MBAM client cannot report to admin server
I am getting errors on PCs running the MBAM client whenever they try to report in. MBAM install in 3 computer architecture. GPO's are applied successfully to clients and verified correct. MBAM admin server and SQL servers show no errors
in event viewer. I've added the reg key described in kb2612822 and rebooted but not had any luck. I've also disabled the default website in case MBAM was having trouble listening on port 80. I've also verified that the SQL server is
listening on UPD port 1434 and that no firewall is interfering.
MBAM client shows numerous errors and is not in MBAM DB:
The logs are as follows:
Log Name: Microsoft-Windows-MBAM/Admin
Source: Microsoft-Windows-MBAM
Date: 4/24/2012 9:56:08 AM
Event ID: 4
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: POR-22HNBS1.mydomain.com
Description:
An error occurred while sending encryption status data.
Error code:
0x803d0013
Details:
A message containing a fault was received from the remote endpoint.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
<EventID>4</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-04-24T16:56:08.697180600Z" />
<EventRecordID>98</EventRecordID>
<Correlation />
<Execution ProcessID="1688" ThreadID="1752" />
<Channel>Microsoft-Windows-MBAM/Admin</Channel>
<Computer>POR-22HNBS1.mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">0x803d0013</Data>
<Data Name="ErrorString">A message containing a fault was received from the remote endpoint.
</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-MBAM/Admin
Source: Microsoft-Windows-MBAM
Date: 4/24/2012 6:31:37 AM
Event ID: 12
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: POR-22HNBS1.mydomain.com
Description:
Hardware exemption check failed.
Error code:
0x803d0013
Details:
A message containing a fault was received from the remote endpoint.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-04-24T13:31:37.432342000Z" />
<EventRecordID>93</EventRecordID>
<Correlation />
<Execution ProcessID="2192" ThreadID="3576" />
<Channel>Microsoft-Windows-MBAM/Admin</Channel>
<Computer>POR-22HNBS1.mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">0x803d0013</Data>
<Data Name="ErrorString">A message containing a fault was received from the remote endpoint.
</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-MBAM/Admin
Source: Microsoft-Windows-MBAM
Date: 4/24/2012 11:09:56 AM
Event ID: 18
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: POR-22HNBS1.mydomain.com
Description:
Unable to connect to the MBAM Recovery and Hardware service.
Error code:
0x803d0013
Details:
A message containing a fault was received from the remote endpoint.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-04-24T18:09:56.533309600Z" />
<EventRecordID>111</EventRecordID>
<Correlation />
<Execution ProcessID="2452" ThreadID="3116" />
<Channel>Microsoft-Windows-MBAM/Admin</Channel>
<Computer>POR-22HNBS1.mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">0x803d0013</Data>
<Data Name="ErrorString">A message containing a fault was received from the remote endpoint.
</Data>
</EventData>
</Event>
April 24th, 2012 2:26pm
If I use service trace viewer to look at the ComplianceStatusService.svclog file, I see the following repeating error:
The message with Action 'http://tempuri.org/ICoreService/IsMachineCompatible' cannot be processed at the receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract mismatch (mismatched Actions between sender
and receiver) or a binding/security mismatch between the sender and the receiver. Check that sender and receiver have the same contract and the same binding (including security requirements, e.g. Message, Transport, None).
Any thoughts on where to look next?
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2012 8:33pm
Well I found this XML file: C:\Program Files\Microsoft\MDOP MBAM\MBAMClientUI.exe.config
And I edited it to look like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<switches>
<!-- This switch controls data messages. In order to receive data
trace messages, change value="0" to value="1" -->
<add name="DataMessagesSwitch" value="1" />
<!-- This switch controls general messages. In order to
receive general trace messages change the value to the
appropriate level. "1" gives error messages, "2" gives errors
and warnings, "3" gives more detailed error information, and
"4" gives verbose trace information -->
<add name="TraceLevelSwitch" value="4" />
</switches>
</system.diagnostics>
</configuration>
That changed the error message in the log to this:
Log Name: Microsoft-Windows-MBAM/Admin
Source: Microsoft-Windows-MBAM
Date: 4/27/2012 6:02:44 AM
Event ID: 2
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: POR-J00Z9K1.mydomain.com
Description:
An error occured while applying MBAM policies.
Volume ID:\\?\Volume{3851af11-160e-11e1-b639-806e6f6e6963}\
Error code:
0x80280023
Details:
The TPM does not have an Endorsement Key (EK) installed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-04-27T13:02:44.577143200Z" />
<EventRecordID>127</EventRecordID>
<Correlation />
<Execution ProcessID="1272" ThreadID="204" />
<Channel>Microsoft-Windows-MBAM/Admin</Channel>
<Computer>POR-J00Z9K1.mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="VolumeId">\\?\Volume{3851af11-160e-11e1-b639-806e6f6e6963}\</Data>
<Data Name="ErrorCode">0x80280023</Data>
<Data Name="ErrorString">The TPM does not have an Endorsement Key (EK) installed.
</Data>
</EventData>
</Event>
That error lead me to this KB article: http://support.microsoft.com/kb/2640178
I've created and run the VB script that is posted there, and the client is no longer reporting errors. However, there is still no entry in the web interface and the MBAM client is not prompting to encrypt the drive. Both the MBAM server and SQL
server still show no errors.
Does anybody have any ideas?
April 27th, 2012 11:43am
Had you enabled the GPO "Allow Hardware Compatibility Checking". If not you have manually enter the details for the client machine. Make and model of the machine will also start the encryption.Gaurav Ranjan
Free Windows Admin Tool Kit Click here and download it now
November 23rd, 2012 2:57am