Validating the MBAM 2.5 Server Feature Configuration
Dotyczy: Microsoft BitLocker Administration and Monitoring 2.5
When you finish the Microsoft BitLocker Administration and Monitoring (MBAM) 2,5 Server feature deployment, we recommend that you validate the deployment to ensure that all features have been successfully configured. Use the procedure that matches the topology (Stand-alone or System Center Menedżer konfiguracji Integration) that you deployed.
Validating the MBAM Server deployment with the Stand-alone topology
Use the following steps to validate your MBAM Server deployment with the Stand-alone topology.
To validate a Stand-alone MBAM Server deployment
On each server where an MBAM feature is deployed, click Control Panel > Programs > Programs and Features. Verify that Microsoft BitLocker Administration and Monitoring appears in the Programs and Features list.
Uwaga
To do the validation, you must use a domain account that has local computer administrative credentials on each server.
On the server where the Recovery Database is configured, open SQL Server Management Studio and verify that the MBAM Recovery and Hardware database is configured.
On the server where the Compliance and Audit Database is configured, open SQL Server Management Studio and verify that the MBAM Compliance Status Database is configured.
On the server where the Reports feature is configured, open a web browser with administrative credentials and browse to the "Home" of the SQL Server Reporting Services site.
The default Home location of a SQL Server Reporting Services site instance is at:
http(s)://< MBAMReportsServerName>:<port>/Reports.aspx
To find the actual URL, use the Reporting Services Menedżer konfiguracji tool and select the instances that you specified during setup.
Confirm that a reports folder named Microsoft BitLocker Administration and Monitoring contains a data source called MaltaDataSource. This data source contains folders with names that represent languages (for example, en-us). The reports are in the language folders.
Uwaga
If SQL Server Reporting Services (SSRS) was configured as a named instance, the URL should resemble the following:
http(s)://< MBAMReportsServerName>:<port>/Reports_<SSRSInstanceName>Uwaga
If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring Website (also known as Help Desk) and select a report, the following message appears: "Only Secure Content is Displayed." To show the report, click Show All Content.
On the server where the Administration and Monitoring Website feature is configured, run Server Manager, browse to Roles, and then select Web Server (IIS) > Internet Information Services (IIS) Manager.
In Connections, browse to <computer name> and select Sites > Microsoft BitLocker Administration and Monitoring. Verify that the following are listed:
MBAMAdministrationService
MBAMComplianceStatusService
MBAMRecoveryAndHardwareService
On the server where the Administration and Monitoring Website and Self-Service Portal are configured, open a web browser with administrative credentials.
Browse to the following websites to verify that they load successfully:
https(s)://<MBAMAdministrationServerName>:<port>/HelpDesk/ - confirm each of the links for navigation and reports
http(s)://< MBAMAdministrationServerName>:<port>/SelfService/
Uwaga
It is assumed that you configured the server features on the default port without network encryption. If you configured the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example:
http(s)://< host name>:<port>/HelpDesk/ http(s)://< host name>:<port>/<virtualdirectory>/ If the server features were configured with network encryption, change http:// to https://.Browse to the following web services to verify that they load successfully. A page opens to indicate that the service is running, but the page does not display any metadata.
http(s)://< MBAMAdministrationServerName>:<port>/MBAMAdministrationService/AdministrationService.svc
http(s)://< MBAMAdministrationServerName>:<port>/MBAMUserSupportService/UserSupportService.svc
http(s)://< MBAMAdministrationServerName>:<port>/MBAMComplianceStatusService/StatusReportingService.svc
http(s)://< MBAMAdministrationServerName>:<port>/MBAMRecoveryAndHardwareService/CoreService.svc
Validating the MBAM Server deployment with the Menedżer konfiguracji Integration topology
Use the following steps to validate your MBAM deployment with the Menedżer konfiguracji Integration topology. Complete the validation steps that match the version of Menedżer konfiguracji that you are using.
Validating the MBAM Server deployment with System Center 2012 Configuration Manager
Use these steps to validate your MBAM Server deployment when you are using MBAM with System Center 2012 Configuration Manager.
To validate a Menedżer konfiguracji Integration MBAM Server deployment – System Center 2012 Configuration Manager
On the server where System Center 2012 Configuration Manager is deployed, open Programs and Features in Control Panel, and verify that Microsoft BitLocker Administration and Monitoring appears.
Uwaga
To validate the configuration, you must use a domain account that has local computer administrative credentials on each server.
In the Menedżer konfiguracji console, click the Assets and Compliance workspace > Device Collections, and confirm that a new collection called MBAM Supported Computers is displayed.
In the Menedżer konfiguracji console, click the Monitoring workspace > Reporting > Reports > MBAM.
Verify that the MBAM folder contains subfolders, with names that represent different languages, and that the following reports are listed in each language subfolder:
BitLocker Computer Compliance
BitLocker Enterprise Compliance Dashboard
BitLocker Enterprise Compliance Details
BitLocker Enterprise Compliance Summary
In the Menedżer konfiguracji console, click the Assets and Compliance workspace > Compliance Settings > Configuration Baselines, and confirm that the configuration baseline BitLocker Protection is listed.
In the Menedżer konfiguracji console, click the Assets and Compliance workspace > Compliance Settings > Configuration Items, and confirm that the following new configuration items are displayed:
BitLocker Fixed Data Drives Protection
BitLocker Operating System Drive Protection
Validating the MBAM Server deployment with Configuration Manager 2007
Use these steps to validate your MBAM Server deployment when you are using MBAM with Configuration Manager 2007.
To validate a Menedżer konfiguracji Integration MBAM Server deployment – Configuration Manager 2007
On the server where Configuration Manager 2007 is deployed, open Programs and Features on Control Panel , and verify that Microsoft BitLocker Administration and Monitoring appears.
Uwaga
To validate the configuration, you must use a domain account that has local computer administrative credentials on each server.
In the Menedżer konfiguracji console, click Site Database <SiteCode> - <ServerName>, <SiteName>), Computer Management, and confirm that a new collection called MBAM Supported Computers is displayed.
In the Menedżer konfiguracji console, click Reporting > Reporting Services > \\<ServerName> > Report Folders > MBAM.
Verify that the MBAM folder contains subfolders, with names that represent different languages, and that the following reports are listed in each language subfolder:
BitLocker Computer Compliance
BitLocker Enterprise Compliance Dashboard
BitLocker Enterprise Compliance Details
BitLocker Enterprise Compliance Summary
In the Menedżer konfiguracji console, click Desired Configuration Management > Configuration Baselines, and confirm that the configuration baseline BitLocker Protection is listed.
In the Menedżer konfiguracji console, click Desired Configuration Management > Configuration Items, and confirm that the following new configuration items are displayed:
BitLocker Fixed Data Drives Protection
BitLocker Operating System Drive Protection
Got a suggestion for MBAM?
Add or vote on suggestions here. For MBAM issues, use the MBAM TechNet Forum.