How to Verify BitLocker Recovery Keys in SQL DB using MBAM

How to Verify BitLocker Recovery Keys in SQL DB using MBAM

  • Comments 4
  • Likes

Customers using BitLocker Drive Encryption to protect a volume might be curious to know, how to verify BitLocker Recovery keys in SQL database for MBAM.

Consider this scenario: A Volume is already BitLocker encrypted and recovery information is backed up in Active Directory. We install the MBAM client on a Windows 7 client machine and the MBAM agent back’s up the recovery key for all encrypted volumes in the SQL DB.

To verify the 48 digit recovery password was saved within SQL do the following:

  1. Open SQL Management Studio.
  2. Expand the MBAMAndRecoveryHardware Database.
  3. Under Tables, Select RecoveryAndHardwareCore.Keys
  4. Right Click RecoveryAndHardwareCore.Keys and Select Top 1000 Rows.
  5. Once you see the Query, execute it.

clip_image002

SQL Query:

SELECT TOP 1000 [Id]

      ,[LastUpdateTime]

      ,[VolumeId]

      ,[RecoveryKeyId]

      ,[RecoveryKey]

      ,[Disclosed]FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys]

 

If you want to search for a specific recovery key id then use this query.

 

clip_image004

 SQL Query: 

SELECT TOP 1000 [Id]

      ,[LastUpdateTime]

      ,[VolumeId]

      ,[RecoveryKeyId]

      ,[RecoveryKey]

      ,[Disclosed]

      FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys] WHERE RecoveryKeyId LIKE 'a0b84b65%'

 

For further information on MBAM and how it can help your environment, please consult the following documentation.

Planning Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285653.aspx

Deployment Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285644.aspx

Operations Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285664.aspx

Troubleshooting MBAM: http://onlinehelp.microsoft.com/en-us/mdop/hh352745.aspx

 

Manoj Sehgal
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • I am actually having an issue with this. All other data is being written to the databse tables except for the key.

  • We have 8 entries in the database, but then any systems with mbam client installed doesn't update the keys in the db.  On the machine's event viewer it indicates encryption status was uploaded to db

  • What happen if I do the encryption succesfull in a laptop and 2 minutes after a disaster break my DB SQL server. Thinking I would get a backup 1 hour ago? How can I recovery the laptop recovery key?

    Sorry for my english!

  • Recovery Key is not showing up in DB after running SQL query. No items were returned. Any suggestions?