question

LeanIsmael-2109 avatar image
LeanIsmael-2109 asked ·

BitLocker portals not working

I run the script to setup BitLocker portals

.\MBAMWebSiteInstaller.ps1 -SqlServerName <ServerName> -SqlInstanceName <InstanceName> -SqlDatabaseName <DatabaseName> -ReportWebServiceUrl <ReportWebServiceUrl> -HelpdeskUsersGroupName <DomainUserGroup> -HelpdeskAdminsGroupName <DomainUserGroup> -MbamReportUsersGroupName <DomainUserGroup> -SiteInstall Both


this is the result:
Creating new web application SelfService
Registering perf counters

Id Name PSJobTypeName State HasMoreData Location Command


2 Job2 BackgroundJob Completed True localhost param($assembly, $typ...

True

Get-ReportServiceUri : Caught exception querying report service at https://CHSV001022019.dnl.com/ReportServer
At C:\program files\microsoft configuration manager\cd.latest\smssetup\bin\x64\MBAMWebSiteInstaller.ps1:1285 char:34
+ ... $reportUriPart = Get-ReportServiceUri $ReportWebServiceUrl
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-ReportServiceUri

Get-ReportServiceUri : There was an error downloading
'https://chsv001022019.dnl.com/ReportServer/ReportService2010.asmx?wsdl'.
At C:\program files\microsoft configuration manager\cd.latest\smssetup\bin\x64\MBAMWebSiteInstaller.ps1:1285 char:34
+ ... $reportUriPart = Get-ReportServiceUri $ReportWebServiceUrl
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-ReportServiceUri

Get-ReportServiceUri : Unable to connect to the remote server
At C:\program files\microsoft configuration manager\cd.latest\smssetup\bin\x64\MBAMWebSiteInstaller.ps1:1285 char:34
+ ... $reportUriPart = Get-ReportServiceUri $ReportWebServiceUrl
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-ReportServiceUri

WARNING: Unable to determine web service uri to Audit Report. This can be corrected in the web.config for the HelpDesk
website.

Creating new web application HelpDesk
Registering perf counters
4 Job4 BackgroundJob Completed True localhost param($assembly, $typ...

True



Creating the new web application were both True.
i tried to access the portal but I cant get through, it keeps on asking for credentials

mem-cm-general
5 comments
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I will test this command and report back.

0 Votes 0 · ·

I rerun the script, and only used http in this part ReportWebServiceUrl <ReportWebServiceUrl>

the result were "Creating the new web application were both True." and no error on the powershell.

however I still can't access the portal.
and got error in event viewer.
kindly see attached

36785-untitled.png


0 Votes 0 · ·
untitled.png (187.5 KiB)

What's your Configuration Manager versions?

0 Votes 0 · ·
Show more comments

1 Answer

XinGuo-MSFT avatar image
XinGuo-MSFT answered ·

Hi,

Please make sure you installed the prerequisite for Microsoft ASP.NET MVC 4.0 on the web server.
https://docs.microsoft.com/en-us/mem/configmgr/protect/plan-design/bitlocker-management#prerequisites

The user account that runs the portal installer script needs SQL Server sysadmin rights on the site database server. During the setup process, the script sets login, user, and SQL Server role rights for the web server machine account. You can remove this user account from the sysadmin role after you complete setup of the self-service portal and the administration and monitoring website.

Event ID 1:
For Integrated Windows Authentication to succeed, necessary SPNs needs to be in place. This message indicates that the SPN required for MBAM application has not been correctly configured.

Event ID 111:
These errors indicate one of the following two conditions:
MBAM websites/webservices were unable to either connect to MBAMCompliance OR MBAMRecovery database
MBAM websites/webservices execution account(app pool account) could not run the GetVersion stored procedure on MBAMCompliance OR MBAMRecovery database

Verify that the app pool account can connect to the compliance or recovery databases. Confirm that it has permissions to run the GetVersion stored procedure.

https://docs.microsoft.com/en-us/mem/configmgr/protect/tech-ref/bitlocker/server-event-logs#111-webappdberror

5 comments Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes, I've installed the Microsoft ASP.NET MVC 4.0 on the web server (SSCM Server).

How can I do this
Verify that the app pool account can connect to the compliance or recovery databases. Confirm that it has permissions to run the GetVersion stored procedure.

0 Votes 0 · ·

In the Event ID 1. , this is the message

The description for Event ID 1 from source Microsoft-Windows-MBAM-Web cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Application: Default Web Site/SelfService is missing the following Service Principal Names (SPNs):
http/

Register the required SPNs on the account: CHSV001012019$.

The publisher has been disabled and its resource is not available. This usually occurs when the publisher is in the process of being uninstalled or upgraded


Should we use the CHSV001012019 when setting SPN?

37091-image.png


0 Votes 0 · ·
image.png (165.4 KiB)