Validating the MBAM 2.5 server feature configuration
When you finish the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 server feature deployment, we recommend that you validate the deployment to ensure that all features are successfully configured. Use the procedure that matches the topology (stand-alone or System Center Configuration Manager integration) that you deployed.
Validating the MBAM server deployment with the stand-alone topology
Use the following steps to validate your MBAM server deployment with the stand-alone topology.
To validate a stand-alone MBAM server deployment
On each server where an MBAM feature is deployed, select Control Panel > Programs > Programs and Features. Verify that Microsoft BitLocker Administration and Monitoring appears in the Programs and Features list.
Note
To do the validation, you must use a domain account that has local computer administrative credentials on each server.
On the server where the Recovery Database is configured, open SQL Server Management Studio and verify that the MBAM Recovery and Hardware database is configured.
On the server where the Compliance and Audit Database is configured, open SQL Server Management Studio and verify that the MBAM Compliance Status Database is configured.
On the server where the Reports feature is configured, open a web browser with administrative credentials and browse to the "Home" of the SQL Server Reporting Services site.
The default Home location of a SQL Server Reporting Services site instance is at:
https://<MBAMReportsServerName>:<port>/Reports.aspxTo find the actual URL, use the Reporting Services Configuration Manager tool and select the instances that you specified during setup.
Confirm that a reports folder named Microsoft BitLocker Administration and Monitoring contains a data source called MaltaDataSource and the language folders. The data source contains folders with names that represent languages (for example, en-us). The reports are in the language folders.
Note
If you configure SQL Server Reporting Services (SSRS) as a named instance, the URL should resemble the following:
https://<MBAMReportsServerName>:<port>/Reports_<SSRSInstanceName>
Note
If SSRS wasn't configured to use Secure Socket Layer (SSL), when you install the MBAM server, the URL for the reports are set to HTTP instead of HTTPS. If you then go to the Administration and Monitoring website (also known as Help Desk) and select a report, the following message appears: "Only Secure Content is Displayed." To show the report, select Show All Content.
On the server where the Administration and Monitoring Website feature is configured, run Server Manager, browse to Roles, and then select Web Server (IIS) > Internet Information Services (IIS) Manager.
In Connections, browse to <computer name> and select Sites > Microsoft BitLocker Administration and Monitoring. Verify that the following are listed:
MBAMAdministrationService
MBAMComplianceStatusService
MBAMRecoveryAndHardwareService
On the server where the Administration and Monitoring website and Self-Service Portal are configured, open a web browser with administrative credentials.
Browse to the following websites to verify that they load successfully:
https://<MBAMAdministrationServerName>:<port>/HelpDesk/- confirm each of the links for navigation and reportshttps://<MBAMAdministrationServerName>:<port>/SelfService/
Note
It is assumed that you configured the server features on the default port without network encryption. If you configured the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example:
https://<host name>:<port>/HelpDesk/https://<host name>:<port>/<virtualdirectory>/If the server features were configured with network encryption, change
http://tohttps://.Browse to the following web services to verify that they load successfully. A page opens to indicate that the service is running, but the page doesn't display any metadata.
https://<MBAMAdministrationServerName>:<port>/MBAMAdministrationService/AdministrationService.svchttps://<MBAMAdministrationServerName>:<port>/MBAMUserSupportService/UserSupportService.svchttps://<MBAMAdministrationServerName>:<port>/MBAMComplianceStatusService/StatusReportingService.svchttps://<MBAMAdministrationServerName>:<port>/MBAMRecoveryAndHardwareService/CoreService.svc
Validating the MBAM server deployment with the Configuration Manager integration topology
Use the following steps to validate your MBAM deployment with the Configuration Manager integration topology. Complete the validation steps that match the version of Configuration Manager that you use.
Validating the MBAM server deployment with System Center 2012 Configuration Manager
Use these steps to validate your MBAM server deployment when you use MBAM with System Center 2012 Configuration Manager.
To validate a Configuration Manager integration MBAM server deployment - System Center 2012 Configuration Manager
On the server where System Center 2012 Configuration Manager is deployed, open Programs and Features in Control Panel, and verify that Microsoft BitLocker Administration and Monitoring appears.
Note
To validate the configuration, you must use a domain account that has local computer administrative credentials on each server.
In the Configuration Manager console, select the Assets and Compliance workspace > Device Collections, and confirm that a new collection called MBAM Supported Computers is displayed.
In the Configuration Manager console, select the Monitoring workspace > Reporting > Reports > MBAM.
Verify that the MBAM folder contains subfolders, with names that represent different languages, and that the following reports are listed in each language subfolder:
BitLocker Computer Compliance
BitLocker Enterprise Compliance Dashboard
BitLocker Enterprise Compliance Details
BitLocker Enterprise Compliance Summary
In the Configuration Manager console, select the Assets and Compliance workspace > Compliance Settings > Configuration Baselines, and confirm that the configuration baseline BitLocker Protection is listed.
In the Configuration Manager console, select the Assets and Compliance workspace > Compliance Settings > Configuration Items, and confirm that the following new configuration items are displayed:
BitLocker Fixed Data Drives Protection
BitLocker Operating System Drive Protection
Validating the MBAM server deployment with Configuration Manager 2007
Use these steps to validate your MBAM server deployment when you use MBAM with Configuration Manager 2007.
To validate a Configuration Manager integration MBAM server deployment - Configuration Manager 2007
On the server where Configuration Manager 2007 is deployed, open Programs and Features on Control Panel , and verify that Microsoft BitLocker Administration and Monitoring appears.
Note
To validate the configuration, you must use a domain account that has local computer administrative credentials on each server.
In the Configuration Manager console, select Site Database <SiteCode> - <ServerName>, <SiteName>, Computer Management, and confirm that a new collection called MBAM Supported Computers is displayed.
In the Configuration Manager console, select Reporting > Reporting Services > \\<ServerName> > Report Folders > MBAM.
Verify that the MBAM folder contains subfolders, with names that represent different languages, and that the following reports are listed in each language subfolder:
BitLocker Computer Compliance
BitLocker Enterprise Compliance Dashboard
BitLocker Enterprise Compliance Details
BitLocker Enterprise Compliance Summary
In the Configuration Manager console, select Desired Configuration Management > Configuration Baselines, and confirm that the configuration baseline BitLocker Protection is listed.
In the Configuration Manager console, select Desired Configuration Management > Configuration Items, and confirm that the following new configuration items are displayed:
BitLocker Fixed Data Drives Protection
BitLocker Operating System Drive Protection