Fix the VeraCrypt "Automatic Repair" issue on Windows
VeraCrypt is a popular open source encryption tool that may be used to encrypt files, create encrypted containers, encrypt entire hard drives and partitions, and even the system partition. Encryption of the system partition adds a bootloader to the system which loads VeraCrypt on system start. You enter the password, and if configured the PIM, and the system boots if the authentication is correct.
Windows may interfere with the setup as it may add a bootloader of its own to the system which is then used by the device instead of the VeraCrypt bootloader; this is a problem if the system partition is encrypted. Windows' bootloader cannot find any files and loads repair options as a consequence.
Repairs are unsuccessful as no data can be read, and you end up with the automatic repair message "Automatic Repair couldn't repair your PC". Restarting does not address the issue as the system is caught in the bootloop. The same process happens over and over again.
Advice: to avoid the automatic changing of boot information on Windows devices, set a password in the UEFI interface. Windows cannot manipulate the data anymore once you have set a password so that the issue does not happen again.
You may have options to bypass the issue temporarily. If the motherboard includes options to select the bootloader, you may use it to pick the VeraCrypt bootloader; this is not the case for all systems, however. You may also select Advanced Options > Use a device > Veracrypt Bootloader in the Automatic Repair interface to start the system again using the correct bootloader. Type your password and PIM, and the system should boot normally.
Repairing the Automatic Repair issue
You may be able to repair the issue. Basically, what you need to do is "tell" the system to use the VeraCrypt Bootloader on system start. A program like Bootice may assist you. It is a free program that displays UEFI boot entries and gives you some options when it comes to these.
Download the program from this site and extract it after you have done so. Run the application, allow the elevation, and then go to UEFI > Edit boot entries.
All you need to do is move the VeraCrypt Bootloader to the top. Select the bootloader entry and use the "up" button to move it there. Leave everything as is and select close. Exit the application and restart Windows.
If everything worked, you should see the VeraCrypt password prompt on boot. The bootmanager is used from that moment on again. Note that you may still want to set a password to avoid running in the same issue again in the future.
Again Martin Brinkmann, strikes again.
What a great article Martin.
Up to now I never thought to search for the boot options in Windows as a repair option.
A really great referral also to iPauly his: BOOTICE 64-Bit 1.3.3.2 what is (according to iPauly) a handy portable tool that enables users to backup, modify, and manipulate a partition MBR (Master Boot Record) or PBR (Partition Boot Record).
“Download the program from this site and extract it after you have done so. Run the application, allow the elevation, and then go to UEFI > Edit boot entries.”
Using your bricked device?
Seems like this is an issue VeraCrypt should address, with MS input, of course. AV’s and other programs with low level access occasionally have similar issues that they fix.
OTOH, Windows, Win 11 in particular, has become big on security, whatever that means. Pragmatically, it means Windows is more unpredictable than ever, soon it will consider itself a security risk.
Yes, on the device that you experience the issue on. I experienced this on two systems so far, and both could be booted by selecting the VeraCrypt bootloader.
Really timely – I just dealt with this last week. Great info here – thanks Martin.
I’m a little confused about BootIce.
It appears to be a Chinese app, and the copyright holder’s website (www.ipauly.com) does *not* appear to be accessible to the public (“403 Forbidden. You don’t have permission to access / on this server.”).
The file linked to in this article (hosted at MajorGeeks) is file version 2015.2.16.0 and product version 1.3.3.2, but file version 2016.6.17.0 and product version 1.3.4.0 can be found at other download sites (for example, Softpedia and FileCroco).
Is there a reason to prefer the older version?
I don’t think the hosting sites for the newer version identify the author, and you have to find that information in Properties > Details, once you’ve downloaded the file. The file linked to from FileCroco actually downloads from usbdev.ru, a Russian site I’d never heard of before.
I don’t have a blanket aversion to Chinese apps or Russian sites per se — Ventoy is Chinese, open-source, and pretty cool — but I *definitely* hear a lot less word of mouth about their trustworthiness compared to their Western counterparts.
Is the newer version of BootIce possibly counterfeit or hacked? Or does the older version just happen to be the first hit for BootIce in Google Search?