We're having issues getting the clients to communicate with the MBAM monitoring server. We are running the DBs and reporting on a separate server. The MBAM policies have been configured and applied to the test client. Below are the eventlog entries on the client and server: Client: An error occured while applying MBAM policies. Volume ID:\\?\Volume{370132f5-cde1-11e0-ac52-806e6f6e6963}\ Error code: 0x803d0005 Details: Access was denied by the remote endpoint. An error occured while applying MBAM policies. Volume ID:\\?\Volume{370132f5-cde1-11e0-ac52-806e6f6e6963}\ Error code: 0x803d0013 Details: A message containing a fault was received from the remote endpoint. Server: Event code: 100002 Event message: Client Machine Name mismatch Event time: 8/24/2011 3:28:31 PM Event time (UTC): 8/24/2011 10:28:31 PM Event ID: 11c447fca80a4cc7b2428efc1a983972 Event sequence: 2 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT/MBAMRecoveryAndHardwareService-1-129586984080117500 Trust level: Full Application Virtual Path: /MBAMRecoveryAndHardwareService Application Path: C:\inetpub\Malta BitLocker Management Solution\MBAM Recovery And Hardware Service\ Machine name: SERVERNAME Process information: Process ID: 2400 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: FaultException Exception message: The computer record is rejected. The request from machine "DOMAIN\COMPUTERNAME$" contains invalid machine name "COMPUTERNAME.FQDN". Request information: Request URL: Request path: User host address: User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 3 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at Microsoft.Mbam.AgentSupportService.CoreService.PostKeyRecoveryInfo(Message recoveryInfoMessage) Custom event details: Application: MBAMComplianceStatusService Error Message: The computer record is rejected. The request from machine "DOMAIN\COMPUTERNAME$" contains invalid machine name "COMPUTERNAME.FQDN". I have replaced the actual workstation / server names in italics. Are we missing some configuration setting on the server?

Hi, Microsoft BitLocker Administration and Monitoring will not work with policies for stand-alone BitLocker drive encryption. Group Policy must be defined for Microsoft BitLocker Administration and Monitoring, or BitLocker encryption and enforcement will fail. Please refer to the following articles to check the Group Policy Requirements, then configure the policy as the article describes to check if the issue could be resolved. 1) Planning and Configuring Group Policy for MBAM http://onlinehelp.microsoft.com/de-de/mdop/hh285629.aspx 2) Deploying MBAM Group Policies http://onlinehelp.microsoft.com/pt-br/mdop/hh285640.aspx Furthermore, you can try to temporally disable firewall for test, the GPO may not deployed to client because server cannot access it. Also run gpupdate /force to apply the GPO. In addition, you can also contact Server GP forum for further help: http://social.technet.microsoft.com/Forums/en-US/winserverGP/threads The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I am not trying to use Bitlocker stand-alone. As I stated in my initial post, the policies have been configured and applied to the test client. I have checked the client and it does indeed have all the settings configured according to what we put in the GPO. I have everything setup as suggested in a 3 computer topology, and have actually gone through the entire process 3 times, each time thinking maybe I just missed a step. Microsoft's documentation could REALLY use some help. From the error messages we're getting, it seems as if the client is communicating with the server but the server is rejecting the client because it is not receiving the client's name in the correct format. The firewalls on the servers and client are all disabled to prevent any possible port blockage. (note: firewall service turned on with the firewalls disabled via GPO) Hardware validation is currently turned off, but I have tried with it on as well. If it is on, the client will show up in the hardware list and I will get the "hardware exempted" message until I approve it in the MBAM console. The end result will be the same though: The MBAM UI pops up on the client saying the drive must be encrypted, you click 'encrypt', and a few seconds later it fails. This is what it is getting hung up on: (from the server event log) Exception message: The computer record is rejected. The request from machine "DOMAIN\COMPUTERNAME$" contains invalid machine name "COMPUTERNAME.FQDN". And I don't know how to get the client to present itself as domain\computer instead of computer.fqdn, or how to get the server to accept the DNS name. The source of the event log entries on the server is ASP.NET 2.0.50727.0.

Please try the following steps: Add a registry key on MBAM server under HKLM\Software\Microsoft\MBAM Dword 32-bit value called DisableMachineVerification and set to 1Sumesh P - Microsoft Online Community Support

I tried this and it didn't work. I'm still getting the same errors as Jared stated above. - applied registry entry to MBAM server and restarted. - reapplied policy and restarted client machine - it checked in and Encryption box popped up - clicked encrypt now and it failed immediently - checked event log and saw the same errors reported. I'm trying it again with a clean install of the client so we'll see... Any other recommended tweaks?

Please try the following steps: Add a registry key on MBAM server under HKLM\Software\Microsoft\MBAM Dword 32-bit value called DisableMachineVerification and set to 1 Sumesh P - Microsoft Online Community Support Tried setting this on the server, though the key is actually HKLM\Software\Microsoft\Microsoft Bitlocker Administration and Monitoring. On the client end it is just \MBAM. It didn't help, even after a restart.

Can you create the key HKLM\Software\Microsoft\MBAM and try setting the value DisableMachineVerification to 1 ? Let me know how that goes. Sumesh P - Microsoft Online Community Support

It didn't work right after I rebooted the server and forced the client to try to encrypt. The client sat idle for a bit while I was in a meeting and I tried it again when I got out. It is now a little more than half-way through encrypting the drive. Thank you for the tip! Now, this does not disable hardware compatibility checking does it? Can we still use that? (I have it turned off at the moment just to make things as simple as possible)

This was a required step and was supposed to be added to the MBAM RTM documentation, I am not sure if that was done. Sumesh P - Microsoft Online Community Support

Add a registry key on MBAM server under HKLM\Software\Microsoft Create a new key called MBAM and then create a new Dword 32-bit value called DisableMachineVerification and set to 1 After you do this, on client restart the MBAM client service and then this issue should be resolved. This might be the reason it took a while for you.Sumesh P - Microsoft Online Community Support

We still have hardware compatibility checking for MBAM. This key does not disable hardware compatibility checking. Sumesh P - Microsoft Online Community Support

Team, I am experiencing the exact same issue. Adding the key under MBAM or Microsoft Bitlocker .... in the registry does not help. Any other suggestions? regards, VIkRegards, Vik Singh

Actually, I was wrong and Impatient. I had a wait a couple of minutes (for some reason) and it worked because of the registry change. There is a KB article for the same. http://support.microsoft.com/kb/2612822Regards, Vik Singh

Hi, i have the same problem. Registry key does not help, even with rebooting the MBAM server. Or do i have to wait this "couple of minutes" after rebooting the MBAM server? Any other suggestions? Thanks, ckuever

Hi, please, any suggestions? Thanks, ckuever

Are you still receiving the exact same error in the event viewer? Can you check the event logs and post the latest error? Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"