Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Release Notes for MBAM 2.0

Updated: April 1, 2013

Applies To: Microsoft BitLocker Administration and Monitoring 2.0

To search these release notes, press Ctrl+F.

Read these release notes thoroughly before you install Microsoft BitLocker Administration and Monitoring (MBAM) 2.0. These release notes contain information that is required to successfully install BitLocker Administration and Monitoring 2.0 and contain information that is not available in the product documentation. If there is a difference between these release notes and other MBAM 2.0 documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product.

MBAM 2.0 Known Issues

This section contains release notes for MBAM 2.0.

Computer Name field may not appear in the BitLocker Computer Compliance and BitLocker Enterprise Compliance Details reports when you run MBAM with Microsoft System Center Configuration Manager 2007

The Computer Name field may be blank in the BitLocker Computer Compliance and BitLocker Enterprise Compliance Details reports when you use MBAM with Configuration Manager 2007.

WORKAROUND: None.

Enterprise Compliance Report fails to update after you upgrade the Stand-alone MBAM server infrastructure

If you are using the MBAM Stand-alone topology, and you upgrade the server infrastructure from version 1.0 to 2.0, the Enterprise Compliance Report fails to update.

WORKAROUND: After the upgrade, run the following script on the Compliance and Audit Database:

-- =============================================
-- Script Template
-- =============================================
DECLARE @DatabaseName nvarchar(255);
SET @DatabaseName = DB_NAME()
USE msdb;
DECLARE @JobID BINARY(16)
SELECT @JobID = job_id
FROM msdb.dbo.sysjobs
WHERE (name = N'CreateCache')
if (@JobID IS NOT NULL)
BEGIN
    EXEC dbo.sp_delete_job
         @job_name = N'CreateCache';
END
EXEC dbo.sp_add_job
    @job_name = N'CreateCache',
    @enabled = 1;
EXEC dbo.sp_add_jobstep
     @job_name = N'CreateCache', 
     @step_name = N'Copy Data',
     @subsystem = N'TSQL',
     @command = N'EXEC [ComplianceCore].UpdateCache',
     @database_name = @DatabaseName,
     @retry_attempts = 5,
     @retry_interval = 5;
EXEC dbo.sp_add_jobschedule
     @job_name = N'CreateCache', 
     @name = N'ReportCacheSchedule1am',
     @freq_type = 4,
     @freq_interval = 1,
     @active_start_time = 010000,
     @active_end_time = 020000;
EXEC dbo.sp_attach_schedule 
     @job_name = N'CreateCache',
     @schedule_name = N'ReportCacheSchedule1am';
EXEC dbo.sp_add_jobschedule
     @job_name = N'CreateCache', 
     @name = N'ReportCacheSchedule7am',
     @freq_type = 4,
     @freq_interval = 1,
     @active_start_time = 070000,
     @active_end_time = 080000;
EXEC dbo.sp_attach_schedule 
     @job_name = N'CreateCache',
     @schedule_name = N'ReportCacheSchedule7am';
EXEC dbo.sp_add_jobschedule
     @job_name = N'CreateCache', 
     @name = N'ReportCacheSchedule1pm',
     @freq_type = 4,
     @freq_interval = 1,
     @active_start_time = 130000,
     @active_end_time = 140000;
EXEC dbo.sp_attach_schedule 
     @job_name = N'CreateCache',
     @schedule_name = N'ReportCacheSchedule1pm';
EXEC dbo.sp_add_jobschedule
     @job_name = N'CreateCache', 
     @name = N'ReportCacheSchedule7pm',
     @freq_type = 4,
     @freq_interval = 1,
     @active_start_time = 190000,
     @active_end_time = 200000;
EXEC dbo.sp_attach_schedule 
     @job_name = N'CreateCache',
     @schedule_name = N'ReportCacheSchedule7pm';
EXEC dbo.sp_add_jobserver
     @job_name = N'CreateCache';

Reports in the Help Desk Portal display a warning if SSL is not configured in SSRS

If SQL Server Reporting Services (SSRS) was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then browse to the Help Desk Portal and select a report, the following message displays: “Only Secure Content is Displayed.”

WORKAROUND: To show the report, click Show All Content. To address this issue, go to the MBAM computer where SQL Server Reporting Services is installed, run Reporting Services Configuration Manager, and then click Web Service URL. Select the appropriate SSL certificate for the server, enter the appropriate SSL port (the default port is 443), and then click Apply.

Non-default instances of the Configuration Manager database are not supported

MBAM looks only for the default instance of the Configuration Manager database in Configuration Manager 2007 and System Center 2012 Configuration Manager. If you use a non-default instance, you cannot install MBAM.

WORKAROUND: None.

Clicking “Back” in the Compliance Summary report might throw an error

If you drill down into a Compliance Summary report, and then click the Back link in the SSRS report, an error might be thrown.

WORKAROUND: None.

Used Space Only Encryption does not work correctly

If you encrypt a computer for the first time after you install the MBAM Client, and you have set a Group Policy Object to implement Used Space Only encryption, MBAM erroneously encrypts the entire disk instead of encrypting only the disk’s used space. If a computer is already encrypted when you install the MBAM Client, and you have set the same Group Policy Object, the encryption works correctly and encrypts only the used disk space on your computer.

WORKAROUND: None.

Cipher strength displays incorrectly on the Computer Compliance report

If you do not set a specific cipher strength in the Choose drive encryption method and cipher strength Group Policy Object, the Computer Compliance report in the Configuration Manager Integration topology always displays “unknown” for the cipher strength, even when the cipher strength uses the default of 128-bit encryption. The report displays the correct cipher strength if you set a specific cipher strength in the Group Policy Object.

WORKAROUND: Always set a specific cipher strength in the Choose drive encryption method and cipher strength Group Policy Object.

Compliance Status Distribution By Drive Type displays old data after you update configuration items

After you update MBAM configuration items in System Center 2012 Configuration Manager, the Compliance Status Distribution By Drive Type bar chart on the BitLocker Enterprise Compliance Dashboard shows data that is based on information from old versions of the configuration items.

WORKAROUND: None. Modification of the MBAM configuration items is not supported, and the report might not appear as expected.

Enhanced Security Configuration may cause reports to display incorrectly

If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an “Access Denied” message might appear when you try to view reports on the MBAM Server. By default, ESC is turned on to protect the server by decreasing the server’s exposure to potential attacks that can occur through web content and application scripts.

WORKAROUND: If the “Access Denied” message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which ESC is not enabled.

MBAM Server installation fails when you upgrade from SQL Server 2008 to SQL Server 2012

If you upgrade from SQL Server 2008 to SQL Server 2012, and then try to install the Compliance and Audit Database or the Recovery Database, the installation fails and rolls back. The failure occurs because the required SQLCMD.exe file was removed during the SQL upgrade and cannot be found by the MBAM installer. The MSI log file lines may look similar to the following:

RunDbInstallScript Recovery Db CA: BinDir - E:\MSSQL\100\Tools\Binn\SqlCmd.exe
RunDbInstallScript Recovery Db CA: dbInstance - xxxxxx\I01
RunDbInstallScript Recovery Db CA: sqlScript- C:\Program Files\Microsoft\Microsoft BitLocker Administration and Monitoring\Setup\KeyRecovery.sql
RunDbInstallScript Recovery Db CA: dbName- MBAM_Recovery_and_Hardware
RunDbInstallScript Recovery Db CA: defaultFileName- MBAM_Recovery_and_Hardware
RunDbInstallScript Recovery Db CA: defaultDataPath- F:\MSSQL\MSSQL10.I01\MSSQL\DATA\
RunDbInstallScript Recovery Db CA: defaultLogPath- K:\MSSQL\MSSQL10.I01\MSSQL\Data\
RunDbInstallScript Recovery Db CA: scriptLogPath - C:\Users\xxxxxx\AppData\Local\Temp\InstallKeyComplianceDatabase.log
-e -E -S xxxxxxx\I01 -i "C:\Program Files\Microsoft\Microsoft BitLocker Administration and Monitoring\Setup\KeyRecovery.sql" -v DatabaseName="MBAM_Recovery_and_Hardware" DefaultFileName="MBAM_Recovery_and_Hardware" DefaultDataPath="F:\MSSQL\MSSQL10.I01\MSSQL\DATA\" DefaultLogPath="K:\MSSQL\MSSQL10.I01\MSSQL\Data\" -o "C:\Users\xxxxxx\AppData\Local\Temp\InstallKeyComplianceDatabase.log"
RunDbInstallScript Recovery Db CA:Starting to run the Recovery database install script
RunDbInstallScript Recovery Db CA: Sqlcmd log file is located in C:\Users\xxxxxx\AppData\Local\Temp\\InstallKeyRecoveryDatabase.log
RunDbInstallScript Recovery Db CA Exception: Install Recovery database Custom Action command line output Exception: The system cannot find the file specified

The MBAM Server Windows Installer is hardcoded to find the SQLCMD.exe path by looking in the Path string value in the registry under HKLM\Software\Microsoft\Microsoft SQL Server\100\Tools\ClientSetup. The key is still present during the migration from SQL Server 2008 to SQL Server 2012, but the path that is referenced by the data value does not contain the SQLCMD.exe file, because the SQL upgrade process removed the file.

WORKAROUND: Temporarily rename the HKLM\Software\Microsoft\Microsoft SQL Server\100\Tools\ClientSetup Path string value to Path_old, and then re-run the MBAM Server Windows Installer. When the installation completes successfully and creates the databases in SQL Server 2012, rename the Path_old value to Path.

See Also

Concepts

About MBAM 2.0

-----
You can learn more about MDOP in the TechNet Library, search for troubleshooting on the TechNet Wiki, or follow us on Facebook or Twitter.
-----
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.