none
MBAM BitLocker Administration and Monitoring: Clients not reporting status.

    Question


  • I am having some issues getting the BitLocker Management Client Service to report into the MBAM Compliance Status Service.
    I have run into the normal issues. Now I am faced with some very strange behaviors and I am hoping someone else has found the solution.  I have the MBAM GPO’s Deployed, and the Client installed.  The system is BitLockered, however they client doesn’t report in.

    On a machine that is reporting successfully there are 2 events:

    • Source:        Microsoft-Windows-MBAM
    • Event ID:      1
    • Description: The MBAM policies were applied successfully. Volume ID:\\?\Volume{Unique ID}\
    • Event ID:      3
    • Description:  The encryption status data was sent successfully.

    Eventually Event 1 is dropped and only Event 3 is listed.  

    The remaining systems are having a different issue.

    • Source:        Microsoft-Windows-MBAM
    • Event ID:      1
    • Description: The MBAM policies were applied successfully. Volume ID:\\?\Volume{Unique ID}\

    This occurs at every scheduled interval and I cannot seem to resolve it consistantly.

    "NoStartupDelay, DeploymentTime, ClientWakeUpFrequency,  and StatusReportingFrequency =1" steps (MBAM Clients Not Reporting) haven't fixed the issue.  There are no additional errors in the event logs so I am at a loss of where to go next?  Here is my This_and_the_Kitchen_Sink script.  Is there something else I could be missing.  ~450 are working fine, the remaining 3000+ systems won't show up.

    1. NET STOP "BitLocker Management Client Service"
    2. REG ADD "HKLM\SOFTWARE\Microsoft\MBAM" /V NoStartupDelay /D 1 /T REG_DWORD /F
    3. REG ADD "HKLM\SOFTWARE\Microsoft\MBAM" /V DeploymentTime /D 1 /T REG_DWORD /F
    4. REG ADD "HKLM\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" /V ClientWakeupFrequency  /D 1 /T REG_DWORD /F
    5. REG ADD "HKLM\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" /V StatusReportingFrequency /D 1 /T REG_DWORD /F
    6. NET START "BitLocker Management Client Service"
    7. REG DELETE "HKLM\SOFTWARE\Microsoft\MBAM" /V NoStartupDelay /F
    8. REG DELETE "HKLM\SOFTWARE\Microsoft\MBAM" /V DeploymentTime /F
    9. REG ADD "HKLM\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" /V ClientWakeupFrequency  /D 180 /T REG_DWORD /F
    10. REG ADD "HKLM\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" /V StatusReportingFrequency /D 180 /T REG_DWORD /F

    Monday, March 05, 2012 2:58 AM

Answers

All replies

  • Hi,

    Is the script written by yourself or download from somewhere else?

    I have a download link for MBAM related document. Hope can help you a little:

    MBAM document resource (http://www.microsoft.com/downloads/details.aspx?FamilyID=A2C39653-C570-417F-82E5-806551FBE97A&displaylang=e&displaylang=en)

    Thanks,

    Spencer Shi


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, March 08, 2012 10:50 AM
  • Heya,

    The script is written by me, but it is a compilation of related posts by many people. 
    I have read through every document in your link, and then some. It seems to be a very common response to all issues posted to the forums.  I was hoping someone might be able to tell me if I was overlooking something obvious.

    Integrating this with SCCM has been a challenge but I have found several other “Undocumented requirements” that really help get this tool working.  I am now at 96% success, but the default installation was inadequate to get to this level of completion. 

    Thursday, March 08, 2012 5:19 PM
  • 1. If I understand this case correctly, you could see the Bitlocker Recovery keys in MBAM Recovery & Hardware DB but compliance status is not in the MBAM compliance DB.

    2. Did you verify from SQL DB that there is no information in SQL DB?

    3. Make sure you have single compliance DB and this information can be verified from SQL Management studio. If you have done reinstall of MBAM%


    Manoj Sehgal

    Wednesday, March 14, 2012 9:14 AM
  • 1. If I understand this case correctly, you could see the Bitlocker Recovery keys in MBAM Recovery & Hardware DB but compliance status is not in the MBAM compliance DB.

    2. Did you verify from SQL DB that there is no information in SQL DB?


    3. Make sure you have single compliance DB and this information can be verified from SQL Management studio. If you have done reinstall of MBAM, verify in MaltaDatasource correct DataSource is used.

    http://support.microsoft.com/kb/2639518

    For MBAM integration with SCCM we have released the below blog.
    http://blogs.technet.com/b/deploymentguys/archive/2012/02/20/using-mbam-to-start-bitlocker-encryption-in-a-task-sequence.aspx

    Let me know if this helps or not.

    -Manoj


    Manoj Sehgal

    Wednesday, March 14, 2012 9:15 AM
  • hi guys

    I have the same issue whereby i have configured a MBAM single server in the test environment and installed the MBAM client on a test encrypted laptop. i have followed the steps above and i still can't see my client on the MBAM server.

    When i check the logs on my test client laptop, i get the following" The MBAM policies were applied successfully"

    I already have Bitlocker AD managed setup and i am planning on migrating to MBAM, please can anyone assist not sure what else to do.

    thanks

    Thursday, March 13, 2014 11:46 AM