Alright so we have the server setup and the client machines are checking in but we are not getting any data wrote to the MBAM Compliance Status DB. I have let a machine set a few days to make sure it just didn't need some extra time to check in. What I am trying to figure out is what pushes that information to the DB. I understand how the MBAM Recovery and Hardware DB is populated we tell the client with the reg key where to go. Any help would be great if you need anything from me let me know. Thanks in advance I have also already tried the CreateCache trick and made sure it was pointing at the correct DB with no luck.

MBAM Logs on client: Event Viewer Application and Services Logs Microsoft Windows MBAM MBAM Logs on Server: Event Viewer Windows Logs Application Logs 1. Policies for MBAM on client: On Windows 7 client open registry HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1 2. There is a random delay of up to 90 minutes when MBAM service starts on windows 7 client. If you dont want random delay, then create a dword value NoStartupDelay under HKLM\Software\Microsoft\MBAM and set its value to 1. Restart the MBAM Client Service and then client will talk to server in 1 minute. If you hit this error on client, then follow the work around on this KB 2612822 Computer Record is Rejected in MBAM http://support.microsoft.com/kb/2612822 check MBAM logs on win7 client to see if there are any error messages.Manoj Sehgal

MBAM Logs on client: Event Viewer Application and Services Logs Microsoft Windows MBAM MBAM Logs on Server: Event Viewer Windows Logs Application Logs 1. Policies for MBAM on client: On Windows 7 client open registry HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1 2. There is a random delay of up to 90 minutes when MBAM service starts on windows 7 client. If you dont want random delay, then create a dword value NoStartupDelay under HKLM\Software\Microsoft\MBAM and set its value to 1. Restart the MBAM Client Service and then client will talk to server in 1 minute. If you hit this error on client, then follow the work around on this KB 2612822 Computer Record is Rejected in MBAM http://support.microsoft.com/kb/2612822 check MBAM logs on win7 client to see if there are any error messages.Manoj Sehgal

Thanks in advance for the help. So I have noticed this before. For some reason it is pointing to C:\inetpub\Malta BitLocker Management Solution\Help Desk Website\reports\pages\web.config line 75 When MBAM installs we never have the reports\pages\ directories so I have to manually create them. Is a file pointing to the wrong spot or am I suppose to have those directories when it installs? Also I replaced are servers name with servername. Log Name: Application Source: ASP.NET 2.0.50727.0 Date: 8/24/2012 8:43:14 AM Event ID: 1310 Task Category: Web Event Level: Warning Keywords: Classic User: N/A Computer: Servername Description: Event code: 3008 Event message: A configuration error has occurred. Event time: 8/24/2012 8:43:14 AM Event time (UTC): 8/24/2012 3:43:14 PM Event ID: 7adb072ced2c48d3a358f43c45acba68 Event sequence: 2 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-129902965938578803 Trust level: Full Application Virtual Path: / Application Path: C:\inetpub\Malta BitLocker Management Solution\Help Desk Website\ Machine name: Servername Process information: Process ID: 4820 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: ConfigurationErrorsException Exception message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (C:\inetpub\Malta BitLocker Management Solution\Help Desk Website\reports\pages\web.config line 75) Request information: Request URL: http://servername.com:8080/Reports/Pages/Folder.aspx Request path: /Reports/Pages/Folder.aspx User host address: fe80::1868:99f:c0d4:5b32Full User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 6 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal) at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) at System.Configuration.BaseConfigurationRecord.GetSection(String configKey) at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName) at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index) at System.Web.Configuration.RuntimeConfig.get_Identity() at System.Web.HttpContext.SetImpersonationEnabled() at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) Custom event details: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="ASP.NET 2.0.50727.0" /> <EventID Qualifiers="32768">1310</EventID> <Level>3</Level> <Task>3</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-08-24T15:43:14.000000000Z" /> <EventRecordID>16429</EventRecordID> <Channel>Application</Channel> <Computer>servername.com</Computer> <Security /> </System> <EventData> <Data>3008</Data> <Data>A configuration error has occurred.</Data> <Data>8/24/2012 8:43:14 AM</Data> <Data>8/24/2012 3:43:14 PM</Data> <Data>7adb072ced2c48d3a358f43c45acba68</Data> <Data>2</Data> <Data>1</Data> <Data>0</Data> <Data>/LM/W3SVC/2/ROOT-1-129902965938578803</Data> <Data>Full</Data> <Data>/</Data> <Data>C:\inetpub\Malta BitLocker Management Solution\Help Desk Website\</Data> <Data>Servername</Data> <Data> </Data> <Data>4820</Data> <Data>w3wp.exe</Data> <Data>NT AUTHORITY\NETWORK SERVICE</Data> <Data>ConfigurationErrorsException</Data> <Data>It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (C:\inetpub\Malta BitLocker Management Solution\Help Desk Website\reports\pages\web.config line 75)</Data> <Data>http://areserver:8080/Reports/Pages/Folder.aspx</Data> <Data>/Reports/Pages/Folder.aspx</Data> <Data>fe80::1868:99f:c0d4:5b32%10</Data> <Data> </Data> <Data>False</Data> <Data> </Data> <Data>NT AUTHORITY\NETWORK SERVICE</Data> <Data>6</Data> <Data>NT AUTHORITY\NETWORK SERVICE</Data> <Data>False</Data> <Data> at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal) at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object&amp; result, Object&amp; resultRuntimeObject) at System.Configuration.BaseConfigurationRecord.GetSection(String configKey) at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName) at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index) at System.Web.Configuration.RuntimeConfig.get_Identity() at System.Web.HttpContext.SetImpersonationEnabled() at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) </Data> </EventData> </Event>

MBAM Logs on client: Event Viewer Application and Services Logs Microsoft Windows MBAM MBAM Logs on Server: Event Viewer Windows Logs Application Logs 1. Policies for MBAM on client: On Windows 7 client open registry HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1 2. There is a random delay of up to 90 minutes when MBAM service starts on windows 7 client. If you dont want random delay, then create a dword value NoStartupDelay under HKLM\Software\Microsoft\MBAM and set its value to 1. Restart the MBAM Client Service and then client will talk to server in 1 minute. If you hit this error on client, then follow the work around on this KB 2612822 Computer Record is Rejected in MBAM http://support.microsoft.com/kb/2612822 check MBAM logs on win7 client to see if there are any error messages.Manoj Sehgal

Check your Group Policy that you have set for the OU. And take a look at the reporting configuration under the MBAM GPO. It should be pointing to your Web Site for the reporting.PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog: rorymon.com Twitter: @Rorymon

Check your Group Policy that you have set for the OU. And take a look at the reporting configuration under the MBAM GPO. It should be pointing to your Web Site for the reporting.PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog: rorymon.com Twitter: @Rorymon

Check your Group Policy that you have set for the OU. And take a look at the reporting configuration under the MBAM GPO. It should be pointing to your Web Site for the reporting.PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog: rorymon.com Twitter: @Rorymon

Hi, Please double confirm whether the clients have hardware exception group policy enabled, if you have enabled it, please disable it to have a try. In addition, please also add below registr on the server and have a try. HKEY_LOCAL_MACHINE\Software\Microsoft\MBAM Type: DWORD (32-bit) Name: DisableMachineVerification Value: 1 Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Please double confirm whether the clients have hardware exception group policy enabled, if you have enabled it, please disable it to have a try. In addition, please also add below registr on the server and have a try. HKEY_LOCAL_MACHINE\Software\Microsoft\MBAM Type: DWORD (32-bit) Name: DisableMachineVerification Value: 1 Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Please double confirm whether the clients have hardware exception group policy enabled, if you have enabled it, please disable it to have a try. In addition, please also add below registr on the server and have a try. HKEY_LOCAL_MACHINE\Software\Microsoft\MBAM Type: DWORD (32-bit) Name: DisableMachineVerification Value: 1 Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I don't have a reporting config in the GPO. In GPO I have MDOP MBAM (Bitlocker Management) Under that I have Client Management, Fixed Drive, Operating System Drive, and Removable Drive. Am I missing some GPO's 

I don't have a reporting config in the GPO. In GPO I have MDOP MBAM (Bitlocker Management) Under that I have Client Management, Fixed Drive, Operating System Drive, and Removable Drive. Am I missing some GPO's 

I don't see a hardware exception GP I have a Configre user exemptopm policy but that is the closest I have. Also HKEY_LOCAL_MACHINE\Software\Microsoft\MBAM doesn't exist of the server is that normal? I can create it and add the reg value if that is what I need to do. Thanks for the help!

I don't see a hardware exception GP I have a Configre user exemptopm policy but that is the closest I have. Also HKEY_LOCAL_MACHINE\Software\Microsoft\MBAM doesn't exist of the server is that normal? I can create it and add the reg value if that is what I need to do. Thanks for the help!

Hi, If the registry doesn't exist, we can manually create it, here is the KB: http://support.microsoft.com/kb/2612822 I would like to share another post wish can help you: http://onlinehelp.microsoft.com/en-us/mdop/hh338665.aspx Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, If the registry doesn't exist, we can manually create it, here is the KB: http://support.microsoft.com/kb/2612822 I would like to share another post wish can help you: http://onlinehelp.microsoft.com/en-us/mdop/hh338665.aspx Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I don't have a reporting config in the GPO. In GPO I have MDOP MBAM (Bitlocker Management) Under that I have Client Management, Fixed Drive, Operating System Drive, and Removable Drive. Am I missing some GPO's 

I don't see a hardware exception GP I have a Configre user exemptopm policy but that is the closest I have. Also HKEY_LOCAL_MACHINE\Software\Microsoft\MBAM doesn't exist of the server is that normal? I can create it and add the reg value if that is what I need to do. Thanks for the help!

Hi, If the registry doesn't exist, we can manually create it, here is the KB: http://support.microsoft.com/kb/2612822 I would like to share another post wish can help you: http://onlinehelp.microsoft.com/en-us/mdop/hh338665.aspx Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Alright I have made the changes to the registry and can see the machine in Recovery and Hardware DB but nothing in the compliance yet. I am going to give it some more time since I saw it can take up to 6hrs to check in. I will also do the CreateCache trick to get it to send the info to the DB. I guess if it doesn't work the most confusing part to me is that Data is going to one DB and not to the other. Thanks

Alright I have made the changes to the registry and can see the machine in Recovery and Hardware DB but nothing in the compliance yet. I am going to give it some more time since I saw it can take up to 6hrs to check in. I will also do the CreateCache trick to get it to send the info to the DB. I guess if it doesn't work the most confusing part to me is that Data is going to one DB and not to the other. Thanks

Alright I have made the changes to the registry and can see the machine in Recovery and Hardware DB but nothing in the compliance yet. I am going to give it some more time since I saw it can take up to 6hrs to check in. I will also do the CreateCache trick to get it to send the info to the DB. I guess if it doesn't work the most confusing part to me is that Data is going to one DB and not to the other. Thanks

Hi, I agree with you, but before consider that, could you please restart the server to have a try? Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I agree with you, but before consider that, could you please restart the server to have a try? Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I agree with you, but before consider that, could you please restart the server to have a try? Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Alright let the client run all night and still doesn't write any data to the compliance db. It writes the key and recovery information. Reports are still not populating. Any ideas? Any logs you need to see?

Alright let the client run all night and still doesn't write any data to the compliance db. It writes the key and recovery information. Reports are still not populating. Any ideas? Any logs you need to see?

Alright let the client run all night and still doesn't write any data to the compliance db. It writes the key and recovery information. Reports are still not populating. Any ideas? Any logs you need to see?

Hi, Please check which port the MBAM services is configured to listen, is that port listened by other services as well(such as SSRS and IIS). Could you also review the MBAM logs and applications logs, if there are any related event logs, please let us know. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Please check which port the MBAM services is configured to listen, is that port listened by other services as well(such as SSRS and IIS). Could you also review the MBAM logs and applications logs, if there are any related event logs, please let us know. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Please check which port the MBAM services is configured to listen, is that port listened by other services as well(such as SSRS and IIS). Could you also review the MBAM logs and applications logs, if there are any related event logs, please let us know. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

It is setup on port 8080 is this ok or should we try a different port? Date 9/6/2012 2:49:37 PM Log SQL Server Agent (Current - 9/6/2012 2:49:00 PM) Message [364] The Messenger service has not been started - NetSend notifications will not be sent

It is setup on port 8080 is this ok or should we try a different port? Date 9/6/2012 2:49:37 PM Log SQL Server Agent (Current - 9/6/2012 2:49:00 PM) Message [364] The Messenger service has not been started - NetSend notifications will not be sent

It is setup on port 8080 is this ok or should we try a different port? Date 9/6/2012 2:49:37 PM Log SQL Server Agent (Current - 9/6/2012 2:49:00 PM) Message [364] The Messenger service has not been started - NetSend notifications will not be sent

Hi, Set 8080 port should be OK, but please make sure that port doesn't occupy by other applications/services. Does this "[364] The Messenger service has not been started - NetSend notifications will not be sent" a warning message? So if you start the Messenger service, how is the issue going on? Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Set 8080 port should be OK, but please make sure that port doesn't occupy by other applications/services. Does this "[364] The Messenger service has not been started - NetSend notifications will not be sent" a warning message? So if you start the Messenger service, how is the issue going on? Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I am sorta at a loss right now. The port isnt being used by anything else and if I start the service I have the same results. One DB gets info wrote but the Compliance DB never gets anything. Matt

I am sorta at a loss right now. The port isnt being used by anything else and if I start the service I have the same results. One DB gets info wrote but the Compliance DB never gets anything. Matt

I am sorta at a loss right now. The port isnt being used by anything else and if I start the service I have the same results. One DB gets info wrote but the Compliance DB never gets anything. Matt