Share via

MECM Bitlocker HelpDesk page doesn't show any recovery keys

Stefan 6 Reputation points
2022-06-29T11:18:31.113+00:00

Hi everyone,

we've got an issue with Bitlocker recovery keys after migrating our MECM Server from one VM (Server 2012 R2) to a new one (Server 2019) with the same name and IP-address.
Since we migrated the server with a fullbackup-recovery and did all the post actions that had to be done, we realized a problem with the MBAM HelpDesk website. The website can be accessed by all helpdesk-users and the search for recovery keys seems to be working fine, except the fact that there are no recovery keys shown in the "Drive Recovery Key" section:

216161-image.png

When we checked the database entries we can see, that there are all entries available and we can see, that the keyID has a dataset, too:

216132-image.png

We checked database access for all user- and service-accounts and can't find any problems with that. Even with db_owner rights for all accounts involved, there is no change in the behaviour.
Clients are able to update there keys in the database by the way, but we are not able to get the recovery keys.

We are thankful for every idea we can check out to resolve the problem.
Thanks ahead!

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,795 questions
Microsoft Configuration Manager
0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,441 Reputation points
    2022-07-01T15:54:59.167+00:00

    Hi there,

    There can be multiple reasons for this behavior and the only way to narrow it down would be with the help of the logs. Trace logs for each component are in the following default locations:

    -Self-service portal: C:\inetpub\Microsoft BitLocker Management Solution\Logs\Self Service Website
    -Administration and monitoring website: C:\inetpub\Microsoft BitLocker Management Solution\Logs\Help Desk Website

    Once you get to hold on to the logs you can share them with the community or with the support team. You can also troubleshoot it by following the below article.

    Set up BitLocker portals https:// learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/setup-websites

    Troubleshoot BitLocker https:// learn.microsoft.com/en-us/mem/configmgr/protect/tech-ref/bitlocker/troubleshoot

    Hope this resolves your Query !!

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    If the reply is helpful, please Upvote and Accept it as an answer

    0 comments
  2. AllenLiu-MSFT 41,461 Reputation points Microsoft Vendor
    2022-07-04T07:28:53.607+00:00

    Hi, @Stefan

    We have to set the value with group policy as the article mentioned instead of editing the registry.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments