MBAM inital setup issues with SQL Cluster server
I'm trying to setup our MBAM server so we can finally deploy bitlocker with some management. We have an SQL 2008 R2 cluster server that I'd like to make the database server for Recovery, Compliance and Audits databases. I've tried to run the
setup on one of the nodes for SQL, I'm logged in as an Administrator of the SQL server and i keep getting this error.
User lacks sufficient permissions on this instance of SQL Server
Resolution: The user who is attempting to install the Key Recovery Database feature lacks the necessary permissions (that is, connection permissions) to access any of the server's instances of SQL Server.
More information on SQL Server is available at: http://go.microsoft.com/fwlink/?LinkId=217251
We aren't using any instances other than the default SQL instance. Is it supported to run the MBAM database components on a clustered SQL server and is there something special i need to do to get past the prerequisites?
September 20th, 2011 9:34pm
manojsehgal, I understand the option you mention to move the MBAM DBs to a SQL cluster, however, those instructions mention (after moving the DB) to "Run MBAM setup on Server B" - which in this case "Server B" is the SQL cluster. We can't run a setup on
the cluster, so is just moving the DB to the cluster and configuring it on the Administration and Monitoring server sufficient?
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2011 1:23am
I'm facing same problem. What's the solution ?
October 20th, 2011 4:14pm
Same question here, any answers?
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 4:58pm
Thanks a lot!
Followed your description, and it worked like a charm.
February 21st, 2012 5:46pm
Hello guys.
I followed the pirates how to and it worked.
But theres only one more thing: if you migrate the MBAM databases to a cluster, the MBAM site (actually, the reports) wont be updated.
Its because the installer create a job in the SQL Server to update the compliante report.
But its easy to fix: just create a job called by default "CreateCache" with one step:
NAME: Copy Data
TYPE: Transct-SQL
DATABASE: MBAM Compliance Database
COMMAND: EXEC [ComplianceCore].UpdateCache
ON SUCCESS: Quit the job (5 retries)
The original schedule is to run at 1:00AM / 7:00AM / 1:00PM / 7:00PM
Hadouuuuuken! Now the reports are updated :D
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2012 7:35am
Instead of creating two domain group, the purpose can be served with a single domain group. Following is the appropriate steps:-
- Create a global domain account "MBAM System Administrators".
On the SQL server:-
- Create a login for the global group "MBAM System Administrators" on the SQL server and provide the following rights on the MBAM DBs:-
ComplainceWriteRoleand
ComplainceReadRole on the
MBAM Compliance Status
databaseRecoveryandHardwareReadRole and RecoveryandHardwareRightRole
on the Database MBAM Recovery and Hardware.
- Create a login for the MBAM Server (machine account) on the SQL server with the following command :-
create login (DOMAIN_NAME\SERVERNAME$) from windows
- -
Provide rights to the MBAM machine account (MBAM Server):-
ComplainceWriteRoleon the
MBAM Compliance Status
databaseRecoveryandHardwareReadRole and RecoveryandHardwareRightRole
on the Database MBAM Recovery and Hardware.
On the Reporting Server:-
-
Connect the Reporting Service through the SQL management Studio (It should be
running as admin otherwise we will not get the option to create a new role)
-
Create a new role MBAM System Administrators with the following tasks:-
View ReportsView ResourcesView FoldersManage Individual SubscriptionView Models
-
Open the Report Services Configuration manager and browse to the Report manager URL.
-
Open the Security for the "Microsoft Bitlocker administration and Monitoring" folder at the Reporting Service Point.
-
Create a new role assignment.
-
Provide the Group or user name as MBAM System Administrators and select the role MBAM System Administrators.
t
Gaurav Ranjan
January 4th, 2013 1:56am