- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!
Actually we're implementing SCCM 2007 with SP1 RTM to provisioning Vpro capable machines (Dell Optiplex 755 with version 3.0.9), including Intel WS Translator (Today, last update).
We have right now one machine provisioned by SCCM SP1 (using in-Band provisioning with client SCCM SP1 & BIOS provisioning enterprise mode - PKI) with an In-House Certification Authority and included the Hash in this client machine (BIOS).
We can see all options in OOB Management menu in SCCM SP1 when right click the mouse, included "Power Control", however, when we push this option, nothing happens in the client machine.
We have reviewed the AMTOPMGR.LOG file and we found these errors (in continued schedule):
Using traslator for version 3.0.9.
session params : https://vpro-sc.vpro.com/wstrans/pro/eoi30/SSCCPC01.vpro.com/wsman , 41001
ERROR: Invoked(get) failed: 80020009argNum = 0
Description: WinRM client can't process this request. Basic authentication is disabled in client configuration. Change settings and try the request again.
Error: Failed to get CIM_AssociatedPowerManagementService instance.
AMT Operation Worker: AMT machine SSCCPC01.VPRO.COM can't be poser off. Error code: 0x803380DF
WinRM is activate in client machine with basic authentication enabled. (WinRM quickconfig).
In addition, if we connect to the machine port 16993 in Internet Explorer , we can view a web with the Intel Logo for VPro and:
PAGE NOT FOUND
Web browser access to Intel Active Management Technology is disabled on this computer, or the page in the address bar is unavailable.
We don't know what can we solve this issue and all replies are wellcome.
Thank's in advance!
- Tags:
- Provisioning
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the log, it appears you are using a vPro client with firmware 3.0.9. SCCM SP1 has a requirement for firmware 3.2.1 for native support. For SCCM SP1 to management vPro Clients less than 3.2.1, you are required to implement the Intel WS-MAN translator and configure SCCM to use it. Have you installed and configured the WS-MAN Translator?
Please reference the following blogs...
p-11064
p-11240
Matt Royer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Matt and thanks for your reply,
Yes, we're using firmware 3.0.9 and Intel WS-MAN Translator is instaled and configured with Listening port 443 and forwarding port 16993 and certificate. Updated in version downloaded this morning.
Full permissions applied in the OU for AMT provisioning... etc... etc...
But something is wrong! of coruse the oobconsole is out of order, but we can't manage power too with vpro machine compliant.
We can't found information about these errors in AMTOPMGR.log anywhere....
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Instead of using winrm quickconfig, use the following command on the SCCM server
winrm set winrm/config/client/auth @{Basic="true"}
Note there is a space between auth and @ but there is no space between @ and the opening brace character
After using this command, type winrm get winrm/config/client to confirm that basic authentication is enabled. I have used this on my SCCM system and have successfully provisioned AMT 2.2 and 2.6 clients using WSMAN Translator beta 528 to the point where SCCM collection initiated power management works correctly. However, like you, I am unable to access the AMT WebUI correctly
If after making this change you still cannot make this work, then sugguest you try the following
1. Confirm that an object representing the Management Controller has been correctly created in Active Directory and that it is not disabled. If there is no object, check the permissions on your AD OU or Container, especially inherited permissions
2. Instead of using PKI method provisioning, use PSK which will force SCCM to use the translator during the configuration process
3. Upgrade from AMT 3.0.9 to AMT 3.2.1 if your OEM has made a new BIOS available for you
Good Luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would expect that WebUI works if Kerberos is functional to the client. If OOB Console is working, then Kerberos is working. If Kerberos is working, but IE is not, then you need to work from the IE perspective.
Please view the following help topic on using IE: http://technet.microsoft.com/en-us/library/cc161817(TechNet.10).aspx
Dave
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thankyou for your reply davidra. I too would have assumed that if OOB console is working then Kerberos is working. However since my clients are AMT 2.2. and 2.6 then I am not currently able to use the OOB console via the WSMAN translator
Overnight things changed slightly. The scenario now is
AMT 3.2.1 system - WebUI fully functional, collection initiated power control fully functional and OOB console fully functionalB-)
AMT 2.6.3 system via WSMAN translator beta 528 - WebUI fully functional, collection initiated power control fully functional and OOB console not applicable at this time:)
AMT 2.2.1 system via WSMAN translator beta 528 - WebUI gets as far is displaying logon screen and allows entry of valid credentials but then displays 'page not available' error. Collection initiated power control fully functional and OOB console not applicable at this time:(
Objects exist in AD for all three clients, collection operations work on all clients and OOB console works where I would expect it to work but the WebUI doesn't work properly on AMT 2.2.1
The AMTOPMGR.LOG file reveals some errors during provisioning of the 2.2.1 system; specifically around AddACLs and SetActivePowerScheme which both give error 8002009argNum = 0 and a desription indicating WinRM client cannot process request. The response from the destination computer does not include any results. I kinda ignored the power scheme setting and assumed the ACL setting is where the problem may lie - but that's just a guess
I have also tried couple of weeks ago with AMT 2.5 system and this too behaved just like the AMT 2.2 system (collection initiated operations worked fine but WebUI fails after entering valid login credentials)
Maybe I did something wrong with the WinRM client (which is default installation 1.1 on Server 2003 with Basic Authentication enabled) or perhaps a WSMAN translator issue ?
Any insight would be gratefully received
Best Regards
sdavies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Further to my last post, I carefully checked the difference between AMTOPMGR when provisioning AMT 2.2.1 and AMT 2.6.3 client since one does not work (i.e. WebUI doesn't allow login) and one does work (i.e. allows WebUI login)
With AMT 2.2.1 the AddACLs fails, with 2.6.3 AddACLs is successful
Brief reading of WSTRANS.LOG seems to indicate WSMAN returns a zero response to SCCM when the AMT API AddUserAclEntryEx is called by SCCM
I conclude the issue lies somewhere with WSMAN and its processing of this API when used with AMT 2.2 systems. Maybe I am wrong, but this is where the log files seem to point. Seems strange that power control still works, but perhaps because WSMAN is in the transmission path between SCCM and the 2.2.1 system then perhaps WSMAN is somehow circumventing the apparent ACL problem. Of course WSMAN is nowhere in the path between the browser and the AMT 2.2.1 system so the ACL problem prevents the browser working correctly
Best Regards
sdavies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MIRoyer will have to reply with information about the differences between your 2.2.1 system and the 2.6.3.
Thanks.
Dave
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In regards to the OOB Console for vPro client less then 3.2.1... That is a known limitation until the release of SCCM SP1 HotFix 1. Regarding the 2.2.1 and webUI inaccessibility after being provisioned by SCCM through the WS-MAN Translator, I don't have a response at this point. We will need to take a closer look at it to see if we can reproduce the issue.
Matt Royer
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page