Jump to content


cfreeman21

MBAM Appears to have Installed but not working

Recommended Posts

Just upgraded to 2203 in my lab to rule out issues with older versions.  The portals appear to install (I can browse to both) I create the Bitlocker Policy and deploy to workstation and they get this error.  I notice there are no events on the server under MBAM-WEB what am I missing?

Server_Error.png

Workstation_Error.png

Share this post


Link to post
Share on other sites

is the client version on the clients the same as the site version ?

Share this post


Link to post
Share on other sites

yeah we can try that tomorrow evening if you want (teams to talk, quickassist to view)

ping me @ niall AT windowsnoob.com

Share this post


Link to post
Share on other sites

are you doing as follows,

  • enabling the feature
  • creating bitlocker management policy
  • testing it

 

or are you doing something differently ?

Share this post


Link to post
Share on other sites

Feature is already on, this attempt I was trying to install portals first this time, but I have been doing policy first testing then portal but no go.  So you want me to try.

  • Enable Feature (Already on)
  • Create Bitlocker Policy and deploy to test workstation
  • Then install portals?

Share this post


Link to post
Share on other sites

you can install the portals as mentioned here (scroll down) and for troubleshooting see this post

 

Share this post


Link to post
Share on other sites

Event just starting with the Bitlocker Policy I still get an error (warning):

**** Warning: The resource file for publisher Microsoft-Windows-MBAM-Web was not found or could not be opened.  resourceFileName: C:\Program Files\Microsoft BitLocker Administration and Monitoring\WindowsPowerShell\Modules\Microsoft.MBAM.Server.Commands\MicrosoftWindowsMbamWeb.dll  **** Warning: Publisher Microsoft-Windows-MBAM-Web resources could not be found or are not accessible to the EventLog service account (NT SERVICE\EventLog).

FYI there is not C:\Program Files\Microsoft Bitlocker Administration and Monitoring\   folder on the server.   The Config Mgr Console is installed on the E:\ Drive (E:\Microsoft Configuration Manager)

Here is the log for the install after adding policy from mpcontrol.log

server3.png

Share this post


Link to post
Share on other sites

sorry i had a long day, can we do a remote session tomorrow, i'm in Sweden so GMT+1

Share this post


Link to post
Share on other sites

well things changed after 2103 i think, and instead of the mdop agent handling communication to the recovery point the cmagent took over, so it could be related to that,

Share this post


Link to post
Share on other sites

On a test machine I did just run the MbamServerSetup.exe which does in fact create the files that ConfigMgr is referencing, but I would assume these files are out dated as they are from MBAM 2.5 SP1.  Thoughts?

 

Server4.png

Share this post


Link to post
Share on other sites

the thing is, i don't think they are needed any more as the recovery is handled by the management point and not by any mbam recovery service (like it used to be)

that would explain why you get an 'warning' in the logs and not an 'error'

 

Share this post


Link to post
Share on other sites

ok does the client have a virtual TPM, and is it enabled ?

what encryption settings have you set in your bitlocker management policy ?

Share this post


Link to post
Share on other sites

eject the ISO in the drive. and see what happens

bitlocker won't encrypt if there is a CD present...

Share this post


Link to post
Share on other sites

well you didn't get that prompt before so i think that's a step forward,

how have you configured this ?

 

image.png

To force encryption without intervention you must set the Encryption Policy Enforcement Settings to Enabled and set the non compliance grace period (days) to 0 if you want it to start as soon as possible

Share this post


Link to post
Share on other sites

I have the same settings that you have here and I was actually getting that prompt before removing the ISO.  😞

Almost feels like you needed to have Bitlocker MBAM in place pre-2103 to get this functioning.

Share this post


Link to post
Share on other sites

there must be something missing, how are you connecting to the VM exactly ? are you RDP'ing to it (don't do that) or connecting to it from within the hyperv host

secondly, have you tried creating a brand new vm with a virtual TPM (and no iso mounted) to see does it behave differently

and lastly, don't use the section highlighted here (set it to disabled), this is for pre-Windows 10 operating systems...

image.png

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...