After changing the SQL Server the MECM integrated Bitlocker won't show any recovery key in the Helpdesk Portal

[FSiglmueller]

Hi All !

I have migrated my SQL DB to another Server.
After that move the MECM Bitlocker Helpdesk Portal (Webportal) shows no recovery key for any system.

When I have a look to the database, there are all entries inside (encrypted). How can I go on to get it working with the helpdesk Portal ?
I urgently need the keys, because at the moment I am not able to solve any bitlocker issues for my systems.

The whole MECM environment is in HTTPS mode only (if this is helpful).

Any help is appreciated.

Thanks in advance.

 

 

[anyweb]

have you tried to reinstall the helpdesk webportal as it's more than likely still tied to your original SQL server setup, here's the command line I used in my labs

.\MBAMWebSiteInstaller.ps1 -SqlServerName cm01.windowsnoob.lab.local -SqlInstanceName MSSQLSERVER -SqlDatabaseName CM_P01 -ReportWebServiceUrl http://cm01.windowsnoob.lab.local/Reportserver -HelpdeskUsersGroupName "windowsnoob\MBAM_HD" -HelpdeskAdminsGroupName "windowsnoob\MBAM_HD_Adv" -MbamReportUsersGroupName "windowsnoob\MBAM_HD_Report" -SiteInstall Both

that would be the first thing i'd do, uninstall your current help desk (as you've moved SQL) and then reinstall the helpdesk portal pointing to the new SQL server

[FSiglmueller]

Hi !

OK, I tried the reinstallation, but the error still exist afterwards:

 

Any ideas how to fix this ?

Thanks in advance.

Kind Regards

Flo
 

[anyweb]

did you get any errors when you installed the helpdesk using the powershell script ? are your helpdesk users that you use to retrieve keys correctly setup ?

[FSiglmueller]

Hi !

I didn't get any errors during the helpdesk installation. The powershell script went flawlessly.
What do you mean with:

- are your helpdesk users that you use to retrieve keys correctly setup ?

All our groups exist in the AD.

Thanks in advance.

Kind regards

 

[anyweb]

i mean are the users you are using to login to the helpdesk in the appropriate active directory groups specified in the powershell arguments

 

[FSiglmueller]

Hi !

Yes, all the Users are in the appropriate AD groups. No User groups were changed. That means the Users are the same  like before the SQL Server move.

Kind regards 

[FSiglmueller]

Hi All !

Today I checked it and found out, that the keys were not uploaded to the MECM database.
But I don't no why. First I checked the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" for the EnableEncryptionKey (without the XTS) but we only have there the keys for the XTS.

Any ideas whats going on here ?

 

Thanks in advance.

Kind Regards

[anyweb]

start by looking at my guide for troubleshooting on the client, does it look like you are missing something ?

 

 

[FSiglmueller]

Hi ! 
 

No, ist doesn‘t Look like there is something missing. I checkend everything, but it does not upload the keys.

Any ideas ?

 

Thanks in advance 

[anyweb]

did you verify your registry settings, is it pointing to the correct recovery service there ?

if you have teamviewer i could remote in and take a look or Microsoft Quick Assist

[FSiglmueller]

Hi ! 
the registry is pointing to the correct endpoint.

It would be great if you can remote assist. When does it fit for you ? Today evening (german time - 8.30pm) ?

 

Thanks in advance 

[anyweb]

yeah that sounds good ping me then (pm)

[madj42]

So I ran into this and wanted to post the solution for others:

https://www.sqlservercentral.com/articles/database-master-key-error-after-database-restore

It all boils down to the new server not having the same key as the old server and you need to replace it with the new one.  I randomly stumbled across this.