Windows Unified Agent 9.1+ and versions below 18.104.22.168
AirWatch has identified a potential issue with BitLocker in AirWatch 9.1 where the recovery password may not be stored in the AirWatch Console under certain conditions. The identified conditions include:
- The device already sent all samples to AirWatch,
- a new recovery key is generated on the device when it is offline and
- the device is booted into BitLocker recovery mode due to a hardware or firmware change on the device.
If all three conditions are met, the device will boot into the recovery mode and the escrowed recovery key will not work. When this issue occurs and the device boots into the BitLocker recovery mode, the device cannot be unlocked using the recovery key and will need additional steps to unlock.
- The device can be restarted and the TPM recovery will unlock the device in certain situations.
- The device can be un-docked and restarted as the docking action is considered to be a hardware change on some systems.
- The user can invoke WinRE and use the instructions at the following link to unlock the device - http://www.dell.com/support/article/us/en/19/SLN285155/how-to-unlock-bitlocker-when-it-stops-accepting-recovery-keys
AirWatch Unified Agent 22.214.171.124
Note: Make sure to enable the Protection Agent Automatic Updates flag.