question

bukkybu-3222 avatar image
0 Votes"
bukkybu-3222 asked bukkybu-3222 answered

Bitlocker service account password change

Attempting to change the password for the MBAM service account. When I reset the password in the app pool and in the SSRS data source, the help desk site comes up, but none of the other sites come up. It appears the password change isn't updating the services.

Logs show the error:

Failed to escrow the recovery information of volume C: (Device ID: \\?\Volume{}) to
<Website Removed for Privacy>
HRESULT: 0x803d0005 - Access was denied by the remote endpoint".

Any assistance is greatly appreciated.

windows-10-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is it a domain-joined device?
If yes, is it connected to Azure-AD or local AD?

0 Votes 0 ·
bukkybu-3222 avatar image
0 Votes"
bukkybu-3222 answered

It turns out the MBAM application server hadn't been rebooted as was thought. The reboot fixed the issue. Thanks to all for the assistance.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TeemoTang-MSFT avatar image
0 Votes"
TeemoTang-MSFT answered TeemoTang-MSFT commented

If you use a custom DNS name instead of the FQDN of the MBAM server hosting the Hardware and Recovery service, you need to have two SPN entries for the app pool account:

setspn -s http/DNSname.domain.org domain\serviceaccount
setspn -s http/servername.domain.org domain\serviceaccount


More info: https://technet.microsoft.com/en-us/itpro/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites

Lastly, verify that you have the 'DisableMachineVerification' registry key set on the server and the server has been rebooted since you set that key: https://support.microsoft.com/en-us/help/2612822/computer-record-is-rejected-in-mbam

There is a similar case
MBAM 2.5 - 803d0005 - Access was denied by the remote endpoint
https://social.technet.microsoft.com/Forums/en-US/7315de2c-8f62-4ac0-b9ca-480ab2bf63cb/mbam-25-803d0005-access-was-denied-by-the-remote-endpoint?forum=mdopmbam


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your reply. I do have SPN entries set up on the service account. I am not changing the service account, just the password on the existing service account. I will try the registry key and reboot.

0 Votes 0 ·

ok, look forward to your good news

0 Votes 0 ·