- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm experiencing an issue provisioning Dell 755s via an SMS distribution. When the activator command and tool is distributed via sms, the context in which the sms runs the job under isn't working as the job runs, but SCS won't allow it to provision. The command line syntax being passed is:
Activator\Activator.exe /s http://wappsgbpa001035.internal.ecomp.com/amtscs http:///amtscs /h /p 3 /o OU=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx,DC=xxxx /t on /u "NT AUTHORITY"\System
The activator account is set to use the local system and the account is in a group which has configurator role or enterprise admin in SCS. I am able to run this locally with domain admin credentials on the local machine and the machine provisions.
Provisioning is with a PKI from a trusted root certificate.
Activator log from test client is below:
Step Into: CheckAMT
Connected to HECI driver, version: 3.0.30.1086
BIOS Version: Not available
Intel AMT code versions:
Flash: 3.2.1
Netstack: 3.2.1
AMTApps: 3.2.1
AMT: 3.2.1
Sku: 12
VendorID: 8086
Build Number: 1022
Recovery Version: 3.2.1
Recovery Build Num: 1022
Legacy Mode: False
Setup and Configuration:
In process
Setup and Configuration TLS Mode:
PKI
Step Into: CheckPKIPPSPIDStatus
Connected to HECI driver, version: 3.0.30.1086
Step out: CheckPKIPPSPIDStatus error 0
Step Into: CSCSER::PerformSCSRemoteConfiguration
Step Into: CSCSER::SCSSetAMTIdentity
Error 'http:// http:///amtscs_rcfg/mod_gsoap.dll?services - 0 SetAMTIdentity Response 1865(client pc) attempted to assume another platforms identity.(client pc)attempted to assume another platforms identity.
AMT version: 3.2 Step Into: StartConfiguration
BIOS Version: Not available
Intel AMT code versions:
Flash: 3.2.1
Netstack: 3.2.1
AMTApps: 3.2.1
AMT: 3.2.1
Sku: 12
VendorID: 8086
Build Number: 1022
Recovery Version: 3.2.1
Recovery Build Num: 1022
Legacy Mode: False
Setup and Configuration:
In process
Intel AMT Mode:
Non Legacy
Remote Configuration:
enabled
Setup and Configuration TLS Mode:
PKI
RNG seed status:
exists
PT_STATUS_INVALID_PT_MODE: Command is not permitted in current operating mode.
Activate Intel AMT configuration:
failure
PT_STATUS_INVALID_PT_MODE: Command is not permitted in current operating mode.Step Into: StartConfiguration
Step out: StartConfiguration error 3
After StartConfiguration 3
Connect to : at port: 9971:Sent hello message successfully!
Connect to : at port: 9971:Sent hello message successfully!
Connect to : at port: 9971:Sent hello message successfully!
Exit with code 8
Error code received from SCS. See the SCS logs for the specific error.
Checking the SCS event logs I get the following error:
"Error Configuring Intel AMT device: No rows found in get Configuration Parameters."
Please could someone advise if they have seen this issue before with SMS and whether a solution exists to resolve this?
Thanks
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
would like you do the following items:
Check your IIS in the application pool for AMTSCS remote configuration poperties Identity and verify that it is predefined as "Network Service"
Change the /u parameter to /u "NT Authority\System" (quotes on the whole name)
Change your group in SCS to "Domain Computers"
Restart AMTConfig service
Try it again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the advice. I have tried this and I still can't get my test machine to provision.
From my testing, the test machine provisions when ran manually logged on as a domain user and so I am happy that the provisioning certificate residing in the personal certificates for the SCS user works. I wasn't sure if the certificate was is in the Intermediate and Trusted root certificate stores for the Local Machine user. I imported the certificate into these stores, reset the vPro client platform to factory default settings and also deleted the object from SCS. Tried to provision again via SMS and the following error appears in SCS:
"Error Configuring Intel AMT device: Failed to connect to un-configured Intel AMT device at IP xx.xx.xx.xx: Proper certificate that matches the pre loaded certificate was not found in the user certificate store. PKI configuration failed."
I am at a loss now as how to proceed and so any help would be really appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, Take two.
Let's verify if the activator with your parameters are correct when run in a known local user context.
- From the activator command line copy the parameters of the activator to the clipboard. Make sure the local user id is "NT AUTHORITY\System" (Quotes on the whole name as stated before).
- On the client run gpedit.msc
- Go to Computer Configuration\Windows Settings\Scripts\Startup
- Click Add and in Script Name select browse and navigate to activator.exe, highlight and click open.
- Paste the activator parameters copied above in the Script Parameters field. (/s /p /o /u and not /c we want the log file).
- Click on OK and exit gpedit.
- Delete any objects in SCS pertaining to this client.
- Restart the system. The script runs at startup as local user.
If this works then we will have to look at SMS to see why it is not in the local user context when it runs the activator with these parameters.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page