Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2965 Discussions

AMT Provisioning with cert in Admin Control mode not successfull

wosat666
Beginner
1,587 Views

Hello

we install the EMA server new on a standalone server

we want to activate the AMT with Admin Control mode

 

we purchase a cert together with the Certifikate responsible in the company

 

we config the EMA server and deploy the agent but we only see AMT status: Pending Activation

 

i use the tool emaconfigtool.exe and this is the output

see attach file

 

how can i find the problem?

0 Kudos
14 Replies
Arun_Intel1
Employee
1,552 Views

Hi wosat666,


Greetings!


We appreciate you sharing all the details including the ECT logs,


As per your query we see that you are trying to provision the Endpoint in the ACM, which is unsuccessful.


For the ACM, we have two criteria's that needs to be met.

First the Certificate, which has been provisioned successfully

The second is to configure the PKI DNS Suffix in the MEBx.


Please find the article given below to configure the PKI DNS Suffix in the MEBx, and follow, once done, kindly share your observation.

https://www.intel.com/content/www/us/en/support/articles/000058945/software/manageability-products.html


Best Regards

Arun_intel



0 Kudos
wosat666
Beginner
1,476 Views

Hello Arun

which details and what is ECT logs?

 

i want to provision only devices in ACM which are connected by LAN

 

our WLAN device are provisioned by Client control mode and it is successfull

 

i use the Intel SCS service the last 20 years and only provision LAN devices in Admin control Mode

now i have some problems with the renewing of the cert and our SCS server

 

now i install the Intel Ema server and i was happy with the new feature to provision WLAN devices in CCM

and use the EMA Agent to deploy it

 

in the past i provision the device in ADM with following command

acuconfig.exe /verbose /output file c:\soft\ACU_Configurator\activate.log configviarcsonly vpro.hugoboss.com HBAMT /wmiuser hugoboss\sa_vpro /wmiuserpassword ***

 

i want to activate AMT in ACM remote by our software deployment

 

to activate our WLAN device in CCM is only necessary to install the EMA Agent with the config file

 

what is the process to activate the LAN connected devices in Admin Control Mode.
i create the EMAAgent.msh for Provisioning the device and use this in the installation of the EMAAgent

 

please explain me which information do you need to help me

 

thanks

 

0 Kudos
Arun_Intel1
Employee
1,442 Views

Hi wosat666,


Thank you for the detailed explanation.


We just appreciated you for sharing the details already, the AMT log that you have mentioned is the ECT log (EMA Configuration Tool)

As informed the SCS has reached the end of support.


To provision the AMT of the Endpoint to the Intel EMA console in ACM mode, as mention we do require two things here,

1) To successfully configure the Certificates which you have already done.

2) To Configure the PKI DNS Suffix in the MEBx, which we have to get it done now, please find the article link shared below and follow the same, once done, then generate the Intel EMA Agent files and provision the Endpoint's AMT, which should work fine.


https://www.intel.com/content/www/us/en/support/articles/000058945.html


Please feel free to reply for any further assistance.


Best Regards

Arun_intel


0 Kudos
wosat666
Beginner
1,396 Views

hello Arun

 

i go to the MEBx and set the DNS Suffix hugoboss.com

 

no success

the log from the ema agent is 

EMA Server DNS lookup failed: vpro.hugoboss.com is not known

 

but ping and nslookup on the client give me an answer

 

0 Kudos
Arun_Intel1
Employee
1,365 Views

Hi wosat666,


Greetings!


Thank you for sharing your observation, for us to further troubleshoot, we would require the Intel EMA server logs:


Please share the Swarm Server logs and the Manageability Server logs so that we can analyze and share our findings:


Steps to collect the EMA logs from the Server

Default Path:[System Drive]\Program File(x86)\Intel\Platform Manager\EmaLogs

 

Please send me the files without the date called:

EMAlog-Swarmserver.txt

EMAlog-Manageabilityserver.txt


Best Regards

Arun_Intel


0 Kudos
wosat666
Beginner
1,338 Views

Hello Arun

 

the client name is HBMEC033I

 

i restart the EMA Agent 16:32

 

i saw the error

Warning:Failed to push activation certificate - CERT_VERIFY_FAILED : (HBMEC033I,B9980147).

 

what is wrong withe the cert?

0 Kudos
Arun_Intel1
Employee
1,316 Views

Hi wosat666,


Greetings!


We see that the issue with the remote provisioning has failed as the certificate was created with the EMA FQDN and it needs to be with the domain of the company hugoboss.com

If you are configuring the Endpoint in ACM with wireless, then the certificate domain must also be added in the PKI DNS suffix of MEBx.


Please contact your certificate vendor and inform the same about the domain.


Best Regards

Arun_intel

 


0 Kudos
wosat666
Beginner
1,204 Views

Hello Arun

 

i have a meeting with our Certificate responsible in the company

they do not under stand what is to change in our cert

 

please give me a detailed information how we create a cert

i upload you some pics of our cert

 

and we try to create a csr which was in the installation docu under 2.2.2 Additional Server Installation

but when i start the EMA Installer as Admin and choose install or update

i get an error that an older or same version was installed

 

thanks

 

 

0 Kudos
Arun_Intel1
Employee
1,065 Views

Hi wosat666,


Greetings!


Thank you for sharing the pictures of the certificates,


Please inform the certificate team, mentioning that the certificate has been purchased in the name of vpro.hugoboss.com from Sectigo which is incorrect,

They have to purchase the certificate in the name of hugoboss.com informing the same to Sectigo.


Please feel free to reply for any further query!


Best Regards

Arun_intel


0 Kudos
Arun_Intel1
Employee
949 Views

Hi wosat666,


Greetings!


Thank you for contacting Intel, please feel free for any further queries!


Best Regards

Arun_intel


0 Kudos
wosat666
Beginner
774 Views

Hello Arun

can you delete my attachment pictures in this post

there are to many information about the company

 

thanks

0 Kudos
Arun_Intel1
Employee
730 Views

Hi wosat666,


Greetings!


Sure,


We will check and get the details deleted from the community post, and keep you posted.

Please confirm if your query has been answered.


Best Regards

Arun_intel


0 Kudos
Arun_Intel1
Employee
666 Views

Hi wosat666,


Greetings!


We have deleted the logs and pictures which had sensitive information.

Kindly check and acknowledge the same.


Best Regards

Arun_intel


0 Kudos
Arun_Intel1
Employee
546 Views

Hi wosat666,


Greetings!


Thank you for contacting Intel!


Feel free to revert for any further query!


Best Regards

Arun_intel


0 Kudos
Reply