Troubleshooting MBAM 2.5 installation problems

Applies to: Microsoft BitLocker Administration and Monitoring 2.5

This article introduces how to troubleshoot Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 installation issues in a stand-alone configuration.

Referring MBAM log files for troubleshooting purpose


MBAM includes logging for server installation, client installation, and events. This logging should be referred to for troubleshooting purpose. 
 

Troubleshooting encryption and reporting issues


This section contains troubleshooting information for server functionality, client functionality, configuration settings, and known issues:
 

Troubleshooting MBAM Agent communication issues


This section contains troubleshooting information for the following issues that are related to MBAM agent communication:

Re-installation or reconfiguration of MBAM infrastructure


To re-install or re-configure MBAM infrastructure, you must know the following things:

  • Application Pool account
  • MBAM Groups (Helpdesk, Advanced, Report Users Group)
  • MBAM Reports URL
  • SQL Server name and database names
  • MBAM ReadWrite and ReadOnly Accounts

Application Pool account

To find the Application Pool account, log on to the MBAM Web Server, open Internet Information Services (IIS) Manager, and then select Application Pools:

Application pools

The Service Principal Name (SPN) must be set in this account. This setting is very important to the functionality of MBAM.

MBAM Groups (Helpdesk, Advanced, Report Users Group and Reports URL)

MBAM Groups

This provides information such as Helpdesk Group, Advanced Helpdesk Group, Report Users group, and MBAM Reports URL. The MBAM Reports URL, which must be provided in the MBAM setup, should be: http(s)://servername/ReportServer.

SQL Server name and database (DB) names

To find the SQL Server names and instances that are hosting the MBAM DBs, log on to the MBAM Web (IIS) server and browse to this Registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\Web

Regedit

The highlighted portions are connection strings, which should have the SQL Server name, database names, and instances (if named).

MBAM ReadWrite and ReadOnly accounts

This information will be in the SQL Server, which we already found the name of from the web server.

ReadWrite account

  1. Log in to the SQL Management Studio.
  2. Right-click MBAM Recovery and Hardware, click Properties, and then click Permissions.

For example, The name of account in the lab is MBAMWrite. The Application Pool and ReadWrite account are set to be the same.

SQL DB

DB properties

Browse to Security and then Logins in the SQL Management Studio. Browse to the account that is noted in previous screenshot.

SQL Security

Right-click the accounts, go to Properties User Mapping, and locate the MBAM Recovery and Hardware database:

User Mapping

ReadOnly account

Open SQL Server Reporting Services Configuration Manager on the SSRS Server. Click Report Manager URL, and then browse the URLs:

Report Manager

Click Microsoft Bitlocker Administration and Monitoring:

Bitlocker Administration and Monitoring

Click MaltaDatasource:

DBs

MaltaDatasource

MaltaDataSource should have the ReadOnly Account name and should be used in MBAM setup.

Reference

For more information, see the following articles.

Deploying MBAM 2.5 in a stand-alone configuration

Microsoft BitLocker Administration and Monitoring 2.5

Deploying MBAM 2.5 in a stand-alone configuration


Try to install MBAM 2.5 in a stand-alone configuration, Refer to e2e: Deploying MBAM 2.5 in a stand-alone configuration.