In Part 2 here of this MBAM 2.5 SP1 multi series, we have installed prerequisites for Windows roles/Features and SQL server components,Permissions to the Database and reports.
In this post (part 3) ,we will see the prerequisites for the Configuration Manager Integration feature with MBAM.
If you do not want to integrate MBAM 2.5 SP1 with your Existing Configuration manager environment,you can skip this part and jump to Part 4 .
My Configuration manager is running on 2012 R2 SP1 (standalone) with SQL server installed on local box.
Before we install the MBAM feature on our Configmgr,verify the account used to install MBAM integration on configmgr has enough permissions on Configmgr .I use the SCCM Admin account (CM_SRV) which is local administrator on configmgr Box.
To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the Configuration.mof file, whether you are using System Center 2012 Configuration Manager or Configuration Manager 2007.
On the Configmgr server ,Open Configuration.mof from D:\SCCM\Inboxes\clifiles.src\hinv\ (your installation folder might be different) append the content from https://technet.microsoft.com/en-us/library/dn645321.aspx.
we also need to make changes to Hardware Inventory. For this,copy the MOF content from https://technet.microsoft.com/en-us/library/dn656927.aspx , save it as Inventory.mof ,follow the steps outlined https://technet.microsoft.com/en-us/library/dn656927.aspx.
Note:If you are running CAS+Primary site,you must import the mof to default client settings and then enable the inventory classes in your primary site.Custom settings must always first go to default before you enable them in custom client device settings.Just import the MOF file to default client settings but deselect the classes.Go to your custom client settings and enable there .(if you do not have custom client device settings,you can do so in default settings).
Upon the changes to both configuration.mof and inventory agents, check if your changes are successfully complied or not by looking at dataldr.log on your sccm server.
we are done with configmgr prerequisites. Next,we will launch the MBAM server setup to integrate with Configmgr.Mount your downloaded MDOP 2015 ISO and browse to MBAM folder.
Folder: F:\MBAM\MBAM 2.5 SP1\Installers\x64
Click Next
Accept the license agreement and Click next
Click Install
Select Run MBAM server Configuration and click Finish
Launch the MBAM Server configuration wizard and select add new features.
select the last component system center configuration manager integration.
I am using default Instance (MSSQLSERVER) so I leave it blank. If you are using Named Instance,Please enter it and click next.
This procedure creates MBAM supported collection,configuration manager baselines and configuration items and deployed to MBAM collection automatically.
Configuration Item and Baselines:
If you are trying this in lab environment,you must edit the MBAM collection query else you will not see the your clients into this collection .
if you look at the query,it is omitting the VM’s . Just select what I shown below and click delete (x ),click ok.
update the collection membership,wait for min until collection is refreshed (hours glass disappear) ,you should be able to see the members in this collection (if you have any workstation clients but not servers).
With this,we are done with MBAM 2.5 SP1 integration with Configuration manager 2012.
In next part (part 4) ,we will see how to install and configure the MBAM components on our MBAM01 server.
15 Comments
Hey Eswar !! This is a great guide for the beginners. The step by step installation you have listed are very explanatory. I have couple of questions here,
We are planning to integrate MBAM with SCCM.
1. Can I install MBAM on a dedicated server and configure the features for Database and Web applications ?
2. Or should I install MBAM on dedicated server as well as on SCCM server to integrate it ?
Hi Raju,
There is communication and news around MBAM that ,MBAM support will be ended and no further there enhancements made to this .You can reach out to TAM for more information on this.
coming to your question ,it is recommended to have dedicated MBAM server that host apps and database .Database on local or remote depends on the number of clients you supporting. Read technet documentation for the size limits.
Thanks,
Eswar
I am configuration MBAM in our organization.
We are using 2 Server for MBAM configuration
Server01 - IIS, ASP.NET MVC4(all prerequisites installed)
Server02 - SQL 2012 R2 ENT installed
I have successfully configured Compliance and Audit Database and Recovery Database.
When i am trying configuring "Reports" from Microsoft BitLocker Administration and monitoring, i am getting error as
"SQL Server error : Unable to find an instance of the Reporting Services".
Want to know do we need to install SQL Reporting services on MBAM server or can we point to remote SQL server. Please help
Hi,
Did you resolve this ? On a server that you want to install reports using MBAM ,make sure you meet the prereq that are listed in the blogpost.
Thanks,
Eswar
i am using SCCM 1802, so the text to append to Configuration.mof File will be same or will it change
Hi,
the content for configuration.mof is same and no changes it even though it is sccm 2012 or later versions.
thanks,
Eswar
i am Configuring web applications and getting errorl the web services application pool account is not valid
i am able to open report view using web url but in IIS there is no information for mbam
Hi, great guide, thank you! Dumb question: The Instance name would be the CM DB's instance name, right?
yes ,if you are using Configmgr database else the instance of the database that you host.
Regards,
Eswar
Hi - In a SCCM hierarchy do you run the integration portion on the cas or all the primary sites? Thanks!
I'm not sure exactly what causes it, but by installing web services directly onto our SCCM server it broke the SPN on our SCCM network account, which broke all of the authentication that SCCM needs to distribute packages. Is there any way to get MBAM fully installed on an SCCM server without this issue?
Here are others that have had the same issue:
https://social.technet.microsoft.com/Forums/en-US/fd643f0c-78d7-457d-9694-dca9b21149de/application-catalog-stopped-working-after-mbam-upgrade?forum=configmanagergeneral
i would not recommend to install MBAM on SCCM server and it is not best practise due to many components involved in MBAM for SQL ,IIS and other things.
I did not try installing MBAM components on SCCM server.
Regards,
Eswar
Hello, very helpful Guide.
If we install the Report Service and Databases on a seperate Server, do we need to install IIS and the other prerequisites on that server too?
Yes,you need to and IIS is must for reporting services http://eskonr.com/2016/10/install-mbam-2-5-sp1-on-remote-sql-and-integrate-with-sccm-configmgr-1606-notes-and-scripts/
Regards,
Eswar
Can you show the Query Statement that you used? After installing MBAM 2.5 sp1 integration. My Query Rule was blank when I tried editing the MBAM Collection query.
Side note: (I see 8 instances of MBAM supported collection in my "Device Collection", configuration manager baselines and configuration items.)