question

MattD-7613 avatar image
0 Votes"
MattD-7613 asked MattD-7613 edited

BitLocker Portal

Its a rights issue and I have no idea how to correct, but when I run the .\MBAMWebSiteInstaller.ps1 script, I get the following error:

Set-MachineUserOnSql : Unable to set permissions for machine on SQL server: Exception calling "ExecuteNonQuery" wi
"0" argument(s): "User does not have permission to perform this action.
User does not have permission to perform this action.
Cannot alter the role 'smsdbrole_AUDITMBAM', because it does not exist or you do not have permission."
At E:\InstallFiles\MBAM\MBAMWebSiteInstaller.ps1:1327 char:16
+ $success = Set-MachineUserOnSql
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-MachineUserOnSql

Install-MBAMWebSites : Failure setting machine account privileges on SQL
At E:\InstallFiles\MBAM\MBAMWebSiteInstaller.ps1:1468 char:5
+ Install-MBAMWebSites -SqlServerName $SqlServerName -SqlInstanceNa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-MBAMWebSites

I don't have the foggiest idea how to add or subtract SQL perms.

mem-cm-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MattD-7613 avatar image
0 Votes"
MattD-7613 answered MattD-7613 edited

"The user account that runs the portal installer script needs SQL sysadmin rights on the site database server."

I ended up logging in using the SA account and adding sysadmin role to the account I was using to run the script.

I now get a portal. It only works at http not https. Not sure why that is and I cannot run a recovery audit report from the portal. Getting a Refused to connect error. I'll hammer away at this. At least I got my portal and I can get recovery keys from it. - Disregard

I got this working fully. I used Reports instead of ReportServer when running the script.

Can someone verify if I uninstall this and rerun using https instead of http - will it only work using https?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered MattD-7613 commented

Hi, @MattD-7613
Thank you for posting in Microsoft Q&A forum.
What is the command line when you run the script MBAMWebSiteInstaller.ps1?
Do you use the parameters -DomainName? Someone solved the same issue by using domain name instead of FQDN after -DomainName. You may try it to see if it helps.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


.\MBAMWebSiteInstaller.ps1 -SqlServerName SERVERNAME.Domain.com -SqlDatabaseName CM_XX1 -ReportWebServiceUrl http://SERVERNAME/Reports -HelpdeskUsersGroupName "DOMAIN.com\sccm admins" -HelpdeskAdminsGroupName "DOMAIN.com\sccm admins" -MbamReportUsersGroupName "DOMAIN.com\sccm admins" -SiteInstall HelpDesk

I'll try the domain name suggestion and report back. I am logged into the primary site server as my account. I will try logging in as the sccm service account and see if that works.

0 Votes 0 ·