I have an MBAM server 2.5. sp1 which is integrated with SCCM 2012 r2. The Recovery Keys are in its DB as well as AD.
Scenario:
I took a hard drive out of a machine (WS1) and placed into a USB HD enclosure which i attached to another machine (WS2).`The drive came up saying it's encrypted and if i try to unlock it, It asked for the Recovery PW.
I noticed that when i used the the self-service page to recover a the password it said "invalid Key"
I looked at the SQL and ran this query:
SELECT TOP 1000 [Id]
,[LastUpdateTime]
,[VolumeId]
,[RecoveryKeyId]
,[RecoveryKey]
,[RecoveryKeyPackage]
,[Disclosed]
FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys]
I saw the Recovery ID key in SQL and tried it via AD and it gave me the same password.
When i opened the AD object and looked under the bitlocker Tab i saw all the recovery IDs there was one that was never made it to MBAM DB. I used that one and it unlocked.
I have 2 questions:
1) How can it populate the MBAM DB simultaneously as AD?
2) Lets say that I had removed the (WS1) computer 1 year ago and needed to recover the data. Where would i find the key?
I just want to make the recovery process as painless as possible for the Helpdesk.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Setting:
I have an MBAM server 2.5. sp1 which is integrated with SCCM 2012 r2. The Recovery Keys are in its DB as well as AD.
Scenario:
I took a hard drive out of a machine (WS1) and placed into a USB HD enclosure which i attached to another machine (WS2).`The drive came up saying it's encrypted and if i try to unlock it, It asked for the Recovery PW.
I noticed that when i used the the self-service page to recover a the password it said "invalid Key"
I looked at the SQL and ran this query:
SELECT TOP 1000 [Id] ,[LastUpdateTime] ,[VolumeId] ,[RecoveryKeyId] ,[RecoveryKey] ,[RecoveryKeyPackage] ,[Disclosed] FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys]I saw the Recovery ID key in SQL and tried it via AD and it gave me the same password.
When i opened the AD object and looked under the bitlocker Tab i saw all the recovery IDs there was one that was never made it to MBAM DB. I used that one and it unlocked.
I have 2 questions:
1) How can it populate the MBAM DB simultaneously as AD?
2) Lets say that I had removed the (WS1) computer 1 year ago and needed to recover the data. Where would i find the key?
I just want to make the recovery process as painless as possible for the Helpdesk.
Share this post
Link to post
Share on other sites