I'm following the steps described in page 96 of Installation Guide, so I'm running the BuildBchema.vbs script but I got an error in the final execution (on ldifde). I've seen the logs written by this command and it's for access priviliges.
According to the manual the user must be Enterprise Admin coz server is running Win 2003 and that's user which one I'm logged on. I've granted also the Domain Admin, Dns Admin and Administrator role and error persists.
I've fixed the issue related to running the build schema script by adding the user in the schema admin group. In the installation manual (page 95) says:
"The user account that runs the scripts requires Enterprise Admin permissions, and for Windows 2000 must also be a member of the Schema Admins group in Active Directory."
So, it's necessary that user account be a member of schema admin also for Win2003.
But now I have another issue:
I've created a profile in SCS Console and I've configured the Intel AMT machine in Bios to be part of a domain, work in SMB modeand DHCP is active. In the server I registeredSCS Serverin the DNS.
Now I'm trying to registering Intel AMT Devices in the DNS but the procedure described in page 104-105 is not to clear; I understand that it's necesary a successful bootof the host operating system for matching the FQDN, so I let the Intel AMT machine doing it but I still don't receive the "Hello" message.
The question is: How can I verify the Hello message reception? and How can I see the non configured Intel AMT devices in the SCS Console?
This post is for completing last one.
I've added a new platform in SCS Console and I can see it in a profile I created under the not configured group.
I've also switched from SMB to Enterprise in the AMT machine, entering the domain name and the Server provision configuration (IP,PORT, and so on).
I understand that when server receives the Hello message compares it to the configured platform (from database or script) and the change it the status from not configured.
I have verified that there is no Hello message been sent and then the SCS never configure the platform; in other tools there used to be ways to scan the network and find the AMT platform and then configure it and in SCS all it's done behind scenes.
What can I do? I've follow all the steps in the manuals. My server is Win 2003, AMT 3.0 and SCS is configured for AD Extension integration.
A couple of things to check - when you configured the AMT system, did you mention your provision server IP correctly? It should be either given as "ProvisionServer" (then the DNS should be able to resolve this for you) or the exact IP of the SCS server.
Did you enter the PID PPS that yo got from the SCS server to the AMT system?
Another thing to check is is there a firwall running on the client or the server that blocks the communication.
Yes, I entered IP and the PID/PPS (on one touch configuration/Enterprise mode) correctly in the AMT machine.
There is no firewall or blocking software running at the server/client.
Could you do a simple test here? Could you try to provision this client in Enterprise mode using AMT Director? I want to make sure that the client is setup correctly.
I'm able to connect in SMB mode, but not in Enterprise Mode. I think it's because Director's info bar says "Provision Server Stopped", maybe cause is the same server where SCS is installed.
When I switch to Enterprise Mode, entering the key, the IP and port of provision server, I click connect and never connects.
Is there a log where I can see if there's smething wrong on SCS?
Is there a "Hello" log on SCS?
It is because both director and SCS are using the same port - 9971. Please stop the SCS and then try the Director again for Enterprise mode. Or you can use a different system for the Director.
Another question is have you turned on logging in SCS? Does the log files say something about it?
I did not say in last mail but I stopped the SCS service and Director did not change.
When I use a different system for Director I can connect without problems.
No, I haven't turn on logging, but what I tried to say is that where can I see the Hello messages in SCS?
I added an entry in DNS for Provision Server points the SCS server, but it's not actually used cause I entered the IP address in the AMT machine.
I'm pretty certain that just stopping the service isn't going to fix the port 9971 conflict. You would have to relaunch the Director and give it a different port - try 9981, for example, and make sure you put this new port in the Set up and config menus on the AMT system as well. (see this blog)- this is if you areusing the Director to provision. I beleive there is also a way to change the port that the SCS uses in it's Network Settings configuration UI - so if you are using the SCS, I would change the port there and use that port on the AMT system. The bottom line, is that they can't both be tying up port 9971 - if that's the case there will be no Hello packet
If this does not work, please turn on the SCS Log and send it to us so we can continue to escalate if needed - my FAQ blog has this as the first question. (This is also documented in the SCS User's guide as well.)
Other questions: Have you tried attaching a network sniffer to see what traffic is actually going back and forth? You are just trying non-TLS at this point, correct? (I'm sorry I can't see the whole thread from this screen.)
I sucessfully made an Enterprise Provision using Director(I'm also using a virtual machine).
Then I tried to provision with SCS and I could see that there was a platform added automatically, but the UUID is not the rigth one (see the new platform screen atached).
I'm sending u log files and I can see that the Hello message is received but SCS tries to do a match and nothing happens; I can also see an authorization error.
The rigth UUID I added is:
The wrong UUID added by SCS is:
Many thanks & waiting for your reply,
I forgot telling u that the Profile settings I'm triying to set is one called "Basico" (please see attached files in post number 30259888 -the third one i this thread- )
Ok - so it looks like your provisioning is failing because the correct UUID is not in the Hello message (because it is not finding it in the database.) Could you look at the "Preparing and Manageing Platforms" section of the Console User's Guide to see how you need to add this information to your configuratioin? (I cut and pasted some of the text below.)
Source of Configuration Information: Database or Script
The SCS can be configured to locate Intel AMT device configuration information in one
of two ways: either from within the SCS database or via a script. When the SCS receives
a "Hello" message from a device it will look in the SCS database for a configuration
entry matching the UUID in the "Hello" message. If there is no match, and there is no
script, the SCS will revisit the queued "Hello" message periodically to see if an entry was
added to the database. If the script option was selected, the SCS will activate a script to
find the necessary information, given the UUID and the source IP in the "Hello"
message. When the SCS receives the configuration from the script, it stores the
information in the database.
This option acquires the configuration information using a script if the required
parameters are not in the New Intel AMT database table. The SCS runs a script that
retrieves the parameters from an external source
The SCS distribution and documentation include sample scripts and directions for
several of these options. See "Using a Script to Import Intel AMT Configuration
Properties" on page 129.
Adding device information to the SCS database manually
This is the simplest approach but it is the most difficult for IT personnel. They have to
manually enter the UUID along with the other parameters into the New Intel AMT table.
Many thanks for your reply.
I had already looked the "Preparing and Managing Platforms" sections and based on it I did it manually.
I got the UUID from AMT Commander and set the organizational Unit created during setup, the basic profile I did and the rigth FDQN.
Is it possible to see the UUID comming in the Hello message? It must be the same I copied in AMT Commander.
Why did SCS enter a new platform with a wrong UUID?
Thanks again and waiting for your reply,
I am going to have to wait and see what the SCS folks have to say about this... Have you tried starting fresh now with the SCS? Do a complete unprovision, get a fresh PID/PPS pair, make sure you have the UUID in the Database and then kick off the SCS? I'm wondering if your system is now in a "half-way" provisioned state - the SCS and the Director aren't really compatible so now that you know it works with the Director, I would start fresh with the SCS (if you haven't already done so.)
I'm sending you the last log.
I can see that SCS can't match the arriving UUID with the one I manually entered in DB (I'm sure the one I entered it's OK cause I read it in commander) and then SCS inserts a new platform without parameters.
I have tried a lot of things and I'm really stressed about it; I can see in a table name XXX_requests that UUID column is 000000X, so I think that UUID is arriving from machine, but it's confusing cause in log files says that the arriving UUID is OK and the DB is bad.
Thanks in advance,
I attached the last log
Could you check one more thing for us?
- Go to the "Security Keys" menu in the SCS Console application
- Select the PID/PPS key that you chose for your AMT Client (click on view)
- Can you confirm that the Factory Default MEBx password is the MEBx password that is on your client? From the log that you provideditis possible thatthe SCS service was not able to log on to your AMT Client and so you got an HTTP/1.1 401 Unauthorized error. The "Factory Default MEBx password" needs to be set here to the MEBx password that you are currently using i.e., not "admin". You would need to set the password correctly prior to generating you PID/PPS keys and also specify what you want your new MEBx password to be (randomly created or manually.
The SOAP connection with connection parameter set #1 failed: AMT Connection Error: SOAP Error : "getFullCoreVersion: Fault: 'HTTP Error' : Details: 'HTTP/1.1 401 Unauthorized'".
UUID Mismatch!! DB UUID is: 00000000000000000000000000000000, AMT UUID is: 92CF7A0B094ADC11962200E018889BFA
Thanks for your help. Javier is in my development team.
We will be following your directions and we will let you know.
Thanks once again, best regards