MBAM inital setup issues with SQL Cluster server
I'm trying to setup our MBAM server so we can finally deploy bitlocker with some management. We have an SQL 2008 R2 cluster server that I'd like to make the database server for Recovery, Compliance and Audits databases. I've tried to run the setup on one of the nodes for SQL, I'm logged in as an Administrator of the SQL server and i keep getting this error. User lacks sufficient permissions on this instance of SQL Server Resolution: The user who is attempting to install the Key Recovery Database feature lacks the necessary permissions (that is, connection permissions) to access any of the server's instances of SQL Server. More information on SQL Server is available at: http://go.microsoft.com/fwlink/?LinkId=217251 We aren't using any instances other than the default SQL instance. Is it supported to run the MBAM database components on a clustered SQL server and is there something special i need to do to get past the prerequisites?
September 20th, 2011 9:34pm

You cannot install MBAM directly on a SQL cluster. If you want to move DB to a SQL cluster, then you install MBAM on non-cluster and move DB to a SQL cluster. http://onlinehelp.microsoft.com/it-it/mdop/hh285651.aspx Hope this helps. Manoj (MSFT)Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
September 22nd, 2011 12:46am

manojsehgal, I understand the option you mention to move the MBAM DBs to a SQL cluster, however, those instructions mention (after moving the DB) to "Run MBAM setup on Server B" - which in this case "Server B" is the SQL cluster. We can't run a setup on the cluster, so is just moving the DB to the cluster and configuring it on the Administration and Monitoring server sufficient?
October 14th, 2011 6:30pm

I'm facing same problem. What's the solution ?
Free Windows Admin Tool Kit Click here and download it now
October 20th, 2011 9:20am

My organization is utilizing a SQL Enterprise 2008 cluster for most of our SQL needs, so when I read the system requirements I thought MBAM would be a good direction for us. Interesting enough, I cannot find any documentation regarding this prereq, but I cannot make it work in a cluster either. Is there any more information available? Why would an organization not want to harden the backend for an important service like desktop encryption?
December 28th, 2011 3:53pm

Same question here, any answers?
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 8:58am

Hi, I'm just about to implement MBAM and want to put the DB on a SQL cluster. Anyone successfully implemented this...?
February 17th, 2012 2:44am

Hi, I'm just about to implement MBAM and want to put the DB on a SQL cluster. Anyone successfully implemented this...?
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2012 10:42am

I used the following procedure to install the MBAM databases on a SQL cluster. Install the MBAM databases on a standalone SQL server, then follow the instructions in http://onlinehelp.microsoft.com/it-it/mdop/hh285651.aspx to backup the DB's and certificates. Create two domain groups to use for the hardware and recovery db and compliance status db access. On your sql cluster create a new database called MBAM Compliance Status and another new database MBAM Recovery and Hardware. Make sure you have created a master key certificate on your sql cluster, then restore the MBAM certificate and DB's you backed up earlier. Again, instructions for this are in the link above. Create two SQL logins using the domain groups. For the compliance and status db access group, create a user mapping to the MBAM Compliance status DB, grant the login Public and Compliance WriteRole. For the Recovery and Hardware group login, create a user mapping granting Public, RocoveryandHardwareRead Role and RocoveryandHardwareWrite Role If it isnt already present, create a sql login for the NT AUTHORITY\NETWORK SERVICE account. Create user mappings to both the compliance status and recovery and hardware DB's granting db_owner role. Make sure your Administration and monitoring server is a member of the two domain groups you created. In theory that should be it. I also had an issue with the hardware compatability page giving me an error about the data store request not found. Solution for this was to edit the sites connection strings to point directly to the FQDN of the SQL cluster. I got this from the following post http://social.technet.microsoft.com/Forums/ar/w7itprosecurity/thread/80b6af5e-4048-44e6-abe3-03f0ef33cd24?prof=required
February 20th, 2012 8:40pm

Thanks a lot! Followed your description, and it worked like a charm.
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2012 9:47am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics