MBAM - Unable to retrieve TPM Owner Password File
I am unable to retrieve the TPM owner password file from MBAM. My user account is a member of the advanced help desk users group when viewing the MBAM web site. I provide the mandatory fields computer domain and computer name. The MBAM website replies back asking me to enter correct machine information. The machine information I am providing is from a computer name that is compliant under the compliance report. Event viewer on the MBAM server shows no errors. Can you help me figure out how to get past this error? I've tried entering the computer name information into the Manage TPM section for various computer accounts that are compliant but haven't been able to receive anything back yet. MCITP Windows 7 MCTS Windows Server 2008
November 19th, 2011 5:12pm

Thanks, Leo... Seems as if some other people are having a similar issue with not being able to retrieve the TPM owner information from the web site: http://social.technet.microsoft.com/Forums/en-IE/w7itprosecurity/thread/307f1aaa-6b1a-4de5-9d29-eda1e91c954a http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/343bec4a-7b47-498b-a177-643002a59bea Manoj states to clear the TPM in the BIOS and allow the MBAMClientUI.exe window to initialize and take ownership of the TPM. This process is supposed to push the TPM information in to the MBAM database, but I have not had any success with this technique. Still looking for resolution... :-)MCITP Windows 7 MCTS Windows Server 2008
Free Windows Admin Tool Kit Click here and download it now
November 22nd, 2011 7:56am

If you want to check if MBAM has the information in SQL, then open SQL Mgmt Studio and under MBAM Recovery and Hardware DB, check this table "RecoveryandHardwareCore.Users". Right click this table and select top 1000 rows. On right side you will see the TPM hash for your machines. If MBAM was used to initialize TPM, then you will see hash information, otherwise you will see NULL. check this if you hit error: 2640178 MBAM fails to take ownership of TPM http://support.microsoft.com/kb/2640178 I hope this helps. Manoj Sehgal
November 22nd, 2011 4:08pm

Manoj, Thanks again for the continued support. I did not find the TpmPasswordHash value in the RecoveryandHardwareCore.Users table but I did locate the value in the RecoveryAndHardwareCore.Machines table. Several values for TpmPasswordHash are listed in the table and are not NULL. However, the MBAM website still does not allow me to manage the TPM :-\ Have you or anyone been able to get this feature to work? Or is Microsoft just dangling a carrott for the version two release? :) ~GregMCITP Windows 7 MCTS Windows Server 2008
Free Windows Admin Tool Kit Click here and download it now
November 22nd, 2011 4:20pm

Greg, Computer domain and computer name field is required to get the TPM hash key from MBAM console. Look in RecoveryAndHardwareCore.Machines table, check the computer name for which you see the TPM hash and try again. It works all the time for me correctly. Your account is a member of which MBAM Groups? Manoj Sehgal
November 22nd, 2011 4:34pm

Hey Manoj, My user account is a member of the Advanced Help Desk Users group on the MBAM server. I can do a straight copy of the computer name from the RecoveryAndHardwareCore.Machines table and still reproduce the error with both NetBIOS and FQDN domain names. No errors show up in event viewer on the server. MBAM web site still replies back with the error message "Please enter correct Machine Information". Crazy right? MCITP Windows 7 MCTS Windows Server 2008
Free Windows Admin Tool Kit Click here and download it now
November 22nd, 2011 4:43pm

Greg, Just to verify your account is a member of only MBAM Advance Helpdesk Group. It is not a member of any other group, like MBAM System Administrators, Is this correct? Manoj Sehgal
November 22nd, 2011 4:50pm

That's correct. My user account is only a member of the MBAM Advanced Helpdesk Users group. The TPM information is making it in to the database. So I'm halfway there. Just can't retrieve this information from the web service...MCITP Windows 7 MCTS Windows Server 2008
Free Windows Admin Tool Kit Click here and download it now
November 22nd, 2011 6:02pm

Hi, Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
November 23rd, 2011 1:45am

Greg, I tested this with my account only member of MBAM Advance Helpdesk users group and it worked. I used just NetBIOS domain name. Also, can you check this - 1. login to the machine using the account which is a member of mbam advance helpdesk user. 2. Open MBAM console from web browser and then check if you can see the TPM hash password. I hope this works for you Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
November 25th, 2011 10:09am

Well, if it works for you and doesn't for me, then I'm SOL. I attempted to access the TPM key information by logging on to the server that hosts the web service with my user account as part of the advanced help desk users group but still didn't have any luck. The TPM values are making it in to the database. So I think there may be something up with the installation or a registry setting. I'll try a reinstall of the web service next... ~GregMCITP Windows 7 MCTS Windows Server 2008
November 25th, 2011 3:49pm

Does your machine gets rebooted before the start of the encryption process. Before the encryption MBAM initializes the TPM and store the TPM owner information.after that Prompts for a restart. this is the exact process for the MBAM server to get the TPM ownership info. So make sure your machine gets a rebbot prompted by the MBAM while encryption. If this happens, Check the following key mentioned by Manoj, you will find it there. this is the way it works.Gaurav Ranjan
Free Windows Admin Tool Kit Click here and download it now
March 3rd, 2012 7:36am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics