none
MBAM BitLocker Administration and Monitoring Reports: Cannot access MBAM reports from outside of MBAM report server RRS feed

  • Question

  •  

    *modified original post to update this issue, issue 1 of 2 has been resolved, so I removed it from the post*

     

    We are able to access all reporting features when logged in directly to the sever, however when trying to access the reports URL from another computer it constantly prompts for username/password and does not allow access. BitLocker Client Management services are running on the machines that are in my trial run, GPO has pushed the settings, all have been verified and reports are working and recieving data, just cannot access the reports from outside of the server.

    I have created the below security groups in Active Directory and added them as recommended to the corresponding local groups on the reporting server(s), but still getting a password prompt when trying to access the report section of the reports url (from another computer): http://<servername:port>/Reports.aspx

    MBAM Advanced Helpdesk User
    MBAM Hardware Users
    MBAM Helpdesk Users
    MBAM Report Users
    MBAM System Administrators

    Below is a screenshot of the local MBAM Report Users group on the reporting server:

     

    The issue appears to be with IIS and accessing the reports services. I've followed the setup of local security groups and Active Directory security groups, going to rebuild that piece again.

    If I authenticate as the local administrator on the server, all reports work fine

     


    Wednesday, August 31, 2011 4:25 PM

All replies

  • - Update

    Enterprise Compliance Report now seems to be working, all 3 systems that I'm testing with are now reporting on it.
    Still having an issue with access the reports page when accessing thr url without being physically logged on to the Admin/Monitoring server.

    Wednesday, August 31, 2011 8:28 PM
  • Hi,

    Please add the user ID to MBAM Report Users group.

    MBAM Report Users have access to the Compliance and Audit reports from BitLocker Administration and Monitoring. The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Reports Server, and Compliance Status Database Server.

    Also check Bitlocker Management Client Service is automatic started.

    Enable the reporting URL and MBAM backend services on GPO, the backend URL is:

    http://mbam01:8080/MBAMRecoveryAndHardwareService/CoreService.svc

     

    And Report services is:

    http://mbam01:8080/MBAMComplianceStatusService/StatusReportingService.svc

     

    More detail you can refer this article:

    MBAM Step by Step ( BitLocker Administration and Monitoring )

    http://ahmedhusseinonline.com/2011/07/mbam-step-by-step-bitlocker-administration-and-monitoring/

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope that helps.

     

    Regards,

    Leo   Huang

     

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, September 1, 2011 9:44 AM
    Moderator
  • Thanks for the help.

    We are able to access all reporting features when logged in directly to the sever, however when trying to access the reports URL from another computer it constantly prompts for username/password and does not allow access. BitLocker Client Management services are running on the machines that are in my trial run, GPO has pushed the settings, all have been verified and reports are working and recieving data, just cannot access the reports from outside of the server.

    I have created the below security groups in Active Directory and added them as recommended to the corresponding local groups on the reporting server(s), but still getting a password prompt when trying to access the report section of the reports url (from another computer): http://<servername:port>/Reports.aspx

    MBAM Advanced Helpdesk User
    MBAM Hardware Users
    MBAM Helpdesk Users
    MBAM Report Users
    MBAM System Administrators

    Below is a screenshot of the local MBAM Report Users group on the reporting server:

     

    Thanks for the link, I have looked over that page previously and unfortunately it doesn't go into much detail regarding accessing the reports and security setup.

    Thursday, September 1, 2011 12:47 PM
  • Hi,

     

    Please try to follow steps below to create a new registry key on MBAM Server where you have MBAM Administration and Monitoring Server role installed.

    WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
    For information about how to back up, restore, and edit the registry, click the following article:

    Description of the Microsoft Windows Registry
    http://support.microsoft.com/kb/256986/EN-US
    ===================================
    a. Start Registry Editor.
    b. Navigate to following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft
    c. On the Edit menu, click New -> Key, and add the following registry key value:
    MBAM
    d. Under the newly created registry key name, on the Edit menu, click New -> DWORD (32-bit) Value and name it as:
    DisableMachineVerification
    e. Set the value to 1.
    f. Exit Registry Editor.

    After you make these changes, you must restart the MBAM server for the modifications to take effect.

    Note: The above registry key has nothing to do with hardware compatibility checking on the server and hardware compatibility check functionality still works as designed.

    MORE INFORMATION

    For further information on MBAM and how it can help your environment, please consult the following documentation.

    Planning Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285653.aspx  

    Deployment Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285644.aspx  

    Operations Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285664.aspx  

    Troubleshooting MBAM: http://onlinehelp.microsoft.com/en-us/mdop/hh352745.aspx  

     

    Best regards,
    Spencer Shi

     

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, September 6, 2011 8:02 AM
  • Thanks for the reply, the steps you've mentioned have already been done and as mentioned reporting is working fine on the server itself. All pc's that have been setup are reporting in.

    The problem I am having is accessing the report pages from outside of the server. The post above yours has more detail.

     

    Thanks!

    Tuesday, September 6, 2011 1:05 PM
  • Nobody has any ideas?
    Tuesday, September 13, 2011 1:49 PM
  • Hi, how did you get the reports to be visible when logged on to the MBAM server ? When I try I get prompted by the database server for username and password.

     

    Thanks

    Tuesday, October 4, 2011 8:15 AM
  • Hi MiracaLS-Jon,

    I guess you won't have a look at this topic again after a year, but probably it may help someone else. 

    I faced the same problem. I could only access the MBAM Reports directly on the MBAM Server, but was able to see all other things on the webinterface from any pc. 

    This was caused by the database user rights. Only the Admin was able to access the report data base. Since I don't know that much about SQL, I just typed in the user name and password into the maltaDataSource configuration - and I could access the reporting from any pc again.

    Simply go http://Bitlockerserver/Reports/Pages/DataSource.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fMaltaDataSource which is part of the SQL Reporting Services on your SQL server (http://Bitlockerserver/Reports/Pages/Folder.aspx). 

    Then checkmark "Login Information that has been saved on the Report server" and type in the credentials that are allowed to access the SQL report database (Which was in my case the domain admin). Make sure also to check the next checkmark that's called something like "Use Windows Login Information when connecting to the data source".

    After that, everything was working smooth.

    I hope I could help someone ;)

    best regards.

    • Proposed as answer by Gaurav_Ranjan Saturday, June 30, 2012 6:55 AM
    Wednesday, June 13, 2012 12:20 PM