Question on using Bitlocker and VSS with Block-Level backups:
I'm currently using VeraCrypt for encryption of a system drive and a secondary internal drive. When using CBB with a Block-Level backup, I've found it works with the System Drive (C:), but fails on the Secondary (D:) drive because VSS is failing (a known problem with VeraCrypt).
If I upgraded to Win10 Pro and used Bitlocker in a similar setup (System OS and a Secondary Internal Drive encryption) would VSS work with CBB's Block-Level backup?
Is anyone using this setup and can confirm if it works or not?
Thanks for the reply. That's a good blog post for whole drive encryption options and the problems with CCB / Block-Level / VeraCrypt.
Out of the VeraCrypt use-cases listed, this one applies to my secondary internal drive: "Encrypt a non/system partition/drive, standard VeraCrypt volume > file backup of the mounted encrypted volume, do not use block-level (do not force VSS)"
EXPERIENCE: When attempting Block-Level backups with this configuration the non/system drive created VSS event ID 12293 errors. It also created NTFS errors ID 3221487753 (but I believe that's only a side-effect since chkdsk reports no errors and the /f option reported no corrections). It was also discovered when deleting shadow copies that none existed on the non/system drive (confirming VSS never completed). Only the encrypted system drive had a shadow copy.
EXPERIENCE: I have also tested and confirmed that a VeraCrypt encrypted system drive does work with Block-Level and VSS. Just don't configure the backup to touch the non/system drive or VSS fails.
QUESTION:
The blog however doesn't seem to answer the original question asked about Bitlocker (or does it?):
Will CBB Block-Level backups (and VSS) work on a PC configured with both an encrypted system drive AND an encrypted (non-system) secondary internal drive using Bitlocker?
Has Cloudberry ever tested that setup? Can anyone in the forums confirm that this setup works for them?
I'm trying to avoid spending time and money reconfiguring a working system to use Bitlocker and then discovering that CBB doesn't support this configuration either.
I'd be thankful to learn of anyone's experience with this,
TWolf
Thank you for sharing your experience. Regarding backups of Veracrypt encrypted drives the situations described in blog post David sent were tested by our QA but in any case we advise to test those setups before putting them in the production.
Speaking about bitlocker encrypted volumes let me provide you examples on how our software works with such volumes.
For file backup when you need to back up a BitLocker-encrypted disk volume, you first need to unlock a BitLocker-encrypted drive to be able to back it up. BitLocker encryption is not preserved when backing up individual files and folders.
For Image Based Backup, the Backup Wizard provides the "Keep BitLocker" option:
- When this option is enabled, the drive is backed up as is, with BitLocker encryption preserved. As a result, you will not be able to restore individual files from an encrypted volume afterwards. BitLocker encryption will be preserved for a disk image restored from such a backup.
- When this option is disabled, the backup service will decrypt the volume contents during the backup processing. A disk volume copy restored from this backup will not be encrypted as a result. This enables you to restore individual files from an unencrypted image-based backup.
If you have any further or additional questions please let us know.