Community
cancel
Showing results for 
Search instead for 
Did you mean: 
ZShav
Beginner
1,033 Views

Event viewer error with RCS remote configuration

So I've made an RCS/SCS server, set up the database and CA, set up the DNS, etc but still running into issues when the server-script .bat/.vbs script is called by the scs software.

WMI works to the remote system, I can query for domain name and see the results in the log file.

it's the part of the script which calls ConfigAMT which fails.

retVal = objWMIService.ConfigAMT(uuid, fqdn, ConfMethod, profileName, pid, "", "", "", "", strComputer, "", "", "", "", "", "", "", errorStr)

fqdn, uuid, strComputer, all reflect the test PC's fqdn, uuid, and IP address respectively. That was obviously the intent of the sample scripts. ConfMethod is 2 (PKI), profile name is "CSIT_Managed" which matches a profile I defined in scs. errorStr is always returned empty.

All the variables and their values appear to be correct, but I get an erroneous return value of -1073741718 and in the windows event viewer I see this message:

The following information was included with the event:

Method call ConfigAMT is denied because computer SERVERNAME$ made the call for PCNAME.DOMAIN.CA instead of for itself.

I do not understand where the error is coming from, the error makes no sense.... isn't the whole point for RCS is that the SERVERNAME$ can make a call to provision PCNAME.DOMAIN.CA?

0 Kudos
1 Reply
idata
Community Manager
66 Views

Hello,

 

 

RCS has a relatively new code that locks configurations by default from a computer account from a different computer. In this case you'd only be able to configure your computer. If on Computer 1, then computer 1 can configure but Computer 2 cannot. There is an option to change this behavior. ConfigAMT is

 

 

 

HKLM/Software/WOW64(32)node/Intel/Intel Setup and Configuration Software/11.2/RCS/General Settings

 

 

Key: EnhancedSecurityEnabled

 

 

Value: 01 (default) so, change to 00.

 

 

The other workaround (assuming you are using an account that is a local account) to use an account that has local admin rights to the AMT computer and appropriate rights to Intel_RCS NameSpace.

 

 

Regards,

 

Michael
Reply