MBAM Client Not Launching Automatically RRS feed

  • Question

  • Hello -

    I have configured MDOP MBAM GPO's and have deployed the MBAM client via SCCM.
    I can confirm the MBAM client pushes successfully and the BitLocker Client Management service starts up on the clients.

    The MBAM event log on the clients shows that polices are successfully applied and if I manually run the MBAMClientUI executable, the drive begins to encrypt as per my GPO settings, with a 0 day grace period.

    My problem is that I'm having to manually run the MBAMClientUI in order for the drive to encrypt. 

    Once the drive encrypts after manually running MBAMClientUI, I can confirm the machine is reporting properly because when booting to a USB drive, I'm prompted for the recovery key which I'm able to obtain from the MBAM HelpDesk DriveRecovery portal. I'm able to successfully recover with the key provided by the portal, so I know the MBAM server services are working and reachable as the client is reporting to the MBAM server.

    Any suggestions?

    • Edited by pschubitzke Friday, August 31, 2018 6:48 PM
    Friday, August 31, 2018 6:41 PM

All replies

  • It might be, that you are missing some setting in GPO, but I cannot tell you which is it. The scenario you discrabed, is not how the mbam agent should work, so something is wrong. Try to copy your GPO settings here as text... or publish the html report in OneDrive...

    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Wednesday, September 5, 2018 7:16 AM
  • Did you ever find a solution for that?

    We are facing the same issue right now. For me it seems, that only newer Windows 10 versions are affected by not automatically starting disk encryption, when using MBAM.

    Thursday, October 10, 2019 1:53 PM
  • Hi,

    actually I have run in to same issue with MBAM agent. I have found this information:

    "By design the Microsoft BitLocker Administration and Monitoring (MBAM) client waits a random period of time between one and 90 minutes when its service starts, before prompting users to encrypt. This is done to avoid any mass hit on the MBAM server infrastructure for new deployments."

    and registry tweak for autostart.

    1. Start the registry editor (regedit.exe)


    3. Select New - DWORD value

    4. Enter a name of NoStartupDelay

    5. Double-click the new value and set the data to 1 and click OK

    6. Close the registry editor

    Restart the MBAM client service for the change to take effect.

    But its not working for me.


    Friday, February 7, 2020 1:13 PM