You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has a single volume that is encrypted by using BitLocker Drive Encryption
(BitLocker).
BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM).
Server1 is configured to perform a daily system image backup.
The motherboard on Server1 is upgraded.
After the upgrade, Windows Server 2012 R2 on Server1 fails to start.
You need to start the operating system on Server1 as soon as possible.
What should you do?
A.
Start Server1 from the installation media. Run startrec.exe.
B.
Move the disk to a server that has a model of the old motherboard. Start the server from
the installation media. Run bcdboot.exe.
C.
Move the disk to a server that has a model of the old motherboard. Start the server. Run
tpm.msc.
D.
Start Server1 from the installation media. Perform a system image recovery.
Explanation:
Ref: http://technet.microsoft.com/en-us/library/jj131725.aspx
I didn’t saw the D answer at my last exam on 15.1.2015
So I thing the “other” answer will be A.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/866e2079-1361-4351-b93b-e86d4a7d2b67/window-2008-correpted?forum=winservergen
Correct answer is C.
A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer or laptop, and communicates with the rest of the system using a hardware bus.
http://technet.microsoft.com/en-us/library/cc749022(v=ws.10).aspx
BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
http://technet.microsoft.com/en-us/library/cc732774.aspx
Since the motherboard which has the TPM microchip is replaced with another motherboard, then the OS will not be able to boot.
http://i.technet.microsoft.com/dynimg/IC234430.gif
So the correct answer is C. Move the disk to a server that has a model of the old motherboard. Start the server. Run
tpm.msc.
and if I don’t have another server with that motherboard ??
I think that B and C are absolutely wrong.
very right. would be a poor construction if Microsoft failed to tackle a problem propperly and asked a question about it.
Bit locker uses the tpm that is on the chip to do the encryption. The tpm is the key. The key can be backed up to unlock the drive. Each time bit locker is used to encrypt, the tpm key changes. You can still boot as long as you have the numeric key which does not require the same board.
but the key is stored in TPM, that’s what matters, not the chip.
TPM is the chip.
Hum, the TPM has to be the same one used to encrypt the volume, any other one won’t have the keys to unlock the volume so doing that is pointless…
So what if you move it? The other server’s motherboard doesn’t have the encryption key on it or if it has a key is not from your server. You are hosed anyways.
Recovery the System Image would appear to be the answer.
Anytime Microsoft uses Daily System Image Backup in the question. It can be a good hint.
The only references I am finding are for StartreP.exe, not StartreC, and only reference Server 2008.
I have never seen a Microsoft Answer that has you move a Disk to an Older Model MotherBoard.
It makes no sense, you just upgraded the Motherboard.
I think you are right and “D” is correct:
https://technet.microsoft.com/en-us/library/hh211414.aspx
“When drives, folders, and files are backed up by the server, an unencrypted version is saved to the server. During full system restore, this unencrypted version is copied to the computer. After a successful full system restore, you have to reactivate BitLocker on the server. “
Thanks, this seems to answer conclusively. Also from that link:
Performing server restore
If the server that you need to restore was encrypted using BitLocker, you can still use the full system restore media provided with your server and the Full System Restore wizard to recover the hard disk drive image, including the operating system, from a backup, and then restore the data to the new or repaired computer.
Alright Folks- The answer is A.
http://blogs.technet.com/b/danstolts/archive/2009/10/03/server-2008-r2-or-windows-7-system-will-not-boot-after-making-changes-to-boot-manager-using-bcdedit.aspx
Your article is talking about a completely different issue.
Sakile, the blog makes no mention of bitlocker drive encryption. It would be “D”, unless there is an answer that says to use the password, which in this case, there is no answer to use the password.
my guess: A
startrec must be a typo, it should be startrep.exe
After that we can run tpm.msc
“After you replaced the motherboard, you need to repopulate the TPM with new information regarding the encryption of the hard disk.
I use these commands to repopulate the information in the TPM (without PIN):
manage-bde –delete -protectors C: -type TPM
manage-bde –protectors –add C: -tpm”
(https://social.technet.microsoft.com/Forums/windows/en-US/d7be2e19-3eb2-4e7f-8d6a-c7f0f5474b93/bitlocker-new-motherboard-replacement)
Startrep does nothing with encryption/decryption, it fixes registry errors and does other repairs.
Only D: is a viable solution. Ayelet is right that a backup contains an unencrpyted version of the data. Recover the server, restore the data, re-apply encrpytion
ok it is said after upgrade server fails to start it not booting!!!!!! C and B is a bulshit not answer, what if i have no the same old motherboard. as we have backup’s and system images the fasted and easiest way just to re image, recover from backup, setup hdd encryption. So answer: D
If A does indeed have a typo and it is startrep.exe then it would be the correct method:
https://support.microsoft.com/en-us/kb/928201
The link you supplied makes no mention of startrep.exe, besides Bitlocker is not an “error” that needs fixing, so startrep.exe does nothing in this case.
you would need the bitlocker recovery key to boot. as that is not an option to select then you would have to rebuild it.
I agree with D
B and C definitely aren’t quick fixes (you might not even have a spare server with the old motherboard in!)
B and C plainly won’t work.
Key in this question is that backup is unencrpyted.
Is D.
All I want to say is that Microsoft creates the absolute worse test questions ever!
Seriously!
I approve this message… their questions suck ass
Answer: C
By moving the hard drive to server with that has a model of the old motherboard the system would be able to start. As BitLocker was configured to save encryption keys to a Trusted Platform Module (TPM), we can use tpm.msc to access the TPM settings.
Note: After you replaced the motherboard, you need to repopulate the TPM with new
information regarding the encryption of the hard disk.
We use these commands to repopulate the information in the TPM (without PIN):
manage-bde –delete -protectors C: -type TPM
manage-bde –protectors –add C: -tpm
how would that work? You would have to use the same mainboard as before because the key is stored in this specific mainboard’s TPM, not in any other. Just using the same model would not work…
https://technet.microsoft.com/en-us/library/jj647767.aspx#BKMK_repairbde
manage-bde seems to solve a lot of issues. That’s not a response to the question it seems though.
Normally you’d save the recovery key in AD, however, it is not clearly stated this server is a domain controller, *the* domain controller, or if it’s the only server in the organisation at all, let alone if the admin has saved the recovery keys.
Assuming the recovery key is lost, I’d say restore the data completely.
This question is in the exam 30-12-2015, But I guess different choices
https://technet.microsoft.com/en-us/library/hh211414.aspx
When drives, folders, and files are backed up by the server, an unencrypted version is saved to the server. During full system restore, this unencrypted version is copied to the computer. After a successful full system restore, you have to reactivate BitLocker on the server.
so the backed up image is just an image without encryption. we can simply restore it and then after restoring we can enable bitlocker again if needed.
I think D should fix the problem
You nailed it. It’s clear.
Agreed.
@Hassan exactly but I forgot the option :sweat:
C
Why would MS want you to move the disk to another server. What happens if I don;t have another server. I am up sh!t creek with out a paddle aren’t I. The answer is D.
Even for Microsoft’s standards, C is pretty farfetched.
Microsoft wants you to have best practices and follow proper procedures.
B or C simply does not make sense. Means we have to bring down another possible server just to MAYBE be able to boot up another one? No, Microsoft would never allow that. and if that is the correct answer, shame on them.
A lot of people fail to look at these answers logically.
David says:
January 9, 2016 at 9:38 pm
https://technet.microsoft.com/en-us/library/hh211414.aspx
When drives, folders, and files are backed up by the server, an unencrypted version is saved to the server. During full system restore, this unencrypted version is copied to the computer. After a successful full system restore, you have to reactivate BitLocker on the server.
so the backed up image is just an image without encryption. we can simply restore it and then after restoring we can enable bitlocker again if needed.
I think D should fix the problem
If C was true then it has no use at all to encrypt your disk…
The TPM generates encryption keys, keeping part of the key to itself. So, if you’re using BitLocker encryption or device encryption on a computer with the TPM, part of the key is stored in the TPM itself, rather than just on the disk. This means an attacker can’t just remove the drive from the computer and attempt to access its files elsewhere.
I would go on A who with me ?
I think the answer is very simple:
“You need to start the operating system on SERVER1 as soon as possible.”
Moving the disk to a server that has a model of the old motherboard = NOT SERVER1, but another server.
StartRep.exe is not solution for this scenario.
So it must be answer D.
Answer is C
http://www.aiotestking.com/microsoft/you-need-to-start-the-operating-system-on-server1-as-soon-as-possible-5/