MBAM 2.5 HelpDesk cannot loggin

All replies

• 

  

  0

  Sign in to vote

  Is your account member of Helpdesk and Advanced Helpdesk groups? If yes, another option is that you set SPN incorrectly. If so, please type and paste result here of setspn -L DOMAIN\MBAMIISAccount -command.

  Wednesday, January 21, 2015 6:45 AM
• 

  

  0

  Sign in to vote

  My Server name is:

  mxqrblk

  My alis for MBAM Portal is:

  bitlocker.mx.local

  my account Pool is MXBLOAPPPOOL

  SETSPN -L MX\MXBLOAPPPOOL

  http/mxqrblk

  http/mxqrblk.mx.local

  http/bitlocker

  HTTP/bitlocker.mx.local

  the account MXBLOAPPPOOL is set to: "Trust this user for delegation any service (Kerberos only)" on AD

  Thursday, January 22, 2015 8:43 PM
• 

  

  0

  Sign in to vote

  I suggest you do the fallowing:

  1. Change the delegation settings from ANY SERVICE to the spesific http account.
  2. Add your account to all MBAM AD groups for testing purpose.
  3. Delete SPNs for:

  http/mxqrblk
  http/mxqrblk.mx.local

  Leave SPNs only for dedicated adress HTTP/bitlocker.mx.local and http/bitlocker

  I´m also unsure about SPNs, so it´s your own risk :)

  Friday, January 23, 2015 8:02 AM
• 

  

  0

  Sign in to vote

  What account you are using to connect to authentication? it must be a member of helpdesk/advanced helpdesk group.

  ---

  Mayank Sharma Support Engineer at Microsoft working in Enterprise Platform Support.

  Monday, January 26, 2015 9:56 AM
• 

  

  0

  Sign in to vote

  Yes.

  the user keyrecov are member of Advanced HelpDesk.

  the user keyweb are member of HelpDesk.

  the users cannot logging to HelpDesk after Windows authentication prompt

  im sure because I have images of Setup and Configuration of MBAM installation.

  -other user can loging to SelfService portal but not to HelpDesk portal.

  -the client PC can save key recov on MBAM server and are encrypted Partitions

       i make a query on SQL DataBase and I see key recov of client computers

  Monday, January 26, 2015 11:50 PM
• 

  

  0

  Sign in to vote

  I deleted SPN  and  only exist:

  http/mxqrblk
  http/mxqrblk.mx.local

  the result is negative, with the same error.

  the process to add account pool to all groups is in process.

  is very complicate because many admitrative Policies on Enterpirse

  Monday, January 26, 2015 11:58 PM
• 

  

  0

  Sign in to vote

  Do you see any errors in Event Viewer / Applications? There might be some IIS authorization errors. If so, paste them here.

  • Marked as answer by Brandon RecordsModerator Monday, February 9, 2015 5:53 PM

  Tuesday, January 27, 2015 9:50 PM
• 

  

  0

  Sign in to vote

  We need to check the logs of the administration service for the IIS and for this we need to get the logs of MBAM 2.5. if you can not share it, open a support case with Microsoft CSS.

  ---

  Mayank Sharma Support Engineer at Microsoft working in Enterprise Platform Support.

  • Marked as answer by Brandon RecordsModerator Monday, February 9, 2015 5:53 PM

  Wednesday, January 28, 2015 1:20 PM
• 

  

  0

  Sign in to vote

  Hi! Did you found what was happening by not being able to logon in the portal of helpdesk? Is happening to me the same.

  Friday, August 28, 2020 9:13 PM