Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.
1388 Discussions

"Missing registry key for PKI provisioning" error

darwin_davis
Beginner
698 Views

Hello,

We bought a VerisignSSL certificate to test the default hash in the AMT client for PKI provisioning. The cert was resquested and installed using IIS. I'm getting the following error: "Missing registry key for PKI provisioning, make sure at least one certificate is selected for PKI provisioning." Am I missing a registry key or is there a way to select? Here is the PKI provisioning attempt:


2007.08.09,15:11:39,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3152,SOURCE=.hellolistenerHELLOThread.cpp,LINE=177,
Incoming connection from 172.16.2.0:16994, version 3, count 6, UUID 9307FBE7458911DCBBDA7854BB2E001B.


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=18,
Enter provisioner worker, user LAB7721Administrator


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=526,
AMT Version: 3


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=537,
AMT SetAdminAcl: 0


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=546,
AMT Hello counts: 6


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=557,
AMT ip: 172.16.2.0


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=16,
Enter Maintenance worker, user LAB7721Administrator


2007.08.09,15:12:33,ERROR,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=203,
Missing registry key for PKI provisioning, make sure at least one certificate is selected for PKI provisioning.


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=112,
Maintenance worker pushes request for command_id=17 and uuid=


2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=112,
Maintenance worker pushes request for command_id=18 and uuid=


2007.08.09,15:12:33,E,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=157,
Cannot connect Intel AMT device to 172.16.2.0.


2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.c pp,LINE=108,
to get request data: pop


2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop


2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3332,SOURCE=.WorkersCleanLog.cpp,LINE=15,
Enter Clean log worker, user LAB7721Administrator


2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop


2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3616,SOURCE=.WorkersCleanRequestsStatus.cpp,LINE=15,
Enter Clean status of requests worker, user LAB7721Administrator


2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=808,SOURCE=.WorkersProvisionExceptionWorker.cpp,LINE=11,
Provisioning exception worker, user LAB7721Administrator


2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop


2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3732,SOURCE=.WorkersTaskDelayerWorker.cpp,LINE=11,
Delaying task, user LAB7721Administrator


2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3732,SOURCE=.WorkersTaskDelayerWorker.cpp,LINE=29,
Task 5 delayed

0 Kudos
4 Replies
Gael_H_Intel
Moderator
698 Views

Hello, and thanks for posting your question and providing your log information. We will be looking into this and will get back with you as soon as we can.

0 Kudos
Gael_H_Intel
Moderator
698 Views
Hi there,
The Verisign SSL certificate needs to be loaded to SCS by using the tool loadcert.exe. It is described in theInstallation Guideon page 61 'Selecting the Certificate Used by the SCS for ZTC'. Not doingthis is likely to be the cause ofyour problems here.
Please let us know if this helps.
0 Kudos
darwin_davis
Beginner
698 Views

That worked! There were 3 certs to select from using loadcert.exe, must have chosen the wrong one the first time. So I have come to the conclusion that the cert used for PKI setup and configuration, the ones included by default, is most likely different from the one used for TLS communication. Is that true? I thought PKI used TLS? Is there any more reading material on this subject?

Thanks,

Darwin.

0 Kudos
Gael_H_Intel
Moderator
698 Views

Hi - When you run loadcert, minimally you will have 2 certificates (root and server.) The server certificate is the one you need to load. You may have requested more than these two which would be why loadcert has more. Loadcert takes the list of the certificates from the local compter certificate store.

As part of the Remote Configuration, the Intel AMT device does send a self-signed certificate just before sending the first "hello" message. There is a checkbox that you select that will enable the SCS to accept self-signed certificates from Intel AMT devices.

I hope this helps.

0 Kudos
Reply