I am not sure if its a certificate issue or a mebx password issue please advise.
we purchased the certificate from verisign for intel vpro. before we pruchased the certificate we tested the secnario using an internal CA and by manually entering the hash in the client device, i was able to provision successfully and was able to connect the devicee also. now that i have a certificate from a public CA. i installed the new certificate with certification chain and unprovisioned the vpro client to provision it with the new certificate. provisoning fails. the thumbprint int he certificate that we received from verisign in the certificate is not matching the already existiing cert hashes in the bios. we contacted verisign and ll they gave us is a root and intermediate CA cert that i installed on the on the sccm sp1 server. if i manually enter the hash of the purchased certificate in the client is is provisioned successfully but i am not able to connect to it using the oob console. it says provisioned both in the client and in the sccm collection. but couldnt connect not even power control. but this was just to test. client log says cannot provision as root hash does not match and server log saya not able to connect and something to do with the password or the account. as i was bale to provision successfully using an intenal CA i guess the prerequisites and infrastructure components are in place. only change to the infrastructure was our sccm server once had an inssue and some components like iis were reinstalled. so do i have to install the hotfixes allover again?. CA seems to be issuing the web server certificates prop[erly to the client not the sccm server. so i guess its an certificate issue or the mebx password issue. any advise to what i need to check
on the client oobmgmt.log i get an error "Failed to call checkcertificateprovider method 80041001"
on the server in amtopmgr.log it says found " found matched certificate hash in memory and fails to connect to the client. detailed log file attached. i am not sure if its a certificate issue or a password issue. appreciate if some experts can view the detailed log and identify the issus so that i can troubleshoot in that direction.
Personally, I'd recommend upgrading to ConfigMgr SP2, if you haven't already. You'll probably find that it is more reliable and predictable than SP1, since it has all the hotfixes built into it already. Either way, I doubt that the this will resolve the issue you're seeing here, just a recommendation ...
I'm curious about the "Failed to call CheckCertificate provider method" message though. Typically, you'll receive that message if the root CA hash is not properly entered into the MEBx. Check out this post from Buz Brodin at Microsoft: