Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Manager
846 Views

802.1 Provisioning Issue

Hi

I've run into an issue with AMT provisioning on a Lenovo M91p running firmware / MEI 7.x

Running the provision from SCCM with SP2 installed. I can fully provision a device without using the 802.1x and wireless options on the OOBM settings, but when configuring the 802.1x and wireless options I get the following information in the log:

Error: Failed to add a new Trusted root certificate,Device does not support the certificate format.

Error: Failed to add a new Trusted root certificate,return value:2063.

Error: Failed to finish critical setup and configuration step. (AMTWSManUtilities::AddCertificate)

Warning: CSMSAMTProvTask::StartProvision Fail to call SetWirelessServerCertificate

Begin to set Wired 8021x Profile...

No Trust Root Certificate

The wired profile is invaid. Skip adding...

I have both imported the .CER and tried pulling directly from the issuing CA - but still get the same issue.

Are there any specific settings related to the Trusted Root Cert? Do I need the entire Cert chain as well?

We use a CA with issuing CA's on 2008.

Thanks

Ian

0 Kudos
1 Reply
Highlighted
Community Manager
7 Views

I've worked out the problem, we need to use a shorter Root Cert. Ours is currently 4096, wheras we should be using a key length of no greater than 2048 for AMT.

I didnt run into the issue up to now as we use a Comodo Cert for provisioning.

The give away was:

Error: Failed to add a new Trusted root certificate,Device does not support the certificate format.

Error: Failed to add a new Trusted root certificate,return value:2063.

Solution:

Build a second CA with a Root key of 2048 in length. and issue this for purposes of 802.1x.

0 Kudos