Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Cannot Provision Any AMT Devices Using SCCM 2012 R2

idata
Employee
1,516 Views

I am doing a POC before possible live implementation. This POC will dictate whether we purchase vPro on all future devices world wide, so there is a fair amount riding on this. My test devices are a selection of four laptops and desktops with different AMT versions.

I am highly experienced in SCCM. I am using a 2012 R2 single server environment, which has no issues. I have a domain with a CA (Server 2012 R2, so its an enterprise CA as far as we care here).

I have gone through the setup and everything seems fine, no issues reported in the SCCM logs regarding the health of the OOB or the Enrolment service points. One issue I did resolve (which appeared because there is no mention in any of the guides i have read, is i needed to bind the provisioning cert with the IIS default website. Following that the OOBSP setup fine.

Basically the errors I am receiving are all to do with authentication during the initial provisioning. All devices are showing as Not Supported or Detected.

Here is a relevent section of log:

AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Wait 3600 seconds... SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Reading Discovery Instruction C:\Program Files\Microsoft Configuration Manager\inboxes\amtopmgr.box\disc\{88ED1AA6-A9CF-4645-924D-FFA1665C9DBF}.RDC... SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Execute query exec AMT_GetThisSitesNetBiosNames NULL, '16777219', 'S01' SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: CSMSAMTDiscoveryWorker::RetrieveInfoFromResource - Found machine MEDIA1 (Media1.Home.local), ID: 16777219 IP: 192.168.0.61 from Resource 16777219. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Execute query exec AMT_GetAMTMachineProperties 16777219 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

Discovery will use ip resolved from netbios: SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

192.168.0.61 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Execute query exec AMT_GetProvAccounts SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Finish reading discovery instruction C:\Program Files\Microsoft Configuration Manager\inboxes\amtopmgr.box\disc\{88ED1AA6-A9CF-4645-924D-FFA1665C9DBF}.RDC SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Parsed 1 instruction files SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Send task Media1.Home.local to completion port SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

General Worker Thread Pool: Current size of the thread pool is 1 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

General Worker Thread Pool: Work thread 3120 started SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Discover MEDIA1 using IP address 192.168.0.61 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

AMT Discovery Worker: 1 task(s) are sent to the task pool successfully. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

DoPingDiscoveryForAMTDevice succeeded. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=SCCM2012.Home.local SITE=S01 PID=2464 TID=8160 GMTDATE=Fri Jan 30 20:38:54.557 2015 ISTR0="1" ISTR1="0" ISTR2="0" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 8160 (0x1FE0)

Error 0x80090325 returned by InitializeSecurityContext during follow up TLS handshaking with server. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

**** Error 0x3b68b200 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

DoSoapDiscovery failed with user name: admin. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Flag iWSManFlagSkipRevocationCheck is set. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

session params : https://Media1.Home.local:16993 https://Media1.Home.local:16993 , 2011001 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Description: A security error occurred SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

DoWSManDiscovery failed with user name: admin. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Start Kerberos Discovery SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Flag iWSManFlagSkipRevocationCheck is set. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

session params : https://Media1.Home.local:16993 https://Media1.Home.local:16993 , 2484001 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Description: A security error occurred SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

DoKerberosWSManDiscovery failed. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Flag iWSManFlagSkipRevocationCheck is set. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

session params : https://192.168.0.61:16993 https://192.168.0.61:16993 , 2015001 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Description: A security error occurred SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

DoWSManDiscovery failed with user name: admin. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

Discovery to IP address 192.168.0.61 succeed. AMT status is 1. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

CSMSAMTDiscoveryTask::Execute, discovery to MEDIA1 succeed. AMT status is 1. SMS_AMT_OPERATION_MANAGER 30/01/2015 20:38:54 3120 (0x0C30)

CSMSAMTDiscoveryTask::Execute - DDR written to C:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box SMS_AMT_OPERATION_M...

0 Kudos
4 Replies
Bruno_Domignues
Employee
619 Views

Mike,

I'm not sure which version of AMT are you using, but Microsoft SCCM 2012 is not able to provision versions AMT 9.0 and newer. The best solution in this case, that what I recommend, is use https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=24563 Intel SCS for provisioning and to for integration with Microsoft SCCM 2012, there is an https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=24010 Intel SCS Add-on for MSFT SCCM2012.

I hope it helps.

Best Regards!

-Bruno Domingues

0 Kudos
idata
Employee
619 Views

Thanks for your reply Bruno.

I have a laptop running 9, so I will look at SCS

However the device Media1 has AMT 8.03. How can I provision that one? What should the mebx pw be set to if the AMT settings of that device have been reset to their defaults?

0 Kudos
Bruno_Domignues
Employee
619 Views

Mike,

By default, the MBEX password if "admin", at the first time that you get into MBEX you will requested to changed it. If you let it unchanged (i.e. default factory), SCCM can automatically connect and start the provision process (assuming that you have all infrastructure requirements, such as DHCP with option 15, valid 3rd party certificate, DNS, etc.). Also a very common issue that I observed on many vPro activations, is that Windows Firewall on client side block communication from SCCM to vPro. The best way to see is look into amtopmgr.log that can give a good clue where the provision process is stuck.

Best Regards!

-Bruno Domingues

Anonymous
Not applicable
619 Views

Please note the Intel® vPro™ Expert Center discussion forums are not officially monitored by Intel.

To directly engage with experts for support on Intel® vPro™ Technology please contact the Intel® Business Support portal: https://bizsupport.intel.com/ https://bizsupport.intel.com/

0 Kudos
Reply