Jump to content


Recommended Posts

"The BitLocker recovery service requires HTTPS to encrypt the recovery keys across the network from the Configuration Manager client to the management point. Use one of the following options:

Enable the site for enhanced HTTP. This option applies to version 2103 or later.
HTTPS-enable the IIS website on the management point that hosts the recovery service. This option applies to version 2002 or later.
Configure the management point for HTTPS. This option applies to all supported Configuration Manager versions."

https://docs.microsoft.com/en-us/mem/configmgr/protect/plan-design/bitlocker-management#prerequisites

Share this post


Link to post
Share on other sites

I'm guessing the best option is to enable the MP with https. I have an enhanced http enabled site running v2013 and my test clients cannot locate the MP when applying MBAM the policy.

Share this post


Link to post
Share on other sites

Hi

i was wondering if its possible to enable e-http(tick the checkbox) via powershell (sccm module?) and if this could be added to the Unattended install ini file too?

thanks

 

Share this post


Link to post
Share on other sites

I'm not having much luck with enabling BitLocker with SCCM v2103, running in enhanced HTTP mode. I'm able to successfully create and deploy the Bitlocker policy to a few test machines. The MDOP MBAM agent does show up in the control panel, but for some reason, the machines remain non-complaint when the SCCM client runs the evaluation. Some of the MBAM registry keys appear to be present on the machines, but the MDOPBitLockerManagement sub registry key is not present. Under the Event Viewer\Applications and Services\Microsoft\Windows\MBAM\Admin section is giving the same warning message all the way down: Unable to connect to the MBAM Recovery and Hardware service. Error code: -2147028409. 

Lastly, I've gone thru the BitlockerManagementHandler.log file just about line-by-line and I saw nothing that indicates the machine was able to detect my enhanced http Management. I did come across the following error messages in the log file:

Error executing method ProtectKeyWithNumericalPassword. 0x8031005b

Error adding numerical password to OS volume

Unable to initialize volume state. Bitlocker enactment cancelled

Error escrowing keys. 0x8031005b

Am I missing something with my enhanced http setup? It's a pretty straight forward process. Any help would be greatly appreciated! 

Share this post


Link to post
Share on other sites

have you enabled the client management tab settings at all when you configured BitLocker Management ?

Share this post


Link to post
Share on other sites

also the 0x8031005b translates to "

The Group Policy settings for BitLocker startup options are in conflict and cannot be applied. Contact your system administrator for more information.

Source: Windows
-----

 

"

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...