How to Install MBAM 2.5 SP1 and integrate with SCCM Configmgr 2012 R2 SP1 – Part 4

 

In part 3 here of this MBAM 2.5 SP1 multi series guide,we have installed MBAM prerequisites for configuration manager 2012,changes to MOF file,inventory changes,MBAM collection etc.

In this part 4 ,we will see the main components of MBAM 2.5 SP1, which are database ,reports and web application.

Login to MBAM01 server with CM_SRV (MBAM_admin) account ,mount the MDOP 2015 ISO,browse to the MBAM 2.5 SP1 folder.

image

Run MBAMserversetup with default options Next,Next ,Next until the last screen.

image

Click on Add new features

image

we will first install database and reports and later will install web applications.

image

image

Enter the SQL server Name (if you have installed locally or remote server)

I have used default instance (MSSQLSERVER) so I leave it blank, if you have named instance,please provide so.

Use the account you have created in AD for Database read and write

image

Recovery database:

image

Enter the reporting role domain group name (MBAM_HD_Reports_ and compliance audit domain account name (MBAM_DB_RO)

image

check the summary page if all set correctly or not.

image

If you have other servers where you want to install these components again and you don’t want follow all these steps ,you can export the powershell script ,change the components (like certificate ,account etc) and run the script on other server to make things easy.

image

With this,we have installed compliance database,recovery database .

Check if these databases created or not by openings SQL server management studio.

image

Also the account that have specified during the installation will get automatically added with required permissions.

image

Next ,we will install the web Applications

On the server ,from start menu ,search mbam ,open MBAM server Configuration to add the WebApplications

image

Click on Add new features

image

image

image

As am not using any SSL now ,I will check do not use certificate

Enter the hostname,IIS path an d Port number ( if you have enabled the firewall ,you must allow the this port for website communication).

image

fill the details as shown below

image

image

Enable TPM Lockout Autoreset is new feature in MBAM 2.5 SP1. On computers running TPM 1.2, you can now configure MBAM to automatically unlock the TPM in case of a lockout. If the TPM lockout auto reset feature is enabled, MBAM can detect that a user is locked out and then get the OwnerAuth password from the MBAM database to automatically unlock the TPM for the user.

This feature must be enabled on both the server side (enable as shown above) and in Group Policy on the client side (we will configure this later)

image

SQL Server reporting service URL : http://MBAM01.corp.eskonr.com/ReportServer If you are using SSL,use https.

image

image

image

image

lets have a check on IIS server if these websites created or not.

From Run command,type inetmgr .

image

Right click on helpdesk ,choose manage applications –browse ,you will see the helpdesk webpage.

If you don’t see reports ,then you are not member of group ‘MBAM_HD_Reports’. Only user MBAM_report1 is member can can view reports.

To view below 2 options like Drive recovery and Manage TPM,user must be member of MBAM_HD_ADv group.To see only reports,user must be member of MBAM_HD_reports.

image

If user member of only MBAM_HD_Reports then can see only reports.

image

do the same for self-service portal

image

If you want to configure the selfservice portal to change the company name, display text etc ,you can go to IIS Server ,click on selfservice ,open application settings

image

With this,we have successfully installed the database,reports and web applications on our MBAM server.

In next part 5 of this multi series ,we will see how to configure the prerequisites (GPO’s etc) for Clients before we start doing computer bitlocker.

12 Responses to "How to Install MBAM 2.5 SP1 and integrate with SCCM Configmgr 2012 R2 SP1 – Part 4"

  1. Great guide. I had installed MBAM and SQL on different server, when add Reports feature, got an error message Unable to find an instance of the Reporting Services.
    Any advise of this error? Thanks.

    Reply
  2. Hi,
    This is a very nice guide.

    Questions,

    I do not have access to these sites MBAMAdministrationService, MBAMRecoveryAndHardwareService, or MBAMComplianceStatusService.

    Am I supposed to have access to the sites mentioned above in MBAM.
    I am only able to access the Helpdesk and Self-service portals. Why is that I am prompted for credential if I go to the Helpdesk site?

    Thanks

    Reply
    1. user who access reports etc should be member of mbam_hd_reports etc groups as they those groups are used while installing the MBAM components.

      Reply
      1. Hmm, in the MS doc (Gotta find it again) it states if you're using Config Manager you should check the box or it tries to install those reports on the server you're installing the web tools.

        Reply
  3. Very good guide. Helpful. Once thing i noticed was, after installing database and reports, Web application installation did not accept the SQL server name. I have to to SQL management studio, and provide write access to RW account and Read permission to RO account and then installation was successful

    If anyone come across such issue, please check SQL permissions and make adjustments.

    Reply

Leave a Reply