MBAM client cannot report to admin server
I am getting errors on PCs running the MBAM client whenever they try to report in. MBAM install in 3 computer architecture. GPO's are applied successfully to clients and verified correct. MBAM admin server and SQL servers show no errors in event viewer. I've added the reg key described in kb2612822 and rebooted but not had any luck. I've also disabled the default website in case MBAM was having trouble listening on port 80. I've also verified that the SQL server is listening on UPD port 1434 and that no firewall is interfering. MBAM client shows numerous errors and is not in MBAM DB: The logs are as follows: Log Name: Microsoft-Windows-MBAM/Admin Source: Microsoft-Windows-MBAM Date: 4/24/2012 9:56:08 AM Event ID: 4 Task Category: None Level: Error Keywords: User: SYSTEM Computer: POR-22HNBS1.mydomain.com Description: An error occurred while sending encryption status data. Error code: 0x803d0013 Details: A message containing a fault was received from the remote endpoint. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" /> <EventID>4</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2012-04-24T16:56:08.697180600Z" /> <EventRecordID>98</EventRecordID> <Correlation /> <Execution ProcessID="1688" ThreadID="1752" /> <Channel>Microsoft-Windows-MBAM/Admin</Channel> <Computer>POR-22HNBS1.mydomain.com</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="ErrorCode">0x803d0013</Data> <Data Name="ErrorString">A message containing a fault was received from the remote endpoint. </Data> </EventData> </Event> Log Name: Microsoft-Windows-MBAM/Admin Source: Microsoft-Windows-MBAM Date: 4/24/2012 6:31:37 AM Event ID: 12 Task Category: None Level: Error Keywords: User: SYSTEM Computer: POR-22HNBS1.mydomain.com Description: Hardware exemption check failed. Error code: 0x803d0013 Details: A message containing a fault was received from the remote endpoint. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" /> <EventID>12</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2012-04-24T13:31:37.432342000Z" /> <EventRecordID>93</EventRecordID> <Correlation /> <Execution ProcessID="2192" ThreadID="3576" /> <Channel>Microsoft-Windows-MBAM/Admin</Channel> <Computer>POR-22HNBS1.mydomain.com</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="ErrorCode">0x803d0013</Data> <Data Name="ErrorString">A message containing a fault was received from the remote endpoint. </Data> </EventData> </Event> Log Name: Microsoft-Windows-MBAM/Admin Source: Microsoft-Windows-MBAM Date: 4/24/2012 11:09:56 AM Event ID: 18 Task Category: None Level: Error Keywords: User: SYSTEM Computer: POR-22HNBS1.mydomain.com Description: Unable to connect to the MBAM Recovery and Hardware service. Error code: 0x803d0013 Details: A message containing a fault was received from the remote endpoint. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" /> <EventID>18</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2012-04-24T18:09:56.533309600Z" /> <EventRecordID>111</EventRecordID> <Correlation /> <Execution ProcessID="2452" ThreadID="3116" /> <Channel>Microsoft-Windows-MBAM/Admin</Channel> <Computer>POR-22HNBS1.mydomain.com</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="ErrorCode">0x803d0013</Data> <Data Name="ErrorString">A message containing a fault was received from the remote endpoint. </Data> </EventData> </Event>
April 24th, 2012 2:26pm

If I use service trace viewer to look at the ComplianceStatusService.svclog file, I see the following repeating error: The message with Action 'http://tempuri.org/ICoreService/IsMachineCompatible' cannot be processed at the receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the receiver. Check that sender and receiver have the same contract and the same binding (including security requirements, e.g. Message, Transport, None). Any thoughts on where to look next?
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2012 8:33pm

Well I found this XML file: C:\Program Files\Microsoft\MDOP MBAM\MBAMClientUI.exe.config And I edited it to look like this: <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.diagnostics> <switches> <!-- This switch controls data messages. In order to receive data trace messages, change value="0" to value="1" --> <add name="DataMessagesSwitch" value="1" /> <!-- This switch controls general messages. In order to receive general trace messages change the value to the appropriate level. "1" gives error messages, "2" gives errors and warnings, "3" gives more detailed error information, and "4" gives verbose trace information --> <add name="TraceLevelSwitch" value="4" /> </switches> </system.diagnostics> </configuration> That changed the error message in the log to this: Log Name: Microsoft-Windows-MBAM/Admin Source: Microsoft-Windows-MBAM Date: 4/27/2012 6:02:44 AM Event ID: 2 Task Category: None Level: Error Keywords: User: SYSTEM Computer: POR-J00Z9K1.mydomain.com Description: An error occured while applying MBAM policies. Volume ID:\\?\Volume{3851af11-160e-11e1-b639-806e6f6e6963}\ Error code: 0x80280023 Details: The TPM does not have an Endorsement Key (EK) installed. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" /> <EventID>2</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2012-04-27T13:02:44.577143200Z" /> <EventRecordID>127</EventRecordID> <Correlation /> <Execution ProcessID="1272" ThreadID="204" /> <Channel>Microsoft-Windows-MBAM/Admin</Channel> <Computer>POR-J00Z9K1.mydomain.com</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="VolumeId">\\?\Volume{3851af11-160e-11e1-b639-806e6f6e6963}\</Data> <Data Name="ErrorCode">0x80280023</Data> <Data Name="ErrorString">The TPM does not have an Endorsement Key (EK) installed. </Data> </EventData> </Event> That error lead me to this KB article: http://support.microsoft.com/kb/2640178 I've created and run the VB script that is posted there, and the client is no longer reporting errors. However, there is still no entry in the web interface and the MBAM client is not prompting to encrypt the drive. Both the MBAM server and SQL server still show no errors. Does anybody have any ideas?
April 27th, 2012 11:43am

Had you enabled the GPO "Allow Hardware Compatibility Checking". If not you have manually enter the details for the client machine. Make and model of the machine will also start the encryption.Gaurav Ranjan
Free Windows Admin Tool Kit Click here and download it now
November 23rd, 2012 2:57am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics