It is an HP dc7800s desktop. AMT Ver 3.2.1

The AMT status for the system shows unknown and not detected in the SCCM console.

I have followed the instructions in the URL(selfsigned -certificate-issue).

C:\>cscript selfsignedfix.vbs https://hpw-cm 192.168.10.205 c:\temp Y

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

**Begin Execution 2008/08/23 03:49:09 PM*************************

Connecting to https://hpw-cm/wstrans/setup/eoi20/192.168.10.205/wsman

Unable to connect to AMT Device: 192.168.10.205

**End Execution 2008/08/23 03:50:08 PM*************************

This is the content in amtopmgr.log:

AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Reading Discovery Instruction C:\Program Files\Microsoft Configuration Manager\inboxes\amtopmgr.box\disc\{7A7F10A7-D29C-4E72-B3F5-956E930ED7B3}.RDC... SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Execute query exec AMT_GetThisSitesNetBiosNames NULL, 'GUID:1AC9EDA8-2BA3-4A04-BCCB-2AA6C3E15B61', 'C01' SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: CSMSAMTDiscoveryWorker::RetrieveInfoFromResource - Found machine HPW-BITLOCKER (HPW-Bitlocker.bcxhpw.lcl), ID: 61 - 192.168.10.205 from Resource GUID:1AC9EDA8-2BA3-4A04-BCCB-2AA6C3E15B61. SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Execute query exec AMT_GetAMTMachineProperties 61 SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Execute query exec AMT_GetProvAccounts SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Finish reading discovery instruction C:\Program Files\Microsoft Configuration Manager\inboxes\amtopmgr.box\disc\{7A7F10A7-D29C-4E72-B3F5-956E930ED7B3}.RDC SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Parsed 1 instruction files SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Send task to completion port SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

Auto-worker Thread Pool: Current size of the thread pool is 1 SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: 1 task(s) are sent to the task pool successfully. SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=HPW-CM SITE=C01 PID=2448 TID=3292 GMTDATE=Sat Aug 23 12:26:49.962 2008 ISTR0="1" ISTR1="0" ISTR2="0" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 3292 (0x0CDC)

Auto-worker Thread Pool: Work thread 4656 started SMS_AMT_OPERATION_MANAGER 2008/08/23 02:26:49 PM 4656 (0x1230)

AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:09 PM 3292 (0x0CDC)

AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:09 PM 3292 (0x0CDC)

CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 192.168.10.205:16992. SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:11 PM 4656 (0x1230)

AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:29 PM 3292 (0x0CDC)

AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:29 PM 3292 (0x0CDC)

CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 192.168.10.205:16993. SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:32 PM 4656 (0x1230)

CAMTDiscoveryWSMan::DoIcmpPingForAMTDevice - failed to recieve reply from 192.168.10.205 SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:32 PM 4656 (0x1230)

Error: CSMSAMTDiscoveryTask::Execute, discovery to (192.168.10.205-HPW-BITLOCKER)failed SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:32 PM 4656 (0x1230)

Auto-worker Thread Pool: Warning, Failed to run task this time. Will retry(1) it SMS_AMT_OPERATION_MANAGER 2008/08/23 02:27:32 PM 4656 (0x1230)

This is the contents of the oobmgmt.log on client:

ON SCHEDULE OOBMgmt 2008/08/20 10:58:13 AM 1924 (0x0784)

BEGIN oobmgmt 2008/08/20 10:58:13 AM 1924 (0x0784)

CAMTProvisionEndpoint::GetProvisionSettings: GetObject() failed: 80041002 oobmgmt 2008/08/20 10:58:13 AM 1924 (0x0784)

!! AutoProvision policy disabled. oobmgmt 2008/08/20 10:58:13 AM 1924 (0x0784)

END oobmgmt 2008/08/20 10:58:13 AM 1924 (0x0784)

BEGIN oobmgmt 2008/08/20 11:27:46 AM 3968 (0x0F80)

Retrying to activate the device. oobmgmt 2008/08/20 11:27:46 AM 3968 (0x0F80)

Can not read last OTP from Software\Microsoft\Sms\Mobile Client\OutOfBand Management\OneTimePassword , (0x80070002) oobmgmt 2008/08/20 11:27:46 AM 3968 (0x0F80)

Can not set new OTP or load last OTP! oobmgmt 2008/08/20 11:27:46 AM 3968 (0x0F80)

Failed to Call GenerateOTPPassword provider method, 80041001 oobmgmt 2008/08/20 11:27:46 AM 3968 (0x0F80)

END oobmgmt 2008/08/20 11:27:46 AM 3968 (0x0F80)

ON SCHEDULE OOBMgmt 2008/08/21 10:58:13 AM 4048 (0x0FD0)

BEGIN oobmgmt 2008/08/21 10:58:13 AM 4048 (0x0FD0)

Retrying to activate the device. oobmgmt 2008/08/21 10:58:13 AM 4048 (0x0FD0)

Can not read last OTP from Software\Microsoft\Sms\Mobile Client\OutOfBand Management\OneTimePassword , (0x80070002) oobmgmt 2008/08/21 10:58:13 AM 4048 (0x0FD0)

Can not set new OTP or load last OTP! oobmgmt 2008/08/21 10:58:13 AM 4048 (0x0FD0)

Failed to Call GenerateOTPPassword provider method, 80041001 oobmgmt 2008/08/21 10:58:13 AM 4048 (0x0FD0)

END oobmgmt 2008/08/21 10:58:13 AM 4048 (0x0FD0)

ON SCHEDULE OOBMgmt 2008/08/22 10:58:13 AM 2544 (0x09F0)

BEGIN oobmgmt 2008/08/22 10:58:13 AM 2544 (0x09F0)

Retrying to activate the device. oobmgmt 2008/08/22 10:58:13 AM 2544 (0x09F0)

Can not read last OTP from Software\Microsoft\Sms\Mobile Client\OutOfBand Management\OneTimePassword , (0x80070002) oobmgmt 2008/08/22 10:58:13 AM 2544 (0x09F0)

Can not set new OTP or load last OTP! oobmgmt 2008/08/22 10:58:13 AM 2544 (0x09F0)

Failed to Call GenerateOTPPassword provider method, 80041001 oobmgmt 2008/08/22 10:58:13 AM 2544 (0x09F0)

END oobmgmt 2008/08/22 10:58:13 AM 2544 (0x09F0)

ON SCHEDULE OOBMgmt 2008/08/23 10:58:13 AM 2544 (0x09F0)

BEGIN oobmgmt 2008/08/23 10:58:13 AM 2544 (0x09F0)

Retrying to activate the device. oobmgmt 2008/08/23 10:58:13 AM 2544 (0x09F0)

C...

Jean,

A couple of things....

1. In regards to the hpw-cm parameter you provided to the signselfcert script... I'm assuming that is the FQDN of where the Intel-WS Translator is running? The script requires the p-11434 Intel WS-MAN translator to perform the remote provision / unprovision.

2. Can you confirm that Manageability Mode within the MEBx is set to Intel AMT and not set to ASF or None?

3. In terms of Agent Based provision with SCCM Client Agent you listed, I'm assuming you have the ME Driver loaded (aka HECI) in the OS? The SCCM Client Agent has a dependency on this driver to set the OTP password for agent based provisioning.Here is the http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=12454&prodSeriesId=3459242&prodNameId=3459247&swEnvOID=2098&swLang=13&mode=2&taskId=135&swItem=vc-58315-1 HECI driver location for HP DC7800s

--Matt Royer

Hi Matt,

Just to confirm:

hpw-cm is the host name.. The manageability mode within MEBx is set to Intel AMT. The HECI/ME driver is loaded in the OS.

When I do the following the provisioning works:

-delete the client record in SCCM

- import the OOBM device\client in the SCCM console (It is not an SMS client at this stage)

-Do a partial unprovision in MEBx on the workstation.

We can obviously not do this for all devices on the network. I may be wrong but I am starting to think it may have something to do with the MEBx password that I changed. I do not have a cert from a public CA, therefor I had to enter my own Ent Root CA cert hash in the MEBx. When accessing the MEBx the first time you have to change the password. I have changed the password to be the same as the SCCM OOBM service point configuration.

Out of Band provisioning seem to work just fine. It seems that the in Band provisioning via the SCCM client is where the problem lies. I have also created the a collection in SCCM and set it to auto-provision

Thanks

Jean

Going back to the Intel WS-MAN Translator... so when you go the following URL: https://hpw-cm.yourdomain.com/wstrans

... do you get a screen that looks like the following?

If not, we need to resolve the issue with the Intel WS-MAN Translator, before you can use the script to perform the remote unprovision / provision.

--Matt Royer

Accessing https://hpw-cm/wstrans returns the screen. In the command line I also just use the host name I.e. cscript selfsignedfix.vbs https://hpw-cm/ 192.168.10.205 c:\temp Y

Can you take a look at your C:\Program Files\Intel Corporation\Intel WS-Management Translator\wstrans.log log? This is the Intel WS-MAN Translator Log and should give you more detail on what is going on when you try to run the script.

You may temporarily want to change your error logging in the Translator to Verbose to get some more detail. To do so, modify wstrans.exe.config (make a backup copy first) to look like the following and restart the Intel WS-MAN Translator service:

<system.diagnostics>

<switches>

<add name="Intel.Wstrans" value="Verbose" />

<add name="Intel.Wstrans.Eoi" value="Verbose" />

<add name="Intel.Wstrans.WsMan" value="Verbose" />

</switches>

</system.diagnostics>

--Matt Royer

The wstrans.log file has the following entry:

Setup request failed for https://hpw-bitlocker.bcxhpw.lcl:16993 WSTRANS 2008/08/23 03:22:10 PM 5 (0x0005)

Previously the amtopmgr.log reflected that it Failed to establish tcp session to 192.168.10.205:16992

What is the purpose of the connections to ports 16992 & 16993? Is there something in MEBx that controls access to these ports?

PS: There seems to be a problem when replying to posts in the discussion threads. It is not just with this thread. When we click reply this text editor text box appears and immediately disappears again. If I go to another tab in my browser and go through the process of starting a new discussion thread, only then the text box re-appears.

As a reference... The following ports are used by out of band management:

• From the AMT management controllers to the out of band service point site system server for provisioning: TCP 9971.

• From the out of band service point site system server to AMT managed controllers for discovery: TCP 16992.

• From the out of band service point site system server to AMT management controllers for power control, provisioning, and discovery: TCP 16993.

• From computers running the out of band management console to AMT management controllers for general management tasks: TCP 16993.

• From computers running the out of band management console to AMT management controllers for serial over LAN and IDE redirection: TCP 16995.

I am also assuming that you have run the wtranscfg.exe to configure the WS-MAN Translator: configured admin password, forwarding ports, PSK, and Common Setup Certificate (same Remote Configuration certificate configured in SCCM)?

The script assumes that the machine is in a default state, which is why the Remote Admin password is set to admin. If this has changed, you may need to adjust the password in the script.

--Matt Royer

I have run the WS-Translator Wizard. I have set the admin password to match the settings in MEBx.I have left the PSK Key name as 4444-4444 and the key value as 0000-0000-0000-0000-0000-0000-0000-0000. This matches PID/PPS config in MEBx. I have imported the cert. Listening port set to 443 and forwarding port set to 16993. I changed the default admin pwd in script to match the pwd in MEBx.

Assuming by this post you are still having the same issue? Anyway you can post your wstrans.log file (just the section that relates to you running the script)?

--Matt Royer