Lenovo Ideapad sent in for warranty repair, returned with Bitlocker and can't use the laptop

[GON]

February 2021 I purchased a Lenovo Thinkpad at Costco. Very happy with the laptop, much more so than the HP it replaced.

On 26 DEC 2021, on the plane ride home from visiting family, the Lenovo had a USB port error. Minutes later the laptop went black. Called Lenovo, went through three hours on the phone doing diagnostics. Lenovo determined the laptop was in fact broke, and to send it to their shop in Texas for repair.

The shop turned the laptop around in 24 hours. I was impressed. Defective mainboard.

Received the laptop Friday and turned it on... screen said it required bitlocker to unlock the hard drive. OS is Windows 10. I never used bitlocker on this laptop. A sheet from Lenovo stated that if I didn't know my bitlocker code, Microsoft would have it. I logged onto my MSFT account, and no bitlocker code. Lenovo says it uses bitlocker to protect the contents of the hard drive. hmmmm.

Now what to do. I have a laptop with a hard drive I can't access. I have no windows 10 operating system on CD to reload. A correspondence to Lenovo on the issue received no response. I do have Windows 7 on CD... but this notebook has no CD drive and not sure a late model Lenovo will run Windows 7......

Any suggestions on how to use a laptop with Windows 10 that has been protected by bitlocker?

 

[skyactiv]

_

 

[Leo99]

Try this:

 

[dareo]

You should be able to create a windows 10 recovery USB drive and try reinstalling from that. You'll need another working PC to create said thumb drive.

 

[bluesmokertdi]

send it back and ask the warranty company to unlock it

 

[haggler]

Full disk encryption like bitlocker is doing what its designed to do. You might be SOL, I think the key is saved in a module on the motherboard (TPM) but it can be backed up to your MS account.

As far as how to restore it (if you dont care about the data), there is a recovery space on the hard drive that can be used to restore your OS. You would have to look at your instructions to find out the key sequence to activate it. If not, you can install Windows 10 straight from microsoft and format your hard drive from a Windows 10 USB flash drive - the license is embedded in the motherboard (no serial, etc).

 

[JavierH19]

id call them and state that the repair has left the machine inoperable and that you want it corrected.

 

[MRC01]

id call them and state that the repair has left the machine inoperable and that you want it corrected.

^^^ this ^^^
If they can't fix it, they should be liable for all of your data that they lost/destroyed. They probably have some boiler plate legalese that says they aren't responsible for your data and you're expected to back everything up before you send in the computer for repair. But whether that holds up in court, and whether they want to risk testing it, is a different question.

You can at least tell them what they did -- encrypt your data without your permission and without giving you a key -- is exactly what ransom-ware does, and that is a crime.

 

[K.Aoi]

You don't need a CD to reinstall Windows. You can use this https://www.microsoft.com/en-us/software-download/windows10
to create a bootable install USB, and it will let you reinstall. When Lenovo replaced the systemboard they would have coded the old Windows key into the new BIOS, so it should automatically re-activate. Windows 10 will enable bitlocker by default if the system supports it, and when they changed the motherboard the TPM key no longer matches what's in Windows. Lenovo wouldn't be able to fix it even if you sent it back. If the bitlocker key isn't in your microsoft account you're stuck with reinstalling the OS.

 

[K.Aoi]

^^^ this ^^^
If they can't fix it, they should be liable for all of your data that they lost/destroyed. They probably have some boiler plate legalese that says they aren't responsible for your data and you're expected to back everything up before you send in the computer for repair. But whether that holds up in court, and whether they want to risk testing it, is a different question.

You can at least tell them what they did -- encrypt your data without your permission and without giving you a key -- is exactly what ransom-ware does, and that is a crime.

They didn't encrypt it, Windows by default will enable Bitlocker if the system supports it. What happened here is when the systemboard was changed the TPM encryption key is different, so Windows requires the recovery key. Keeping track of your recovery key is your responsibility, and they are right that normally it should be stored in the connected microsoft account (if one was used)

 

[MRC01]

Are you saying the hard drive was already encrypted with Bitlocker before they received it, and since they changed the motherboard, the encryption key changed, so Bitlocker wants the old/original key?

If the hard drive wasn't already encrypted (as the OP says), then the first time it got encrypted was after the new motherboard was installed. That seems to imply that there is only one key, the one for the new motherboard.

 

[K.Aoi]

Are you saying the hard drive was already encrypted with Bitlocker before they received it, and since they changed the motherboard, the encryption key changed, so Bitlocker wants the old/original key?

If the hard drive wasn't already encrypted (as the OP says), then the first time it got encrypted was after the new motherboard was installed. That seems to imply that there is only one key, the one for the new motherboard.

That's exactly correct, Windows had encrypted the drive using the TPM. Bitlocker works without requiring a password at startup, it uses the key in the systemboard's TPM, and if the key changes (like when you change a systemboard) it needs the recovery key to unlock it. You can tell if bitlocker is active by going into This PC and looking for a lock icon on the drives.

 

[MRC01]

This implies that the drive was encrypted even before he sent it in, contrary to the OP's belief that it wasn't.

 

[K.Aoi]

This implies that the drive was encrypted even before he sent it in, contrary to the OP's belief that it wasn't.

He may not have known because he never explicitly set it up, and it doesn't require a password at boot, in most situations its 100% passive to the end-user, except in scenarios like this one we're discussing right now.

Source: I dealt with stuff like this in deskside support for over 6 years

 

[K.Aoi]

He purchased it in Feb 2021, its entirely likely that it came from Lenovo with the encryption already configured by default.

 

[spackard]

I'd guess the bitlocker password is the very first password you used when you first received your first Win10 laptop. You may have forgotten - it was also asking you to create a Microsoft cloud account (was live.com) and password.

I think there's 3 questions asked when you first startup a fresh Win10. IMO the process is very prone to user amnesia, and I am acclimated to a high security environment. I think Windows is playing catch-up to iOS. But I think TPM started with Windows/Intel.
By the way, these things exist on many smartphones too.

 

[K.Aoi]

I'd guess the bitlocker password is the very first password you used when you first received your first Win10 laptop. You may have forgotten - it was also asking you to create a Microsoft cloud account (was live.com) and password.

I think there's 3 questions asked when you first startup a fresh Win10. IMO the process is very prone to user amnesia, and I am acclimated to a high security environment. I think Windows is playing catch-up to iOS. But I think TPM started with Windows/Intel.
By the way, these things exist on many smartphones too.

It's not asking for a password- its asking for the recovery key which it asks for if the system configuration changes and sets it off- the recovery key is a 48 digit key that normally would be saved to your account.

 

[JavierH19]

^^^ this ^^^
If they can't fix it, they should be liable for all of your data that they lost/destroyed. They probably have some boiler plate legalese that says they aren't responsible for your data and you're expected to back everything up before you send in the computer for repair. But whether that holds up in court, and whether they want to risk testing it, is a different question.

You can at least tell them what they did -- encrypt your data without your permission and without giving you a key -- is exactly what ransom-ware does, and that is a crime.

^ this

There's always an obscure law that protects them and this is BS for anyone to put up with. And they know the average joe wont go too far unless he's really got a grudge. Before sending my laptop in to dell for warranty i made a copy of what was too important to risk losing on my portable hd. You never know.

Hopefully they can unsh*t his bed.

 

[Schandyman]

Shouldn't the warranty repair company know that the hard disk would not recognize the new motherboard they should have retrieved the bitlock code for the customer and made sure everything fired up

 

[K.Aoi]

Shouldn't the warranty repair company know that the hard disk would not recognize the new motherboard they should have retrieved the bitlock code for the customer and made sure everything fired up

No, for a couple of reasons.
1. These codes are private- either saved by the user on a flash drive, in their MS account, or in Active Directory in an Org, or on a piece of paper. There is no way for them to "retrieve" the code, and it would likely be illegal for them to do so if they could.
2. It's your responsibility to make sure you've backed up any important data/passwords before sending them the laptop. And Lenovo, and all other companies will tell you this when you return it. Usually there is a form they want you to fill out.

Bitlocker did exactly what it's designed to do- disallow someone taking a drive out of a company computer and pulling personal/private data off of it by sticking it in another computer. This isn't a flaw, this is operating as intended. This is also why I (or we, at the org I work for) remove drives from laptops before sending them out for repair (or we have them come on-site to repair them if that option is available)