I currently have MBAM set up with SSL and everything seems to be working find except for the drive recovery. Compliance reporting and all other aspects seem to be in working order, but when attempting to retrieve the recovery key, I keep getting the error 'recovery key not found'. I logged into the box that has the mbam database (SQL 2008 r2) on it and look at the recovery database and there are no keys in the table. Data is being written to the other tables in the database,just not the keys. Can anyone shed some light on this?

Hi, Regarding this kind of issue, it is better contacting SQL Server forum. http://social.msdn.microsoft.com/Forums/en/category/sqlserver/ In addition, I would like to share the following article for reference. http://blogs.technet.com/b/askcore/archive/2011/08/04/how-to-verify-bitlocker-recovery-keys-in-sql-db-using-mbam.aspx Best Regards, Niki Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for the link. I saw that article and that's how I discovered that the keys were not being written to the database. I will take your reccomendation and post this in the SQL forum. Thanks, Matt

I'm having the exact same issue of mgraham77 but haven't had much luck searching through the SQL form and that link really doesn't have much in the way of help to track the issue down. Has anyone made any progress on this?

The recovery keys gets escrow to SQL from win7 client where MBAM client is installed. Check the MBAM logs on clients and see if you are not receiving any errors on client. Manoj Sehgal

I'm in the same situation here. No errors on the client Eventviewer but the keys aren't in the database. The Computer information is in the database so I know there is at least some communications happening successfully. Is anyone backing up the keys to both AD and SQL?

There were no errors on the client machines that I could see. I'm going to attempt redoing the settings with a 3 server setup instead of a single server.

Keys are backed in MBAM when we MBAM checks the Hardware and make sure it is compatible. If you have Allow Hardware compatability check GPO policy enabled under MBAM, then we will not escrow the keys to MBAM SQL DB unless your win7 client machine is compatible. To change your Win7 client machine as compatabile, open MBAM console and then under Hardware select your machine and Change to Compatible. Once done, this change is reflected on client under a reg key under HKLM\software\microsoft\MBAM\HWExemptionType Change this value from 0 to 2 to make your client compatible. Restart the MBAM agent: (BitLocker management client service). After this upon you next frequency the recovery key is pushed to SQL DB. Hope this helps. Manoj (MSFT)Manoj Sehgal

Thanks! I changed the policy so that Check for Compatibility was Set to Disabled. Decrypted and started over and they keys are now in the database.

Thats great stuff. Can you mark my reply as answer and close this thread.Manoj Sehgal