(MyPain) => Your.Gain: BitLocker and Bootable VHDs

Arghhhhhhhh! Whenever I spend more than a couple of hours trying to figure something out – even with the help of Bing searches – I start thinking I can’t be the only one having trouble.  That’s where the title of this post (not-so-cleverly disguised as a lambda expression) comes in. 

I suppose this could become an ad-hoc series depending on just how much I’m stumbling around the various technologies.  Consider this a-day-in-the-life type thing; it might be something you thought was obvious, and it’s probably something that RTFM would address (but have you seem how many “FM”s there are to “R” out there?)  Anyway, here goes this round:

My Goal: 

I wanted to get up to speed on some of the features of the very cool Web Platform Installer, but I really didn’t want to gum up my main machine, and I wanted to be able to restart from scratch to demo on a ‘clean’ machine for various user group presentations and such.

My Method:

Windows 7 and Windows Server 2008 R2 have an awesome ‘bootable VHD’ feature:  install an OS (Win7 or Server2008 R2 only) on a VHD and you can boot right into it – it’s not a VM, it’s running right on the metal, kind of like the dual-boots of old, but kindler, gentler and easier.  So the idea is I’d create a VHD, install Windows Server 2008 R2 into it, and then I’d have a great little sandbox to play around with the Web Platform Installer.

Since boot-to-VHD is one of the more notable new features of the latest OSes, there’s no shortage of blog posts, screencasts, etc. to lead you through setting up a VHD.   Near the top of the list I found Scott Hanselman’s post as well as another from Michael Flanakin, so I gave them a whirl.

My Travails:

Early on I ran into a screen (that I didn’t capture) indicating I couldn’t do what I needed with BitLocker enabled and suggesting I suspend it – note suspend not remove.  Not a problem – and there’s an option for that right on the Control Panel.  I got through the rest of Scott’s steps for installing the OS on the VHD and went to restart when I was met with the following screen (text recreated below to aid others in searching):

BCD Error 

The Windows Boot Configuration Data (BCD) store file contains some invalid information.

Object GUID: {GUID}
Description: Win2008 VHD
Status: 0xc000000f
Info: The configuration for an element within the object is invalid in the boot configuration data store.


Fantastic!  It appears to me that the bcdedit /copy step that Scott outlines didn’t sit well with the BCD, but it was easy enough to clear with bcdedit /delete.

I thought I’d then opt for another way to create my VHD, mostly because I grew impatient at how long it took for the setup files to load from the Win2008 DVD I’d cut.   So I found another blog entry that nicely laid out the steps, leveraging a PowerShell script that accesses the Windows Imaging Format (WIM) file in the \sources folder on the DVD.  That got me to the following boot screen and I was home free… or so I thought. 

Boot Manager

Selecting the option to boot into my VHD was only met by yet another ominous screen (text recreated below the image)

Oh No!

Windows failed to start.  A recent hardware or software change might be the cause.  To fix the problem:

  1. Insert your Windows installation disc and restart your computer.
  2. Choose your language settings, and then click “Next.”
  3. Click “Repair your computer.”

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \windows\system32\winload.exe

Status: 0xc000000f

Info: The selected entry could not be loaded because the application is missing or corrupt

Fantastic x 2!  As suggested, I went to the bathroom mirror to have a face-to-face with my System Admin, but he was no help.  Searches for that message yield all kinds of remedies, many of which I was pretty sure didn’t apply.   I still seemed to be able to boot into my Windows 7 partition, so backed it all out and tried again (the optimistic ‘lather-rinse-repeat’ approach), but no joy.

My Mistake

After a frantic e-mail or two internally, I was pointed to the error of my ways, and indeed it was an RTFM-moment.  As is often the case, once you know what the problem is, it seems like it’s documented everywhere, such as in TechNet

You can save a VHD file on a file system that is protected by BitLocker, but you cannot use the VHD for native boot or enable Bitlocker on the volume(s) that are contained inside a VHD.

and even in a subsequent blog posting by Scott Hanselman.

My Triumph

Getting rid of BitLocker altogether would have been one solution, but that wouldn’t fly given internal IT requirements, so as Scott mentions, there’s two options:

You can partition your drive with a Bitlocker’ed C: and an unencrypted D:, or you can get a second spindle. That means, you can get another hard drive and put it in the slot when your DVD/CD usually goes.

Getting another hard drive just seemed to nix the advantage for me.  Why not just boot directly off that hard-drive in that case and forget all the VHD nonsense?  I suppose my stance would be different if I had a bunch of VHDs that I was using on a regular basis, but I’m not there yet.  Besides, I don’t have another harddrive.

So, I opted to create a new partition, non-bitlockered.  It turns out this isn’t as painful as it sounds (or as it used to be).  I’d repaved my machine fairly recently, so when using the Disk Management utility (search for “Disk Management” from the Start Menu), I could shrink my C drive partition enough to create another partition to accommodate my VHDs.  It’s pretty straightforward, but here’s step-by-step tutorial to walk you through it. [Note, in the interest of full disclosure, at this point my C: drive had had BitLocker removed, so I’m not completely sure you can shrink a volume that’s BitLockered]

With a new (non-BitLockered) partition now on my machine (F:) I just copied over the VHD file created previously (and re-BitLockered my C: drive).  Via Disk Management it was a simple process to attach the VHD, which then became the G: drive.  All that was left was setting up a boot entry for the VHD, which is literally a one-liner:

g:\windows\system32\bcdboot g:\windows

And it was with a sense of cautious optimism that I greeted the following screen after successfully booting into Windows 2008 R2 from a VHD! 


Windows 2008 Configuration

Comments (1)

  1. Brian R Nalewajek says:

    Hum?  A Jack Flash developer running into a couple of OS/hardware hurdles; not so easy to code your way over these, is it?

    It actually does my heart good to see someone, I know knows more about these things than I do, stumble a bit out of the starting blocks.  BTW, congrats on picking yourself up, and finishing the race – though limping off the track in utter frustration would have been more cathartic.  

    The VHD idea is interesting (and new to me).  I haven’t "repaved" my notebook’s HD, and installed Win 7 yet (Vista Ultimate with 2 years of SPs and updates isn’t nearly as unbearable as others have suggested), and am running WS08 (R1), on a couple of PC’s used as workstations – so trying out VHD is not atop my to-do list.  What caught my eye, in your article, were the images of your computer’s display – obviously photos.  That brought back memories of yesteryear; though I don’t think you opted for that technique out of nostalgia.  What I think it signifies, is that I’m not alone in finding myself writing out the text of message windows, on scraps of paper (you, at least, were clever enough to use a digital camera, so you could FAX the images into your article) – very 21st century!

    So, why is there still no way (known to me, if not to man), to copy the text and save it (somewhere), from any and all message windows?

    Reading on, we get to that "… contact your system (or network), administrator…" one excuse fits all classic.  Again, your idea of using a mirror was not something I thought of.

    Seems you too enjoy the national pastime of reading through scores or irrelevant BLOG post references, in search of answers to specific problems that generate, (what you discover to be all too), generic error codes.  Well, it’s winter; it’s not like we should be out mowing our lawns.

    I’ll go out on a limb here, and suggest that you and I aren’t the only (and let me flatter myself, in saying), reasonably intelligent and knowledgeable people confronting these sorts of issues.  The answers to our questions, or at least those able to answer them, are certainly wandering around cyberspace – yet our connecting with them never seems to take place at true broadband speeds.

    What would be nice, is to have a TechNet sort in residence.  I’ve no doubt they would be handier than the Staple’s "Easy" button – though I wouldn’t want to be responsible for the their care and feeding (Lord knows what they eat).  I’ll bet they could spot, and sort out all kinds of little problems like these (I hear they have have extra sets of genetically engineered eyes, and their synapses have gold plated connectors).

    Gee, I wonder if having a TechNet guy in attendance at a developer presentation, might not be a bad idea?  Maybe they could suggest suggest solutions, or voice concerns that just don’t occur to those with a programmer/developer mindset?

    Yes, this has been a very long comment; but as I’ve been waiting to hear back on a request ticket item, I had a little time to kill.