Search This Blog

Thursday, June 17, 2021

BitLocker with MBAM Failed to Encrypt because Access Denied by Remote Endpoint

Description:

You have configure MBAM Application server, MBAM Database server and set GPO for Drive Encryption to run automatically with minimal user interaction. However when you test it, it shows error "failed to encrypt".


When you look at the event viewer in the client machine, it said "
Unable to connect to the MBAM Recovery and Hardware Service". It also give Error Code: -2143485947 and more detail "Access was denied by the remote endpoint".

Resolution:
Make sure the account for MBAM web application pool has the correct SPN.
You can use the following command to set the SPN for FQDN and NETBIOS.

Setspn -s http/mbamvirtual contoso\mbamapppooluser
Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser

Wednesday, June 16, 2021

Error when Encrypting Drive in BitLocker with MBAM

Description:

You have configure MBAM Application server, MBAM Database server and set GPO for Drive Encryption to run automatically with minimal user interaction. However when you test it, it shows error "failed to encrypt".


When you look at the event viewer in the client machine, it said "an error occurred while applying MBAM policies" And it also give error code -2147217402.



Resolution:

Please update the MBAM client on that machine to the latest servicing update. At the moment it can be downloaded from Download Microsoft Desktop Optimization Pack October 2020 Servicing Release from Official Microsoft Download Center. After restart you will see the encryption process is running successfully.

Search Google