Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

How to handle sccm out of band mgmt for previously provisioned computers being reimaged?

idata
Employee
1,414 Views

If I have a computer that has previously been provisioned for out of band management and it must now be reimaged and given the same computer name, what is the proper procedure? Do you need to unprovision the computer first and remove the out of band management controller account from AD? Then reimage and re provision? Or can you keep it provisioned and the oob account in tact, and just reimage the system and let SCCM re discover the controller? Anyone using oob that has experience with this?

0 Kudos
7 Replies
idata
Employee
510 Views

OK so if I take a provisioned machine and reimage it, retaining the same name it originally had and leaving the oob mgmt controller account in tact in AD, SCCM sees the AMT status for the client as 'Unknown.' Trying to discover oob mgmt controllers through the sccm console results in an error, and on the client the oobmgmt.log indicates "!! Device is already provisioned."

So what happens now? I would hate to think that in a situation as common as reimaging a client machine, that the techs need to go out and yank CMOS batteries each time in order to get the client to re-provision properly.

0 Kudos
idata
Employee
510 Views

If you are rebuilding the system and plan on using the same name again, you do not need to unprovision it first.

If you are going to rename the computer as part of the rebuild process you will first want to unprovision the system. Ideally, you will want to do this in SCCM so that it can delete the AD object for you. Once the new OS install is complete let SCCM provision the system again and you will be all set. You could also unprovision AMT from the MEBx and then manually delete the AMT entry from your SCCM AMT OU.

If you change the name of the OS without unprovisioning AMT first you will end up with a situation where the hostname on the TLS certificate in AMT does not match the hostname of the OS that gets registered in DNS, which will prevent SCCM from being able to comminicate with AMT over the network.

-Dan

0 Kudos
idata
Employee
510 Views

Hey Dan but thats just it -- im not renaming the computer.

The machine is reimaged and the same computer name as it originally had is chosen. so there isnt any host name mismatch. After the machine is up and running, SCCM sees the AMT status as unknown, fails to discover the oob mgmt controller, and forcing the out of band discovery on the client results in the oobmgmt.log saying the system is already provisioned.

if i reset cmos and run sccm oob discovery, everything provisions properly.

So what is going wrong here?

0 Kudos
idata
Employee
510 Views

Are you deleting the computer's record in SCCM or leaving it in place?

If you delete the record of a provisioned system in SCCM, it will also delete the AMT remote admin password, which can cause problems like you are describing.

0 Kudos
idata
Employee
510 Views

Dan,

Can you explain how this should work in SCCM then? If there is no hostname mismatch (the system is reimaged with the same name it previously had when the AMT was provisioned), why is SCCM failing to discover the AMT status? The system knows it is still provisioned (based on the info in the oobmgmt.log, but SCCM shows the system as status "unknown"

0 Kudos
idata
Employee
510 Views

Thats funny you mention this... I was starting to think that was my problem and am in process of testing the reimage without deleting the old account first

i think that will fix everything

-lee

0 Kudos
idata
Employee
510 Views

Hello Dan,

I am a bit confused on the renaming an AMT device and successfuly having the host name change as well. Here are the steps we take, and this seems not to work.

Renaming AMT Enabled Computer

Step 1: Unprovision AMT computer in SCCM

  1. From an SCCM Management console locate computer account in Provisioned collection (Expand Computer Management, expand Collections, expand AMT, click on Provisioned.)

     

  2. Locate the computer record and right click. Select Out of Band Management, and click on Delete Provisioning Data from Management Controller Memory.

     

  3. Under Data removal options, select Remove configuration data from AMT memory, and leave AMT Identification data.

     

  4. Select Disable automatic out of band provisioning. Click Ok.

     

** Verify or Delete the the AMT computer account in Active Directory (I delete the account right after step (4).

  1. Verify AMT computer account has been deleted from Active Directory. Open AD, expand Departments, locate and click on AMT OU. Scroll through the computer accounts and verify that you do not see an account for the computer name you just unprovisioned.

     

Step 2: Delete SCCM client record from SCCM database

  1. Open SCCM and locate the All Systems collection (Expand Computer Management, expand Collections).

     

  2. Search for the computer record. Once you locate the record, right click it and select Delete.

     

Step 3: Rename computer

  1. Rename computer using your normal procedures.

     

In a email exchange between you and I back in Feb 2010, you had mentioned that we need to perform a "partial unprovision" and then "re-provision" the system

"so, if you need to rename a system you will need to do a partial unprovision and re-provision the system."

Can you verify these steps for me? I think they are as follows...

1. In AMT Bios, manually change the "HOSTNAME" to new computer name

2. Partial unprovision (in SMB mode)

3. Reboot

Will SCCM now detect and provision device?

Is this done in the MEbX

0 Kudos
Reply