      ,[Disclosed]

  FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys] WHERE RecoveryKeyId LIKE 'a0b84b65%'

 

For further information on MBAM and how it can help your environment, please consult the following documentation.

Planning Guide: https://onlinehelp.microsoft.com/en-us/mdop/hh285653.aspx

Deployment Guide: https://onlinehelp.microsoft.com/en-us/mdop/hh285644.aspx

Operations Guide: https://onlinehelp.microsoft.com/en-us/mdop/hh285664.aspx

Troubleshooting MBAM: https://onlinehelp.microsoft.com/en-us/mdop/hh352745.aspx

 

Manoj Sehgal
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support

Comments

  • Anonymous
    January 01, 2003
    I like you way and used this tool is good but I have an another tool to repair and recover all over MDF files from corrupt or damged SQL server. Visit here:-http://www.undeletepcfiles.com/sql-database-recovery-tool.html
  • Anonymous
    August 23, 2011
    I am actually having an issue with this. All other data is being written to the databse tables except for the key.
  • Anonymous
    April 01, 2013
    We have 8 entries in the database, but then any systems with mbam client installed doesn't update the keys in the db.  On the machine's event viewer it indicates encryption status was uploaded to db
  • Anonymous
    September 05, 2013
    What happen if I do the encryption succesfull in a laptop and 2 minutes after a disaster break my DB SQL server. Thinking I would get a backup 1 hour ago? How can I recovery the laptop recovery key?Sorry for my english!
  • Anonymous
    February 10, 2014
    Recovery Key is not showing up in DB after running SQL query. No items were returned. Any suggestions?
  • Anonymous
    April 19, 2017
    Hi Manoj,Thank you for the article. Need to understand if it does the query "If you want to search for a specific recovery key id then use this query" for the whole database for the specific recovery ID or it only search the top 1000 entries.