In part 3 here of this MBAM 2.5 SP1 multi series guide,we have installed MBAM prerequisites for configuration manager 2012,changes to MOF file,inventory changes,MBAM collection etc.
In this part 4 ,we will see the main components of MBAM 2.5 SP1, which are database ,reports and web application.
Login to MBAM01 server with CM_SRV (MBAM_admin) account ,mount the MDOP 2015 ISO,browse to the MBAM 2.5 SP1 folder.
Run MBAMserversetup with default options Next,Next ,Next until the last screen.
Click on Add new features
we will first install database and reports and later will install web applications.
Enter the SQL server Name (if you have installed locally or remote server)
I have used default instance (MSSQLSERVER) so I leave it blank, if you have named instance,please provide so.
Use the account you have created in AD for Database read and write
Enter the reporting role domain group name (MBAM_HD_Reports_ and compliance audit domain account name (MBAM_DB_RO)
check the summary page if all set correctly or not.
If you have other servers where you want to install these components again and you don’t want follow all these steps ,you can export the powershell script ,change the components (like certificate ,account etc) and run the script on other server to make things easy.
With this,we have installed compliance database,recovery database .
Check if these databases created or not by openings SQL server management studio.
Also the account that have specified during the installation will get automatically added with required permissions.
Next ,we will install the web Applications
On the server ,from start menu ,search mbam ,open MBAM server Configuration to add the WebApplications
Click on Add new features
As am not using any SSL now ,I will check do not use certificate
Enter the hostname,IIS path an d Port number ( if you have enabled the firewall ,you must allow the this port for website communication).
fill the details as shown below
Enable TPM Lockout Autoreset is new feature in MBAM 2.5 SP1. On computers running TPM 1.2, you can now configure MBAM to automatically unlock the TPM in case of a lockout. If the TPM lockout auto reset feature is enabled, MBAM can detect that a user is locked out and then get the OwnerAuth password from the MBAM database to automatically unlock the TPM for the user.
This feature must be enabled on both the server side (enable as shown above) and in Group Policy on the client side (we will configure this later)
SQL Server reporting service URL : http://MBAM01.corp.eskonr.com/ReportServer If you are using SSL,use https.
lets have a check on IIS server if these websites created or not.
From Run command,type inetmgr .
Right click on helpdesk ,choose manage applications –browse ,you will see the helpdesk webpage.
If you don’t see reports ,then you are not member of group ‘MBAM_HD_Reports’. Only user MBAM_report1 is member can can view reports.
To view below 2 options like Drive recovery and Manage TPM,user must be member of MBAM_HD_ADv group.To see only reports,user must be member of MBAM_HD_reports.
If user member of only MBAM_HD_Reports then can see only reports.
do the same for self-service portal
If you want to configure the selfservice portal to change the company name, display text etc ,you can go to IIS Server ,click on selfservice ,open application settings
With this,we have successfully installed the database,reports and web applications on our MBAM server.
In next part 5 of this multi series ,we will see how to configure the prerequisites (GPO’s etc) for Clients before we start doing computer bitlocker.