MBAM Client Event Log Error Messages
I am testing MBAM in a lab environment utilizing the 1 server setup. I was able to encrypt a PC successfully but it took aproximately 6hrs before it initiated the encryption process. Before this I tried gpupdate /force but it did not do anything. Below are
the error messages and successful messages from the client's MBAM event log entries. I am hoping someone may be able to point me in the correct direction to possible causes of these issues. Thank you.
And another error:
Log Name: Microsoft-Windows-MBAM/Admin
Source: Microsoft-Windows-MBAM
Date: 8/15/2011 8:46:52 PM
Event ID: 4
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: mbam-client.mokfarg.orc
Description:
An error occurred while sending encryption status data.
Error code:
0x803d0005
Details:
Access was denied by the remote endpoint.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
<EventID>4</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2011-08-16T00:46:52.242298700Z" />
<EventRecordID>10</EventRecordID>
<Correlation />
<Execution ProcessID="1432" ThreadID="2484" />
<Channel>Microsoft-Windows-MBAM/Admin</Channel>
<Computer>mbam-client.mokfarg.orc</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ErrorCode">0x803d0005</Data>
<Data Name="ErrorString">Access was denied by the remote endpoint.
</Data>
</EventData>
</Event>
Successful Messages on Client:
Log Name: Microsoft-Windows-MBAM/Operational
Source: Microsoft-Windows-MBAM
Date: 8/15/2011 8:45:48 PM
Event ID: 1
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: mbam-client.mokfarg.orc
Description:
The MBAM policies were applied sucessfully.
Volume ID:\\?\Volume{fff8b6c5-c6d8-11e0-a6c4-806e6f6e6963}\
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2011-08-16T00:45:48.598828000Z" />
<EventRecordID>15</EventRecordID>
<Correlation />
<Execution ProcessID="1432" ThreadID="1488" />
<Channel>Microsoft-Windows-MBAM/Operational</Channel>
<Computer>mbam-client.mokfarg.orc</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="VolumeId">\\?\Volume{fff8b6c5-c6d8-11e0-a6c4-806e6f6e6963}\</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-MBAM/Operational
Source: Microsoft-Windows-MBAM
Date: 8/15/2011 6:13:07 AM
Event ID: 3
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: mbam-client.mokfarg.orc
Description:
The encryption status data was sent successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2011-08-15T10:13:07.160307800Z" />
<EventRecordID>13</EventRecordID>
<Correlation />
<Execution ProcessID="1428" ThreadID="956" />
<Channel>Microsoft-Windows-MBAM/Operational</Channel>
<Computer>mbam-client.mokfarg.orc</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>
Log Name: Microsoft-Windows-MBAM/Operational
Source: Microsoft-Windows-MBAM
Date: 8/15/2011 4:03:03 AM
Event ID: 19
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: mbam-client.mokfarg.orc
Description:
Successfully connected to the MBAM Recovery and Hardware service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{1C6E854B-3DF3-4A6F-9401-F58F1D1C504D}" />
<EventID>19</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2011-08-15T08:03:03.068328600Z" />
<EventRecordID>10</EventRecordID>
<Correlation />
<Execution ProcessID="1428" ThreadID="432" />
<Channel>Microsoft-Windows-MBAM/Operational</Channel>
<Computer>mbam-client.mokfarg.orc</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>
August 15th, 2011 9:02pm
Any suggestions would be appreciated. Thanks!
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2011 12:32pm
I am also seeing similar error and for some reason, the system is yet to encrypt the drive after setting up the GP. It's almost 3hrs since I deployed the GP. I have gone through microsoft suggestion to delete the MBAM registry key and restart the MBAM
service but nothing as happened.Isaac2k2
August 17th, 2011 5:22am
Hi,
Thanks for the post!
I'm trying to involve someone familiar with this topic to further look at this question. There might be some time delay. Appreciate your patience.
Regards,
Miya
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial
to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2011 3:45am
Hi,
Before Microsoft BitLocker Administration and Monitoring (MBAM) can manage clients in the enterprise, we must define Group Policy for the encryption requirements
of your environment. Microsoft BitLocker Administration and Monitoring will not work with policies for stand-alone BitLocker drive encryption. Group Policy must be defined for Microsoft BitLocker Administration and Monitoring, or BitLocker encryption and enforcement
will fail.
Please refer to the following article to check the Group Policy Requirements, then configure the policy as the article describes to check if the issue could be resolved.
Planning and Configuring Group Policy for MBAM
http://onlinehelp.microsoft.com/de-de/mdop/hh285629.aspx
Deploying MBAM Group Policies
http://onlinehelp.microsoft.com/pt-br/mdop/hh285640.aspx
If this cannot help, please kindly help collect the System information, System log and Application log to the following Microsoft Workspace that I set up for you
so that I can check for more details:
Microsoft Workspace
==============
Please upload the collected files to me via the Workspace I set up for you:
URL:
https://sftus.one.microsoft.com/choosetransfer.aspx?key=7eb82982-8150-4897-8e8b-be94044cc8f4
Password: IPK[!PGvwCwOD0
Best regards,
Spencer Shi
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
August 19th, 2011 5:58am
Please try the following steps:
Add a registry key on MBAM server under HKLM\Software\Microsoft\MBAM
Dword 32-bit value called DisableMachineVerification and set to 1
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/22b1d081-9b11-4c08-bb25-4c8cf0960208/
Sumesh P - Microsoft Online Community Support
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2011 2:43am
Add a registry key on MBAM server under HKLM\Software\Microsoft
Create a new key called MBAM and then create a new Dword 32-bit value called DisableMachineVerification and set to 1
After you do this, on client restart the MBAM client service and then this issue should be resolved.Sumesh P - Microsoft Online Community Support
August 31st, 2011 2:51am
Make sure the GPO are configured correctly for MBAM.
1. Policies for MBAM on client:
On Windows 7 client open registry
HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement
Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1
2.
There is a random delay of up to 90 minutes when MBAM service starts on windows 7 client.
If you don’t want random delay, then create a dword value “NoStartupDelay” under HKLM\Software\Microsoft\MBAM
and set its value to 1.
3. Restart the MBAM Client Service and then client will talk to server in 1 minute.
MBAM Logs on client:
Event Viewer -> Application and Services Logs -> Microsoft -> Windows -> MBAM
Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
September 22nd, 2011 4:37pm
I'm in the same boat.
I was getting Endpoint is unreachable. I added the Registry listed above and restarted without any difference.
I checked the entries under
HKLM\Software\Microsoft\MBAM and found that the URLs were set for HTTPS. When I tried to browse
to https I didn't get a response. I've change the URL to http:// and now I"m getting "Access was denied by the remote endpoint".
September 26th, 2011 9:58am
HKLM\Software\Microsoft\MBAM should not have any URLs to point to end point which is the MBAM server.
Delete all registry entries under this reg key and just keep installed = 1
The end point URL are located under:
HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement
Make sure the URL which point to endpoint are correct and as specified in the Help information available with the GPO.
Send me client logs at
manojsehgal@hotmail.com
Event Viewer -> Application and Services Logs -> Microsoft -> Windows -> MBAM
Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2011 10:33pm
Done all the above Modifications also i am facing Problem and I have installed Server nearly 5 times i getting above Stated Error.
in Client Meachine unable to Start MBAMCLiient UI manually or Automatically with the given Time Intervel.
Error:
An error occurred while sending encryption status data.
Error code:
0x803d0005
Details:
A message containing a fault was received from the remote endpoint.
Unable to Connect to MBAM Recovery and Hardware Service
Error Code: 0x803d0013
Details:
A message containing a fault was received from the remote endpoint.Mahipal
October 28th, 2012 9:56pm
When you installed the MBAM server software, did you use the HOST name in the install (it is listed as optional)? If you populate this during the setup, your GPO settings will not work unless it is on a multihomed network. Leave the host name blank and ensure
your GPO settings use the Fully Qualified Domain Name (FQDN) ie
in the GPO for Client Management, Configure MBAM services instead of
http://servername:8001/MBAMRecoveryAndHardwareService/CoreService.svc use
http://servername.example.com:8001/MBAMRecoveryAndHardwareService/CoreService.svc do the same for the
http://servername.example.com:8001/MBAMComplianceStatusService/StatusReportingService.svc
Give that a try,
Dale Parker
Free Windows Admin Tool Kit Click here and download it now
November 10th, 2012 6:26pm
MBAM client communicates with the MBAM server and DB through the remote service endpoints. The endpoint for the Recovery and Hardware service is not reachable.Make sure the URL for the service is properly mentioned.
Try to browse the URL and check is accessibility. If you are copying the URL from the Help section of the GPO, make sure it does not have any spaces in between. accessing it in a browser will not detect the spaces and it will reach the service.
Just to verify the spaces in between the URL for the Recovery and Hardware service, Open registry editor on the client machine, Browse to the location "HKLM\Microsoft\Policies\Microsoft\FVE\BitlockerManagement" and validate the value for the key "Key Recovery
Service Endpoint".Gaurav Ranjan
November 23rd, 2012 2:41am