Jump to content


prohand

Bitlocker management client internet

Recommended Posts

Hello,

I installed MBAM on my SCCM server without problem.
Everything works properly locally.

I deployed a server in DMZ to be able to manage my clients on the internet.

When I deploy Bitlocker via the local everything works, I have the Bitlocker window that opens to activate it.

When I deploy bitlocker on a computer located on the internet, I have no window that opens and I have this in the logs:

Unable to find suitable Recovery Service MP

I use SCCM 1910

Thanks

Edited by prohand

Share this post


Link to post
Share on other sites

Unable to find suitable Recovery Service MP  usually means that it cannot communicate with the https enabled management point, are you using pki on your clients and sccm server(s) ?

Share this post


Link to post
Share on other sites

ok i missed the 'internet' part, i haven't tested this for IBCM clients yet, have you configured your certs to work with internet based clients ?

Share this post


Link to post
Share on other sites

ok can you please zip up the bitlocker logs in c:\windows\ccm\logs and send them to me or attach them here, i'll ask microsoft to comment

Share this post


Link to post
Share on other sites

I just found this on my server in DMZ:

Maybe it's related

Can I send you the logs in MP?

]LOG]!><time="12:01:22.108-60" date="01-21-2020" component="CertificateMaintenance" context="" type="1" thread="4816" file="Event.cpp:908">
<![LOG[Looking for cert with SHA1 hash 4xxxx in cert store My.]LOG]!><time="12:01:22.265-60" date="01-21-2020" component="CertificateMaintenance" context="" type="1" thread="4816" file="ccmgencert.cpp:1524">
<![LOG[CSP associated with MP Certificate does not support SHA256 signing. Using SHA1 signing]LOG]!><time="12:01:22.280-60" date="01-21-2020" component="CertificateMaintenance" context="" type="2" thread="4816" file="ccmgencert.cpp:5921">
<![LOG[Raising pending event:

instance of CCM_ServiceHost_CertRetrieval_Status
{
	ClientID = "GUID:65xx3-xxxx";
	DateTime = "20200121120122.119000+000";
	HRESULT = "0x00000000";
	ProcessID = 2584;
	ThreadID = 7792;
};
]LOG]!><time="13:01:22.119-60" date="01-21-2020" component="CertificateMaintenance" context="" type="1" thread="7792" file="Event.cpp:908">
<![LOG[Looking for cert with SHA1 hash 4xxxxx in cert store My.]LOG]!><time="13:01:22.275-60" date="01-21-2020" component="CertificateMaintenance" context="" type="1" thread="7792" file="ccmgencert.cpp:1524">
<![LOG[CSP associated with MP Certificate does not support SHA256 signing. Using SHA1 signing]LOG]!><time="13:01:22.307-60" date="01-21-2020" component="CertificateMaintenance" context="" type="2" thread="7792" file="ccmgencert.cpp:5921">
<![LOG[No client certificate was negotiated. Async: 0]LOG]!><time="12:56:06.031-60" date="01-21-2020" component="DeviceCertAuthModule" context="" type="3" thread="6252" file="devicecertauthmodule.cpp:931">
<![LOG[Failing HTTP request with status code 403.7 with HR 0x0 and reason "Client certificate required"]LOG]!><time="12:56:06.031-60" date="01-21-2020" component="DeviceCertAuthModule" context="" type="3" thread="6252" file="devicecertauthmodule.cpp:119">

 

Share this post


Link to post
Share on other sites

that does look related, does it correlate to when the client was communicating with the mp ? if you want to zip logs and email them to me then fine, send them to niall AT windows DASH noob DOT com

Share this post


Link to post
Share on other sites

Hello,

I still have the error cited above in DmpDeviceCertAuthModule.log but this does not correspond to the moment when I evaluate the conformity of bitlocker.

The mpcontrol.log of DMZ server indicates the SSL is enabled.

Have you been able to see my log file?

Thank you

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.