Windows 10 Update 1511 fails with DiskCryptor whole disk encryption
This appears to be a problem with Full Disk Encryption software generally (with the presumable exception of MS's own BitLocker). From the VeraCrypt coordinator himself:
Windows 10 version 1511, build 10586 update fail
TrueCrypt would have had the same problem. It is this specific Windows update that seems to disable filter drivers used for on the fly encryption and if Windows was encrypted using TrueCrypt, it would have failed too. There is nothing magical in TrueCrypt driver that would have prevented this.
Microsoft is doing something nasty in the update installer. VeraCrypt driver is working as expected but this installer clearly blocks it during the process of updating the system. By doing this, Microsoft is breaking FDE software other than Bitlocker and Microsoft partners ones.
What is the best way to report this to Microsoft? Obviously, on VeraCrypt, we are lacking man power to investigate further such deep kernel blocking by the update installer.
The workaround is described in a separate forum post:
You must decrypt the system encryption before performing any OS upgrades.
Also, Windows 10 November update requires decrypting the OS in order to apply the Windows 10 1511 update. Normally this is not necessary.
NOTE: Dismount and disconnect any external encrypted volumes attached to your PC before you begin the OS upgrade. I have seen users complain in the past that the Windows OS upgrade sees the encrypted drive/partition as RAW format and Windows tries to be too helpful by automatically quick formatting the partition and assigning a drive letter to make it usable by Windows.
UPDATE: Just to close the loop, I performed the following steps with no ill effects. As always, backup first!! I did not need my backup, but I can't guarantee you won't need yours ;).
- De-crypt the system drive (most likely C:)
- I have a secondary hard drive (D:)
- This D: drive was also encrypted
- I did not de-crypt my D: drive
- Apply the Windows update
- The DiskCryptor bootloader still prompted me for a password at each reboot
- I just pressed [Enter] without any password and the machine booted
- Re-encrypt the system drive
Quick note about the encrypted D: drive (secondary drive):
Be very careful when Windows 10 boots up and the C: drive is still un-encrypted. The D: drive does not get auto-mounted at startup in this scenario. If you double-click on the D: drive, Windows will not recognize it and offer to format it for you. To mount the drive, you need to open DiskCryptor, choose the D: drive, click on [Mount], and enter the password.
Windows did not automatically format my secondary drive, but it would have been very easy for me to do it accidentally. Proceed with care!