Troubleshooting MBAM 2.0 deployment

If you’ve deployed the MBAM 2.0 agent to a workstation, but it’s not prompting the logged in user to encrypt their drive, there are a couple of things to note.

  • Check the “Reports” node in the MBAM web console – this will give you information as to the cause of the problem (under the “Compliance Status Details” column)
  • If the “Reports” node in the MBAM web console isn’t displaying the machine you’re looking for, you can lower the reporting threshold on the client and rebuild the database cache using the following steps: –
  1. Set HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement\ClientWakeupFrequency and HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement\StatusReportingFrequency both to “1” (this cannot be set lower than “90” via Group Policy)
  2. Set HKLM\Software\Microsoft\MBAM\NoStartupDelay to “0” (this key will probably not exist unless you’ve manually created it before – it should be a DWORD)
  3. Restart the MBAMAgent service on the client
  4. On the MBAM server, open SQL Management Studio, expand the “SQL Server Agent” node, expand “Jobs” and run the “CreateCache” job
  5. Refresh the MBAM web console and check out the “Reports” node to check the status of the machine
  • If the “Compliance Status Details” column contains “System Partition not available or large enough”, you will need to run the BitLocker drive preparation utility as follows: –

    • %windir%\System32\bdehdcfg.exe -target default -size 350
  • Be sure to restart the machine after running this utility and then follow the above steps again to force the client to report in and rebuild the database cache

One thought on “Troubleshooting MBAM 2.0 deployment”

Leave a Reply

Your email address will not be published. Required fields are marked *