We are trying to user Remote Configuration without using a USB key. I believe that I have followed the instructions were I have obtained a certificate from Verisign and have used the loadcert tool to enter the certificate into the registry. However, when our systems try to provision we receive the following error in the SCS log:
Cannot handle provisioning exception: (0xCFFF06AC) SOAP Failure (23): getFullCoreVersion: SSL error - SSL authentication failed in tcp_connect(): check password, key file, and ca file..
Any ideas? Our AMT clients are version 2.6. The SCS server is version 3.3.
Thanks for your response. These are all brand new units so I do not belive the password is the issue. I have also verified that the password is set to the default (without changing it). I have also verified that the system ins pingable with the correct FQDN and that reverse lookup returns the same name. The certificate does have an OU that is set to "Intel Client Setup Certificate".
The only remaining item is to verify that my Verisgn certificate is signed with a root that is trusted by Intel AMT. I'm not sure how to verify this. Any guidelines?
Are you using TLS encryption?
Could you make sure that the RCFG certificate is imported with its private key to both local computer certificate store and SCS service user certificate?
Also,we need SCS dev log. In order to turn on the one you should do the follow:
In the registry HKEY_LOCAL_MACHINESOFTWAREIntelAMTConfServerLOG create new create new string value "LogLevel" with value data V.
It should create 2 files: scs_server.log and scs_win_server.log in root directory
Please capture the error and send it to us with machine name.
Please make sure that you imported the RCFG certificate not only into local computer certificate store, but into SCS service user account certificate store also
Boris Dunayevsky in behalf of SCS Support