locked
MBAM 2.5 HelpDesk cannot loggin RRS feed

  • Question

  • hello

    I installed  MBAM 2.5 on production with 2 Servers (1 IIS , 1 SQL).

    groups are correct in the wizard, I run the SPN, I am using HTTPS certificate for the name of the web portal with an alias (not the server name)

    the PC already report and its key is stored in the DB, I access SelfService but I can not enter HelpDesk after asking me authentication credentials.
    Monday, January 19, 2015 11:46 PM

Answers

  • Do you see any errors in Event Viewer / Applications? There might be some IIS authorization errors. If so, paste them here.
    Tuesday, January 27, 2015 9:50 PM
  • We need to check the logs of the administration service for the IIS and for this we need to get the logs of MBAM 2.5. if you can not share it, open a support case with Microsoft CSS.

    Mayank Sharma Support Engineer at Microsoft working in Enterprise Platform Support.

    Wednesday, January 28, 2015 1:20 PM

All replies

  • Is your account member of Helpdesk and Advanced Helpdesk groups? If yes, another option is that you set SPN incorrectly. If so, please type and paste result here of setspn -L DOMAIN\MBAMIISAccount -command.
    Wednesday, January 21, 2015 6:45 AM
  • My Server name is:

    mxqrblk

    My alis for MBAM Portal is:

    bitlocker.mx.local

    my account Pool is MXBLOAPPPOOL

    SETSPN -L MX\MXBLOAPPPOOL

    http/mxqrblk

    http/mxqrblk.mx.local

    http/bitlocker

    HTTP/bitlocker.mx.local

    the account MXBLOAPPPOOL is set to: "Trust this user for delegation any service (Kerberos only)" on AD

    Thursday, January 22, 2015 8:43 PM
  • I suggest you do the fallowing:

    1. Change the delegation settings from ANY SERVICE to the spesific http account.
    2. Add your account to all MBAM AD groups for testing purpose.
    3. Delete SPNs for:

    http/mxqrblk
    http/mxqrblk.mx.local

    Leave SPNs only for dedicated adress HTTP/bitlocker.mx.local and http/bitlocker

    I´m also unsure about SPNs, so it´s your own risk :)

    Friday, January 23, 2015 8:02 AM
  • What account you are using to connect to authentication? it must be a member of helpdesk/advanced helpdesk group.

    Mayank Sharma Support Engineer at Microsoft working in Enterprise Platform Support.

    Monday, January 26, 2015 9:56 AM
  • Yes.

    the user keyrecov are member of Advanced HelpDesk.

    the user keyweb are member of HelpDesk.

    the users cannot logging to HelpDesk after Windows authentication prompt

    im sure because I have images of Setup and Configuration of MBAM installation.

    -other user can loging to SelfService portal but not to HelpDesk portal.

    -the client PC can save key recov on MBAM server and are encrypted Partitions

         i make a query on SQL DataBase and I see key recov of client computers

    Monday, January 26, 2015 11:50 PM
  • I deleted SPN  and  only exist:

    http/mxqrblk
    http/mxqrblk.mx.local

    the result is negative, with the same error.

    the process to add account pool to all groups is in process.

    is very complicate because many admitrative Policies on Enterpirse

    Monday, January 26, 2015 11:58 PM
  • Do you see any errors in Event Viewer / Applications? There might be some IIS authorization errors. If so, paste them here.
    Tuesday, January 27, 2015 9:50 PM
  • We need to check the logs of the administration service for the IIS and for this we need to get the logs of MBAM 2.5. if you can not share it, open a support case with Microsoft CSS.

    Mayank Sharma Support Engineer at Microsoft working in Enterprise Platform Support.

    Wednesday, January 28, 2015 1:20 PM
  • Hi! Did you found what was happening by not being able to logon in the portal of helpdesk? Is happening to me the same.
    Friday, August 28, 2020 9:13 PM