MBAM Setup Fails with SQL Error: Error obtaining a certificate protected by the master key

Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “MBAM Setup fails with SQL TDE Error message”

Microsoft BitLocker Administration and Monitoring (MBAM) provide a simplified administrative interface to BitLocker Drive Encryption™ (BDE). MBAM allows you to select BDE encryption policy options appropriate to your enterprise, monitor client compliance with those policies, generate reports on the encryption status of missing devices, and quickly provide BDE recovery keys to end users that have entered recovery mode.

Issue: You will receive an error when you try to install MBAM Program

SQL Error: Error obtaining a certificate protected by master key

A master key password is needed for the setup to complete the Transparent data encryption (TDE) in the SQL Server database. Please create a master key encryption and provide a secure password for it.

clip_image002

Resolution:

Open SQL Management Studio and execute the below command.

Use master

CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘Password1!’

clip_image004

 

Note: Password is set as per password policies and in this case I have used “Password1!” for reference.

You can use any password which meets your password policies.

 

Once you complete this step, go ahead and then check Pre-requisites on the MBAM Setup wizard.

Take Backup of the certificate using the below article.

https://msdn.microsoft.com/en-us/library/ms178578(v=sql.105).aspx

This key will be required to restore the MBAM Recovery and Hardware DB to an alternate server or in Disaster Recovery Scenario.

References: https://msdn.microsoft.com/en-us/library/ms174382.aspx

I hope this article will help everyone to get MBAM installed correctly on the servers.

Manoj Sehgal
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support