MBAM BitLocker Administration and Monitoring Reports: Cannot access MBAM reports from outside of MBAM report server
*modified original post to update this issue, issue 1 of 2 has been resolved, so I removed it from the post*
We are able to access all reporting features when logged in directly to the sever, however when trying to access the reports URL from another computer it constantly prompts for username/password and does not allow access. BitLocker Client Management services
are running on the machines that are in my trial run, GPO has pushed the settings, all have been verified and reports are working and recieving data, just cannot access the reports from outside of the server.
I have created the below security groups in Active Directory and added them as recommended to the corresponding local groups on the reporting server(s), but still getting a password prompt when trying to access the report section of the reports url (from
another computer): http://<servername:port>/Reports.aspx
MBAM Advanced Helpdesk User
MBAM Hardware Users
MBAM Helpdesk Users
MBAM Report Users
MBAM System Administrators
Below is a screenshot of the local MBAM Report Users group on the reporting server:
The issue appears to be with IIS and accessing the reports services. I've followed the setup of local security groups and Active Directory security groups, going to rebuild that piece again.
If I authenticate as the local administrator on the server, all reports work fine
August 31st, 2011 7:25pm
- Update
Enterprise Compliance Report now seems to be working, all 3 systems that I'm testing with are now reporting on it.
Still having an issue with access the reports page when accessing thr url without being physically logged on to the Admin/Monitoring server.
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2011 11:28pm
Hi,
Please add the user ID to
MBAM Report Users group.
MBAM Report Users have access to the Compliance
and Audit reports from BitLocker Administration and Monitoring. The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Reports Server, and Compliance Status Database Server.
Also check Bitlocker Management Client Service is automatic started.
Enable the reporting URL and MBAM backend services on GPO, the backend URL is:
http://mbam01:8080/MBAMRecoveryAndHardwareService/CoreService.svc
And Report services is:
http://mbam01:8080/MBAMComplianceStatusService/StatusReportingService.svc
More detail you can refer this article:
MBAM
Step by Step ( BitLocker Administration and Monitoring )
http://ahmedhusseinonline.com/2011/07/mbam-step-by-step-bitlocker-administration-and-monitoring/
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
Hope that helps.
Regards,
Leo
Huang
TechNet
Subscriber Support in forum. If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 1st, 2011 12:44pm
Thanks for the help.
We are able to access all reporting features when logged in directly to the sever, however when trying to access the reports URL from another computer it constantly prompts for username/password and does not allow access. BitLocker Client Management services
are running on the machines that are in my trial run, GPO has pushed the settings, all have been verified and reports are working and recieving data, just cannot access the reports from outside of the server.
I have created the below security groups in Active Directory and added them as recommended to the corresponding local groups on the reporting server(s), but still getting a password prompt when trying to access the report section of the reports url (from
another computer):
http://<servername:port>/Reports.aspx
MBAM Advanced Helpdesk User
MBAM Hardware Users
MBAM Helpdesk Users
MBAM Report Users
MBAM System Administrators
Below is a screenshot of the local MBAM Report Users group on the reporting server:
Thanks for the link, I have looked over that page previously and unfortunately it doesn't go into much detail regarding accessing the reports and security setup.
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2011 3:47pm
Hi,
Please try to follow steps below to create a new registry key on MBAM Server where you have MBAM Administration and Monitoring Server role installed.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry
Editor at your own risk.
For information about how to back up, restore, and edit the registry, click the following article:
Description of the Microsoft Windows Registry
http://support.microsoft.com/kb/256986/EN-US
===================================
a. Start Registry Editor.
b. Navigate to following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft
c. On the Edit menu, click New -> Key, and add the following registry key value:
MBAM
d. Under the newly created registry key name, on the Edit menu, click New -> DWORD (32-bit) Value and name it as:
DisableMachineVerification
e. Set the value to 1.
f. Exit Registry Editor.
After you make these changes, you must restart the MBAM server for the modifications to take effect.
Note: The above registry key has nothing to do with hardware compatibility checking on the server and hardware compatibility check functionality still works as designed.
MORE INFORMATION
For further information on MBAM and how it can help your environment, please consult the following documentation.
Planning Guide:
http://onlinehelp.microsoft.com/en-us/mdop/hh285653.aspx
Deployment Guide:
http://onlinehelp.microsoft.com/en-us/mdop/hh285644.aspx
Operations Guide:
http://onlinehelp.microsoft.com/en-us/mdop/hh285664.aspx
Troubleshooting MBAM:
http://onlinehelp.microsoft.com/en-us/mdop/hh352745.aspx
Best regards,
Spencer Shi
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 6th, 2011 11:02am
Thanks for the reply, the steps you've mentioned have already been done and as mentioned reporting is working fine on the server itself. All pc's that have been setup are reporting in.
The problem I am having is accessing the report pages from outside of the server. The post above yours has more detail.
Thanks!
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2011 8:58am
Nobody has any ideas?
September 14th, 2011 9:46am