How to fix: “Unable to find suitable Recovery Service MP. Marking policy non-compliant”


Microsoft introduced on-premises BitLocker management using System Center Configuration Manager in SCCM Technical Preview version 1905. When enabling these MBAM capabilities in SCCM, you may notice the following error in the BitlockerManagement_GroupPolicyHandler.log.

Unable to find suitable Recovery Service MP. Marking policy non-compliant

As shown below:

This occurs (after enabling the MBAM capabilities) when the client attempts to communicate with the Management Point and when both client and MP are in HTTP mode.

The fix ?

Convert your Management Point server and client to use HTTPS communication (PKI), you can achieve that with the following guides.

  • Setup a 2 tier PKI infrastructure by adding PKI by following this set of blog posts
  • Convert SCCM from HTTP to HTTPS by doing this.

Once done, you’ll now see the following line in the  BitlockerManagement_GroupPolicyHandler.log file. The version number will change based on the SCCM Server version.

Found current management point, CM01.windowsnoob.lab.local (version 8827)


This entry was posted in 1905, BitLocker, MBAM. Bookmark the permalink.