A week ago, on my Server 2016 Hyper-V host, after installing the May 14, 2019 Cumulative Update (KB4494440) and restarting, I got BitLocker error 0xc0210000, “A required file couldn’t be accessed because your BitLocker key wasn’t loaded correctly.” I was able to enter the key manually and the machine proceeded to boot.
Today, after installing the May 19 Cumulative Update (KB4505052), I got the same error, but the machine did not boot but went into the recovery environment. Fortunately, by now this is a well-known issue with a thread and its own knowledge base article KB4505821. I was able to use the steps in KB4505821 to start the server, with one exception: the instructions say to unlock and suspend protection on the C: drive, but in my recovery environment, the TPM-protected boot drive came up as the D: drive. Some screen shots will illustrate.
Try to boot to OS:
Type in the recovery key – this works:
Instructions say to skip this. I tried skipping and filling in, got into recovery environment either way. However when skipped, you also have to skip BitLocker on all other drives:
Instructions say to run
manage-bde unlock C: but that failed:
manage-bde –status shows that drive D: is the one protected by the TPM:
manage-bde –protectors –get D:. The Numerical Password ID matches what I know is really the OS drive C:
manage-bde –unlock D: works:
Now we can suspend protection with
manage-bde –protectors –disable D::
And now the OS boots:
Note that protection is still suspended after boot. I manually resumed protection. Hope I can remember to suspend it before the next boot.
Update June 17, 2019
Still happening after installing the 201906 Cumulative Update: “…your BitLocker key wasn’t loaded correctly.” This month, though, entering the BitLocker recovery key (third black screen above) was enough to continue and get the OS to boot–I did not have to get into the recovery environment and manually unlock the drive.
Update August 2, 2019
The issue was finally resolved with the KB4507460 update released July 9, 2019.