NSCOTT

Unfortunately no. I even got on the horn with microsoft who was unable to help via the SCCM side. They wanted me to call to the OS side of the house, but I dont have that in the budget unfortunately as it's expensive as all get out. We're still using this via GPO's which sucks... it works, but ah well. When i was on the phone with SCCM support, the main issue we struggled with was we could set all the settings in bitlocker and would always go to success. However, once we did anything with encrypting the drive, it would completely fail. Sucks, but at least we have a work around still with the GPO's

bumping back up as i'm trying this again. Imaged fresh computers and am no longer receiving that error pop up saying bitlocker could not be enabled. it's all silent now... so i've got that going for me. I am however still getting the bitlocker "unable to connect to the MBAM recovery and hardware service" under > microsoft windows mbam / admin in event viewer Anyone else got any ideas? https is enabled and cert bound on the IIS site on the MP.

also, did create the reporting site with no errors (had a few, but realized i needed the URL from the SSRS site, all good now) still crapping out with that same error

for the heck of it, i enabled anonymous access on the SMS_MP_MBAM site and keep hitting a wall with that error

Alright, following along with your troubleshooting documentation and doing setup from scratch again MP is EHTTP IIS Site on MP is HTTPS Client is in an OU with no GPO's for BL Client is completely decrypted Created Policy Deployed it to my test collection MP created folder G:\SMS_CCM\Microsoft Bitlocker Management Solution MP created IIS site SMS_MP_MBAM SSL settings defaulted to "Require SSL" and "client certificates > ignore" (keeping this setup for now) Client received and installed the MDOP MBAM software Client - Manage-bde -status shows fully decrypted, protection off, bitlocker version 2.0 Client - Bitlockermanagementhandler.log gives error "Could not check enrollment URL" screenshots below Client - Bitlockermanagement_grouppolicyhandler.log shows the same "could not check enrollment URL" error Client - Policyagentprovider.log does show settings changes right after i created the change Client - Regedit under the FVE group doesn't show "KeyRecoveryServiceEndPoint" Screenshots below Event viewer still showing the error "unable to connect to the MBAM recovery and hardware service" Client - can get to the HTTPS site of the MP via the following https://<FQDN>/ https://<FQDN>/sms_mp_mbam/ (asks for ID and PW) https://<FQDN>/sms_mp_mbam/coreservice.svc Screenshot below changed SSL settings on SMS_MP_MBAM to accept client certs - same issue changed SSL settings on the default MP site to accept client certs - same issue it's somehow unable to communicate but i'm really unsure how if it's able to get to the HTTPS sites without any issue

Crud, so sorry, thought i included that - Version 2403 - the latest release. Checking out the blog posts now - appreciate ya!

I'm really confused and need some assistance. Long story short, we've been using straight GPO's for bitlocker forever. Management wants some reports that i cannot currently generate without SCCM or MBAM ingesting this service... as MBAM is going away in the future, so i'm just importing it all, or trying, into SCCM. - Computer 1. Decrypted the drive 2. Tossed the computer into an OU that has absolutely no bitlocker policies enabled (verified via RSOP) - SCCM / MP - setup policies within SCCM - setup the web portals (we only wanted helpdesk, which is working) ---- MPControl.log is showing it's verifying it's installed and running - Info However, on the computer that i'm deploying out to, it's never starting the encryption, but i can get out to HTTPS//fqdn.com as well as HTTPS://FQDN.com/sms_mp_mbam/coreservice.svc Tried TPM only and TPM And pin - same thing is happening