Users cannot retrieve BitLocker Recovery key using MBAM 2.0 Self Service Portal
This article provides a solution to an error that occurs when you try to open MBAM 2.0 Self Service Portal web page to retrieve BitLocker Recovery Key.
Applies to: Windows Server 2012 R2
Original KB number: 2870849
Symptoms
If a user attempts to open MBAM 2.0 Self Service Portal web page to retrieve BitLocker Recovery Key, the web page may fail to open. Additionally, you may receive the following error message:
There was error contacting the MBAM database. Please try again later.
Cause
This problem can occur for two possible reasons:
Windows Firewall is blocking the traffic from machine to SQL Server.
You will also see the below error message in the application logs where SSP feature is installed.
Exception message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
User Support Service web.config file does not have connection string information.
Resolution
To resolve this problem, do the following:
For Windows Firewall issue:
Open firewall ports for SQL Server. By default SQL uses port 1433 if you have configured SQL with a default instance.
Configuring the Windows Firewall to Allow SQL Server Access
For User Support Service web.config file issue, follow the steps:
Connect to Server where MBAM 2.0 Self Service Portal feature is installed.
Open Windows Explorer and browse to c:\inetpub\MicrosoftBitLockerManagementSolution\UserSupportService directory.
Make a copy of web.config file.
Edit the web.config file and make sure the connection string information is correct as shown below.
In the <connectionStrings> block:
<add name="ComplianceStatusConnectionString" providerName="System.Data.SqlClient" connectionString=""/>should be:
<add name="ComplianceStatusConnectionString" providerName="System.Data.SqlClient" connectionString=" Data Source=[SQL server name];Initial Catalog="MBAM Compliance Status";Integrated Security=SSPI;"/>Note
- Replace [SQL server name] with your SQL Server Name.
- Replace MBAM Compliance Status with name of MBAM Compliance Status DB.
For example, if the name of your SQL Server is MBAMSQL and the name of MBAM Compliance DB is MBAM_Comp_DB, then the query should be:
<add name="ComplianceStatusConnectionString" providerName="System.Data.SqlClient" connectionString="*Data Source=[MBAMSQL];Initial Catalog="MBAM_ Comp_DB ";Integrated Security=SSPI;*"/>Save the web.config file.
Restart IIS Services on Server.
Now user should be to retrieve BitLocker Recovery key successfully from MBAM SSP webpage.
References
How to Use the Self-Service Portal to Regain Access to a Computer
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for