deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 8472: Replaced old content with new

Browse Source
This commit is contained in:
Patti Short 2018-05-23 14:44:34 +00:00
commit 84bbe870f8
2 changed files with 398 additions and 332 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
[!NOTE] Normal file
View File

730
mdop/mbam-v25/how-to-move-the-mbam-25-databases.md
View File

@ -7,20 +7,25 @@ ms.pagetype: mdop, security
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.prod: w10 ms.prod: w10
ms.date: 06/16/2016 ms.date: 05/23/2018
--- ---
# How to Move the MBAM 2.5 Databases # How to Move the MBAM 2.5 Databases
Use these procedures to move the following databases from one computer to another; from Server A to Server B, for example:
Use these procedures to move the following databases from one computer to another, that is, to move the databases from Server A to Server B:
- Compliance and Audit Database - Compliance and Audit Database
- Recovery Database - Recovery Database
If you are moving multiple features, move them in the following order: >[!NOTE]
>It is important that the databases be restored to Machine B PRIOR to running the MBAM Configuration Wizard to update/configure them.
If the databases are NOT present, the Configuration Wizard creates NEW, empty, databases. When your existing databases are then restored, this process will break the MBAM configuration.
Restore the databases FIRST, then run the MBAM Configuration Wizard, choose the database option, and the Configuration Wizard will “connect” to the databases you restored; upgrading them if needed as part of the process.
**If you are moving multiple features, move them in the following order:**
1. Recovery Database 1. Recovery Database
@ -32,13 +37,10 @@ If you are moving multiple features, move them in the following order:
5. Self-Service Portal 5. Self-Service Portal
**Note**   >[!Note]
To run the example Windows PowerShell scripts provided in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](http://technet.microsoft.com/library/ee176949.aspx) for instructions. >To run the example Windows PowerShell scripts provided in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](http://technet.microsoft.com/library/ee176949.aspx) for instructions.
 
## Moving the Recovery Database
## Move the Recovery Database
The high-level steps for moving the Recovery Database are: The high-level steps for moving the Recovery Database are:
@ -46,473 +48,537 @@ The high-level steps for moving the Recovery Database are:
2. Back up the Recovery Database on Server A 2. Back up the Recovery Database on Server A
3. Install MBAM Server software and run the MBAM Server Configuration wizard on Server B 3. Move the Recovery Database from Server A to Server B
4. Move the Recovery Database from Server A to Server B 4. Restore the Recovery Database on Server B
5. Restore the Recovery Database on Server B 5. Configure access to the Database on Server B and update connection data
6. Configure access to the Database on Server B and update connection data 6. Install MBAM Server software and run the MBAM Server Configuration wizard on Server B
7. Resume the instance of the Administration and Monitoring Website 7. Resume the instance of the Administration and Monitoring Website
**How to move the Recovery Database** ### How to move the Recovery Database
1. **Stop all instances of the MBAM Administration and Monitoring Website** **Stop all instances of the MBAM Administration and Monitoring Website.** On each server that is running the MBAM Administration and Monitoring Server Website, use the Internet Information Services (IIS) Manager console to stop the Administration and Monitoring Website.
- On each server that is running the MBAM Administration and Monitoring Server Website, use the Internet Information Services (IIS) Manager console to stop the Administration and Monitoring Website. To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following:
To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following: ```syntax
PS C:\> Stop-Website "Microsoft BitLocker Administration and Monitoring"
``` syntax ```
PS C:\> Stop-Website "Microsoft BitLocker Administration and Monitoring"
```
**Note**   >[!NOTE]
To run this command, you must add the Internet Information Services (IIS) module for Windows PowerShell to the current instance of Windows PowerShell. >To run this command, you must add the Internet Information Services (IIS) module for Windows PowerShell to the current instance of Windows PowerShell.
  ### Back up the Recovery Database on Server A
2. **Install MBAM Server software and run the MBAM Server Configuration wizard on Server B** 1. Use the **Back Up** task in SQL Server Management Studio to back up the Recovery Database on Server A. By default, the database name is **MBAM Recovery Database**.
1. Install the MBAM 2.5 Server software on Server B. For instructions, see [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md). 2. To automate this procedure, create a SQL file (.sql) that contains the following SQL script, and change the MBAM Recovery Database to use the full recovery mode:
2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Recovery Database** feature. ```
USE master;
GO
ALTER DATABASE "MBAM Recovery and Hardware"
SET RECOVERY FULL;
GO
-- Create MBAM Recovery Database Data and MBAM Recovery logical backup devices.
USE master
GO
EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device',
'Z:\MBAM Recovery Database Data.bak';
GO
-- Back up the full MBAM Recovery Database.
BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device];
GO
BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate]
TO FILE = 'Z:\SQLServerInstanceCertificateFile'
WITH PRIVATE KEY
(
FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',
ENCRYPTION BY PASSWORD = '$PASSWORD$'
);
GO
```
Alternatively, you can use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the Recovery Database. 3. Use the following value to replace the values in the code example with values that match your environment:
For instructions on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](how-to-configure-the-mbam-25-databases.md). **$PASSWORD$** - password that you use to encrypt the Private Key file.
3. **Back up the Recovery Database on Server A** 4. In Windows PowerShell, run the script that is stored in the file and similar to the following:
1. Use the **Back Up** task in SQL Server Management Studio to back up the Recovery Database on Server A. By default, the database name is **MBAM Recovery Database**. ```syntax
PS C:\> Invoke-Sqlcmd -InputFile
'Z:\BackupMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$
```
5. Use the following value to replace the values in the code example with values that match your environment:
To automate this procedure, create a SQL file (.sql) that contains the following SQL script, and change the MBAM Recovery Database to use the full recovery mode: **$SERVERNAME$\$SQLINSTANCENAME$** - server name and instance from which the Recovery Database will be backed up.
``` syntax ### Move the Recovery Database from Server A to Server B
USE master;
GO
ALTER DATABASE "MBAM Recovery and Hardware"
SET RECOVERY FULL;
GO
-- Create MBAM Recovery Database Data and MBAM Recovery logical backup devices.
USE master
GO
EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device',
'Z:\MBAM Recovery Database Data.bak';
GO
-- Back up the full MBAM Recovery Database.
BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device];
GO
BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate]
TO FILE = 'Z:\SQLServerInstanceCertificateFile'
WITH PRIVATE KEY
(
FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',
ENCRYPTION BY PASSWORD = '$PASSWORD$'
);
GO
```
Use the following value to replace the values in the code example with values that match your environment. Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** file from Server A to Server B.
**$PASSWORD$** - password that you will use to encrypt the Private Key file. To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following:
2. Run the script that is stored in the .sql file by using a Windows PowerShell command that is similar to the following: ```syntax
PS C:\> Copy-Item “Z:\MBAM Recovery Database Data.bak”
\\$SERVERNAME$\$DESTINATIONSHARE$
``` syntax PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFile”
PS C:\> Invoke-Sqlcmd -InputFile 'Z:\BackupMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$ \\$SERVERNAME$\$DESTINATIONSHARE$
```
Use the following value to replace the values in the code example with values that match your environment: PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey”
\\$SERVERNAME$\$DESTINATIONSHARE$
**$SERVERNAME$\\$SQLINSTANCENAME$** - server name and instance from which the Recovery Database will be backed up. ```
Use the information in the following table to replace the values in the code example with values that match your environment.
4. **Move the Recovery Database from Server A to Server B** | **Parameter** | **Description** |
|----------------------|---------------------------------------------------------------|
| $SERVERNAME$ | Name of the server to which the files will be copied. |
| $DESTINATIONSHARE$ | Name of the share and path to which the files will be copied. |
|---|---|
- Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** file from Server A to Server B. ### Restore the Recovery Database on Server B
To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: 1. Restore the Recovery Database on Server B by using the **Restore Database** task in SQL Server Management Studio.
``` syntax 2. When the previous task finishes, select **From Device**, and then select the database backup file.
PS C:\> Copy-Item “Z:\MBAM Recovery Database Data.bak” \\$SERVERNAME$\$DESTINATIONSHARE$
PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFile” \\$SERVERNAME$\$DESTINATIONSHARE$
PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey” \\$SERVERNAME$\$DESTINATIONSHARE$
```
Use the information in the following table to replace the values in the code example with values that match your environment. 3. Use the **Add** command to select the **MBAM Recovery Database Data.bak** file, and click **OK** to complete the restoration process.
<table> 4. To automate this procedure, create a SQL file (.sql) that contains the following SQL script:
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Parameter</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>$SERVERNAME$</p></td>
<td align="left"><p>Name of the server to which the files will be copied.</p></td>
</tr>
<tr class="even">
<td align="left"><p>$DESTINATIONSHARE$</p></td>
<td align="left"><p>Name of the share and path to which the files will be copied.</p></td>
</tr>
</tbody>
</table>
  ```syntax
-- Restore MBAM Recovery Database.
5. **Restore the Recovery Database on Server B** USE master
1. Restore the Recovery Database on Server B by using the **Restore Database** task in SQL Server Management Studio. GO
2. When the previous task finishes, select **From Device**, and then select the database backup file. -- Drop certificate created by MBAM Setup.
3. Use the **Add** command to select the **MBAM Recovery Database Data.bak** file, and click **OK** to complete the restoration process. DROP CERTIFICATE [MBAM Recovery Encryption Certificate]
To automate this procedure, create a SQL file (.sql) that contains the following SQL script: GO
``` syntax --Add certificate
-- Restore MBAM Recovery Database.
USE master
GO
-- Drop certificate created by MBAM Setup.
DROP CERTIFICATE [MBAM Recovery Encryption Certificate]
GO
--Add certificate
CREATE CERTIFICATE [MBAM Recovery Encryption Certificate]
FROM FILE = 'Z: \SQLServerInstanceCertificateFile'
WITH PRIVATE KEY
(
FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',
DECRYPTION BY PASSWORD = '$PASSWORD$'
);
GO
-- Restore the MBAM Recovery Database data and log files.
RESTORE DATABASE [MBAM Recovery and Hardware]
FROM DISK = 'Z:\MBAM Recovery Database Data.bak'
WITH REPLACE
```
Use the following value to replace the values in the code example with values that match your environment. CREATE CERTIFICATE [MBAM Recovery Encryption Certificate]
**$PASSWORD$** - password that you used to encrypt the Private Key file. FROM FILE = 'Z:\SQLServerInstanceCertificateFile'
4. Run the script that is stored in the .sql file by using a Windows PowerShell command that is similar to the following: WITH PRIVATE KEY
``` syntax (
PS C:\> Invoke-Sqlcmd -InputFile 'Z:\RestoreMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$
```
Use the following value to replace the values in the code example with values that match your environment. FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey',
**$SERVERNAME$\\$SQLINSTANCENAME$** - Server name and instance to which the Recovery Database will be restored. DECRYPTION BY PASSWORD = '$PASSWORD$'
6. **Configure access to the Database on Server B and update connection data** );
1. Verify that the Microsoft SQL Server user login that enables Recovery Database access on the restored database is mapped to the access account that you provided during the configuration process. GO
If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user. -- Restore the MBAM Recovery Database data and log files.
2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the MBAM websites. RESTORE DATABASE [MBAM Recovery and Hardware]
3. Edit the following registry key: **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\RecoveryDBConnectionString** FROM DISK = 'Z:\MBAM Recovery Database Data.bak'
4. Update the **Data Source** value with the name of the server and instance (for example, $SERVERNAME$\\$SQLINSTANCENAME) to which the Recovery Database was moved. WITH REPLACE
```
5. Update the **Initial Catalog** value with the recovered database name. 5. Use the following value to replace the values in the code example with values that match your environment.
To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following: **$PASSWORD$** - password that you used to encrypt the Private Key file.
``` syntax 6. In Windows PowerShell, run the script that is stored in the file and similar to the following:
PS C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\Web" /v RecoveryDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f
PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;”
PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;”
```
**Note**   ```syntax
This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server. PS C:\> Invoke-Sqlcmd -InputFile 'Z:\RestoreMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$
```
7. Use the following value to replace the values in the code example with values that match your environment.
  **$SERVERNAME$\$SQLINSTANCENAME$** - Server name and instance to which the Recovery Database will be restored.
Use the following table to replace the values in the code example with values that match your environment. ### Configure access to the Database on Server B and update connection data
<table> 1. Verify that the Microsoft SQL Server user login that enables Recovery Database access on the restored database is mapped to the access account that you provided during the configuration process.
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Parameter</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>$SERVERNAME$\$SQLINSTANCENAME$</p></td>
<td align="left"><p>Server name and instance of SQL Server where the Recovery Database is located.</p></td>
</tr>
<tr class="even">
<td align="left"><p>$DATABASE$</p></td>
<td align="left"><p>Name of the Recovery database.</p></td>
</tr>
</tbody>
</table>
  >[!NOTE]
>If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user.
7. **Resume the instance of the Administration and Monitoring Website** 2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the MBAM websites.
1. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to start the Administration and Monitoring Website. 3. Edit the following registry key:
2. To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\RecoveryDBConnectionString**
``` syntax 4. Update the **Data Source** value with the name of the server and instance (for example, \$SERVERNAME\$\\\$SQLINSTANCENAME) to which the Recovery Database was moved.
PS C:\> Start-Website "Microsoft BitLocker Administration and Monitoring"
```
**Note**   5. Update the **Initial Catalog** value with the recovered database name.
To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell.
  6. To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following:
## Moving the Compliance and Audit Database ```syntax
PS C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\MBAM Server\\Web" /v
RecoveryDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial
Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f
PS C:\> Set-WebConfigurationProperty
'connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath
"IIS:\sites\Microsoft Bitlocker Administration and
Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data
Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and
Hardware;Integrated Security=SSPI;”
PS C:\> Set-WebConfigurationProperty
'connectionStrings/add[\@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]'
-PSPath "IIS:\sites\Microsoft Bitlocker Administration and
Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value
"Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery
and Hardware;Integrated Security=SSPI;”
```
>[!Note]
>This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server.
7. Use the following table to replace the values in the code example with values that match your environment.
```html
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Parameter</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>$SERVERNAME$\$SQLINSTANCENAME$</p></td>
<td align="left"><p>Server name and instance of SQL Server where the Recovery Database is located.</p></td>
</tr>
<tr class="even">
<td align="left"><p>$DATABASE$</p></td>
<td align="left"><p>Name of the Recovery database.</p></td>
</tr>
</tbody>
</table>
```
### Install MBAM Server software and run the MBAM Server Configuration wizard on Server B
1. Install the MBAM 2.5 Server software on Server B. For details, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software).
2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Recovery Database** feature. For details on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases).
>[!TIP]
>Alternatively, you can use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the Recovery Database.
### Resume the instance of the Administration and Monitoring Website
On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to start the Administration and Monitoring Website.
To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following:
```syntax
PS C:\> Start-Website "Microsoft BitLocker Administration and Monitoring"
```
>[!NOTE]
>To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell.
## Move the Compliance and Audit Database
The high-level steps for moving the Compliance and Audit Database are: The high-level steps for moving the Compliance and Audit Database are:
1. Stop all instances of the MBAM Administration and Monitoring Website 1. Stop all instances of the MBAM Administration and Monitoring Website
2. Install MBAM Server software and run the MBAM Server Configuration wizard on Server B 2. Back up the Compliance and Audit Database on Server A
3. Back up the Compliance and Audit Database on Server A 3. Move the Compliance and Audit Database from Server A to Server B
4. Move the Compliance and Audit Database from Server A to Server B 4. Restore the Compliance and Audit Database on Server B
5. Restore the Compliance and Audit Database on Server B 5. Configure access to the Database on Server B and update connection data
6. Configure access to the Database on Server B and update connection data 6. Install MBAM Server software and run the MBAM Server Configuration wizard on
Server B
7. Resume the instance of the Administration and Monitoring Website 7. Resume the instance of the Administration and Monitoring Website
**How to move the Compliance and Audit Database** ### How to move the Compliance and Audit Database
1. **Stop all instances of the MBAM Administration and Monitoring Website** **Stop all instances of the MBAM Administration and Monitoring Website.** On each server that is running the MBAM Administration and Monitoring Server Website, use the Internet Information Services (IIS) Manager console to stop the Administration and Monitoring Website.
- On each server that is running the MBAM Administration and Monitoring Server Website, use the Internet Information Services (IIS) Manager console to stop the Administration and Monitoring Website. To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following:
To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following: ```syntax
PS C:\> Stop-Website "Microsoft BitLocker Administration and Monitoring"
``` syntax ```
PS C:\> Stop-Website "Microsoft BitLocker Administration and Monitoring"
```
**Note**   >[!NOTE]
To run this command, you must add the Internet Information Services (IIS) module for Windows PowerShell to the current instance of Windows PowerShell. >To run this command, you must add the Internet Information Services (IIS) module for Windows PowerShell to the current instance of Windows PowerShell.
  ### Back up the Compliance and Audit Database on Server A
2. **Install MBAM Server software and run the MBAM Server Configuration wizard on Server B** 1. Use the **Back Up** task in SQL Server Management Studio to back up the Compliance and Audit Database on Server A. By default, the database name is **MBAM Compliance Status Database**.
1. Install the MBAM 2.5 Server software on Server B. For instructions, see [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md). 2. To automate this procedure, create a SQL file (.sql) that contains the following SQL script:
2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Compliance and Audit Database** feature. ```syntax
Alternatively, you can use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the Compliance and Audit Database. USE master;
For instructions on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](how-to-configure-the-mbam-25-databases.md). GO
3. **Back up the Compliance and Audit Database on Server A** ALTER DATABASE "MBAM Compliance Status"
1. Use the **Back Up** task in SQL Server Management Studio to back up the Compliance and Audit Database on Server A. By default, the database name is **MBAM Compliance Status Database**. SET RECOVERY FULL;
To automate this procedure, create a SQL file (.sql) that contains the following SQL script: GO
``` syntax -- Create MBAM Compliance Status Data logical backup devices.
USE master;
GO
ALTER DATABASE "MBAM Compliance Status"
SET RECOVERY FULL;
GO
-- Create MBAM Compliance Status Data logical backup devices.
USE master
GO
EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device',
'Z: \MBAM Compliance Status Database Data.bak';
GO
-- Back up the full MBAM Compliance Recovery database.
BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device];
GO
```
2. Run the script that is stored in the .sql file by using a Windows PowerShell command that is similar to the following: USE master
``` syntax GO
PS C:\> Invoke-Sqlcmd -InputFile "Z:\BackupMBAMComplianceStatusDatabaseScript.sql" ServerInstance $SERVERNAME$\$SQLINSTANCENAME$
```
Using the following value, replace the values in the code example with values that match your environment: EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device',
**$SERVERNAME$\\$SQLINSTANCENAME$** - server name and instance from which the Compliance and Audit Database will be backed up. 'Z: \MBAM Compliance Status Database Data.bak';
4. **Move the Compliance and Audit Database from Server A to Server B** GO
- Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** file from Server A to Server B. -- Back up the full MBAM Compliance Recovery database.
To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device];
``` syntax GO
PS C:\> Copy-Item "Z:\MBAM Compliance Status Database Data.bak" \\$SERVERNAME$\$DESTINATIONSHARE$
```
Using the following table, replace the values in the code example with values that match your environment. ```
<table> 3. Run the script that is stored in the .sql file by using a Windows PowerShell command that is similar to the following:
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Parameter</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>$SERVERNAME$</p></td>
<td align="left"><p>Name of the server to which the files will be copied.</p></td>
</tr>
<tr class="even">
<td align="left"><p>$DESTINATIONSHARE$</p></td>
<td align="left"><p>Name of the share and path to which the files will be copied.</p></td>
</tr>
</tbody>
</table>
  ```syntax
PS C:\> Invoke-Sqlcmd -InputFile "Z:\BackupMBAMComplianceStatusDatabaseScript.sql" ServerInstance $SERVERNAME$\$SQLINSTANCENAME$
5. **Restore the Compliance and Audit Database on Server B** ```
1. Restore the Compliance and Audit Database on Server B by using the **Restore Database** task in SQL Server Management Studio. 4. Using the following value, replace the values in the code example with values that match your environment:
2. When the previous task finishes, select **From Device**, and then select the database backup file. **$SERVERNAME$\$SQLINSTANCENAME$** - server name and instance from which the Compliance and Audit Database will be backed up.
3. Use the **Add** command to select the **MBAM Compliance Status Database Data.bak** file, and click **OK** to complete the restoration process. ### Move the Compliance and Audit Database from Server A to Server B**
To automate this procedure, create a SQL file (.sql) that contains the following SQL script: 1. Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** file from Server A to Server B.
``` syntax 2. To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following:
-- Create MBAM Compliance Status Database Data logical backup devices.
Use master
GO
-- Restore the MBAM Compliance Status database data files.
RESTORE DATABASE [MBAM Compliance Status]
FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak'
WITH REPLACE
```
4. Run the script that is stored in the .sql file by using a Windows PowerShell command that is similar to the following: ```syntax
PS C:\> Copy-Item "Z:\MBAM Compliance Status Database Data.bak"
\\$SERVERNAME$\$DESTINATIONSHARE$
``` syntax ```
PS C:\> Invoke-Sqlcmd -InputFile "Z:\RestoreMBAMComplianceStatusDatabaseScript.sql" -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$
```
Using the following value, replace the values in the code example with values that match your environment. 3. Using the following table, replace the values in the code example with values that match your environment.
**$SERVERNAME$\\$SQLINSTANCENAME$** - Server name and instance to which the Compliance and Audit Database will be restored. | **Parameter** | **Description** |
|----------------------|---------------------------------------------------------------|
| $SERVERNAME$ | Name of the server to which the files will be copied. |
| $DESTINATIONSHARE$ | Name of the share and path to which the files will be copied. |
|---|---|
6. **Configure access to the Database on Server B and update connection data** ### Restore the Compliance and Audit Database on Server B
1. Verify that the Microsoft SQL Server user login that enables Compliance and Audit Database access on the restored database is mapped to the access account that you provided during the configuration process. 1. Restore the Compliance and Audit Database on Server B by using the **Restore Database** task in SQL Server Management Studio.
If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user. 2. When the previous task finishes, select **From Device**, and then select the database backup file.
2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the Website. 3. Use the **Add** command to select the **MBAM Compliance Status Database Data.bak** file and click **OK** to complete the restoration process.
3. Edit the following registry key: **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\ComplianceDBConnectionString** 4. To automate this procedure, create a SQL file (.sql) that contains the following SQL script:
4. Update the **Data Source** value with the name of the server and instance (for example, $SERVERNAME$\\$SQLINSTANCENAME) to which the Recovery Database was moved. ```syntax
-- Create MBAM Compliance Status Database Data logical backup devices.
5. Update the **Initial Catalog** value with the recovered database name. Use master
To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following: GO
``` syntax -- Restore the MBAM Compliance Status database data files.
PS C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\Web" /v ComplianceDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f
```
**Note**   RESTORE DATABASE [MBAM Compliance Status]
This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server.
  FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak'
Using the following table, replace the values in the code example with values that match your environment. WITH REPLACE
<table> ```
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Parameter</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>$SERVERNAME$\$SQLINSTANCENAME$</p></td>
<td align="left"><p>Server name and instance of SQL Server where the Recovery Database is located.</p></td>
</tr>
<tr class="even">
<td align="left"><p>$DATABASE$</p></td>
<td align="left"><p>Name of the recovered database.</p></td>
</tr>
</tbody>
</table>
  5. In Windows PowerShell, run the script that is stored in the file and similar to the following:
7. **Resume the instance of the Administration and Monitoring Website** ```syntax
PS C:\> Invoke-Sqlcmd -InputFile "Z:\RestoreMBAMComplianceStatusDatabaseScript.sql" -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$
1. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to start the Administration and Monitoring Website. ```
2. To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: 6. Using the following value, replace the values in the code example with values that match your environment.
``` syntax **$SERVERNAME$\$SQLINSTANCENAME$** - Server name and instance to which the Compliance and Audit Database will be restored.
PS C:\> Start-Website "Microsoft BitLocker Administration and Monitoring"
```
**Note**   ### Configure access to the Database on Server B and update connection data
To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell.
  1. Verify that the Microsoft SQL Server user login that enables Compliance and Audit Database access on the restored database is mapped to the access account that you provided during the configuration process.
>[!NOTE]
>If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user.
2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the Website.
## Related topics 3. Edit the following registry key:
**HKLM\\Software\\Microsoft\\MBAM Server\\Web\\ComplianceDBConnectionString**
[How to Configure the MBAM 2.5 Databases](how-to-configure-the-mbam-25-databases.md) 4. Update the **Data Source** value with the name of the server and instance (for example, \$SERVERNAME\$\\\$SQLINSTANCENAME) to which the Recovery Database was moved.
[Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) 5. Update the **Initial Catalog** value with the recovered database name.
[Moving MBAM 2.5 Features to Another Server](moving-mbam-25-features-to-another-server.md) 6. To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following:
  ```syntax
PS C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\Web" /v
ComplianceDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial
Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f
  ```
## Got a suggestion for MBAM? >[!NOTE]
- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). >This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server.
- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).
7. Using the following table, replace the values in the code example with values that match your environment.
```html
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Parameter</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>$SERVERNAME$\$SQLINSTANCENAME$</p></td>
<td align="left"><p>Server name and instance of SQL Server where the Recovery Database is located.</p></td>
</tr>
<tr class="even">
<td align="left"><p>$DATABASE$</p></td>
<td align="left"><p>Name of the recovered database.</p></td>
</tr>
</tbody>
</table>
```
### Install MBAM Server software and run the MBAM Server Configuration wizard on Server B
1. Install the MBAM 2.5 Server software on Server B. For details, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software).
2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Compliance and Audit Database** feature. For details on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases).
>[!TIP]
>Alternatively, you can use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the Compliance and Audit Database.
### Resume the instance of the Administration and Monitoring Website
On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to start the Administration and Monitoring Website.
To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following:
```syntax
PS C:\> Start-Website "Microsoft BitLocker Administration and Monitoring"
```
>[!NOTE]
>To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell.