MBAM 2.5 Deployment
hy,
I have a problem with the Deployment of MBAM 2.5
I use this link:
http://technet.microsoft.com/en-us/library/dn145038.aspx
but I Need more regedit keys. I want to use 256 Bit for the encription (128 Bit is normal).
Also I want set an identification field for the drive (c:).
Are there any other keys just for the Deployment?
thx diddi
Both the encryption settings and the identification field are set by Group Policy. Please see 'Planning for MBAM 2.5 Group Policy Requirements'.
Additionally, here is all of the MBAM 2.5 documentation:
Microsoft BitLocker Administration and Monitoring 2.5
Hope this helps,
David
MDOP on the Springboard Series on TechNet
Similar Messages
-
I am trying to plan the integration of MBAM 2.5 into our deployment. I have tried to read the MBAM documentation and I got a bit confused.
I understand that there is a separate GPOs for MBAM but I am not sure what to do with MDT (2013). At the moment we are using the Bitlocker that comes out of Windows so we have the standard AD GPOs for that and I am using the usual MDT variables to enable
that. We are using TPM + PIN with keys saved in AD.
I have a few questions:
If I implement MBAM do I need to disable the standard MDT - Windows Bitlocker?
In one thread somebody explained that once you install the MBAM agent then you need to stop it, import some registry keys, then start it again. Is that still valid with MBAM 2.5?
Also will it keep using AD to store the recovery keys - I understand that MBAM has its own DB for things like that. Will it still use AD too?
It seems to me that there isn't a proper guide on how to implement MBAM, specifically if deployed with MDT.
Thanks for any help anybody could give.Hi,
I agree that you can get a bit confused with the documentation. But here are some answers:
Once you have installed the MBAM server, you can then configure the GPO with all the needed settings.
1. Yes, if you want to use the MBAM server to save the recovery key, you have to disable the default step "Enable bitlocker" in the
State Restore (not the Enable BitLocker (Offline)
in Preinstall)
2. Yes it is valid with MBAM 2.5. In the State Restore, you can add a step to install the mbam agent. Then you can use a script to import the registry settings and do the encryption. (Remember to import the registry file from the Template "c:\Program Files\Microsoft\MDOP\MBAM\MBAMDeploymentKeyTemplate.reg"
3. No, if you use MBAM then the keys are stored in the MBAM server not in AD.
Check the link below, it is about SCCM 2012 but it is similar with MDT. You can also download the script to do the job for you. (use bing translator for the website)
http://www.deploiementwindows.com/encryption-mbam-avec-pre-provision-bitlocker-dans-une-task-sequence/
/ Yannick Plavonil
blog: Deploiement Windows
twitter: @yplavonil
facebook:
www.facebook.com/deploiementwindows -
MBAM 2.5 Alternative Website name and SSL requirements
I am currently designing a MBAM 2.5 deployment that will be integrated into SCCM.
We have a requirement to have everything secured by certificates.
We are planning to deploy a this with a MBAM Website server that is called MBAMSERVER01. However the client doesn't want to host names into a website address they require something simple like just MBAM
My plan for this was to just specify the Host name in the Web server Setup as MBAM instead of the Computer name. I would also create a DNS entry that has a matching IP Address of the server so clients could use it.
My question is if we require SSL when creating an IIS website should I use a Certificate with the FQDN of the server or the alternative DNS name?Regarding SPN you need to add:
The FQDN of the virtual name
The hostname of the virtual name
The FQDN of the host (if you want to access through this name too)
The hostname of the host (if you want to access through this name too)
Regards,
Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) :
http://security.sakuranohana.fr/ -
Multiple domain Single repository
Hi all,
We have a set up of multiple 8.1 SP2 domains running in SunOS, one for each
developer.
During the developement process, we want all the developers to access the
same repository.
How can we do this ?
Thanks,
Karthi.1. IIS is the contact-point / end-point for MBAM service. So if you want local communication only between MBAM and clients, deploy IIS server in local site.
2. I have this understanding, that MBAM Support multiple domains, but I have no experience in that. -
Deploying MBAM 2.5 via SCCM 2012R2 with minimal interaction.
Is it possible to deploy Bit-Locker encryption in a zero/minimal touch installation? I need to replace the current encryption solution on a good amount of devices and need to get them turned around and back to the users ASAP. I am still working on the back
end infrastructure but am trying to plan ahead.
In a perfect world my deployment would be as follows;
1. Deploy the client via SCCM to devices connected to the LAN and have it reboot automatically after installed.
2. Have an answer file that sets an administrator PIN answers all prompts and initiates encryption.
3. Users boot their devices and are prompted to create a PIN.Have you already solved how you will decrypt and uninstall current security solution silently? I bet it is the hardest part here. Then you just push MBAM Client and set encryption enforcement via GPO. I don´t see any point of having PIN answer file. PIN
code is something which user owns, there is no sence admin to set it. If you want to apply PIN, you have to promt the user to enter it. But this is just my opinion. Good luck :) -
MBAM 2.0 SP1 Deployment for Windows 8.1 Non TPM machine
Hi ,
how can I use MBAM (all features of MBAM 2.0 SP1) for Windows 8.1 Non TPM Machines ?
Can anyone share the step by step Deployment guide as i am new to MDOP and i have to use MBAM for Windows 8.1 Non TPM machines...
Shailendra DevAre you using the Password protector then or are you putting the keys on a USB stick? None of these scenarios are supported by MBAM but you can use at least BitLocker with the password protector to enable BitLocker and get the BitLocker status reported back
to MBAM. However, the other benefits of using MBAM will not be available, such as recovering the keys from the central location using the help desk or self service portal, if needed.
Is there a reason why you do not use BitLocker with TPM enabled machines? All corporate range of Machines have had TPM chips for many many years.
Blogging about Windows for IT pros at
www.theexperienceblog.com -
MBAM web site configuration failure
I've set up MBAM 2.5 on my ConfigMgr 2012 server. Its integrated with Configuration Manager and created the two data bases on the same box with Windows Server 2012 R2 and SQL 2012 with reporting services. (I've configured a working OSD windows 7 task
sequence that uses MBAM to encrypt and store the recovery key.)
Now I'm trying to install the two web sites on a second windows 2012 server that is also acting as a deployment point with pxe server.
I can connect to my reporting server with a browser from the local server without being prompted for credentials. The MBAM reports are configured and visible. I'm using the same service account for SCCM reporting services and web service application
pool domain account. I've been working this for several days and am running out of ideas.
Next I'm going to set up a new 2012 test server to act as the MBAM web server only. Maybe that will simplify things and I don't have to worry about breaking my Distribution Point. Anyone have any ideas or suggestions?
Configurator information:
Description:
Invoking feature provider to validate the parameters of the administration web portal.
The configure web applications wizard keeps failing with the same single event log error message from hell:
Log Name: Microsoft-Windows-MBAM-Server/Admin
Source: Microsoft-Windows-MBAM-Setup
Date: 3/21/2015 10:54:09 AM
Event ID: 401
Task Category: MBAM Configurator
Level: Error
Keywords: MBAM Configurator
User: domain\username
Computer: MBAMwebServer.dc.state.fl.us
Description:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM-Setup" Guid="{C00827E6-3AE0-4F0A-8B45-08D05CD8424A}" />
<EventID>401</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>4</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000080</Keywords>
<TimeCreated SystemTime="2015-03-21T14:54:09.870728300Z" />
<EventRecordID>89</EventRecordID>
<Correlation />
<Execution ProcessID="2476" ThreadID="2804" />
<Channel>Microsoft-Windows-MBAM-Server/Admin</Channel>
<Computer>WSCOC5039DP.dc.state.fl.us</Computer>
<Security UserID="S-1-5-21-2100957022-532704775-253168949-48346" />
</System>
<EventData>
<Data Name="Message">Exception thrown from feature provider.</Data>
<Data Name="StackTrace">System.InvalidOperationException: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'.
The request failed with the error message:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD lang="en-US">
<META HTTP-EQUIV="X-UA-Compatible" CONTENT="IE=5">
<script language="JScript" type="text/Javascript" src="/Reports/js/ReportingServices.js"></script>
<TITLE>en-us - Report Manager</TITLE>
<link href="/Reports/styles/ReportingServices.css"type="text/css" rel="stylesheet">
<META Name="Report Server" CONTENT="http://SCCMserver:80/ReportServer">
</HEAD>
<BODY style="margin:0px;" class="msrs-normal" onload="InitContextMenu('contextMenuCollection','contextMenuCollection__selectedItemIdHiddenField',new Array('contextMenuCollection_ReportContextMenuIdDiv'),'S_searchTextBoxID','Search');ControlConditionalEnable10(true);"><form
name="ui_form" method="POST" action="Folder.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us&ViewMode=List%2fReportService2005.asmx" id="ui_form" enctype="multipart/form-data">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ8WAh4RUGFnZVZpZXdTdGF0ZVRpbWUoKVlTeXN0ZW0uSW50NjQsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4ORI2MzU2MjU0NjQ0OTgwNjM4NTQWAgIBD2QWAgIDDxYCHgZvbmxvYWQFsgFJbml0Q29udGV4dE1lbnUoJ2NvbnRleHRNZW51Q29sbGVjdGlvbicsJ2NvbnRleHRNZW51Q29sbGVjdGlvbl9fc2VsZWN0ZWRJdGVtSWRIaWRkZW5GaWVsZCcsbmV3IEFycmF5KCdjb250ZXh0TWVudUNvbGxlY3Rpb25fUmVwb3J0Q29udGV4dE1lbnVJZERpdicpLCdTX3NlYXJjaFRleHRCb3hJRCcsJ1NlYXJjaCcpFgJmD2QWAmYPZBYCZg9kFgZmDxYCHgdWaXNpYmxlaGQCAQ9kFgJmD2QWAmYPZBYCZg8WCB4GdmFsaWduBQN0b3AeBmhlaWdodAUCMzAeB2NvbHNwYW4FATQeBWNsYXNzBRRtc3JzLXZhbGlkYXRpb25lcnJvcmQCAg9kFgRmD2QWAmYPZBYCZg9kFgICAQ9kFgJmD2QWAgIBD2QWAmYPFgIeCWlubmVyaHRtbAUdU1FMIFNlcnZlciBSZXBvcnRpbmcgU2VydmljZXNkAgEPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgJmD2QWAmYPZBYEZg8WAh8CaGQCAQ9kFgJmD2QWAmYPZBYCZg9kFgZmDxYGHghsYW5ndWFnZQUKSmF2YXNjcmlwdB4EdHlwZQUPdGV4dC9KYXZhc2NyaXB0HwcFUGZ1bmN0aW9uIENvbnRyb2xDb25kaXRpb25hbEVuYWJsZTEwKHRvcExldmVsRW5hYmxlKSB7RW5hYmxlTXVsdGlCdXR0b25zKCd1aV8nKTt9ZAICDxYCHwJoZAIDD2QWAmYPZBYGZg8WAh4Fd2lkdGgFAjEwZAIBDxYCHwoFBDEwMCUWAmYPFgQeC2NlbGxwYWRkaW5nBQEwHgtjZWxsc3BhY2luZwUBMBYCZg9kFgJmDxYCHwQFAzVweGQCAg8WAh8KBQIxMGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFHGN0bDE4JGN0bDI0JFNfc2VhcmNoQnV0dG9uSUSAjRh+aj7PwliVb+R+WxpyPL1NeA=="
/>
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['ui_form'];
if (!theForm) {
theForm = document.ui_form;
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
//]]>
</script>
<div>
<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="A08DB298" />
</div><span><noscript><table width="100%" class="msrs-normal">
<tr>
<td valign="top" height="30" colspan="4" class="msrs-validationerror"><img src="/Reports/images/blank.gif" height="1" width="24" border="0" /><img
src="/Reports/images/line_err1.gif" height="16" width="16" alt="Error" /><img src="/Reports/images/blank.gif" height="1" width="12" border="0" />This page
might not function correctly because either your browser does not support scripts or active scripting is disabled.</td>
</tr>
</table>
</noscript><table width="100%" class="msrs-normal" cellpadding="0" cellspacing="0" height="100%">
<tr>
<td valign="top"><div>
<table class="msrs-topBreadcrumb" cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td><span><div>
<a href="/Reports/Pages/Folder.aspx?ViewMode=List%2fReportService2005.asmx">Home</a> > <a href="/Reports/Pages/Folder.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring&ViewMode=List%2fReportService2005.asmx">Microsoft
BitLocker Administration and Monitoring</a>
</div></span></td>
<td align="right"><span><a href="/Reports/Pages/Folder.aspx?ViewMode=List%2fReportService2005.asmx">Home</a> | <a href="/Reports/Pages/Subscriptions.aspx?ViewMode=List%2fReportService2005.asmx">My Subscriptions</a> |
<a href="/Reports/Pages/Settings.aspx?ViewMode=List%2fReportService2005.asmx">Site Settings</a> | <a href="http://go.microsoft.com/fwlink/?LinkID=223508"
target="MicrosoftReportingServicesHelp">Help</a></span></td>
</tr>
</table>
<table class="msrs-header" cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td class="msrs-logo" width="36"><img src="/Reports/images/folder_32.gif" alt="Folder" style="height:32px;width:32px;border-width:0px;" /></td>
<td><P class="msrs-site_title">SQL Server Reporting Services</P><P class="msrs-page_title">en-us</P></td>
<td class="msrs-searchContainer" align="right" valign="bottom"><table class="msrs-searchBar" cellpadding="0" cellspacing="0" onfocus="document.getElementById('S_searchButtonID').disabled
= false" onblur="document.getElementById('S_searchButtonID').disabled = true" onmouseover="document.getElementById('S_searchButtonID').disabled = false" onmouseout="document.getElementById('S_searchButtonID').disabled = true">
<tr>
<td style="padding:0px;"><input name="ctl18$ctl24$S_searchTextBoxID" type="text" value="Search" id="S_searchTextBoxID" class="msrs-searchDefaultFont"
onclick="SearchBarClicked('S_searchTextBoxID', 'Search', 'msrs-searchBarNoBorder' );" onblur="SearchBarBlured('S_searchTextBoxID','Search', 'msrs-searchDefaultFont');" onkeypress="
if ((event.which && event.which == 13) || (event.keyCode && event.keyCode == 13))
var searchButton = document.getElementById('S_searchButtonID');
searchButton.disabled = false;
searchButton.click();
event.cancelBubble = true;
return false;
else
return true;
" /></td>
<td style="padding:0px;"><input type="image" name="ctl18$ctl24$S_searchButtonID" id="S_searchButtonID" class="msrs-searchButton" disabled="true"
src="/Reports/images/search_21x.gif" alt="Go" style="border-width:0px;" /></td>
</tr>
</table></td>
</tr>
</table>
</div></td>
</tr>
<tr height="100%">
<td valign="top"><table width="100%" class="msrs-contentFrame" cellpadding="0" cellspacing="0" height="100%">
<tr>
<td valign="top" height="100%"><span><table width="100%" class="msrs-normal" cellpadding="0" cellspacing="0" height="100%">
<tr>
<td valign="top"><span style="display:inline-block;height:100%;"><script language="Javascript" type="text/Javascript">function ControlConditionalEnable10(topLevelEnable)
{EnableMultiButtons('ui_');}</script><span><table width="100%" class="msrs-normal" cellpadding="0" cellspacing="0">
<tr class="msrs-toolbar_top" height="6">
<td valign="top"></td>
</tr>
<tr class="msrs-tool">
<td valign="top"><table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" width="5"><img src="/Reports/images/blank.gif" height="0" width="5" /></td>
<td valign="middle"><a id="ui_btnNewFold" class="msrs-buttonHeaderButton msrs-buttonHeaderText" title="New Folder" href="/Reports/Pages/FolderProperties.aspx?CreateNew=True&ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fNew+Folder&RedirectUrl=http%3a%2f%2fwscoc3761cm2%2fReports%2fPages%2fFolder.aspx%3fItemPath%3d%252fMicrosoft%2bBitLocker%2bAdministration%2band%2bMonitoring%252fen-us%26ViewMode%3dList%2fReportService2005.asmx"
onmouseover="this.className='msrs-buttonHeaderButtonHover msrs-buttonHeaderText';" onmouseout="this.className='msrs-buttonHeaderButton msrs-buttonHeaderText';" style="display:inline-block;white-space:nowrap;padding-padding-bottom:2px;padding-padding-right:5px;text-decoration:none;"><img
align="absmiddle" title="New Folder" src="/Reports/images/16newfolder.gif" alt="New Folder" style="border-style:None;height:16px;width:16px;border-width:0px;margin-right:3px;" />New Folder</a></td>
<td valign="top" class="msrs-toolBarSpacerImage"><img src="/Reports/images/divider.gif" style="height:16px;width:16px;border-width:0px;"
/></td>
<td valign="middle"><a id="ui_btnNewDataSource" class="msrs-buttonHeaderButton msrs-buttonHeaderText" title="New Data Source" href="/Reports/Pages/DataSource.aspx?CreateNew=True&ItemsParentPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us&RedirectUrl=http%3a%2f%2fwscoc3761cm2%2fReports%2fPages%2fFolder.aspx%3fItemPath%3d%252fMicrosoft%2bBitLocker%2bAdministration%2band%2bMonitoring%252fen-us%26ViewMode%3dList%2fReportService2005.asmx"
onmouseover="this.className='msrs-buttonHeaderButtonHover msrs-buttonHeaderText';" onmouseout="this.className='msrs-buttonHeaderButton msrs-buttonHeaderText';" style="display:inline-block;white-space:nowrap;padding-padding-bottom:2px;padding-padding-right:5px;text-decoration:none;"><img
align="absmiddle" title="New Data Source" src="/Reports/images/16newdatasource.gif" alt="New Data Source" style="border-style:None;height:16px;width:16px;border-width:0px;margin-right:3px;" />New Data
Source</a></td>
<td valign="top" class="msrs-toolBarSpacerImage"><img src="/Reports/images/divider.gif" style="height:16px;width:16px;border-width:0px;"
/></td>
<td valign="middle"><a id="ui_btnNewReport" class="msrs-buttonHeaderButton msrs-buttonHeaderText" title="Report Builder" href="http://SCCMserver/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application"
onmouseover="this.className='msrs-buttonHeaderButtonHover msrs-buttonHeaderText';" onmouseout="this.className='msrs-buttonHeaderButton msrs-buttonHeaderText';" style="display:inline-block;white-space:nowrap;padding-padding-bottom:2px;padding-padding-right:5px;text-decoration:none;"><img
align="absmiddle" title="Report Builder" src="/Reports/images/new_RB_report.gif" alt="Report Builder" style="border-style:None;height:16px;width:16px;border-width:0px;margin-right:3px;" />Report Builder</a></td>
<td valign="top" class="msrs-toolBarSpacerImage"><img src="/Reports/images/divider.gif" style="height:16px;width:16px;border-width:0px;"
/></td>
<td valign="middle"><a id="ui_btnSettings" class="msrs-buttonHeaderButton msrs-buttonHeaderText" title="Folder Settings" href="/Reports/Pages/Folder.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us&SelectedTabId=PropertiesTab"
onmouseover="this.className='msrs-buttonHeaderButtonHover msrs-buttonHeaderText';" onmouseout="this.className='msrs-buttonHeaderButton msrs-buttonHeaderText';" style="display:inline-block;white-space:nowrap;padding-padding-bottom:2px;padding-padding-right:5px;text-decoration:none;"><img
align="absmiddle" title="Folder Settings" src="/Reports/images/edit_folder.gif" alt="Folder Settings" style="border-style:None;height:16px;width:16px;border-width:0px;margin-right:3px;" />Folder Settings</a></td>
<td valign="top" class="msrs-toolBarSpacerImage"><img src="/Reports/images/divider.gif" style="height:16px;width:16px;border-width:0px;"
/></td>
<td valign="middle"><a id="ui_btnUpload" class="msrs-buttonHeaderButton msrs-buttonHeaderText" title="Upload File" href="/Reports/Pages/Import.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us&&RedirectUrl=http%3a%2f%2fwscoc3761cm2%2fReports%2fPages%2fFolder.aspx%3fItemPath%3d%252fMicrosoft%2bBitLocker%2bAdministration%2band%2bMonitoring%252fen-us%26ViewMode%3dList%2fReportService2005.asmx"
onmouseover="this.className='msrs-buttonHeaderButtonHover msrs-buttonHeaderText';" onmouseout="this.className='msrs-buttonHeaderButton msrs-buttonHeaderText';" style="display:inline-block;white-space:nowrap;padding-padding-bottom:2px;padding-padding-right:5px;text-decoration:none;"><img
align="absmiddle" title="Upload File" src="/Reports/images/UploadFile.gif" alt="Upload File" style="border-style:None;height:16px;width:16px;border-width:0px;margin-right:3px;" />Upload File</a></td>
<td valign="top" width="3"><img src="/Reports/images/blank.gif" height="0" width="3" /></td>
<td width="100%"></td>
<td valign="middle"><a id="ui_btnSwitchView" class="msrs-buttonHeaderButton msrs-buttonHeaderText" title="Details View" href="http://SCCMserver:80/Reports/Pages/Folder.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us&ViewMode=Detail"
onmouseover="this.className='msrs-buttonHeaderButtonHover msrs-buttonHeaderText';" onmouseout="this.className='msrs-buttonHeaderButton msrs-buttonHeaderText';" style="display:inline-block;white-space:nowrap;padding-top:2px;padding-bottom:2px;padding-left:5px;padding-right:5px;text-decoration:none;"><img
align="absmiddle" title="Details View" src="/Reports/images/view_detail.gif" alt="Details View" style="border-style:None;height:16px;width:16px;border-width:0px;margin-right:3px;" />Details View</a></td>
<td valign="top" width="5"><img src="/Reports/images/blank.gif" height="0" width="5" /></td>
<td valign="top"> </td>
</tr>
</table>
</td>
</tr>
<tr class="msrs-toolbar_bottom" height="6">
<td valign="top"></td>
</tr>
</table>
</span><table width="100%" class="msrs-normal" cellpadding="0" cellspacing="0" TITLE="Items in en-us">
<tr>
<td valign="top" width="10"><img src="/Reports/images/blank.gif" height="0" width="10" /></td>
<td valign="top" width="100%"><table width="100%" class="msrs-normal" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" height="5px"></td>
</tr>
<tr>
<td valign="top"><Div class="msrs-tileView"><table id="ui_a0" class="msrs-UnSelectedItem" onclick="Clicked(event,'contextMenuCollection_ReportContextMenuIdDiv')"
onmouseover="ChangeReportItemStyleOnMouseOver('ui_a0', 'msrs-SelectedItem', 'msrs-UnSelectedItem')" onmouseout="ChangeReportItemStyleOnMouseOut('ui_a0', 'msrs-UnSelectedItem')" onfocus="ChangeReportItemStyleOnMouseOver('ui_a0', 'msrs-SelectedItem',
'msrs-UnSelectedItem')" onblur="ChangeReportItemStyleOnMouseOut('ui_a0', 'msrs-UnSelectedItem')" onkeydown="OpenMenuKeyPress(event,'contextMenuCollection_ReportContextMenuIdDiv')" value="/Microsoft BitLocker Administration and
Monitoring/en-us/Computer Compliance Report">
<tr>
<td><a href="/Reports/Pages/Report.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fComputer+Compliance+Report"
onmouseover="OnLink()" onmouseout="OffLink()" TabIndex="-1"><img src="/Reports/images/RB_document_32.gif" alt="Report" style="height:32px;width:32px;border-width:0px;visibility:visible;"
/></a></td>
<td><a href="/Reports/Pages/Report.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fComputer+Compliance+Report"
onmouseover="OnLink()" onmouseout="OffLink()" onfocus="ChangeReportItemStyleOnMouseOver('ui_a0', 'msrs-SelectedItem', 'msrs-UnSelectedItem')" onblur="ChangeReportItemStyleOnMouseOut('ui_a0', 'msrs-UnSelectedItem')" class="msrs-itemName"
title="Computer Compliance Report">Computer Compliance Report</a></td>
<td width="20px;"><img src="/Reports/images/Menu1.gif" alt="Open Menu" /></td>
</tr>
</table>
</Div><Div class="msrs-tileView"><table id="ui_a1" class="msrs-UnSelectedItem" onclick="Clicked(event,'contextMenuCollection_ReportContextMenuIdDiv')"
onmouseover="ChangeReportItemStyleOnMouseOver('ui_a1', 'msrs-SelectedItem', 'msrs-UnSelectedItem')" onmouseout="ChangeReportItemStyleOnMouseOut('ui_a1', 'msrs-UnSelectedItem')" onfocus="ChangeReportItemStyleOnMouseOver('ui_a1', 'msrs-SelectedItem',
'msrs-UnSelectedItem')" onblur="ChangeReportItemStyleOnMouseOut('ui_a1', 'msrs-UnSelectedItem')" onkeydown="OpenMenuKeyPress(event,'contextMenuCollection_ReportContextMenuIdDiv')" value="/Microsoft BitLocker Administration and
Monitoring/en-us/Enterprise Compliance Report">
<tr>
<td><a href="/Reports/Pages/Report.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fEnterprise+Compliance+Report"
onmouseover="OnLink()" onmouseout="OffLink()" TabIndex="-1"><img src="/Reports/images/RB_document_32.gif" alt="Report" style="height:32px;width:32px;border-width:0px;visibility:visible;"
/></a></td>
<td><a href="/Reports/Pages/Report.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fEnterprise+Compliance+Report"
onmouseover="OnLink()" onmouseout="OffLink()" onfocus="ChangeReportItemStyleOnMouseOver('ui_a1', 'msrs-SelectedItem', 'msrs-UnSelectedItem')" onblur="ChangeReportItemStyleOnMouseOut('ui_a1', 'msrs-UnSelectedItem')" class="msrs-itemName"
title="Enterprise Compliance Report">Enterprise Compliance Report</a></td>
<td width="20px;"><img src="/Reports/images/Menu1.gif" alt="Open Menu" /></td>
</tr>
</table>
</Div><Div class="msrs-tileView"><table id="ui_a2" class="msrs-UnSelectedItem" onclick="Clicked(event,'contextMenuCollection_ReportContextMenuIdDiv')"
onmouseover="ChangeReportItemStyleOnMouseOver('ui_a2', 'msrs-SelectedItem', 'msrs-UnSelectedItem')" onmouseout="ChangeReportItemStyleOnMouseOut('ui_a2', 'msrs-UnSelectedItem')" onfocus="ChangeReportItemStyleOnMouseOver('ui_a2', 'msrs-SelectedItem',
'msrs-UnSelectedItem')" onblur="ChangeReportItemStyleOnMouseOut('ui_a2', 'msrs-UnSelectedItem')" onkeydown="OpenMenuKeyPress(event,'contextMenuCollection_ReportContextMenuIdDiv')" value="/Microsoft BitLocker Administration and
Monitoring/en-us/Recovery Audit Report">
<tr>
<td><a href="/Reports/Pages/Report.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fRecovery+Audit+Report"
onmouseover="OnLink()" onmouseout="OffLink()" TabIndex="-1"><img src="/Reports/images/RB_document_32.gif" alt="Report" style="height:32px;width:32px;border-width:0px;visibility:visible;"
/></a></td>
<td><a href="/Reports/Pages/Report.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fRecovery+Audit+Report"
onmouseover="OnLink()" onmouseout="OffLink()" onfocus="ChangeReportItemStyleOnMouseOver('ui_a2', 'msrs-SelectedItem', 'msrs-UnSelectedItem')" onblur="ChangeReportItemStyleOnMouseOut('ui_a2', 'msrs-UnSelectedItem')" class="msrs-itemName"
title="Recovery Audit Report">Recovery Audit Report</a></td>
<td width="20px;"><img src="/Reports/images/Menu1.gif" alt="Open Menu" /></td>
</tr>
</table>
</Div><Div class="msrs-tileView"><table id="ui_a3" class="msrs-UnSelectedItem" onclick="Clicked(event,'contextMenuCollection_ReportContextMenuIdDiv')"
onmouseover="ChangeReportItemStyleOnMouseOver('ui_a3', 'msrs-SelectedItem', 'msrs-UnSelectedItem')" onmouseout="ChangeReportItemStyleOnMouseOut('ui_a3', 'msrs-UnSelectedItem')" onfocus="ChangeReportItemStyleOnMouseOver('ui_a3', 'msrs-SelectedItem',
'msrs-UnSelectedItem')" onblur="ChangeReportItemStyleOnMouseOut('ui_a3', 'msrs-UnSelectedItem')" onkeydown="OpenMenuKeyPress(event,'contextMenuCollection_ReportContextMenuIdDiv')" value="/Microsoft BitLocker Administration and
Monitoring/en-us/Volume Report">
<tr>
<td><a href="/Reports/Pages/Report.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fVolume+Report" onmouseover="OnLink()"
onmouseout="OffLink()" TabIndex="-1"><img src="/Reports/images/RB_document_32.gif" alt="Report" style="height:32px;width:32px;border-width:0px;visibility:visible;" /></a></td>
<td><a href="/Reports/Pages/Report.aspx?ItemPath=%2fMicrosoft+BitLocker+Administration+and+Monitoring%2fen-us%2fVolume+Report" onmouseover="OnLink()"
onmouseout="OffLink()" onfocus="ChangeReportItemStyleOnMouseOver('ui_a3', 'msrs-SelectedItem', 'msrs-UnSelectedItem')" onblur="ChangeReportItemStyleOnMouseOut('ui_a3', 'msrs-UnSelectedItem')" class="msrs-itemName" title="Volume
Report">Volume Report</a></td>
<td width="20px;"><img src="/Reports/images/Menu1.gif" alt="Open Menu" /></td>
</tr>
</table>
</Div></td>
</tr>
</table>
</td>
<td valign="top" width="10"><img src="/Reports/images/blank.gif" height="0" width="10" /></td>
</tr>
</table>
<script language="Javascript" type="text/Javascript">var multiButtonList = [];</script></span></td>
</tr>
</table>
</span></td>
</tr>
</table>
</td>
</tr>
</table>
</span><div id="contextMenuCollection" class="msrs-MenuUIPopupBody" style="display:none;;">
<input name="contextMenuCollection$_selectedItemIdHiddenField" type="hidden" id="contextMenuCollection__selectedItemIdHiddenField" /><div id="contextMenuCollection_ReportContextMenuIdDiv" onkeydown="NavigateMenuKeyPress(event)">
<table cellpadding="0" cellspacing="0" class="msrs-MenuUI">
<tr>
<td><img class="msrs-MenuUIMinWidth" src="/Reports/images/blank.gif" style="border-width:0px;" /></td>
</tr>
<tr>
<td id="ui_rcmmove" class="msrs-MenuUIItemTableCell" group="0" underline="OGUL:0ReportContextMenuIdDiv" onmouseover="FocusContextMenuItem('ui_rcmmove','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');"
onmouseout="SwapStyle('ui_rcmmove','msrs-MenuUIItemTableCell');" onblur="SwapStyle('ui_rcmmove','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl05','')"><Span
class="msrs-menuItemImageContainer"></Span><Span class="msrs-menuItemLabelContainer">Move</Span></a></td>
</tr>
<tr>
<td id="ui_rcmdelete" class="msrs-MenuUIItemTableCell" group="0" onmouseover="FocusContextMenuItem('ui_rcmdelete','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');" onmouseout="SwapStyle('ui_rcmdelete','msrs-MenuUIItemTableCell');"
onblur="SwapStyle('ui_rcmdelete','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();return ShouldDelete('Are you sure you want to delete \u0022{0}\u0022?');" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl09','')"><Span
class="msrs-menuItemImageContainer"><img alt="" src="/Reports/images/delitem.gif" style="border-width:0px;" /></Span><Span class="msrs-menuItemLabelContainer">Delete</Span></a></td>
</tr>
<tr id="OGUL:0ReportContextMenuIdDiv">
<td><Div class="msrs-MenuUISeparator">#</Div></td>
</tr>
<tr>
<td id="ui_rcmmansub" class="msrs-MenuUIItemTableCell" group="1" underline="OGUL:1ReportContextMenuIdDiv" onmouseover="FocusContextMenuItem('ui_rcmmansub','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');"
onmouseout="SwapStyle('ui_rcmmansub','msrs-MenuUIItemTableCell');" onblur="SwapStyle('ui_rcmmansub','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl16','')"><Span
class="msrs-menuItemImageContainer"><img alt="" src="/Reports/images/subscription_report.gif" style="border-width:0px;" /></Span><Span class="msrs-menuItemLabelContainer">Subscribe...</Span></a></td>
</tr>
<tr>
<td id="ui_rcmclr" class="msrs-MenuUIItemTableCell" group="1" onmouseover="FocusContextMenuItem('ui_rcmclr','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');" onmouseout="SwapStyle('ui_rcmclr','msrs-MenuUIItemTableCell');"
onblur="SwapStyle('ui_rcmclr','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl21','')"><Span class="msrs-menuItemImageContainer"><img
alt="" src="/Reports/images/16linked.gif" style="border-width:0px;" /></Span><Span class="msrs-menuItemLabelContainer">Create Linked Report...</Span></a></td>
</tr>
<tr>
<td id="ui_rcmviewrh" class="msrs-MenuUIItemTableCell" group="1" onmouseover="FocusContextMenuItem('ui_rcmviewrh','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');" onmouseout="SwapStyle('ui_rcmviewrh','msrs-MenuUIItemTableCell');"
onblur="SwapStyle('ui_rcmviewrh','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl26','')"><Span class="msrs-menuItemImageContainer"></Span><Span
class="msrs-menuItemLabelContainer">View Report History</Span></a></td>
</tr>
<tr id="OGUL:1ReportContextMenuIdDiv">
<td><Div class="msrs-MenuUISeparator">#</Div></td>
</tr>
<tr>
<td id="ui_rcmsec" class="msrs-MenuUIItemTableCell" group="2" underline="OGUL:2ReportContextMenuIdDiv" onmouseover="FocusContextMenuItem('ui_rcmsec','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');"
onmouseout="SwapStyle('ui_rcmsec','msrs-MenuUIItemTableCell');" onblur="SwapStyle('ui_rcmsec','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl32','')"><Span
class="msrs-menuItemImageContainer"><img alt="" src="/Reports/images/security16.gif" style="border-width:0px;" /></Span><Span class="msrs-menuItemLabelContainer">Security</Span></a></td>
</tr>
<tr>
<td id="ui_rcmedit" class="msrs-MenuUIItemTableCell" group="2" onmouseover="FocusContextMenuItem('ui_rcmedit','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');" onmouseout="SwapStyle('ui_rcmedit','msrs-MenuUIItemTableCell');"
onblur="SwapStyle('ui_rcmedit','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl37','')"><Span class="msrs-menuItemImageContainer"></Span><Span
class="msrs-menuItemLabelContainer">Manage</Span></a></td>
</tr>
<tr>
<td id="ui_rcmdownload" class="msrs-MenuUIItemTableCell" group="2" onmouseover="FocusContextMenuItem('ui_rcmdownload','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');" onmouseout="SwapStyle('ui_rcmdownload','msrs-MenuUIItemTableCell');"
onblur="SwapStyle('ui_rcmdownload','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl41','')"><Span class="msrs-menuItemImageContainer"><img
alt="" src="/Reports/images/DownloadFile.gif" style="border-width:0px;" /></Span><Span class="msrs-menuItemLabelContainer">Download...</Span></a></td>
</tr>
<tr id="OGUL:2ReportContextMenuIdDiv">
<td><Div class="msrs-MenuUISeparator">#</Div></td>
</tr>
<tr>
<td id="ui_rcmeditrb" class="msrs-MenuUIItemTableCell" group="3" underline="OGUL:2ReportContextMenuIdDiv" onmouseover="FocusContextMenuItem('ui_rcmeditrb','msrs-MenuUIItemTableHover','msrs-MenuUIItemTableCell');"
onmouseout="SwapStyle('ui_rcmeditrb','msrs-MenuUIItemTableCell');" onblur="SwapStyle('ui_rcmeditrb','msrs-MenuUIItemTableCell');"><a onclick="HideMenu();" href="javascript:__doPostBack('contextMenuCollection$ReportContextMenuIdDiv$ctl48','')"><Span
class="msrs-menuItemImageContainer"><img alt="" src="/Reports/images/report_edit_01.gif" style="border-width:0px;" /></Span><Span class="msrs-menuItemLabelContainer">Edit
in Report Builder</Span></a></td>
</tr>
</table>
</div>
</div></form></BODY></HTML>
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.SqlServer.ReportingServices.ReportService2005.ReportingService2005.ListChildren(String Item, Boolean Recursive)
at Microsoft.Mbam.Setup.Common.ParameterValidation.IsValidSsrsUrlToMbamReports(Uri uri, Boolean testUri)
at Microsoft.Mbam.Setup.WebAdministration.HelpDeskProvider.CheckReportsUrl()
at Microsoft.Mbam.Setup.Common.ActionItemQueue.Run()
at Microsoft.Mbam.Setup.WebAdministration.WebProviderBase`1.CheckPrereqs(IProgress`1 progress, CancellationToken cancellationToken, T configuration)
at Microsoft.Mbam.Setup.Common.FeatureProviderBase`1.<>c__DisplayClass34`1.<InvokeAsync>b__33()
at System.Threading.Tasks.Task`1.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Mbam.Setup.Common.FeatureProviderBase`1.<InvokeAsync>d__36`1.MoveNext()</Data>
</EventData>
</Event>I finally found the problem.
I had the reporting services url wrong.
http://sccmserver/Reports (this connects successfully but is wrong.)
The wizard would say the path was wrong so I changed it by drilling further into the report server.
By selecting the Bitlocker folder.
Then the wizard stopped showing the red error wrong path but it turns out it was still the wrong path.
A bit misleading. I noticed on my SCCM server in the Reporting Services Configuration Manager under Report manager URL,
http://sccmserver/ReportServer Typed this in and finished the wizard for the first time. :) -
AD contains system Recovery Key, but not showing in MBAM.
I am in an environment with MBAM 1.0 installed. I built the MDT 2013 system here and am currently trying to figure out why the bitlocker keys are showing up in AD but not MBAM.
In MDT, I have disabled the "enable bitlocker" options so there shouldn't be a case where that the TPM ownership is wrong (I think). I do however set the
bios password with CCTK, then apply the default bios configuration with an ini via cctk. The bios sets and activates tpm just before the hard disk is formatted by LTI.
q1. Could setting the TPM without restarting cause the TPM ownership to be set to the PE in some weird way.
q1.1. would I clear the tpm if this is the issue?
So MBAM client is installed on the reference image and captured by MDT. The WIM is then deployed to a system using a standard TS with the bitlocker disabled like
I mentioned above. I do not make any changes to reg for mbam in the reference image. For testing, I tried adding the mbam recovery key location url to the reference image reg. I still need to test that but a few other tests I did makes me believe this
is not the case.
MDT binds the system to a default OU in the domain. After the system is configured, I start Bitlocker. (Sometimes I start bitlocker when the system is in the default
OU, sometimes I start it after I move them into the right ou for the role). I am almost positive the default OU has the mbam settings (I do not have access to this gpo), since the manage-bde -status comes back AES 128 with diffuser (as compared to regular
aes 128).
After bitlocker finishes, the key is found in AD but not mbam.
I think the major questions I have are:
How can I force MBAM to take ownership of the TPM after the os is bitlockered? (about 100/700 machines are not reporting to mbam but are to bitlocker because of this new deployment system)
If I turn TPM on and activate while I was in the PE, would that mean the PE has the TPM ownership? (or bitlocker in this case, since mbam is not installed on the PE)
- Could I install MBAM on the PE and use that to manage the tpm? (MDT 2013) (I have seen some documents that cover this but it largely comes from wanting a pre-provisioned bitlocker.)
** I think the most manual way of correcting the issue I am having, is to either clear the tpm and rebitlocker, or
.. when a system is about to image, turn tpm on but leave it deactivated. (If I leave the tpm deactivated, every system will need to be manually rebooted and f10 will need to be pressed to continue the bitlocker process. this includeds
a user login too)Keep the MBAM out of the .wim! Install it in task sequence.
MBAM Client has its own log files in event viewer, there you perhaps find the reason why recovery key is not stored in DP. But fix your image first, keep it thin. -
TPM password not found in MBAM database
There are other threads I have read through and did some troubleshooting, but still I´m stuck with this, how to get TPM password in MBAM database. Another question is, do I really need it? Isn´t recovery key enough?
My situation is this:
1. Computers are encrypted during Task Sequence and MBAM client is installed.
2. During first logon MBAM client promts for PIN and encryption is complete.
3. Bitlocker recovery key is found in MBAM Admin Web page, but not TPM password.
What I tried to do:
- There is no Group Policy for controling TPM password.
- I´m member of MBAM Admin group and Helpdesk groups.
- If I clear and initialize TPM from its mgmt console, there will not be any activity from MBAM client, and TPM password still does not go to DB
- I have checked from SQL mgmt studio, that TPM hash is NULL
- I tried to use TPM-EK vbs script before and after encryption, there is no effect.
So how to get TPM password to DP? Specially I´m intresting in scenario where Computer is already encrypted.MBAM has to own the TPM to store the password. During a task sequence, follow the steps below. The steps assume pre-provisioning, but the concept is the same even if you don't use it. If the machine is already encrypted and you want MBAM to store the
password, you will have to clear the TPM and reboot. Note that this requires physical presence - someone will have to hit F1 in the preboot screen. See below for info on how to clear it via PowerShell. The reason you want the TPM OwnerAuth password is
that if a user types their PIN too many times in preboot, the TPM may put the machine into BitLocker Recovery and lock itself for some period of time (depends on manufacturer). To unlock it faster after you have supplied the BitLocker Recovery Password
and are in the OS, you have to go to tpm.msc and choose Reset TPM Lockout, supplying the TPM Owner Auth password. If MBAM stores it, you can get this info from the Helpdesk portal.
To configure MBAM to own the TPM and store OwnerAuth passwords
On the client computer, open an elevated Windows PowerShell command prompt.
Type the following Windows PowerShell commands:
Command
Description
$tpm=get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm
Gets an instance of the TPM WMI class.
$tpm.DisableAutoProvisioning()
Disables TPM auto-provisioning.
$tpm. SetPhysicalPresenceRequest(22)
Clears the TPM.
Restart the computer, and then confirm that you want to clear the TPM.
For the task sequence to get MBAM to own it out of the box, do the following:
Capture and sysprep a WIM as you normally would.
Mount the captured WIM using
dism /mount-wim /wimfile:C:\WimImages\Win7.wim
/index:1 /mountdir:C:\AIKMount
Load the WIM registry -
reg load
HKLM\WimRegistry
c:\AIKMount\windows\system32\config\system
Open regedit and browse to hklm\WimRegistry\system\controlset001\services\TPM\WMI and add the two reg keys that
Jim mentioned
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tpm\WMI: NoAutoProvision [REG_DWORD]
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tpm\WMI: NoDisableOwnerClear [REG_DWORD]
Close regedit
Unload the WIM registry -
reg unload HKLM\WimRegistry
Commit changes to the WIM and unmount -
dism /unmount-wim /mountdir:C:\AIKMount
/commit
Went to MDT 2012 Update 1 and my deployment share.
Edited the ZTIBDE.wsf script in MDT to tell it not to take ownership of the TPM.
In that script, replace the TPMValidate function with what I have below (I just commented out the SetTPMOwner lines)
Function TpmValidate ()
Dim iRetVal, sCmd, sTpmOwnerPassword
iRetVal = Success
'// Set oTpm to valid instance
iRetVal = GetTpmInstance()
TestAndFail iRetVal, 6734, "Get TPM Instance"
'// Set global booleans for TPM state. Error bubble handled by subs
iRetVal = GetTpmEnabled()
TestAndFail iRetVal, 6735, "Check to see if TPM is enabled"
iRetVal = GetTpmActivated()
TestAndFail iRetVal, 6736, "Check to see if TPM is activated"
iRetVal = GetTpmOwner()
TestAndFail iRetVal, 6737, "Check to see if TPM is owned"
iRetVal = GetTpmOwnershipAllowed()
TestAndFail iRetVal, 6738, "Check to see if TPM Ownership is allowed"
iRetVal = GetEndorsementKeyPairPresent()
oLogging.CreateEntry "TpmEnabled: " & bTpmEnabled, LogTypeInfo
oLogging.CreateEntry "TpmActivated: " & bTpmActivated, LogTypeInfo
oLogging.CreateEntry "TpmOwned: " & bTpmOwned, LogTypeInfo
oLogging.CreateEntry "TpmOwnershipAllowed: " & bTpmOwnershipAllowed, LogTypeInfo
oLogging.CreateEntry "EndorsementKeyPairPresent: " & bEndorsementKeyPairPresent, LogTypeInfo
'// Single instance check to allow future corrective action branching.
TestAndFail bTPMEnabled, 6739, "Check to see if TPM is enabled"
TestAndFail bTPMActivated, 6740, "Check to see if TPM is activated"
TestAndFail bTpmOwned or bTpmOwnershipAllowed , 6741, "Check to see if TPM is owned and ownership is allowed"
If bTpmOwned <> True AND bTpmOwnershipAllowed = True Then
If oEnvironment.Item("TpmOwnerPassword") <> "" Then
oLogging.CreateEntry "TPM Ownership being intiated.", LogTypeInfo
'iRetVal = SetTpmOwner(oEnvironment.Item("TpmOwnerPassword"))
TestAndFail iRetVal, 6741, "TPM Owner Password set"
ElseIf oEnvironment.Item("AdminPassword") <> "" Then
oLogging.CreateEntry "TPM Ownership being intiated with AdminP@ssword (not TPMOwnerP@ssword).", LogTypeInfo
'iRetVal = SetTpmOwner(oEnvironment.Item("AdminPassword"))
TestAndFail iRetVal, 6742, "TPM Owner P@ssword set to AdminP@ssword"
Else
oLogging.CreateEntry "TPM Ownership being intiated with Default p@ssword (not TPMOwnerP@ssword).", LogTypeInfo
'iRetVal = SetTpmOwner("M0nksH00d!4T3al")
TestAndFail iRetVal, 6743, "Set TPM Owner P@ssword to value"
End If
End If
TpmValidate = Success
End Function
Grab the StartMBAMEncryption.wsf script from
here
and edit out those same lines as above.
Added the following files to an MDT application.
Set the app to run cscript.exe startmbamencryption.wsf /MBAMServiceEndPoint:http://<yourmbamserver>/MBAMRecoveryAndHardwareService/CoreService.svc
Added the MBAM agent installer as an application
Added the MBAM agent to the task sequence
Added the Start MBAM Encryption app to the task sequence
Set OSDBitLockerMode=TPM and IsBDE=True in customsettings.ini
Made sure this was a bare metal machine where the TPM was clear (for testing, you can clear it from the BIOS, just make sure it is activated).
Ran the TS on the box.
Result:
BitLocker was pre-provisioned and activated, and MBAM took ownership of the TPM which escrowed the OwnerAuth info to MBAM. -
Hi
It says in the smsts.log file from the laptop:
Evaluating a WMI condition expression TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: root\cimv2 TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: SELECT * FROM Win32_DiskPartition WHERE DiskIndex = 0 and Index = 0 and Size = 100 TSManager 03-02-2015 13:34:58 7304 (0x1C88)
The condition for the action (Create BitLocker partition) is evaluated to be true TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: smsswd.exe /run: cmd.exe /c bdeHdCfg.exe -target default -size 300 -quiet TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Start executing the command line: smsswd.exe /run: cmd.exe /c bdeHdCfg.exe -target default -size 300 -quiet TSManager 03-02-2015 13:34:58 7304 (0x1C88)
!--------------------------------------------------------------------------------------------! TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: WinPEandFullOS TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Executing command line: smsswd.exe /run: cmd.exe /c bdeHdCfg.exe -target default -size 300 -quiet TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Creation event received for process 7976 mtrmgr 03-02-2015 13:34:58 4564 (0x11D4)
[ smsswd.exe ] InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
PackageID = '' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
BaseVar = '', ContinueOnError='' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
ProgramName = 'cmd.exe /c bdeHdCfg.exe -target default -size 300 -quiet' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
SwdAction = '0001' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
Getting linked token InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
failed to get the linked token information. It may not be available. Error 1312 InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
Process ID 7976 is for process C:\Windows\CCM\smsswd.exe mtrmgr 03-02-2015 13:34:58 4564 (0x11D4)
No matching rule found for process 7976 mtrmgr 03-02-2015 13:34:58 948 (0x03B4)
Working dir 'not set' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
Executing command line: Run command line InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
Creation event received for process 7452 mtrmgr 03-02-2015 13:34:58 4564 (0x11D4)
Process ID 7452 is for process C:\Windows\system32\cmd.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Found match against RuleID LGR00188 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Creation event received for process 7940 mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Tracked usage for process 7452 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Process ID 7940 is for process C:\Windows\system32\conhost.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Creation event received for process 3104 mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Found match against RuleID LGR00183 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Tracked usage for process 7940 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Process ID 3104 is for process C:\Windows\system32\BdeHdCfg.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Creation event received for process 7552 mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
No matching rule found for process 3104 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Process ID 7552 is for process C:\Windows\System32\vdsldr.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Creation event received for process 7152 mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
No matching rule found for process 7552 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Process ID 7152 is for process C:\Windows\System32\vds.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
No matching rule found for process 7152 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Termination event received for process 3104 mtrmgr 03-02-2015 13:35:00 4564 (0x11D4)
Termination event received for process 7452 mtrmgr 03-02-2015 13:35:00 4564 (0x11D4)
Process completed with exit code 3231711234 InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
Termination event received for process 7940 mtrmgr 03-02-2015 13:35:00 4564 (0x11D4)
BitLocker Drive Preparation Tool version 6.1.7601 InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
opyright (C) 2006-2008 Microsoft Corporation. InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
Command line returned 3231711234 InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
Termination event received for process 7976 mtrmgr 03-02-2015 13:35:01 4564 (0x11D4)
Process completed with exit code 3231711234 TSManager 03-02-2015 13:35:01 7304 (0x1C88)
!--------------------------------------------------------------------------------------------! TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Failed to run the action: Create BitLocker partition.
Unknown error (Error: C0A00002; Source: Unknown) TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set authenticator in transport TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set a global environment variable _SMSTSLastActionRetCode=-1063256062 TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Clear local default environment TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Failed to run the action: Create BitLocker partition. Execution has been aborted TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set authenticator in transport TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Failed to run the last action: Create BitLocker partition. Execution of task sequence failed.
Unknown error (Error: C0A00002; Source: Unknown) TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set authenticator in transport TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Termination event received for process 6188 mtrmgr 03-02-2015 13:35:03 4564 (0x11D4)
Termination event received for process 7552 mtrmgr 03-02-2015 13:35:06 4564 (0x11D4)
Task Sequence Engine failed! Code: enExecutionFail TSManager 03-02-2015 13:35:07 7304 (0x1C88)
**************************************************************************** TSManager 03-02-2015 13:35:07 7304 (0x1C88)
Task sequence execution failed with error code 80004005 TSManager 03-02-2015 13:35:07 7304 (0x1C88)Hi Jason
See below. The problem is that on some of our laptops not anywhere geographically close to our IT department, the laptop has been setup with 2 partitions and on some only with 1 partition (we used another deployment system 2 years ago), so I am trying
to prepare all our corporate laptops for Bitlocker encryption. The reason why I made this task sequence was to hit all those laptops that is not being reinstalled / installed again in the near future.
Do you have any suggestions, should it help to remove the cmd.exe /c in front of the Bitlocker cmd line ?
We have tried the MBAM solution, but in my opinion too many problems with the MBAM client. -
MBAM 2.0 fails prereq checks.
I am trying to install MBAM 2 with SCCM integration. I have installed and created the reports database on my sql rs point. I am trying to install the integration and getting the error cannot connect to reporting services point. I have checked and the
point is accesible and working from within SCCM. I can also view the report url and the
web service url using a browser from the server I am trying to install mbam on. Any ideas? I am using an account with domain admin permission and the install is being run as administrator. The account also has full permissions
with SCCM. I have pasted the log file below.
=== Verbose logging started: 12.11.2013 13:18:14 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\Windows\System32\msiexec.exe ===
MSI (c) (78:78) [13:18:14:612]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (78:78) [13:18:14:612]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (78:24) [13:18:14:628]: Resetting cached policy values
MSI (c) (78:24) [13:18:14:628]: Machine policy value 'Debug' is 0
MSI (c) (78:24) [13:18:14:628]: ******* RunEngine:
******* Product: C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MaltaServerSystemsSetup.2.0.5301.1.msi
******* Action:
******* CommandLine: **********
MSI (c) (78:24) [13:18:14:722]: Machine policy value 'DisableUserInstalls' is 0
MSI (c) (78:24) [13:18:14:737]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MaltaServerSystemsSetup.2.0.5301.1.msi' against software restriction policy
MSI (c) (78:24) [13:18:14:737]: SOFTWARE RESTRICTION POLICY: C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MaltaServerSystemsSetup.2.0.5301.1.msi has a
digital signature
MSI (c) (78:24) [13:18:14:784]: SOFTWARE RESTRICTION POLICY: C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MaltaServerSystemsSetup.2.0.5301.1.msi is permitted to run at the 'unrestricted' authorization level.
MSI (c) (78:24) [13:18:14:800]: Cloaking enabled.
MSI (c) (78:24) [13:18:14:800]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (78:24) [13:18:14:800]: End dialog not enabled
MSI (c) (78:24) [13:18:14:800]: Original package ==> C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MaltaServerSystemsSetup.2.0.5301.1.msi
MSI (c) (78:24) [13:18:14:800]: Package we're running from ==> C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MaltaServerSystemsSetup.2.0.5301.1.msi
MSI (c) (78:24) [13:18:14:800]: APPCOMPAT: Compatibility mode property overrides found.
MSI (c) (78:24) [13:18:14:800]: APPCOMPAT: looking for appcompat database entry with ProductCode '{D81934D7-20FC-46A9-9F2D-009961EAAA33}'.
MSI (c) (78:24) [13:18:14:800]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (78:24) [13:18:14:815]: MSCOREE not loaded loading copy from system32
MSI (c) (78:24) [13:18:14:815]: Machine policy value 'TransformsSecure' is 1
MSI (c) (78:24) [13:18:14:815]: Machine policy value 'DisablePatch' is 0
MSI (c) (78:24) [13:18:14:815]: Machine policy value 'AllowLockdownPatch' is 0
MSI (c) (78:24) [13:18:14:815]: Machine policy value 'DisableLUAPatching' is 0
MSI (c) (78:24) [13:18:14:815]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (c) (78:24) [13:18:14:815]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
MSI (c) (78:24) [13:18:14:815]: APPCOMPAT: looking for appcompat database entry with ProductCode '{D81934D7-20FC-46A9-9F2D-009961EAAA33}'.
MSI (c) (78:24) [13:18:14:815]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (78:24) [13:18:14:815]: Transforms are not secure.
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Temp\mbam.log'.
MSI (c) (78:24) [13:18:14:815]: Command Line: CURRENTDIRECTORY=C:\Users\\desktop\MBAM CLIENTUILEVEL=0 CLIENTPROCESSID=1144
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{512BA969-E4B0-4B0A-A2FF-36516BBF1524}'.
MSI (c) (78:24) [13:18:14:815]: Product Code passed to Engine.Initialize: ''
MSI (c) (78:24) [13:18:14:815]: Product Code from property table before transforms: '{D81934D7-20FC-46A9-9F2D-009961EAAA33}'
MSI (c) (78:24) [13:18:14:815]: Product Code from property table after transforms: '{D81934D7-20FC-46A9-9F2D-009961EAAA33}'
MSI (c) (78:24) [13:18:14:815]: Product not registered: beginning first-time install
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (c) (78:24) [13:18:14:815]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (c) (78:24) [13:18:14:815]: User policy value 'SearchOrder' is 'nmu'
MSI (c) (78:24) [13:18:14:815]: Adding new sources is allowed.
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (c) (78:24) [13:18:14:815]: Package name extracted from package path: 'MaltaServerSystemsSetup.2.0.5301.1.msi'
MSI (c) (78:24) [13:18:14:815]: Package to be registered: 'MaltaServerSystemsSetup.2.0.5301.1.msi'
MSI (c) (78:24) [13:18:14:815]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (c) (78:24) [13:18:14:815]: Machine policy value 'DisableMsi' is 1
MSI (c) (78:24) [13:18:14:815]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (78:24) [13:18:14:815]: User policy value 'AlwaysInstallElevated' is 1
MSI (c) (78:24) [13:18:14:815]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (c) (78:24) [13:18:14:815]: Running product '{D81934D7-20FC-46A9-9F2D-009961EAAA33}' with elevated privileges: Product is assigned.
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\\desktop\MBAM'.
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '1144'.
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (c) (78:24) [13:18:14:815]: TRANSFORMS property is now:
MSI (c) (78:24) [13:18:14:815]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '405'.
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\Favorites
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\Documents
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Local
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\Pictures
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Users\\Desktop
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (78:24) [13:18:14:815]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (c) (78:24) [13:18:14:815]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (c) (78:24) [13:18:14:831]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (78:24) [13:18:14:831]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (c) (78:24) [13:18:14:831]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (c) (78:24) [13:18:14:831]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (78:24) [13:18:14:831]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (78:24) [13:18:14:831]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Windows User'.
MSI (c) (78:24) [13:18:14:831]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (78:24) [13:18:14:831]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MaltaServerSystemsSetup.2.0.5301.1.msi'.
MSI (c) (78:24) [13:18:14:831]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MaltaServerSystemsSetup.2.0.5301.1.msi'.
MSI (c) (78:24) [13:18:14:831]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (78:24) [13:18:14:831]: EEUI - Running MsiEmbeddedUI code
MSI (c) (78:24) [13:18:14:831]: Creating MSIHANDLE (1) of type 790542 for thread 7460
MSI (c) (78:EC) [13:18:14:940]: Cloaking enabled.
MSI (c) (78:EC) [13:18:14:940]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (78:EC) [13:18:14:940]: Connected to service for CA interface.
MSI (c) (78!84) [13:18:15:003]: Creating MSIHANDLE (2) of type 790531 for thread 7812
SFXCA: Extracting embedded UI to temporary directory: C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101
MSI (c) (78!84) [13:18:15:003]: Closing MSIHANDLE (2) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:331]: Creating MSIHANDLE (3) of type 790531 for thread 7812
SFXCA: Binding to CLR version v2.0.50727
MSI (c) (78!84) [13:18:15:331]: Closing MSIHANDLE (3) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:503]: PROPERTY CHANGE: Adding MBAMCLIENTUSESEMBEDDEDUI property. Its value is 'True'.
MSI (c) (78!84) [13:18:15:503]: PROPERTY CHANGE: Adding EMBEDDEDUI_FAILED property. Its value is '1'.
MSI (c) (78!84) [13:18:15:518]: Creating MSIHANDLE (4) of type 790531 for thread 7812
EmbeddedUI.Initialize: Copying MBAMEmbeddedUI.resources.dll from C:\Users\\AppData\Local\Temp\2\MSI28101 to C:\Users\\AppData\Local\Temp\2\MSI28101\en-US
MSI (c) (78!84) [13:18:15:534]: Closing MSIHANDLE (4) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:534]: Creating MSIHANDLE (5) of type 790531 for thread 7812
EmbeddedUI.Initialize(), property ProductLanguage = 1033
MSI (c) (78!84) [13:18:15:534]: Closing MSIHANDLE (5) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:565]: Creating MSIHANDLE (6) of type 790531 for thread 7812
EmbeddedUI.Initialize(), UIThread initialized with culture en-US, 1033
MSI (c) (78!84) [13:18:15:565]: Closing MSIHANDLE (6) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:596]: Creating MSIHANDLE (7) of type 790531 for thread 7812
EmbeddedUI.Initialize(): Started
MSI (c) (78!84) [13:18:15:596]: Closing MSIHANDLE (7) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:612]: Creating MSIHANDLE (8) of type 790531 for thread 7812
EmbeddedUI.Initialize(): Parsing current UI settings
MSI (c) (78!84) [13:18:15:612]: Closing MSIHANDLE (8) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:628]: Creating MSIHANDLE (9) of type 790541 for thread 7812
MSI (c) (78!84) [13:18:15:628]: Creating MSIHANDLE (10) of type 790540 for thread 7812
MSI (c) (78!84) [13:18:15:643]: Creating MSIHANDLE (11) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:643]: Creating MSIHANDLE (12) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:643]: Closing MSIHANDLE (12) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:643]: Creating MSIHANDLE (13) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:643]: Closing MSIHANDLE (13) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (14) of type 790540 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (15) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (16) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Closing MSIHANDLE (16) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (17) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Closing MSIHANDLE (17) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (18) of type 790540 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (19) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (20) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Closing MSIHANDLE (20) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (21) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Closing MSIHANDLE (21) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:659]: Creating MSIHANDLE (22) of type 790531 for thread 7812
MBAM will use the complete user interface
MSI (c) (78!84) [13:18:15:659]: Closing MSIHANDLE (22) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:15:909]: Creating MSIHANDLE (23) of type 790531 for thread 7812
Navigating to page Welcome
MSI (c) (78!84) [13:18:15:909]: Closing MSIHANDLE (23) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:16:003]: PROPERTY CHANGE: Adding CEIPENABLED property. Its value is 'False'.
MSI (c) (78!84) [13:18:24:614]: Creating MSIHANDLE (24) of type 790531 for thread 7812
Navigating to page Eula
MSI (c) (78!84) [13:18:24:614]: Closing MSIHANDLE (24) of type 790531 for thread 7812
MSI (c) (78!E0) [13:18:24:629]: Closing MSIHANDLE (19) of type 790531 for thread 7812
MSI (c) (78!E0) [13:18:24:629]: Closing MSIHANDLE (18) of type 790540 for thread 7812
MSI (c) (78!E0) [13:18:24:629]: Closing MSIHANDLE (15) of type 790531 for thread 7812
MSI (c) (78!E0) [13:18:24:629]: Closing MSIHANDLE (14) of type 790540 for thread 7812
MSI (c) (78!E0) [13:18:24:629]: Closing MSIHANDLE (11) of type 790531 for thread 7812
MSI (c) (78!E0) [13:18:24:629]: Closing MSIHANDLE (10) of type 790540 for thread 7812
MSI (c) (78!84) [13:18:24:676]: PROPERTY CHANGE: Adding I_ACCEPT_ENDUSER_LICENSE_AGREEMENT property. Its value is 'False'.
MSI (c) (78!84) [13:18:28:618]: PROPERTY CHANGE: Modifying I_ACCEPT_ENDUSER_LICENSE_AGREEMENT property. Its current value is 'False'. Its new value: 'True'.
MSI (c) (78!84) [13:18:29:680]: Creating MSIHANDLE (25) of type 790531 for thread 7812
Navigating to page TopologySelection
MSI (c) (78!84) [13:18:29:680]: Closing MSIHANDLE (25) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:29:696]: PROPERTY CHANGE: Adding TOPOLOGY property. Its value is '0'.
MSI (c) (78!84) [13:18:31:305]: PROPERTY CHANGE: Modifying TOPOLOGY property. Its current value is '0'. Its new value: '1'.
MSI (c) (78!84) [13:18:32:165]: Creating MSIHANDLE (26) of type 790531 for thread 7812
Navigating to page Features
MSI (c) (78!84) [13:18:32:165]: Closing MSIHANDLE (26) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:43:960]: Creating MSIHANDLE (27) of type 790531 for thread 7812
Navigating to page Prerequisites
MSI (c) (78!84) [13:18:43:960]: Closing MSIHANDLE (27) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:43:991]: Creating MSIHANDLE (28) of type 790531 for thread 7812
Checking Prerequisites
MSI (c) (78!84) [13:18:43:991]: Closing MSIHANDLE (28) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:092]: Creating MSIHANDLE (29) of type 790531 for thread 7812
CheckForPrerequisites CA: Begin CustomAction
MSI (c) (78!84) [13:18:44:093]: Closing MSIHANDLE (29) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:101]: Creating MSIHANDLE (30) of type 790531 for thread 7812
CheckForPrerequisites CA: Starting operating system prerequisites property check
MSI (c) (78!84) [13:18:44:101]: Closing MSIHANDLE (30) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:102]: Creating MSIHANDLE (31) of type 790531 for thread 7812
CheckForPrerequisites CA: OS VersionNT: 601
MSI (c) (78!84) [13:18:44:103]: Closing MSIHANDLE (31) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:103]: Creating MSIHANDLE (32) of type 790531 for thread 7812
CheckForPrerequisites CA: Operating System ServicePackLevel: 1
MSI (c) (78!84) [13:18:44:103]: Closing MSIHANDLE (32) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:104]: Creating MSIHANDLE (33) of type 790531 for thread 7812
CheckForPrerequisites CA: OS MsiNTProductType: 3
MSI (c) (78!84) [13:18:44:104]: Closing MSIHANDLE (33) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:133]: Creating MSIHANDLE (34) of type 790531 for thread 7812
Performing CM prerequisite checks
MSI (c) (78!84) [13:18:44:133]: Closing MSIHANDLE (34) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:133]: Creating MSIHANDLE (35) of type 790531 for thread 7812
Checking CM connectivity.
MSI (c) (78!84) [13:18:44:134]: Closing MSIHANDLE (35) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:903]: Creating MSIHANDLE (36) of type 790531 for thread 7812
Checking CM version.
MSI (c) (78!84) [13:18:44:904]: Closing MSIHANDLE (36) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:44:908]: Creating MSIHANDLE (37) of type 790531 for thread 7812
Checking CM user permissions.
MSI (c) (78!84) [13:18:44:908]: Closing MSIHANDLE (37) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:45:070]: Creating MSIHANDLE (38) of type 790531 for thread 7812
Checking that the CM server is considered a primary site CM system.
MSI (c) (78!84) [13:18:45:070]: Closing MSIHANDLE (38) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:45:328]: Creating MSIHANDLE (39) of type 790531 for thread 7812
Checking that the CM server has the Desired Configuration Management (DCM) agent enabled.
MSI (c) (78!84) [13:18:45:328]: Closing MSIHANDLE (39) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:45:329]: Creating MSIHANDLE (40) of type 790531 for thread 7812
Checking that the CM server has the Hardware Inventory agent enabled.
MSI (c) (78!84) [13:18:45:331]: Closing MSIHANDLE (40) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:45:331]: Creating MSIHANDLE (41) of type 790531 for thread 7812
Checking that CM has SQL Server Reporting Services (SSRS) integration
MSI (c) (78!84) [13:18:45:331]: Closing MSIHANDLE (41) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:45:544]: Creating MSIHANDLE (42) of type 790531 for thread 7812
Checking SSRS user permissions.
MSI (c) (78!84) [13:18:45:544]: Closing MSIHANDLE (42) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:47:343]: Creating MSIHANDLE (43) of type 790531 for thread 7812
Checking if any CM objects are already installed.
MSI (c) (78!84) [13:18:47:344]: Closing MSIHANDLE (43) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:47:348]: Creating MSIHANDLE (44) of type 790531 for thread 7812
CA DetectCmObjects started.
MSI (c) (78!84) [13:18:47:348]: Closing MSIHANDLE (44) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:47:349]: Creating MSIHANDLE (45) of type 790531 for thread 7812
CaId:11, DetectCmReports started.
MSI (c) (78!84) [13:18:47:350]: Closing MSIHANDLE (45) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:47:493]: Creating MSIHANDLE (46) of type 790531 for thread 7812
Connection with CM established.
MSI (c) (78!84) [13:18:47:494]: Closing MSIHANDLE (46) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:48:127]: Creating MSIHANDLE (47) of type 790531 for thread 7812
CaId:11, DetectCmReports ended.
MSI (c) (78!84) [13:18:48:127]: Closing MSIHANDLE (47) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:48:128]: Creating MSIHANDLE (48) of type 790531 for thread 7812
CaId:12, DetectBaselinesToCollectionsAssignment started.
MSI (c) (78!84) [13:18:48:128]: Closing MSIHANDLE (48) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:48:267]: Creating MSIHANDLE (49) of type 790531 for thread 7812
Connection with CM established.
MSI (c) (78!84) [13:18:48:268]: Closing MSIHANDLE (49) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:48:544]: Creating MSIHANDLE (50) of type 790531 for thread 7812
File C:\Users\\AppData\Local\Temp\2\okjrmip4.ze1\assignments.xml was successfully extracted
MSI (c) (78!84) [13:18:48:545]: Closing MSIHANDLE (50) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:48:880]: Creating MSIHANDLE (51) of type 790531 for thread 7812
CaId:12, DetectBaselinesToCollectionsAssignment ended.
MSI (c) (78!84) [13:18:48:881]: Closing MSIHANDLE (51) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:48:881]: Creating MSIHANDLE (52) of type 790531 for thread 7812
CaId:13, DetectCmBaselines started.
MSI (c) (78!84) [13:18:48:881]: Closing MSIHANDLE (52) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:49:026]: Creating MSIHANDLE (53) of type 790531 for thread 7812
Connection with CM established.
MSI (c) (78!84) [13:18:49:027]: Closing MSIHANDLE (53) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:49:292]: Creating MSIHANDLE (54) of type 790531 for thread 7812
File C:\Users\\AppData\Local\Temp\2\d31knr2o.e4k\Baseline_2012.xml was successfully extracted
MSI (c) (78!84) [13:18:49:292]: Closing MSIHANDLE (54) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:49:536]: Creating MSIHANDLE (55) of type 790531 for thread 7812
CaId:13, DetectCmBaselines ended.
MSI (c) (78!84) [13:18:49:537]: Closing MSIHANDLE (55) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:49:537]: Creating MSIHANDLE (56) of type 790531 for thread 7812
CaId:14, DetectCmConfigItems started.
MSI (c) (78!84) [13:18:49:538]: Closing MSIHANDLE (56) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:49:691]: Creating MSIHANDLE (57) of type 790531 for thread 7812
Connection with CM established.
MSI (c) (78!84) [13:18:49:692]: Closing MSIHANDLE (57) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:49:985]: Creating MSIHANDLE (58) of type 790531 for thread 7812
File C:\Users\\AppData\Local\Temp\2\w2ioiprd.04r\CI_FDD_2012.xml was successfully extracted
MSI (c) (78!84) [13:18:49:986]: Closing MSIHANDLE (58) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:49:987]: Creating MSIHANDLE (59) of type 790531 for thread 7812
File C:\Users\\AppData\Local\Temp\2\w2ioiprd.04r\CI_OSD_2012.xml was successfully extracted
MSI (c) (78!84) [13:18:49:988]: Closing MSIHANDLE (59) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:50:877]: Creating MSIHANDLE (60) of type 790531 for thread 7812
CaId:14, DetectCmConfigItems ended.
MSI (c) (78!84) [13:18:50:877]: Closing MSIHANDLE (60) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:50:877]: Creating MSIHANDLE (61) of type 790531 for thread 7812
CaId:15, DetectCmCollections started.
MSI (c) (78!84) [13:18:50:878]: Closing MSIHANDLE (61) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:51:003]: Creating MSIHANDLE (62) of type 790531 for thread 7812
Connection with CM established.
MSI (c) (78!84) [13:18:51:003]: Closing MSIHANDLE (62) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:51:005]: Creating MSIHANDLE (63) of type 790531 for thread 7812
CaId:15, DetectCmCollections ended.
MSI (c) (78!84) [13:18:51:006]: Closing MSIHANDLE (63) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:51:006]: Creating MSIHANDLE (64) of type 790531 for thread 7812
CA DetectCmObjects ended.
MSI (c) (78!84) [13:18:51:006]: Closing MSIHANDLE (64) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:51:006]: Creating MSIHANDLE (65) of type 790531 for thread 7812
CheckForPrerequisites CA: Starting policy prereq check
MSI (c) (78!84) [13:18:51:006]: Closing MSIHANDLE (65) of type 790531 for thread 7812
MSI (c) (78!84) [13:18:51:006]: Creating MSIHANDLE (66) of type 790531 for thread 7812
CheckForPrerequisites CA: End of prereq checks
MSI (c) (78!84) [13:18:51:007]: Closing MSIHANDLE (66) of type 790531 for thread 7812
MSI (c) (78:78) [13:48:55:767]: RunEngine wait timed out
MSI (c) (78:78) [13:48:55:803]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (78!84) [14:20:20:185]: Creating MSIHANDLE (67) of type 790531 for thread 7812
SFXCA: Initialization canceled by user.
MSI (c) (78!84) [14:20:20:185]: Closing MSIHANDLE (67) of type 790531 for thread 7812
MSI (c) (78:24) [14:20:20:519]: Closing MSIHANDLE (1) of type 790542 for thread 7460
MSI (c) (78:24) [14:20:20:519]: PROPERTY CHANGE: Adding MSICLIENTUSESEMBEDDEDUI property. Its value is '1'.
MSI (c) (78:24) [14:20:20:519]: PROPERTY CHANGE: Modifying CLIENTUILEVEL property. Its current value is '0'. Its new value: '3'.
=== Logging started: 12.11.2013 14:20:20 ===
MSI (c) (78:78) [14:20:20:519]: Creating MSIHANDLE (68) of type 790531 for thread 5240
MSI (c) (78:78) [14:20:20:520]: Closing MSIHANDLE (68) of type 790531 for thread 5240
MSI (c) (78:24) [14:20:20:520]: Note: 1: 2205 2: 3: PatchPackage
MSI (c) (78:24) [14:20:20:520]: Machine policy value 'DisableRollback' is 0
MSI (c) (78:24) [14:20:20:520]: User policy value 'DisableRollback' is 0
MSI (c) (78:24) [14:20:20:520]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
MSI (c) (78:78) [14:20:20:520]: Creating MSIHANDLE (69) of type 790531 for thread 5240
MSI (c) (78:78) [14:20:20:521]: Closing MSIHANDLE (69) of type 790531 for thread 5240
MSI (c) (78:78) [14:20:20:521]: Creating MSIHANDLE (70) of type 790531 for thread 5240
MSI (c) (78:78) [14:20:20:521]: Closing MSIHANDLE (70) of type 790531 for thread 5240
MSI (c) (78:24) [14:20:20:521]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (c) (78:24) [14:20:20:521]: Doing action: INSTALL
MSI (c) (78:78) [14:20:20:521]: Creating MSIHANDLE (71) of type 790531 for thread 5240
MSI (c) (78:78) [14:20:20:522]: Closing MSIHANDLE (71) of type 790531 for thread 5240
MSI (c) (78:24) [14:20:20:523]: Destroying RemoteAPI object.
MSI (c) (78:EC) [14:20:20:546]: Custom Action Manager thread ending.
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\adminui.wqlqueryengine.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\ComputerPicker.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\CustomAction.config'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting folder 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\en-us'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\en-us\MBAMEmbeddedUI.resources.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\en-us\MBAMServerCAs.resources.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\Interop.TaskScheduler.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\Interop.WUApiLib.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\MBAMEmbeddedUI.CA.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\MBAMEmbeddedUI.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\MBAMEmbeddedUI.resources.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\MBAMServerCAs.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\MBAMServerCAs.resources.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\microsoft.configurationmanagement.managementprovider.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\Microsoft.Deployment.WindowsInstaller.dll'
MSI (c) (78:24) [14:20:20:546]: FDeleteFolder: Deleting file 'C:\Users\ADMINI~1.AKV\AppData\Local\Temp\2\MSI28101\Microsoft.MBAM.ConfigManagerWrappers.dll'
MSI (c) (78:24) [14:20:20:561]: EEUI - Error while trying to remove temporary directory
=== Logging stopped: 12.11.2013 14:20:20 ===
MSI (c) (78:24) [14:20:20:561]: Note: 1: 1708
MSI (c) (78:24) [14:20:20:561]: Product: Microsoft BitLocker Administration and Monitoring -- Installation failed.
MSI (c) (78:24) [14:20:20:561]: Windows Installer installed the product. Product Name: Microsoft BitLocker Administration and Monitoring. Product Version: 2.0.5301.1. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error
status: 1602.
MSI (c) (78:24) [14:20:20:561]: Grabbed execution mutex.
MSI (c) (78:24) [14:20:20:561]: Cleaning up uninstalled install packages, if any exist
MSI (c) (78:24) [14:20:20:561]: MainEngineThread is returning 1602
=== Verbose logging stopped: 12.11.2013 14:20:20 ===
Thanks in advance for any assistance.i have same problem on my lab.
I have sccm 2012 R2
sql 2012 sp1
mbam 2.0 sp1
...previously i don't have this problem with sccm 2012 R1 + sql 2008r2 + mbam 2.0 no SP
but after the upgrade to sql 2012sp1 and r2 of sccm
i have desinstalled mbam 2.0 and reinstalled with the mbam 2.0 sp1.
same problem on 2 servers...the local intranet don't change anything to me, error cannot connect to reporting services point
user full right on all database, the user is admin of ssrs, admin of sccm, admin of the server.... -
MBAM and BitLocker - How to do it in Best Practice
Hi!
I have a situation where I want to implement MBAM in our environment. What I have at the moment:
1x all-in-one MBAM server (SQL 2012R2 Standard at the same server).
SCCM 2012R2 CU3 Integration
GPO´s are ready and published to the correct OU (Laptops)
MBAM Client is in SCCM and tested - Working great. Not published yet cause we are in pilot at the moment
MBAM is working fine and all recovery keys are stored in DB.
My question is - How to deploy MBAM to old computers that are allready in use - The correct way to do it so that recovery keys and TPM recovery password are all stored in MBAM DB? I mean I know how to set MBAM correctly up while using SCCM and TS but I can´t
get it to work in old computers - TPM passwords are not presented. MBAM Client can´t take ownership of TPM cause Windows has allready done that.
I was able to get TPM password to MBAM DB if I disable Auto-provisioning and Clearing the TPM
$tpm=get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm
$tpm.DisableAutoProvisioning()
$tpm. SetPhysicalPresenceRequest(22)
then running MBAM wizard (for the first time!). But how to make it fully automatic so that all computers that are in use will be like that? Do I have to make a script to disable auto-provisioning and then restart and start MBAM or is there any other solution
for that?
Best Regards,
TaaviAre you using MDT/SCCM for deployment?
Can you take a procmon while running the command and then see what all registries it is touching? you can then modify the install.wim of your MDT/SCCM deployment share and add those registry keys there. It depends on hardware to hardware, following registry
keys worked for me once. by the same way;
[HKEY_LOCAL_MACHINE\WimRegistry\ControlSet001\Services\TPM\WMI]
"NoAutoProvision"=dword:00000001
"NoDisableOwnerClear"=dword:00000001
Mayank Sharma Support Engineer at Microsoft working in Enterprise Platform Support. -
MBAM on Workgroup (non-domain) Computers
Hi,
is it possible to manage non-domain computers with MBAM to deploy bitlocker?
assuming policy is set by local policy or registry settings.
thanks ahead,I was thinking the same as it was pointed in this thread - you will not be able to store keys on SQL database, because it´s relied on AD:
http://social.technet.microsoft.com/Forums/en-US/8eea1337-9cc7-47d4-87ca-83428abdce83/mbam-for-work-group-computers?forum=mdopmbam -
Hi,
I have deployed MBAM Server+SQL & agent to one of the client machine in testing environment.
I am able to encrypt the laptop & status is now showing as Complaint in Reporting console.Now the main issue is :
1.What will be status of the laptop if i decrypt the drives ?
2. What if ,I Rejoined a encrypted machine into domain ?
3.What If I ,Renamed a computer which has MBAM drive encryption ?
4.Can i delete the hostname from MBAM Compliance report if the host is not reported for more than X days?
Also suggest various test scenarios.
Awaiting for our reply.
Thanks,
David.You need to enable the policy "Configure user exemption policy"
and can define any of the settings for Phone Number, Mailing Address or Website URL. This message user will
get to request for the exemption.
you need to create a MBAM GPO and filter it out to a following security group of which the exempted computer will be
a member of.
So when you change the compatibility of the machine to compatible, user will be prompted for the encryption. User will
click on the request for the exemption and will get a message to contact the MBAM Administrator by the mean defined in the exemption policy. After the submit of the request MBAM Admin will decide whether to exempt the user from encryption or not.
Method for the exemption:-
- Create a domain security group
- Configure the user exemption policies to exempt user from encryption
- Set a time limit for the exemption.
- Filter out the exemption policy to the created domain security group. add the user as a member of this particular security group.
For more help you can go through this particular link:-
http://technet.microsoft.com/en-us/library/jj571516.aspx
Let us know if it has solved your problem so that other can be benefited from it.
Gaurav Ranjan -
We are doing a deploy of MBAM 2.5 and as required, we have installed SQL 2012. A part of the setup is setting the required permissions in SQL. I am definitely not a DBA and do not have access to someone who knows it well. Can anyone walk me through setting
the correct permissions from the following http://technet.microsoft.com/en-us/library/dn645331.aspx ? I am a novice with SQL, but can follow instruction.
In particular the pieces on:
Prerequisites for the Recovery Database
Required SQL Server permissions
Required permissions:
SQL Server instance login server roles:
dbcreator
processadmin
SQL Server Reporting Services instance rights:
Create Folders
Publish Reports
Prerequisites for the Compliance and Audit Database
Required SQL Server permissions
Required permissions:
SQL Server instance login server roles:
dbcreator
processadmin
SQL Server Reporting Services instance rights:
Create Folders
Publish Reports
Prerequisites for the Reports
SSRS instance rights – required for configuring Reports only if you are installing databases on a separate server from the server where Reports are configured.
Required instance rights:
Create Folders
Publish Reports
Thanks in advanceHello,
The permissions to create folders and publish reports are needed only if you have a separate SQL Server for reports (Reporting Services
on a separate server). You don’t have that scenario?
Anyway, in case you have that scenario, the following resources should help:
http://technet.microsoft.com/en-us/library/aa337471(v=sql.105).aspx
(Publisher role has permissions to add reports and create folders)
http://technet.microsoft.com/en-us/library/aa337471(v=sql.105).aspx
Hope this helps.
Regards,
Alberto Morillo
SQLCoffee.com
Maybe you are looking for
-
FCP 6.0.1 keeps crashing on a project
I have a project I started with Final Cut Pro 5.0.4. I've moved up to 6.0.1 and it keeps crashing. I've edited 4 other projects and things are fine with 6.0.1. I've tried clearing out the preferences already and that does not seem to make a differenc
-
Header Text Of The PR to PO creation: Header Copy Rule
Hi Friends, Is there any workaround to set copy rule at header note of PR . As standard sap, there is no header text rule available; may be multiple PRs can be converted into single PO. But I still needed this functionality as there would be only PR
-
Unable to see imported RFCs in the BPM
Hi, I want to invoke a BAPI from a BPM, but I am unable to see the BAPI request / response interfaces in the BPM. I am trying to create Containers and Transformations in the BPM, but I am unable to select the BAPI request / response interfaces. What
-
How to get name and information in paypass credit card
i already can take information about name, card no , expirer date, card type for all the credit card... only left the paypass i cannot take the info can anyone help me?? i only face in the problem that dunno wat the APDU to use in paypass cause all t
-
Advice please on how to add a shopping cart in iweb
Hi I am going to re-vamp my iweb created website and was wondering if anyone could advise me on how to add a shopping cart please, and which one would you suggest...? Paypal...? I use GoDaddy to host my site and publish through MobileMe. Also, bit of