How to Install MBAM 2.5 SP1 and integrate with SCCM Configmgr 2012 R2 SP1 – Part 3

 

In Part 2 here of this MBAM 2.5 SP1 multi series, we have installed prerequisites for Windows roles/Features and SQL server components,Permissions to the Database and reports.

In this post (part 3) ,we will see the prerequisites for the Configuration Manager Integration feature with MBAM.

If you do not want to integrate MBAM 2.5 SP1 with your Existing Configuration manager environment,you can skip this part and jump to Part 4 .

My Configuration manager is running on 2012 R2 SP1 (standalone) with SQL server installed on local box.

Before we install the MBAM feature on our Configmgr,verify the account used to install MBAM integration on configmgr has enough permissions on Configmgr .I use the SCCM Admin account (CM_SRV) which is local administrator on configmgr Box.

To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the Configuration.mof file, whether you are using System Center 2012 Configuration Manager or Configuration Manager 2007.

On the Configmgr server ,Open Configuration.mof from D:\SCCM\Inboxes\clifiles.src\hinv\ (your installation folder might be different) append the content from https://technet.microsoft.com/en-us/library/dn645321.aspx.

we also need to make changes to Hardware Inventory. For this,copy the MOF content from https://technet.microsoft.com/en-us/library/dn656927.aspx  , save it as Inventory.mof ,follow the steps outlined https://technet.microsoft.com/en-us/library/dn656927.aspx.

Note:If you are running CAS+Primary site,you must import the mof to default client settings and then enable the inventory classes in your primary site.Custom settings must always first go to default before you enable them in custom client device settings.Just import the MOF file to default client settings but deselect the classes.Go to your custom client settings and enable there .(if you do not have custom client device settings,you can do so in default settings).

Upon the changes to both configuration.mof and inventory agents, check if your changes are successfully complied or not by looking at dataldr.log on your sccm server.

image

we are done with configmgr prerequisites. Next,we will launch the MBAM server setup to integrate with Configmgr.Mount your downloaded MDOP 2015 ISO and browse to MBAM folder.

Folder: F:\MBAM\MBAM 2.5 SP1\Installers\x64

image 

Click Next

 image     

Accept the license agreement and Click next

    image 

Click Install

   image

Select Run MBAM server Configuration and click Finish

image

Launch the MBAM Server configuration wizard and select add new features.

image

select the last component system center configuration manager integration.

image                  image                image

I am using default Instance (MSSQLSERVER) so I leave it blank. If you are using Named Instance,Please enter it and click next.

image                image                  image

This procedure creates MBAM supported collection,configuration manager baselines and configuration items and deployed to MBAM collection automatically.

image

Configuration Item and Baselines:

image

If you are trying this in lab environment,you must edit the MBAM collection query else you will not see the your clients into this collection .

if you look at the query,it is omitting the VM’s . Just select what I shown below and click delete (x ),click ok.

image

update the collection membership,wait for min until collection is refreshed (hours glass disappear) ,you should be able to see the members in this collection (if you have any workstation clients but not servers).

With this,we are done with MBAM 2.5 SP1 integration with Configuration manager 2012.

In next part (part 4) ,we will see how to install and configure the MBAM components on our MBAM01 server.

15 Responses to "How to Install MBAM 2.5 SP1 and integrate with SCCM Configmgr 2012 R2 SP1 – Part 3"

  1. Hey Eswar !! This is a great guide for the beginners. The step by step installation you have listed are very explanatory. I have couple of questions here,

    We are planning to integrate MBAM with SCCM.

    1. Can I install MBAM on a dedicated server and configure the features for Database and Web applications ?
    2. Or should I install MBAM on dedicated server as well as on SCCM server to integrate it ?

    Reply
    1. Hi Raju,
      There is communication and news around MBAM that ,MBAM support will be ended and no further there enhancements made to this .You can reach out to TAM for more information on this.
      coming to your question ,it is recommended to have dedicated MBAM server that host apps and database .Database on local or remote depends on the number of clients you supporting. Read technet documentation for the size limits.

      Thanks,
      Eswar

      Reply
  2. I am configuration MBAM in our organization.

    We are using 2 Server for MBAM configuration

    Server01 - IIS, ASP.NET MVC4(all prerequisites installed)
    Server02 - SQL 2012 R2 ENT installed

    I have successfully configured Compliance and Audit Database and Recovery Database.

    When i am trying configuring "Reports" from Microsoft BitLocker Administration and monitoring, i am getting error as
    "SQL Server error : Unable to find an instance of the Reporting Services".

    Want to know do we need to install SQL Reporting services on MBAM server or can we point to remote SQL server. Please help

    Reply
    1. Hi,
      Did you resolve this ? On a server that you want to install reports using MBAM ,make sure you meet the prereq that are listed in the blogpost.

      Thanks,
      Eswar

      Reply
      1. i am Configuring web applications and getting errorl the web services application pool account is not valid
        i am able to open report view using web url but in IIS there is no information for mbam

        Reply
  3. I'm not sure exactly what causes it, but by installing web services directly onto our SCCM server it broke the SPN on our SCCM network account, which broke all of the authentication that SCCM needs to distribute packages. Is there any way to get MBAM fully installed on an SCCM server without this issue?

    Here are others that have had the same issue:
    https://social.technet.microsoft.com/Forums/en-US/fd643f0c-78d7-457d-9694-dca9b21149de/application-catalog-stopped-working-after-mbam-upgrade?forum=configmanagergeneral

    Reply
    1. i would not recommend to install MBAM on SCCM server and it is not best practise due to many components involved in MBAM for SQL ,IIS and other things.
      I did not try installing MBAM components on SCCM server.

      Regards,
      Eswar

      Reply
  4. Hello, very helpful Guide.

    If we install the Report Service and Databases on a seperate Server, do we need to install IIS and the other prerequisites on that server too?

    Reply
  5. Can you show the Query Statement that you used? After installing MBAM 2.5 sp1 integration. My Query Rule was blank when I tried editing the MBAM Collection query.

    Side note: (I see 8 instances of MBAM supported collection in my "Device Collection", configuration manager baselines and configuration items.)

    Reply

Post Comment