I'm trying to integrate a new MBAM installation. My SQL and Admin servers seem to be running ok, but my clients is getting errors. A windows 7 machine will generate this error in the MBAM\Admin logs: Unable to connect to the MBAM Recovery and Hardware service. Error code: 0x803d0005 Details: Access was denied by the remote endpoint. However, if you look in the mbam\operations logs, you'll see: Successfully connected to the MBAM Recovery and Hardware service. I have created a reg key according to http://support.microsoft.com/kb/2612822 just in case, but I am NOT getting any errors in the application logs on my administraiton servers. What could be causing my clients to get this error? Thank you!

Hi, With the registry key created, please also try Manojs other suggestions. Make sure the GPO are configured correctly for MBAM. 1. Policies for MBAM on client: On Windows 7 client open registry HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1 2. There is a random delay of up to 90 minutes when MBAM service starts on windows 7 client. If you dont want random delay, then create a dword value NoStartupDelay under HKLM\Software\Microsoft\MBAM and set its value to 1. 3. Restart the MBAM Client Service and then client will talk to server in 1 minute. By the way, even with the error event log being recorded, does the connection will be really blocked? I remember that you mentioned that in the mbam\operations logs, you'll see: Successfully connected to the MBAM Recovery and Hardware service. Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

If you are only getting: 0x803d0005 Details: Access was denied by the remote endpoint then you can wait for a minute and then check in MBAM admin logs on client to see if you have any other error message. Try what Spencer told above and then let us know if your issue is still not resolved. Manoj Sehgal

Ok, allow me to explain again. On the workstation, I have installed the MBAM client on a Win7 machine. I am getting this error in the ADMIN log file for MBAM on the client. Note that there are NO errors on the Admin server. However, if you look in the Operations log for MBAM on the workstation, you can see that the machine does connect: So, it would appear that its not a connectivity issue. I can clearly ping and connect to the MBAM Administration service. Based advice I found during my research, I created a registry key on the Administration server according to the instructions listed at http://support.microsoft.com/kb/2612822. (unless I misread the instructions) Ive attached a pic of the regedit so you can review it in a previous post. Which makes me think that perhaps my policies are in error. Im using this as a guideline for my policies. http://onlinehelp.microsoft.com/pt-br/mdop/hh285640.aspx Im just looking to verify we can enable basic encryption via MBAM. Nothing fancy. So, here is a list of what is configured in my GPOs and pics of the settings for the enabled ones are attached. Maybe another set of eyes will spot an error. GPO: Within the MDOP/MBAM GPO Container: Choose drive encryption method and cipher strength Not configured No Prevent memory overwrite on restart Not configured No Validate smart card certificate usage rule compliance Not configured No Provide the unique identifiers for your organization Not configured No Client Management Container Configure MBAM services Enabled No Allow hardware compatibility checking Not configured No Configure user exemption policy Not configured No Fixed Drive Container Fixed data drive encryption settings Not configured No Deny write access to fixed drives not protected by BitLocker Not configured No Allow access to BitLocker-protected fixed data drives from earlier versions of Windows Not configured No Configure use of passwords for fixed data drives Not configured No Choose how BitLocker-protected fixed drives can be recovered Enabled No Operating System Drive Container Operating system drive encryption settings Enabled No Configure TPM platform validation profile Not configured No Choose how BitLocker-protected operating system drives can be recovered Not configured No Removable Drive Container Control use of BitLocker on removable drives Enabled No Deny write access to removable drives not protected by BitLocker Not configured No Allow access to BitLocker-protected removable data drives from earlier versions of Windows Not configured No Configure use of passwords for removable data drives Not configured No Choose how BitLocker-protected removable drives can be recovered Not configured No I would be happy to submit details of the GPO settings for review privately. Thanks

The GPOs on the workstation to adjust checkin rates have also been set. It has made no difference.

Hi, Please refer to another forum link below and check if it can works. It talks about the same error. http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/9d71f249-8bc2-4985-b730-641c2d6a1349/ Thanks, Spencer Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I already did. I'm implemented the answers that were mentioned in that discussion. The solution provided was referenced in the kb article I mentioned. I fully admit there could be a setting I made a mistake on, but I do believe I have configured this as instructed in that conversation. This is the registry setting on the Administration server. This setting is NOT on my SQL server. Add a registry key on MBAM server under HKLM\Software\Microsoft\MBAM Dword 32-bit value called DisableMachineVerification and set to 1