I'm really stuck, and can use some help. I've reviewed some of the content here but still can't figure out what the problem is. FYI I've played with provisioning via CM 2007 so am not a complete newbie.
Here's my story(and I'm sticking to it!)
I'm running a 2003 domain(don't ask!) and have the provisioning cert, the AMT web server cert and a standard web server cert to stand up the enrollment point.
I created the AMT boxes OU, and have a universal group, both of which have been permissioned for the appropriate site servers per the technet documentation.
I stand up the oobm service point and enrollment point and configured it again according to the instructions on technet.
For the sake of this lab, I'm using internal CA, and have inputted the thumbprint into mebx(i didn't disable the other 20 certs sitting in there, don't believe this would be an issue)
I go ahead and do a scan for AMT by rightclicking the all systems device collection and selecting 'discover amt status'
I have 2 optiplex 990s with AMT 7.x on them:
Here's what my log shows:CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 10.0.12.11:16993.SMS_AMT_OPERATION_MANAGER1/1/1601 12:00:00 AM3292 (0x0CDC)DoPingDiscoveryForAMTDevice succeeded.SMS_AMT_OPERATION_MANAGER1/1/1601 12:00:00 AM3292 (0x0CDC)Discovery to IP address 10.0.12.11 succeed. AMT status is 0.SMS_AMT_OPERATION_MANAGER1/1/1601 12:00:00 AM
SO I look to my client to see what the deal is, and upon client installation, I get the following, at which point this log never moves(same on both boxes):
<![LOG[CAMTProvisionEndpoint::GetProvisionSettings: GetObject() failed: 80041002]LOG]!>
<![LOG[!! AutoProvision policy disabled.]LOG]!>
So I try to establish a connection on port 16993 from my site system, can't get in. I tried it on 16992, and I get in only if I do 'Activate Network Access' in mebx.
I've since unconfigured network access because as I understand it, that is for a different type of provisioning.
So my take is that something isn't right on the client side. I've combed through mebx a billion times, not sure what else I can turn on or off. I don't see the SMB vs. whatever else option in there anymore as I did in older versions.
So then based on reading some of the posts here, I ran the commander tool and did a subnet scan. My boxes come back with the correct AMT version, 7.1, with method RMCP and Configuration 'NONE' When I had activated Network access, the configuration show up as TLS.
ran the activator util on the client, that didn't make any difference. I've checked firewall and everything else, no issues there. This is on an isolated subnet with like 8 boxes, as simple as can be.
Feel like I'm missing something really obvious. I even went and added the machine manually to the amt boxes security group manually, and installed the AMT web cert on the client to see if it was a security issue, no luck. Rolling that back now as well.
any thoughts on this? I'm really behind on schedule for this stuff and need to get it sorted out fairly quickly.I've attached logs, as there might be something funky in there that'll pop up to a trained eye as opposed to mine...
Within SCCM computers are organized into collections. Please verify the effected systems are in a collection that has the AMT Provisioning option checked.
Then using the agent rerun "Machine Policy retrieval and evaluation cycle" tool.
Execute what Joe suggests...then use the SCCM agent applet on the client to initiate a policy update. This makes the client agent find out that it is in a collection with the autoprovision policy enabled. Wait a minute after the policy update and execute the provisioning operation.
http://blogs.technet.com/b/configurationmgr/archive/2009/05/06/configmgr-2007-how-to-manually-kick-o... ConfigMgr 2007: How to manually kick off a client provisioning task - The Configuration Manager Support Team Blog - Site Home - TechNet Blogs
Once you've initiated provisioning again, look at oobmgmt.log on the client and tell us what it says.