Bitlocker Configuration

Question

Bitlocker Configuration

Question

in progress 0

Configuration Manager Reign.Starke 2 years 2021-04-06T15:38:30+05:30 2021-04-06T15:38:30+05:30 9 Answers 176 views Beginner

0

About Reign.StarkeBeginner

Answers ( 9 )

Leave an answer

Sorry, you do not have permission to answer to this question .

Previous question

Next question

Reign.Starke Beginner · Answer 1 · 2021-04-06T16:47:31+05:30

I get this on the 2 client devices I am testing. Have not deployed to production yet

Anoop C Nair · Answer 2 · 2021-04-06T16:56:55+05:30

Can you check the IIS logs from the Management Point server?

Also need to check the self-signed certificate named SMS Role SSL Certificate. This certificate is issued by the root SMS Issuing certificate. Can you see all these certs on client-side? Also, MP adds this certificate to the IIS default web site bound to port 443? Can you confirm this?

Review mpcontrol.log to get more details?

Reign.Starke Beginner · Answer 3 · 2021-04-06T16:59:30+05:30

I can confirm all of that I can see this on SCCM Primary IIS Default Website and Management Point

Anoop C Nair · Answer 4 · 2021-04-06T17:03:35+05:30

Can you reply to other questions related to the client and MPControl, and IIS logs?

Anoop C Nair · Answer 5 · 2021-04-06T15:56:10+05:30

What about BitLocker configuration? Are you getting some trouble with BitLocker configuration in Microsoft Endpoint Manager ConfigMgr?

Reign.Starke Beginner · Answer 6 · 2021-04-06T16:16:23+05:30

Hi, yes.

We have an on-premise environment and have turned on the bitlocker feature and create Bitlocker Management policy, however getting the following error in the BilockerManagementHandler.log on the client device: [CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered

Anoop C Nair · Answer 7 · 2021-04-06T16:36:49+05:30

I think the BitLocker recovery service requires HTTPS from the SCCM client to the MP. You can also use the enhanced HTTP option as well.

Are you using Microsoft PKI for HTTPS communication or is this eHTTP in use? I think this error is to do with certificate revocation list (CRL) server reachability or something related to CA…

You might get some more details on event logs (client + CA server) and IIS logs

Reign.Starke Beginner · Answer 8 · 2021-04-06T16:43:07+05:30

Not using PKI but eHTTP and I only get the error on the client device.
Checking for Recovery Service at https://servername.co.za:443/SMS_MP_MBAM/CoreService.svc
[CCMHTTP] AsyncCallback(): —————————————————————–
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
[CCMHTTP] : dwStatusInformationLength is 4
[CCMHTTP] : *lpvStatusInformation is 0x8
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA is set

Anoop C Nair · Answer 9 · 2021-04-06T16:46:19+05:30

Are you getting this error for all the clients or only for one client?

Have you seen any errors in the IIS logs of MP.. this might give more details?

Register Now

Login

Lost Password

Login

Register Now

Bitlocker Configuration