Release Notes for MBAM 2.5
Van toepassing op: Microsoft BitLocker Administration and Monitoring 2.5
To search these release notes, press Ctrl+F.
Read these release notes thoroughly before you install Microsoft BitLocker Administration and Monitoring (MBAM) 2,5. These release notes contain information that is required to successfully install MBAM and can contain information that is not available in the product documentation. If these release notes differ from other MBAM 2,5 documentation, consider the latest change to be authoritative. These release notes supersede the content that is included with this product.
MBAM 2,5 known issues
This section contains release notes for MBAM 2,5.
Web browser unintentionally run as administrator
Help links in the MBAM Server Configuration tool can cause browser windows to open with administrator rights.
Workaround: Enable Internet Explorer Enhanced Security Configuration (IESC) or close your web browser before navigating to other sites.
MBAM reports as noncompliant a client encrypted with AES 256-bit encryption keys and Diffuser
If a computer has the MBAM 2,5 client installed and is encrypted by using the AES 256-bit with Diffuser cipher strength, the MBAM client is reported as noncompliant in the MBAM compliance reports.
Workaround: Install the hotfix at KB2975636.
MBAM fails to encrypt a volume and reports an error if you set a TPM + PIN protector on a tablet device
If end users try to set a TPM + PIN protector on a tablet device, MBAM fails to encrypt, and it reports an error. This issue occurs because tablet devices do not have a pre-boot environment keyboard.
Workaround: Enable the Enable use of BitLocker authentication requiring preboot keyboard input on tablets Group Policy setting. This setting is a BitLocker Group Policy setting and is not available in the MBAM Group Policy Templates.
Only one instance of the MBAM Server Configuration wizard can be running at a time
You can run only one instance of the MBAM Server Configuration wizard at a time. If you try to start a second instance of the wizard while another instance is running, nothing happens, and no error message appears.
Workaround: Run only one instance of the wizard at a time.
User principal name is required for all service accounts
A user principal name (UPN) must be set for all service accounts in MBAM. If you fail to create a UPN for an account, an error message appears during the configuration process to indicate that the user or group could not be found in Active Directory.
Workaround: Add the UPN to the service account.
Self-Service Portal requires additional configuration if client computers cannot access Microsoft Ajax Content Delivery Network
Workaround: Configure the Self-Service Portal by following these instructions: How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network.
Self-Service Portal and the Administration and Monitoring Website do not open after you upgrade IIS to .NET Framework 4.5
When you upgrade Internet Information Services (IIS) to the Microsoft .NET Framework 4.5, the Self-Service Portal and the Administration and Monitoring Website do not open.
Administration and Monitoring Website displays a "Report cannot be found" error message when Reports are not configured
If you configure the Administration and Monitoring Website and then try to view a report without configuring the Reports feature first, an error message indicates that the report cannot be found.
Workaround: Configure the Reports feature before you configure the web applications.
Reports in the Administration and Monitoring Website display a warning if SSL is not configured in SSRS
If SQL Server Reporting Services (SSRS) was not configured to use Secure Socket Layer (SSL), the URL for the Reports feature will be set to HTTP instead of to HTTPS when you configure the MBAM Server. If you then open the Administration and Monitoring Website and select a report, the following error message appears: "Only Secure Content is Displayed."
Workaround: To show the report, click Show All Content. To correct this issue, go to the MBAM computer where SQL Server Reporting Services is installed, run Reporting Services Configuration Manager, and then click Web Service URL. Select the appropriate SSL certificate for the server, enter the appropriate SSL port (the default port is 443), and then click Apply.
Clicking "Back" in the Bitlocker Compliance Summary report might throw an error
If you drill down into a Bitlocker Compliance Summary report, and then click the Back link in the SSRS report, an error might be thrown.
Used Space Only Encryption does not work correctly
If you encrypt a computer for the first time after you install the MBAM Client, and you have configured a Group Policy setting to implement Used Space Only encryption, MBAM erroneously encrypts the entire disk instead of encrypting only the disk’s used space. If a computer is already encrypted with Used Space Only when you install the MBAM Client, and you have configured the same Group Policy setting, MBAM reports that the drive is encrypted correctly, and does not try to re-encrypt the drive.
Cipher strength displays incorrectly on the BitLocker Computer Compliance report
If you do not set a specific cipher strength in the Choose drive encryption method and cipher strength Group Policy Object, the BitLocker Computer Compliance report in the Configuration Manager Integration topology always displays "unknown" for the cipher strength, even when the cipher strength uses the default of 128-bit encryption. The report displays the correct cipher strength if you set a specific cipher strength in the Group Policy Object.
Workaround: Always set a specific cipher strength in the Choose drive encryption method and cipher strength Group Policy Object.
Compliance Status Distribution By Drive Type displays old data after you update configuration items
After you update MBAM configuration items in System Center 2012 Configuration Manager, the Compliance Status Distribution By Drive Type bar chart on the BitLocker Enterprise Compliance Dashboard shows data that is based on information from old versions of the configuration items.
Workaround: None. Modification of the MBAM configuration items is not supported, and the report might not appear as expected.
Enhanced Security Configuration might cause reports to display an error message incorrectly
If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an "Access Denied" error message might appear when you try to view reports on the MBAM Server. By default, ESC is turned on to protect the server by decreasing the server’s exposure to potential attacks that can occur through web content and application scripts.
Workaround: If the "Access Denied" error message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which ESC is not enabled.
Hotfixes and Knowledge Base articles for MBAM 2.5
This section contains hotfixes and KB articles for MBAM 2,5.
Hotfix Package 1 for Microsoft Bitlocker Administration and Monitoring 2.5
MBAM 2,5 installation or Configuration Manager reporting fails if the name of SSRS instance contains an underscore
MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description
Error opening Enterprise or Computer Compliance Reports in MBAM
MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008
SQL deadlocks when many MBAM clients connect to the MBAM recovery database