Jump to content


ukg_matt

Established Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ukg_matt

  • Rank
    Newbie
  1. I’ve been following the Bitlocker management tutorial here. Apart from the previous MBAM Install error over here, everything has gone as expected, apart from actual device encryption….. I’ve configured everything as per the tutorial, I have a set of devices, I have the configuration base line to deploy the reg keys to force encryption to start, I’ve configured and deployed the policy to the machines. The clients have the MDOP client. If I run “(Get-WmiObject -Class mbam_Volume -Namespace root\microsoft\mbam).ReasonsForNoncompliance” on any of the clients, I get the 3 codes returned, 1, 16 and 3. From here the error codes are as follows : 1 MBAM Policy requires this volume to be encrypted but it is not. 3 MBAM Policy requires this volume use a TPM protector, but it does not. 6 Policy requires minimum cypher strength is XTS-AES-256 bit, actual cypher strength is weaker than that. The policy I configured in SCCM is XTS-AES-256, do I need to do something else? Configure a GPO maybe? I wasn’t sure exactly what other detail to include so feel free to ask me for some logs etc.
  2. scrap that, i re-enabled [Convert]::ToBase64String($bytes) and [Convert]::FromBase64String($encodedCert) and the script is working. My issues were 2 fold, first was that I had to export the Bitlocker Managemanet cert from SQL and import it manually using certlm.msc, the second issue was that I didn't have an SQL Server Identification Cert that was named 'ConfigMgr SQL Server Identification Certificate' so I generated one... Re-ran the script again et voila Thanks again to anyweb and AS-NRY.
  3. Hi Thanks for the tip, AS-NRY, it has moved my install script on somewhat but it still doesn't complete successfully. Get-CertificateFromSqlServer : Unable to export ConfigMgr SQL Server Identification Certificate from *******.***.local At F:\Program Files\Microsoft Configuration Manager\bin\X64\mbamwebsiteinstaller_2.ps1:1171 char:16 + $success = Get-CertificateFromSqlServer $SqlServerName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-CertificateFromSqlServer Install-MBAMWebSites : Failure acquring SQL identity certificate. At F:\Program Files\Microsoft Configuration Manager\bin\X64\mbamwebsiteinstaller_2.ps1:1324 char:5 + Install-MBAMWebSites -SqlServerName $SqlServerName -SqlInstanceNa ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-MBAMWebSites
  4. I have amended the mbaminstaller script with the correct report server URL. Thanks
  5. Hi Nial I've been following your MBAM in SCCM guide from here and we're already converted from HTTP to HTTPS. I needed to encrypt the recovery data so i followed this Microsoft guide. Now I'm attempting to install the MBAM websites with the mbamwebsiteinstaller.ps1 script, and I'm given the following errors.... Unable to find ConfigMgr SQL Server Identification Certificate + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException + PSComputerName : azukssccm.ukg.local Get-CertificateFromSqlServer : Unable to export ConfigMgr SQL Server Identification Certificate: Exception calling "FromBase64String" with "1" argument(s): "Invalid length for a Base-64 char array or string." At F:\Program Files\Microsoft Configuration Manager\bin\X64\mbamwebsiteinstaller.ps1:1171 char:16 + $success = Get-CertificateFromSqlServer $SqlServerName + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-CertificateFromSqlServer Install-MBAMWebSites : Failure acquring SQL identity certificate. At F:\Program Files\Microsoft Configuration Manager\bin\X64\mbamwebsiteinstaller.ps1:1324 char:5 + Install-MBAMWebSites -SqlServerName $SqlServerName -SqlInstanceNa ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-MBAMWebSites Any help would be much appreciated. Thanks
×
×
  • Create New...