Jump to content


Recommended Posts

yes i'm using a CMG in this lab but i haven't tested Bitlocker Management in that regard and i believe the functionality it just not there yet without a workaround suggested by Marc in another thread.. Here's the requested screenshot.

image.png

Share this post


Link to post
Share on other sites

Marc in another thread ?

 

Thanks for the screenshot - I see that also here assigned management is not filled in or is that just when a client connects to 'Currently intranet' ?

 

But that does not resolve my issue for bitlocker Unable to find suitable Recovery Service MP. Forcing policy non-compliant 

Share this post


Link to post
Share on other sites

Hello i got same problem.

Unable to find suitable Recovery Service MP. Forcing policy non-compliant.

all is in HTTPS. 

And also in my SCCM SQL database there is no recovery keys, although i got VM that is compliant and encrypted.

Anybody help?

Thank you

EDIT:
 
I was able to figure this out but now i have problem with client  that have MBAM agent.
It couldn't send data to SCCM SQL DB.

On workstation event viewer ADMIN log is howing - >
EVENT ID :2 (VolumeEncactmentFailed)

Eror code:
-2143485947

Details:
Access was denied by the remote endpoint

we have multiple domains

Share this post


Link to post
Share on other sites

Hi Suki, thank you, i presume it would as it's the exact same one that's been in use by MBAM for the last number of years, however Windows 7 itself is EOL.

Share this post


Link to post
Share on other sites

Hi Niall,

I followed your guides/videos to migrate from using Bitlocker in a task sequence with keys archived to AD to MEMCM 2002 Bitlocker Management. I'm seeing an issue on machines previously managed where even after decrypting the OS drive and allowing the new policy to dictate the encryption settings those machines still stay at "used space only" encryption. Machines that had never had Bitlocker before use "full volume encryption". I can see the cipher strength has changed to match the new policy and the machines report "compliant". Is there a setting somewhere that I may be missing that forces FVE instead of used space only?

Share this post


Link to post
Share on other sites

On 7/29/2020 at 6:14 PM, MikeMurray said:

Hi Niall,

I followed your guides/videos to migrate from using Bitlocker in a task sequence with keys archived to AD to MEMCM 2002 Bitlocker Management. I'm seeing an issue on machines previously managed where even after decrypting the OS drive and allowing the new policy to dictate the encryption settings those machines still stay at "used space only" encryption. Machines that had never had Bitlocker before use "full volume encryption". I can see the cipher strength has changed to match the new policy and the machines report "compliant". Is there a setting somewhere that I may be missing that forces FVE instead of used space only?

hi Mike

used space only in a task sequence occurs when you have enabled the Pre-Provision BitLocker step and have not configured it (or the enable bitlocker step) to use Full disk encryption

I blogged about that in the following posts, please take a look:

 

if none of this helps then let me know and i'll investigate in my lab

 

Share this post


Link to post
Share on other sites

Excellent guides, thankyou!

So everything went well as far as the migration of MBAM managed machines into SCCM. Registry settings are provided by SCCM, keys are escrowed to SQL, manage-bde is showing TPMandPIN, etc. The only problem I am experiencing is the 'No recovery options available on this PC' error when pressing ESC to get into Bitlocker recovery. I can force Bitlocker recovery fine when using manage-bde ForceRecovery, just don't get the option of recovering if, for instance, someone has forgotten their PIN.

Have you seen this before? Appreciate any suggestions.

Thanks

Andy

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.