(MyPain) => Your.Gain: BitLocker and Bootable VHDs
Whenever I spend more than a couple of hours trying to figure something out - even with the help of Bing searches - I start thinking I can't be the only one having trouble. That's where the title of this post (not-so-cleverly disguised as a lambda expression) comes in.
I suppose this could become an ad-hoc series depending on just how much I’m stumbling around the various technologies. Consider this a-day-in-the-life type thing; it might be something you thought was obvious, and it’s probably something that RTFM would address (but have you seem how many “FM”s there are to “R” out there?) Anyway, here goes this round:
My Goal:
I wanted to get up to speed on some of the features of the very cool Web Platform Installer, but I really didn’t want to gum up my main machine, and I wanted to be able to restart from scratch to demo on a ‘clean’ machine for various user group presentations and such.
My Method:
Windows 7 and Windows Server 2008 R2 have an awesome ‘bootable VHD’ feature: install an OS (Win7 or Server2008 R2 only) on a VHD and you can boot right into it – it’s not a VM, it’s running right on the metal, kind of like the dual-boots of old, but kindler, gentler and easier. So the idea is I’d create a VHD, install Windows Server 2008 R2 into it, and then I’d have a great little sandbox to play around with the Web Platform Installer.
Since boot-to-VHD is one of the more notable new features of the latest OSes, there’s no shortage of blog posts, screencasts, etc. to lead you through setting up a VHD. Near the top of the list I found Scott Hanselman’s post as well as another from Michael Flanakin, so I gave them a whirl.
My Travails:
Early on I ran into a screen (that I didn’t capture) indicating I couldn’t do what I needed with BitLocker enabled and suggesting I suspend it – note suspend not remove. Not a problem – and there’s an option for that right on the Control Panel. I got through the rest of Scott’s steps for installing the OS on the VHD and went to restart when I was met with the following screen (text recreated below to aid others in searching):
The Windows Boot Configuration Data (BCD) store file contains some invalid information.
Object GUID: {GUID}
Description: Win2008 VHD
Status: 0xc000000f
Info: The configuration for an element within the object is invalid in the boot configuration data store.
Fantastic! It appears to me that the bcdedit /copy step that Scott outlines didn’t sit well with the BCD, but it was easy enough to clear with bcdedit /delete.
I thought I’d then opt for another way to create my VHD, mostly because I grew impatient at how long it took for the setup files to load from the Win2008 DVD I’d cut. So I found another blog entry that nicely laid out the steps, leveraging a PowerShell script that accesses the Windows Imaging Format (WIM) file in the \sources folder on the DVD. That got me to the following boot screen and I was home free… or so I thought.
Selecting the option to boot into my VHD was only met by yet another ominous screen (text recreated below the image)
Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:
- Insert your Windows installation disc and restart your computer.
- Choose your language settings, and then click “Next.”
- Click “Repair your computer.”
If you do not have this disc, contact your system administrator or computer manufacturer for assistance.
File: \windows\system32\winload.exe
Status: 0xc000000f
Info: The selected entry could not be loaded because the application is missing or corrupt
Fantastic x 2! As suggested, I went to the bathroom mirror to have a face-to-face with my System Admin, but he was no help. Searches for that message yield all kinds of remedies, many of which I was pretty sure didn’t apply. I still seemed to be able to boot into my Windows 7 partition, so backed it all out and tried again (the optimistic ‘lather-rinse-repeat’ approach), but no joy.
My Mistake
After a frantic e-mail or two internally, I was pointed to the error of my ways, and indeed it was an RTFM-moment. As is often the case, once you know what the problem is, it seems like it’s documented everywhere, such as in TechNet
You can save a VHD file on a file system that is protected by BitLocker, but you cannot use the VHD for native boot or enable Bitlocker on the volume(s) that are contained inside a VHD.
and even in a subsequent blog posting by Scott Hanselman.
My Triumph
Getting rid of BitLocker altogether would have been one solution, but that wouldn’t fly given internal IT requirements, so as Scott mentions, there’s two options:
You can partition your drive with a Bitlocker'ed C: and an unencrypted D:, or you can get a second spindle. That means, you can get another hard drive and put it in the slot when your DVD/CD usually goes.
Getting another hard drive just seemed to nix the advantage for me. Why not just boot directly off that hard-drive in that case and forget all the VHD nonsense? I suppose my stance would be different if I had a bunch of VHDs that I was using on a regular basis, but I’m not there yet. Besides, I don’t have another harddrive.
So, I opted to create a new partition, non-bitlockered. It turns out this isn’t as painful as it sounds (or as it used to be). I’d repaved my machine fairly recently, so when using the Disk Management utility (search for “Disk Management” from the Start Menu), I could shrink my C drive partition enough to create another partition to accommodate my VHDs. It’s pretty straightforward, but here’s step-by-step tutorial to walk you through it. [Note, in the interest of full disclosure, at this point my C: drive had had BitLocker removed, so I’m not completely sure you can shrink a volume that’s BitLockered]
With a new (non-BitLockered) partition now on my machine (F:) I just copied over the VHD file created previously (and re-BitLockered my C: drive). Via Disk Management it was a simple process to attach the VHD, which then became the G: drive. All that was left was setting up a boot entry for the VHD, which is literally a one-liner:
g:\windows\system32\bcdboot g:\windows
And it was with a sense of cautious optimism that I greeted the following screen after successfully booting into Windows 2008 R2 from a VHD!
