<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic 802.1 Provisioning Issue in Intel vPro® Platform</title>
    <link>https://community.intel.com/t5/Intel-vPro-Platform/802-1-Provisioning-Issue/m-p/362044#M4416</link>
    <description>&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've run into an issue with AMT provisioning on a Lenovo M91p running firmware / MEI  7.x&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Running the provision from SCCM with SP2 installed. I can fully provision a device without using the 802.1x and wireless options on the OOBM settings, but when configuring the 802.1x and wireless options I get the following information in the log:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Error: Failed to add a new Trusted root certificate,Device does not support the certificate format. &lt;/P&gt;&lt;P&gt;Error: Failed to add a new Trusted root certificate,return value:2063.&lt;/P&gt;&lt;P&gt;Error: Failed to finish critical setup and configuration step. (AMTWSManUtilities::AddCertificate)&lt;/P&gt;&lt;P&gt;Warning: CSMSAMTProvTask::StartProvision Fail to call SetWirelessServerCertificate&lt;/P&gt;&lt;P&gt;Begin to set Wired 8021x Profile...&lt;/P&gt;&lt;P&gt;No Trust Root Certificate&lt;/P&gt;&lt;P&gt;The wired profile is invaid. Skip adding...&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I have both imported the .CER and tried pulling directly from the issuing CA - but still get the same issue.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Are there any specific settings related to the Trusted Root Cert? Do I need the entire Cert chain as well?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;We use a CA with issuing CA's on 2008.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Ian&lt;/P&gt;</description>
    <pubDate>Wed, 11 Jan 2012 14:52:04 GMT</pubDate>
    <dc:creator>idata</dc:creator>
    <dc:date>2012-01-11T14:52:04Z</dc:date>
    <item>
      <title>802.1 Provisioning Issue</title>
      <link>https://community.intel.com/t5/Intel-vPro-Platform/802-1-Provisioning-Issue/m-p/362044#M4416</link>
      <description>&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've run into an issue with AMT provisioning on a Lenovo M91p running firmware / MEI  7.x&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Running the provision from SCCM with SP2 installed. I can fully provision a device without using the 802.1x and wireless options on the OOBM settings, but when configuring the 802.1x and wireless options I get the following information in the log:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Error: Failed to add a new Trusted root certificate,Device does not support the certificate format. &lt;/P&gt;&lt;P&gt;Error: Failed to add a new Trusted root certificate,return value:2063.&lt;/P&gt;&lt;P&gt;Error: Failed to finish critical setup and configuration step. (AMTWSManUtilities::AddCertificate)&lt;/P&gt;&lt;P&gt;Warning: CSMSAMTProvTask::StartProvision Fail to call SetWirelessServerCertificate&lt;/P&gt;&lt;P&gt;Begin to set Wired 8021x Profile...&lt;/P&gt;&lt;P&gt;No Trust Root Certificate&lt;/P&gt;&lt;P&gt;The wired profile is invaid. Skip adding...&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I have both imported the .CER and tried pulling directly from the issuing CA - but still get the same issue.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Are there any specific settings related to the Trusted Root Cert? Do I need the entire Cert chain as well?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;We use a CA with issuing CA's on 2008.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Ian&lt;/P&gt;</description>
      <pubDate>Wed, 11 Jan 2012 14:52:04 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-vPro-Platform/802-1-Provisioning-Issue/m-p/362044#M4416</guid>
      <dc:creator>idata</dc:creator>
      <dc:date>2012-01-11T14:52:04Z</dc:date>
    </item>
    <item>
      <title>Re: 802.1 Provisioning Issue</title>
      <link>https://community.intel.com/t5/Intel-vPro-Platform/802-1-Provisioning-Issue/m-p/362045#M4417</link>
      <description>&lt;P&gt;I've worked out the problem, we need to use a shorter Root Cert. Ours is currently 4096, wheras we should be using a key length of no greater than 2048 for AMT.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I didnt run into the issue up to now as we use a Comodo Cert for provisioning.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The give away was:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;B&gt;Error: Failed to add a new Trusted root certificate,Device does not support the certificate format&lt;/B&gt;.&lt;/P&gt;&lt;P&gt;Error: Failed to add a new Trusted root certificate,return value:2063.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Solution:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Build a second CA with a Root key of 2048 in length. and issue this for purposes of 802.1x.&lt;/P&gt;</description>
      <pubDate>Wed, 18 Jan 2012 17:53:26 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-vPro-Platform/802-1-Provisioning-Issue/m-p/362045#M4417</guid>
      <dc:creator>idata</dc:creator>
      <dc:date>2012-01-18T17:53:26Z</dc:date>
    </item>
  </channel>
</rss>

