BitLocker XTS-AES with Storage Spaces on Windows 1511 causes Data Corruption

I built a new computer over the weekend and wanted to take advantage of Storage Spaces to group some drives together. Little did I know that adding BitLocker to the volume would quickly corrupt and obliterate the data on it.

BitLocker Corruption

The issue only appears relevant on the Windows 10 1511 Novenber Build (TH2, 10586) when the OS drive is also encrypted by BitLocker and when the new XTS-AES 128 format is used. Shortly after encryption begins, files and directories will begin to vanish from the volume. After a reboot the volume is entirely unmountable and the above error displays stating that “the disk structure is corrupted and unreadable.”

PS C:\Windows\system32> manage-bde -status b:
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume B: []
[Data Volume]

Size: Unknown GB
BitLocker Version: 2.0
Conversion Status: Decryption in Progress
Percentage Encrypted: 2.0%
Encryption Method: XTS-AES 128
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: Unknown
Automatic Unlock: Disabled
Key Protectors:
Numerical Password
External Key
NTFS Corruption

NTFS Corruption

Some light searching shows the issue is widespread [1] [2] [3] but has yet to be patched out by Microsoft in the last few months. Worse, I couldn’t even find any official acknowledgement of the problem. Once damaged, there seems to be no way to reverse the effects and decryption never completes. Instead, the event log is flooded with write failures.

Attempts to run chkdsk against one of the two volumes killed by this bug similarly flooded out errors pertaining to orphaned files. Decrypting the OS volume did not restore data on either volume.

Some technical data to anyone else affected:

File System was NTFS on all four volumes.
The OS drive was encrypted with a TPM.
Two Storage Spaces volumes were encrypted and were a total loss.
One non-Storage Spaces volume was encrypted and worked as expected.
All volumes were encrypted with the new format XTS-AES 128.

Leave a Reply