- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We bought a VerisignSSL certificate to test the default hash in the AMT client for PKI provisioning. The cert was resquested and installed using IIS. I'm getting the following error: "Missing registry key for PKI provisioning, make sure at least one certificate is selected for PKI provisioning." Am I missing a registry key or is there a way to select? Here is the PKI provisioning attempt:
2007.08.09,15:11:39,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3152,SOURCE=.hellolistenerHELLOThread.cpp,LINE=177,
Incoming connection from 172.16.2.0:16994, version 3, count 6, UUID 9307FBE7458911DCBBDA7854BB2E001B.
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=18,
Enter provisioner worker, user LAB7721Administrator
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=526,
AMT Version: 3
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=537,
AMT SetAdminAcl: 0
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=546,
AMT Hello counts: 6
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=557,
AMT ip: 172.16.2.0
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=16,
Enter Maintenance worker, user LAB7721Administrator
2007.08.09,15:12:33,ERROR,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=203,
Missing registry key for PKI provisioning, make sure at least one certificate is selected for PKI provisioning.
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=112,
Maintenance worker pushes request for command_id=17 and uuid=
2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=112,
Maintenance worker pushes request for command_id=18 and uuid=
2007.08.09,15:12:33,E,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=157,
Cannot connect Intel AMT device to 172.16.2.0.
2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.c
pp,LINE=108,
to get request data: pop
2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop
2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3332,SOURCE=.WorkersCleanLog.cpp,LINE=15,
Enter Clean log worker, user LAB7721Administrator
2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop
2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3616,SOURCE=.WorkersCleanRequestsStatus.cpp,LINE=15,
Enter Clean status of requests worker, user LAB7721Administrator
2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=808,SOURCE=.WorkersProvisionExceptionWorker.cpp,LINE=11,
Provisioning exception worker, user LAB7721Administrator
2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop
2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3732,SOURCE=.WorkersTaskDelayerWorker.cpp,LINE=11,
Delaying task, user LAB7721Administrator
2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3732,SOURCE=.WorkersTaskDelayerWorker.cpp,LINE=29,
Task 5 delayed
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, and thanks for posting your question and providing your log information. We will be looking into this and will get back with you as soon as we can.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That worked! There were 3 certs to select from using loadcert.exe, must have chosen the wrong one the first time. So I have come to the conclusion that the cert used for PKI setup and configuration, the ones included by default, is most likely different from the one used for TLS communication. Is that true? I thought PKI used TLS? Is there any more reading material on this subject?
Thanks,
Darwin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi - When you run loadcert, minimally you will have 2 certificates (root and server.) The server certificate is the one you need to load. You may have requested more than these two which would be why loadcert has more. Loadcert takes the list of the certificates from the local compter certificate store.
As part of the Remote Configuration, the Intel AMT device does send a self-signed certificate just before sending the first "hello" message. There is a checkbox that you select that will enable the SCS to accept self-signed certificates from Intel AMT devices.
I hope this helps.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page