MBAM Setup Fails with SQL Error: Error obtaining a certificate protected by the master key

MBAM Setup Fails with SQL Error: Error obtaining a certificate protected by the master key

  • Comments 4
  • Likes

Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “MBAM Setup fails with SQL TDE Error message”

Microsoft BitLocker Administration and Monitoring (MBAM) provide a simplified administrative interface to BitLocker Drive Encryption™ (BDE).  MBAM allows you to select BDE encryption policy options appropriate to your enterprise, monitor client compliance with those policies, generate reports on the encryption status of missing devices, and quickly provide BDE recovery keys to end users that have entered recovery mode.

Issue:  You will receive an error when you try to install MBAM Program

SQL Error: Error obtaining a certificate protected by master key

A master key password is needed for the setup to complete the Transparent data encryption (TDE) in the SQL Server database. Please create a master key encryption and provide a secure password for it.

clip_image002

 

Resolution:

Open SQL Management Studio and execute the below command.

Use master

CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘Password1!’

clip_image004

 


Note: Password is set as per password policies and in this case I have used “Password1!” for reference.

You can use any password which meets your password policies.

 

Once you complete this step, go ahead and then check Pre-requisites on the MBAM Setup wizard.

Take Backup of the certificate using the below article.

http://msdn.microsoft.com/en-us/library/ms178578(v=sql.105).aspx

This key will be required to restore the MBAM Recovery and Hardware DB to an alternate server or in Disaster Recovery Scenario.

References: http://msdn.microsoft.com/en-us/library/ms174382.aspx

I hope this article will help everyone to get MBAM installed correctly on the servers.

Manoj Sehgal
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support

 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Manoj,

    Will this affect other databases running on the database server?

    Mike Brown

    Microsoft Consultant – Monitoring & Management  | CDW

    Phone: 469.587.0486  |  Lync: 847.371.9859  |  Mobile: 210.284.9048

  • Hi

    The above command is missing some parameters. It should be as follows:

    Use master

    CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'yourPassword';

    GO

  • Working perfectly fine, thank you!

  • Hi,

    I created a Master Key Encryption with the same request.

    Several computers has been added into this database.

    Could you tell me if when we use this command a certificat is automaticaly created or i have to create it manually with another request.

    Because to make a restore i saw that we must to use a certificat but i don't know where is the certificat.

    I have to create it ?

    Thank you for you help!