You have a server named Server1 that runs Windows Server 2012 R2.
Server1 has a single volume that is encrypted by using BitLocker Drive Encryption (BitLocker).
BitLocker is configured to save encryption keys to a Trusted Platform Module (TPM). Server1 is
configured to perform a daily system image backup.
The motherboard on Server1 is upgraded.
After the upgrade, Windows Server 2012 R2 on Server1 fails to start.
You need to start the operating system on Server1 as soon as possible.
What should you do?
A.
Start Server1 from the installation media. Run startrec.exe.
B.
Move the disk to a server that has a model of the old motherboard. Start the server from the
installation media. Run bcdboot.exe.
C.
Move the disk to a server that has a model of the old motherboard. Start the server. Run tpm.msc.
D.
Start Server1 from the installation media. Perform a system image recovery.
Explanation:
By moving the hard drive to server with that has a model of the old motherboard the system would
be able to start. As BitLocker was configured to save encryption keys to a Trusted Platform Module
(TPM), we can use tpm.msc to access the TPM settings.
Note: After you replaced the motherboard, you need to repopulate the TPM with new information
regarding the encryption of the hard disk.
We use these commands to repopulate the information in the TPM (without PIN):
manage-bde –delete -protectors C: -type TPM
manage-bde –protectors –add C: -tpm
Incorrect:
Not D. After the system image recovery you would still have the new motherboard installed. The
problem would return.BitLocker – New motherboard replacement
Should be D , The “Password” is save in the “Trusted Platform Module”, it need the same MB, not just same model.
You can get the recovery key from other sources, you don’t need the stored password from the TPM.
https://answers.syr.edu/display/ischool/Updating+TPM+for+BitLocker+after+a+Motherboard+replacement
It’s “C”
I think the key sentence is that the system is configured to perofrm a daily system backup. This backup is clearly being stored on a different drive that is either unencrypted or we can access with the TPM from Server1. Because of this fact, I would say it’s D, Start from install media and then do a system image recovery from the backup.
It doesn’t specify anything about about using other protectors or keys, it only says that the encryption keys are saved on the TPM, which is a chip on the mobo. Using a different mobo that’s the same model won’t help us because the key was saved on the TPM of the old motherboard.
Only way to do it is D.
The question makes no reference of having the keys, so D is the answer I’ll go with.
seems legit
i also go with D as Answer.
Because the encryption key was stored in the TPM module and thats gone, so how should you ever be able to acccess an encrypted disk on another mainboard where the TPM doesn’t provide the needed keys 🙂 Encryption would be pointless if i only ned the same HW to access the encrypted data.
Also see the discussion from V2.
http://www.aiotestking.com/microsoft/you-need-to-start-the-operating-system-on-server1-as-soon-as-possible/
D.
what if there is no other motherboard? then we are stuck
Bitlocker is not in 70-412 content.
Answer is right!!!
By moving the hard drive to server with that has a model of the old motherboard the system would
be able to start. As BitLocker was configured to save encryption keys to a Trusted Platform Module
(TPM), we can use tpm.msc to access the TPM settings.
Note: After you replaced the motherboard, you need to repopulate the TPM with new information
regarding the encryption of the hard disk.
We use these commands to repopulate the information in the TPM (without PIN):
manage-bde –delete -protectors C: -type TPM
manage-bde –protectors –add C: -tpm
Incorrect:
Not D. After the system image recovery you would still have the new motherboard installed. The
problem would return.
BitLocker – New motherboard replacement
Why the fuck would you do all that?
Just replace the unencrypted image backup and then rebitlocker it to the new TPM on the upgraded motherboard…common sense.
Answer is D.
“Server1 is
configured to perform a daily system image backup.”