anyweb

no timeline yet, thanks for the thanks, i still have 2 videos of my Bitlocker Management series to complete, then i'll get to it sorry for the delay but all this takes time

i'd recommend using the install.wim baked into the original media and not 'capture' fat images any more, it's quicker and will save you time and effort in the long run, why are you capturing images now anyway ?

It’s common knowledge, or at least should be, that certifications are the most effective way for IT professionals to climb the career ladder and it’s only getting more important in an increasingly competitive professional marketplace. Similarly, cloud-based technologies are experiencing unparalleled growth and the demand for IT professionals with qualifications in this sector are growing rapidly. Make 2020 your breakthrough year - check out this free upcoming webinar hosted by two Microsoft cloud experts to plan your Azure certification strategy in 2020. The webinar features a full analysis of the Microsoft Azure certification landscape in 2020, giving you the knowledge to properly prepare for a future working with cloud-based workloads. Seasoned veterans Microsoft MVP Andy Syrewicze and Microsoft cloud expert Michael Bender will be hosting the event which includes Azure certification tracks, training and examination costs, learning materials, resources and labs for self-study, how to gain access to FREE Azure resources, and more. Altaro’s webinars are always well attended and one reason for this is the encouragement for attendee participation. Every single question asked is answered and no stone is left unturned by the presenters. They also present the event live twice to allow as many people as possible to have the chance of attending the event and asking their questions in person! For IT professionals in 202, and especially those with a Microsoft ecosystem focus, this event is a must-attend! The webinar will be held on Wednesday February 19, at 3pm CET/6am PST/9am EST and at again 7pm CET/10am PST/1pm EST. I’ll be attending so I’ll see you there! Save your free webinar seat

what does details tell you ?

Thanks for the video you posted on Youtube! I really like that you didn’t edit out your troubleshooting. Seeing you troubleshoot gives the video a higher value then simply showing a 100% working environment! thank you ! 1. it can be completely silent see > 2. MDOP is not a self healing product, but you can use CI/CB's in ConfigMgr to achieve this (via compliance), MDOP offers the helpdesk and self service portals, encryption of the database and traffic between client and the database.

here's how i installed Windows Server 2019 on it in case you are interested https://www.niallbrady.com/2019/02/09/installing-windows-server-2019-on-a-lenovo-p1-for-data-dedup-my-rough-notes/

have you seen these guides, they work 100% for me How can I configure System Center Configuration Manager in HTTPS mode (PKI) - Part 1 How can I configure System Center Configuration Manager in HTTPS mode (PKI) - Part 2

no GPO's needed, can you attach (or email me) the 2 bitlocker related logs in c:\windows\ccm\logs and can you do a teamviewer session so i can take a look ?

i didn't get any log file, try again niall@windows-noob.com

that does look related, does it correlate to when the client was communicating with the mp ? if you want to zip logs and email them to me then fine, send them to niall AT windows DASH noob DOT com

ok can you please zip up the bitlocker logs in c:\windows\ccm\logs and send them to me or attach them here, i'll ask microsoft to comment

Introduction I’ve created a video showing you what you need to know to get Bitlocker Management (formally MBAM) integration working in Microsoft Endpoint Configuration Manager version 1910, please check it out. for more info and links to setting up PKI in your lab and converting Configuration Manager to HTTPS see this blog post. To see the rest of the videos click below: BitLocker management – Part 1 Initial setup BitLocker management – Part 2 Deploy portals BitLocker management – Part 3 Customize portals BitLocker management – Part 4 Force encryption with no user action BitLocker management – Part 5 key rotation BitLocker management – Part 6 Force decryption with no user action BitLocker management – Part 7 Reporting and compliance BitLocker management – Part 8 Migration BitLocker management – Part 9 Group Policy settings BitLocker management – Part 10 Troubleshooting

Introduction In this video I show you what you need to know to get the Bitlocker Management (formally MBAM) web site portals working in Microsoft Endpoint Configuration Manager version 1910, please check it out. To read about the two portals shown above, see the following blog posts: How can you use the Self Service feature when MBAM is integrated within SCCM? How can you use the Help Desk feature when MBAM is integrated within SCCM? To see the rest of the videos click below: BitLocker management – Part 1 Initial setup BitLocker management – Part 2 Deploy portals BitLocker management – Part 3 Customize portals BitLocker management – Part 4 Force encryption with no user action BitLocker management – Part 5 key rotation BitLocker management – Part 6 Force decryption with no user action BitLocker management – Part 7 Reporting and compliance BitLocker management – Part 8 Migration BitLocker management – Part 9 Group Policy settings BitLocker management – Part 10 Troubleshooting

Introduction In this video I show you how to customize the self service portal to suit your organization, and I show you how you can change what a person see’s in the help desk based on which Active Directory Security Group they are a member of (in relation to Bitlocker Management). Take a look ! To see the rest of the videos click below: BitLocker management – Part 1 Initial setup BitLocker management – Part 2 Deploy portals BitLocker management – Part 3 Customize portals BitLocker management – Part 4 Force encryption with no user action BitLocker management – Part 5 key rotation BitLocker management – Part 6 Force decryption with no user action BitLocker management – Part 7 Reporting and compliance BitLocker management – Part 8 Migration BitLocker management – Part 9 Group Policy settings BitLocker management – Part 10 Troubleshooting

Introduction In this video I show you how to enforce encryption with no user interaction using Bitlocker Management in Configuration Manager 1910 (and a compliance baseline containing a configuration item with 2 registry keys). Below are the key path and key names I used in the video: SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement OsEnforcePolicyPeriod= 0 SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement UseOsEnforcePolicy = 1 Recommended reading Link to the GPO setting documentation: https://docs.microsoft.com/en-us/micr… Learn more about Bitlocker Management in Configuration Manager https://www.niallbrady.com/2019/11/13/want-to-learn-about-the-new-bitlocker-management-in-microsoft-endpoint-manager-configuration-manager/ To see the rest of the videos click below: BitLocker management – Part 1 Initial setup BitLocker management – Part 2 Deploy portals BitLocker management – Part 3 Customize portals BitLocker management – Part 4 Force encryption with no user action BitLocker management – Part 5 key rotation BitLocker management – Part 6 Force decryption with no user action BitLocker management – Part 7 Reporting and compliance BitLocker management – Part 8 Migration BitLocker management – Part 9 Group Policy settings BitLocker management – Part 10 Troubleshooting

Introduction In this video I show you how key rotation works when a key has been revealed via the helpdesk using Bitlocker Management integrated as a feature in Microsoft Endpoint Configuration Manager version 1910. To see a list of all the videos in this series click below: BitLocker management – Part 1 Initial setup BitLocker management – Part 2 Deploy portals BitLocker management – Part 3 Customize portals BitLocker management – Part 4 Force encryption with no user action BitLocker management – Part 5 key rotation BitLocker management – Part 6 Force decryption with no user action BitLocker management – Part 7 Reporting and compliance BitLocker management – Part 8 Migration BitLocker management – Part 9 Group Policy settings BitLocker management – Part 10 Troubleshooting Take a look !

Introduction In this video I show you how you can enforce decryption of BitLocker encrypted drives in Microsoft Endpoint Configuration Manager version 1910. It involves the use of a custom Configuration Baseline with a Configuration Item to set a registry key. This is part 6 from a 10 part video series on youtube. BitLocker management – Part 1 Initial setup BitLocker management – Part 2 Deploy portals BitLocker management – Part 3 Customize portals BitLocker management – Part 4 Force encryption with no user action BitLocker management – Part 5 key rotation BitLocker management – Part 6 Force decryption with no user action BitLocker management – Part 7 Reporting and compliance BitLocker management – Part 8 Migration BitLocker management – Part 9 Group Policy settings BitLocker management – Part 10 Troubleshooting Take a look !

Introduction In this video I show you how you use the built in reports from the BitLocker Management feature that was released in Microsoft Endpoint Configuration Manager version 1910. I explain what each of the 5 built in reports offer and take a look at compliance both on the server and on the client including deciphering the statemessage.log. Note: You do not need SSRS to be in HTTPS mode for rendering or using reports about BitLocker Management in Configuration Manager 1910. I also wrote a detailed blog about Bitlocker Management reporting earlier here. This is part 7 from a 10 part video series on youtube. BitLocker management – Part 1 Initial setup BitLocker management – Part 2 Deploy portals BitLocker management – Part 3 Customize portals BitLocker management – Part 4 Force encryption with no user action BitLocker management – Part 5 key rotation BitLocker management – Part 6 Force decryption with no user action BitLocker management – Part 7 Reporting and compliance BitLocker management – Part 8 Migration BitLocker management – Part 9 Group Policy settings BitLocker management – Part 10 Troubleshooting Take a look !

Introduction In this video (linked at the bottom of this post) I show you how you can migrate existing MBAM managed clients to Configuration Manager using the new BitLocker Management feature that was released in Microsoft Endpoint Configuration Manager version 1910. In order for this to work you’ll need an existing MBAM standalone server(s) that is managing one or more clients. The recovery keys (and associated data) will be stored on that MBAM server as defined by the Group Policy settings you’ve configured for MDOP. Before the MBAM Migration scenario The screenshot below shows the MBAM GPO which is linked to the MBAM Clients OU. From there MBAM managed clients get group policy telling them to report to the MBAM server and upload compliance data and recovery keys. The Configuration Manager server is only used at this point to deploy the MBAM client agent to resources in the MBAM Clients collection (which has a membership query to look for resources in the MBAM Clients OU). After the MBAM Migration scenario In the below screenshot you can see the ConfigMgr database on the left, and the MBAM database on the right, the client that was managed by MBAM is now managed by ConfigMgr and the key and it’s associated data is migrated over to ConfigMgr. When you migrate clients from MBAM to Bitlocker Management within Configuration Manager, the recovery key and more data will be migrated and automatically populated in ConfigMgr’s database without you needing to do anything other than pre-configure BitLocker Management policy and target the desired computers to be migrated with that policy. As a rule, keep the settings in the MBAM GPO the same as in your ConfigMgr Bitlocker policy otherwise you may get conflicts and as a result, unexpected results. The following links should help you get MBAM setup in a lab so you can practice the migration yourself. https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/evaluating-mbam-25-in-a-test-environment https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy–admx–templates https://www.microsoft.com/en-us/download/details.aspx?id=55531 also to note that setting up MBAM from scratch is covered in a book i wrote here https://www.niallbrady.com/book/ This is part 8 from a 10 part video series on youtube. BitLocker management – Part 1 Initial setup BitLocker management – Part 2 Deploy portals BitLocker management – Part 3 Customize portals BitLocker management – Part 4 Force encryption with no user action BitLocker management – Part 5 key rotation BitLocker management – Part 6 Force decryption with no user action BitLocker management – Part 7 Reporting and compliance BitLocker management – Part 8 Migration BitLocker management – Part 9 Group Policy settings BitLocker management – Part 10 Troubleshooting Take a look !

ok i missed the 'internet' part, i haven't tested this for IBCM clients yet, have you configured your certs to work with internet based clients ?

thanks for posting the solution to your problem !

well how are you setting it now, can you show your configured settings ?

take a look at this post it should help https://sccmxpert.com/2016/09/09/infoblox-settings-for-uefi-based-os-deployment/

they need to configure infloblox using the IPv4 DHCP options node, something like this

if it's already created then leave it there, it's safe to delete the contents inside as the they will get repopulated (if everything is working correctly)