Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Manager
861 Views

ConfigMgr 2007 SP2 provisioning error

Hi,

I'm fairly new to the OOB functionality in ConfigMgr, but I've followed these documents/blogs:

Create PKI certificates: http://technet.microsoft.com/en-us/library/dd252737.aspx http://technet.microsoft.com/en-us/library/dd252737.aspx

Setup OOB in ConfigMgr 2007 SP2: /docs/DOC-1754 http://communities.intel.com/docs/DOC-1754

All our clients are running Windows 7 SP1 x64.

I'm currently testing with a single box, a Dell Optiplex 745 BIOS A11 AMT version 3.2.1. The CA thumbprint has been enter manually in the MEBx. The default password has also be changed and the same is configured in the MEBx field in OOB component setup.

When I look in the amtopmgr.log I see the following:

>>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)</div>Provision target is indicated with SMS resource id. (MachineId = 649 LAB01-WS.domain.local) SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Found valid basic machine property for machine id = 649. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)The provision mode for device LAB01-WS.domain.local is 1. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Check target machine (version 3.2.1) is a SCCM support version. (TRUE) SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)The IP addresses of the host LAB01-WS.domain.local are 192.168.136.134. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Found matched certificate hash in current memory of provisioning certificate SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Create provisionHelper with (Hash: F4715DADFCE150E91FE5397F5BF15B9FB6FFB883) SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Try to use provisioning account to connect target machine LAB01-WS.domain.local... SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)**** Error 0x4bcadd4 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Fail to connect and get core version of machine LAB01-WS.domain.local using provisioning account # 0. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Try to use default factory account to connect target machine LAB01-WS.domain.local... SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)**** Error 0x4bcadd4 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Fail to connect and get core version of machine LAB01-WS.domain.local using default factory account. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Try to use provisioned account (random generated password) to connect target machine LAB01-WS.domain.local... SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server. SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)**** Error 0x4bcadd4 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Fail to connect and get core version of machine LAB01-WS.domain.local using provisioned account (random generated password). SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Error: Device internal error. This may be caused by: 1. Schannel hotfix applied that can send our root certificate in provisioning certificate chain. 2. incorrect network configuration(DHCP option 6 and 15 required for AMT firmware). 3. AMT firmware self signed certificate issue(date zero). 4. AMT firmware is not ready for PKI provisioning. Check network interface is opening and AMT is in PKI mode. 5. Service point is trying to establish connection with wireless IP address of AMT firmware but wireless management has NOT enabled yet. AMT firmware doesn't support provision through wireless connection. (MachineId = 649) SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)Error: Can NOT establish connection with target device. (MachineId = 649) SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)>>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 2012-02-17 15:53:52 130884 (0x1FF44)</div>

If I look at the status messages from ConfigMgr, I get this:

"The out of band service point failed to provision LAB01-WS.domain.local with error 0x 0: Can NOT establish connection with target device..

Possible cause: This error can be caused by network configuration errors or because AMT has the wrong IP address for wired network access .

Solution: Ensure that the DHCP scope for AMT is configured correctly with the options 006 (DNS Servers) and 015 (DNS Domain Name). Also check in AMT that the correct IP address is configured for wired network access."

Have I forgotten anything? Why is it not able to connect to the AMT?

Any help is appreciated.

Best regards,

Nickolaj

0 Kudos