none
MBAM Client Event Log Error Messages RRS feed

  • Question

  • I am testing MBAM in a lab environment utilizing the 1 server setup. I was able to encrypt a PC successfully but it took aproximately 6hrs before it initiated the encryption process. Before this I tried gpupdate /force but it did not do anything. Below are the error messages and successful messages from the client's MBAM event log entries. I am hoping someone may be able to point me in the correct direction to possible causes of these issues. Thank you.

     

    And another error:

    Log Name:      Microsoft-Windows-MBAM/Admin
    Source:        Microsoft-Windows-MBAM
    Date:          8/15/2011 8:46:52 PM
    Event ID:      4
    Task Category: None
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      mbam-client.mokfarg.orc
    Description:
    An error occurred while sending encryption status data.

    Error code:
    0x803d0005

    Details:
    Access was denied by the remote endpoint.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
        <EventID>4</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2011-08-16T00:46:52.242298700Z" />
        <EventRecordID>10</EventRecordID>
        <Correlation />
        <Execution ProcessID="1432" ThreadID="2484" />
        <Channel>Microsoft-Windows-MBAM/Admin</Channel>
        <Computer>mbam-client.mokfarg.orc</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="ErrorCode">0x803d0005</Data>
        <Data Name="ErrorString">Access was denied by the remote endpoint.
    </Data>
      </EventData>
    </Event>

    Successful Messages on Client:

     

    Log Name:      Microsoft-Windows-MBAM/Operational
    Source:        Microsoft-Windows-MBAM
    Date:          8/15/2011 8:45:48 PM
    Event ID:      1
    Task Category: None
    Level:         Information
    Keywords:     
    User:          SYSTEM
    Computer:      mbam-client.mokfarg.orc
    Description:
    The MBAM policies were applied sucessfully.
    Volume ID:\\?\Volume{fff8b6c5-c6d8-11e0-a6c4-806e6f6e6963}\
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
        <EventID>1</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x4000000000000000</Keywords>
        <TimeCreated SystemTime="2011-08-16T00:45:48.598828000Z" />
        <EventRecordID>15</EventRecordID>
        <Correlation />
        <Execution ProcessID="1432" ThreadID="1488" />
        <Channel>Microsoft-Windows-MBAM/Operational</Channel>
        <Computer>mbam-client.mokfarg.orc</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="VolumeId">\\?\Volume{fff8b6c5-c6d8-11e0-a6c4-806e6f6e6963}\</Data>
      </EventData>
    </Event>

    Log Name:      Microsoft-Windows-MBAM/Operational
    Source:        Microsoft-Windows-MBAM
    Date:          8/15/2011 6:13:07 AM
    Event ID:      3
    Task Category: None
    Level:         Information
    Keywords:     
    User:          SYSTEM
    Computer:      mbam-client.mokfarg.orc
    Description:
    The encryption status data was sent successfully.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
        <EventID>3</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x4000000000000000</Keywords>
        <TimeCreated SystemTime="2011-08-15T10:13:07.160307800Z" />
        <EventRecordID>13</EventRecordID>
        <Correlation />
        <Execution ProcessID="1428" ThreadID="956" />
        <Channel>Microsoft-Windows-MBAM/Operational</Channel>
        <Computer>mbam-client.mokfarg.orc</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
      </EventData>
    </Event>

     

    Log Name:      Microsoft-Windows-MBAM/Operational
    Source:        Microsoft-Windows-MBAM
    Date:          8/15/2011 4:03:03 AM
    Event ID:      19
    Task Category: None
    Level:         Information
    Keywords:     
    User:          SYSTEM
    Computer:      mbam-client.mokfarg.orc
    Description:
    Successfully connected to the MBAM Recovery and Hardware service.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
        <EventID>19</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x4000000000000000</Keywords>
        <TimeCreated SystemTime="2011-08-15T08:03:03.068328600Z" />
        <EventRecordID>10</EventRecordID>
        <Correlation />
        <Execution ProcessID="1428" ThreadID="432" />
        <Channel>Microsoft-Windows-MBAM/Operational</Channel>
        <Computer>mbam-client.mokfarg.orc</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
      </EventData>
    </Event>

    Tuesday, August 16, 2011 1:02 AM

All replies

  • Any suggestions would be appreciated. Thanks!
    Tuesday, August 16, 2011 4:32 PM
  • I am also seeing similar error and for some reason, the system is yet to encrypt the drive after setting up the GP. It's almost 3hrs since I deployed the GP. I have gone through microsoft suggestion to delete the MBAM registry key and restart the MBAM service but nothing as happened.
    Isaac2k2
    Wednesday, August 17, 2011 9:22 AM
  • Hi,

    Thanks for the post!

    I'm trying to involve someone familiar with this topic to further look at this question. There might be some time delay. Appreciate your patience.

    Regards,

    Miya 


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, August 18, 2011 7:45 AM
    Moderator
  • Hi,

     

    Before Microsoft BitLocker Administration and Monitoring (MBAM) can manage clients in the enterprise, we must define Group Policy for the encryption requirements of your environment. Microsoft BitLocker Administration and Monitoring will not work with policies for stand-alone BitLocker drive encryption. Group Policy must be defined for Microsoft BitLocker Administration and Monitoring, or BitLocker encryption and enforcement will fail.

     

    Please refer to the following article to check the Group Policy Requirements, then configure the policy as the article describes to check if the issue could be resolved.

    Planning and Configuring Group Policy for MBAM

    http://onlinehelp.microsoft.com/de-de/mdop/hh285629.aspx

    Deploying MBAM Group Policies

    http://onlinehelp.microsoft.com/pt-br/mdop/hh285640.aspx

     

    If this cannot help, please kindly help collect the System information, System log and Application log to the following Microsoft Workspace that I set up for you so that I can check for more details:

     

    Microsoft Workspace

    ==============
    Please upload the collected files to me via the Workspace I set up for you:

    URL: https://sftus.one.microsoft.com/choosetransfer.aspx?key=7eb82982-8150-4897-8e8b-be94044cc8f4

    Password: IPK[!PGvwCwOD0

     

    Best regards,
    Spencer Shi


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, August 19, 2011 9:58 AM
  • Please try the following steps:

    Add a registry key on MBAM server under HKLM\Software\Microsoft\MBAM

    Dword 32-bit value called DisableMachineVerification and set to 1

     

    http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/22b1d081-9b11-4c08-bb25-4c8cf0960208/

     


    Sumesh P - Microsoft Online Community Support
    Wednesday, August 31, 2011 6:43 AM
    Moderator
  • Add a registry key on MBAM server under HKLM\Software\Microsoft
    Create a new key called MBAM and then create a new Dword 32-bit value called DisableMachineVerification and set to 1
    After you do this, on client restart the MBAM client service and then this issue should be resolved.

    Sumesh P - Microsoft Online Community Support
    • Proposed as answer by Scoobysnax Saturday, December 20, 2014 4:55 PM
    Wednesday, August 31, 2011 6:51 AM
    Moderator
  • Make sure the GPO are configured correctly for MBAM.

    1. Policies for MBAM on client:

    On Windows 7 client open registry

    HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement

    Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1

    2. There is a random delay of up to 90 minutes when MBAM service starts on windows 7 client.

    If you don’t want random delay, then create a dword value “NoStartupDelay” under HKLM\Software\Microsoft\MBAM and set its value to 1.

    3. Restart the MBAM Client Service and then client will talk to server in 1 minute.

    MBAM Logs on client:

    Event Viewer -> Application and Services Logs -> Microsoft ->  Windows -> MBAM

     

     


    Manoj Sehgal
    • Proposed as answer by Richard5474 Monday, September 26, 2011 1:58 PM
    Thursday, September 22, 2011 8:37 PM
  • I'm in the same boat.

    I was getting Endpoint is unreachable.  I added the Registry listed above and restarted without any difference.

    I checked the entries under HKLM\Software\Microsoft\MBAM  and found that the URLs were set for HTTPS.  When I tried to browse

    to https I didn't get a response.  I've change the URL to http:// and now I"m getting "Access was denied by the remote endpoint".

     

    Monday, September 26, 2011 1:58 PM
  •  

    HKLM\Software\Microsoft\MBAM  should not have any URLs to point to end point which is the MBAM server.

    Delete all registry entries under this reg key and just keep installed = 1

    The end point URL are located under:

    HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement

    Make sure the URL which point to endpoint are correct and as specified in the Help information available with the GPO.

     

    Send me client logs at manojsehgal@hotmail.com

     

    Event Viewer -> Application and Services Logs -> Microsoft -> Windows -> MBAM


    Manoj Sehgal
    Wednesday, September 28, 2011 2:33 AM
  • Done all the above Modifications also i am facing Problem and I have installed Server nearly 5 times i getting above Stated Error.

    in Client Meachine unable to Start MBAMCLiient UI manually or Automatically with the given Time Intervel.

    Error:

    An error occurred while sending encryption status data.

    Error code:

    0x803d0005

    Details:

    A message containing a fault was received from the remote endpoint.

    Unable to Connect to  MBAM Recovery and Hardware Service

    Error Code: 0x803d0013

    Details:

    A message containing a fault was received from the remote endpoint.


    Mahipal

    Tuesday, October 23, 2012 3:23 AM
  • When you installed the MBAM server software, did you use the HOST name in the install (it is listed as optional)? If you populate this during the setup, your GPO settings will not work unless it is on a multihomed network. Leave the host name blank and ensure your GPO settings use the Fully Qualified Domain Name (FQDN) ie in the GPO for Client Management, Configure MBAM services instead of http://servername:8001/MBAMRecoveryAndHardwareService/CoreService.svc use http://servername.example.com:8001/MBAMRecoveryAndHardwareService/CoreService.svc do the same for the http://servername.example.com:8001/MBAMComplianceStatusService/StatusReportingService.svc

    Give that a try,

    Dale Parker 



    • Edited by DylanDadCole Thursday, November 8, 2012 11:58 PM
    • Proposed as answer by DylanDadCole Friday, November 9, 2012 12:01 AM
    Thursday, November 8, 2012 11:55 PM
  • MBAM client communicates with the MBAM server and DB through the remote service endpoints. The endpoint for the Recovery and Hardware service is not reachable.Make sure the URL for the service is properly mentioned.

    Try to browse the URL and check is accessibility. If you are copying the URL from the Help section of the GPO, make sure it does not have any spaces in between. accessing it in a browser will not detect the spaces and it will reach the service.

    Just to verify the spaces in between the URL for the Recovery and Hardware service, Open registry editor on the client machine, Browse to the location "HKLM\Microsoft\Policies\Microsoft\FVE\BitlockerManagement" and validate the value for the key "Key Recovery Service Endpoint".


    Gaurav Ranjan

    Friday, November 23, 2012 7:41 AM
  • i'm facing now same problem few years later, and i believe it could be my m3800 dell laptop problem, there is no nic integrated, its a usb nic. did anyone found a solution ? i have got the log and seems pretty much same problem. i have loads different products here where its successfully running with no problems, just this model m3800 dell, only with usb nic. thanks 
    Tuesday, September 20, 2016 12:25 PM
  • Hello Expert, I have bitlocker installed in my drive. But when I connect this drive externally and access I want to see a log in my bitlocker admin console. Any idea how to see such kind of log or report? Many many thanks for your response.
    Tuesday, March 19, 2019 4:30 AM