次の方法で共有

MBAM Setup Fails with SQL Error: Error obtaining a certificate protected by the master key

  • [アーティクル]

Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “MBAM Setup fails with SQL TDE Error message”

Microsoft BitLocker Administration and Monitoring (MBAM) provide a simplified administrative interface to BitLocker Drive Encryption™ (BDE). MBAM allows you to select BDE encryption policy options appropriate to your enterprise, monitor client compliance with those policies, generate reports on the encryption status of missing devices, and quickly provide BDE recovery keys to end users that have entered recovery mode.

Issue: You will receive an error when you try to install MBAM Program

SQL Error: Error obtaining a certificate protected by master key

A master key password is needed for the setup to complete the Transparent data encryption (TDE) in the SQL Server database. Please create a master key encryption and provide a secure password for it.

clip_image002

Resolution:

Open SQL Management Studio and execute the below command.

Use master

CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘Password1!’

clip_image004

 

Note: Password is set as per password policies and in this case I have used “Password1!” for reference.

You can use any password which meets your password policies.

 

Once you complete this step, go ahead and then check Pre-requisites on the MBAM Setup wizard.

Take Backup of the certificate using the below article.

https://msdn.microsoft.com/en-us/library/ms178578(v=sql.105).aspx

This key will be required to restore the MBAM Recovery and Hardware DB to an alternate server or in Disaster Recovery Scenario.

References: https://msdn.microsoft.com/en-us/library/ms174382.aspx

I hope this article will help everyone to get MBAM installed correctly on the servers.

Manoj Sehgal
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support

Comments

  • Anonymous
    June 18, 2012
    The comment has been removed
  • Anonymous
    August 11, 2012
    HiThe above command is missing some parameters. It should be as follows:Use masterCREATE MASTER KEY ENCRYPTION BY PASSWORD = 'yourPassword';GO
  • Anonymous
    October 23, 2012
    Working perfectly fine, thank you!
  • Anonymous
    July 26, 2013
    Hi,I created a Master Key Encryption with the same request.Several computers has been added into this database.Could you tell me if when we use this command a certificat is automaticaly created or i have to create it manually with another request.Because to make a restore i saw that we must to use a certificat but i don't know where is the certificat.I have to create it ?Thank you for you help!