Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2933 Discussions

In-band provisioning in SCCM

idata
Employee
2,211 Views

Hi

 

I have lab SCCM 2007 SP1 R2 on Windows 2008 Server.

 

I installed all hotfixes to Windows Server and hotfixes to SCCM (KB954718,

 

KB955126, KB955355, KB956337, KB957469, KB960804)

 

I installed Client on my test computer (Dell 755). OS system is Vista SP1

 

x86.

 

I want to provision this computer with in-band agent provisioning.

In OOBMGMT.log on client is:

 

----------------------------------

 

BEGIN

 

Retrying to activate the device.

 

New OTP generated

 

Successfully activated the device.

 

END

 

----------------------------------

 

In create collection "AMT Systems". I choosed option Out of Band

 

Management - Discover Management Controllers.

 

I checked AMTOPMGR.log on SCCM server:

 

----------------------------------------------------------------------------------------------

 

AMT Discovery Worker: Wakes up to process instruction files

 

AMT Discovery Worker: Wait 3600 seconds...

 

AMT Discovery Worker: Wakes up to process instruction files

 

AMT Discovery Worker: Reading Discovery Instruction

 

c:\ConfigMgr\inboxes\amtopmgr.box\disc\{99AD5C16-1204-481F-BE97-52B3CA79113D}.RDC...

 

AMT Discovery Worker: Execute query exec AMT_GetThisSitesNetBiosNames

 

'ISW0000D', NULL, 'ISW'

 

AMT Discovery Worker: Execute query exec AMT_GetAMTMachineProperties 26

 

AMT Discovery Worker: CSMSAMTDiscoveryWorker::RetrieveInfoFromCollection:

 

Found machine hp - 10.1.12.22 from Collection ISW0000D.

 

AMT Discovery Worker: Execute query exec AMT_GetAMTMachineProperties 28

 

AMT Discovery Worker: CSMSAMTDiscoveryWorker::RetrieveInfoFromCollection:

 

Found machine DELL01 - 10.1.12.21 from Collection ISW0000D.

 

AMT Discovery Worker: Execute query exec AMT_GetProvAccounts

 

AMT Discovery Worker: Execute query exec AMT_GetProvAccounts

 

AMT Discovery Worker: Finish reading discovery instruction

 

c:\ConfigMgr\inboxes\amtopmgr.box\disc\{99AD5C16-1204-481F-BE97-52B3CA79113D}.RDC

 

AMT Discovery Worker: Parsed 1 instruction files

 

AMT Discovery Worker: There are 2 tasks in pending list

 

AMT Discovery Worker: Send task to completion port

 

Auto-worker Thread Pool: Current size of the thread pool is 1

 

AMT Discovery Worker: Send task to completion port

 

Auto-worker Thread Pool: Current size of the thread pool is 2

 

Auto-worker Thread Pool: Work thread 3156 started

 

Auto-worker Thread Pool: Work thread 4652 started

 

CAMTDiscoveryWSMan::DoDetectAMTVersion: recv failed: 10054

 

AMT Discovery Worker: 2 task(s) are sent to the task pool successfully.

 

STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server"

 

COMP="SMS_AMT_OPERATION_MANAGER" SYS=SCCM SITE=ISW PID=3520 TID=5052

 

GMTDATE=Wt kwi

 

AMT Discovery Worker: Wait 20 seconds...

 

AMT Discovery Worker: Wakes up to process instruction files

 

AMT Discovery Worker: Wait 20 seconds...

 

Error 0x80090304 returned by InitializeSecurityContext during follow up TLS

 

handshaking with server.

 

**** Error 0x331b580 returned by ApplyControlToken

 

Error 0x80090304 returned by InitializeSecurityContext during follow up TLS

 

handshaking with server.

 

**** Error 0x331b580 returned by ApplyControlToken

 

session params : http://dell01.vprolab.com:16992/ http://DELL01.vprolab.com:16992 , 111001

 

ERROR: Invoke(get) failed: 80020009argNum = 0

 

Description: The I/O operation has been aborted because of either a thread

 

exit or an application request.

 

Error: Failed to get AMT_SetupAndConfigurationService instance.

 

session params : http://dell01.vprolab.com:16992/ http://DELL01.vprolab.com:16992 , 111001

 

ERROR: Invoke(get) failed: 80020009argNum = 0

 

Description: The I/O operation has been aborted because of either a thread

 

exit or an application request.

 

Error: Failed to get AMT_SetupAndConfigurationService instance.

 

CSMSAMTDiscoveryTask::Execute - DDR written to

 

c:\ConfigMgr\inboxes\auth\ddm.box

 

Auto-worker Thread Pool: Succeed to run the task . Remove it from task list.

 

CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to

 

10.1.12.22:16992.

 

GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0,

 

clientError = 0.

 

CSMSAMTDiscoveryTask::Execute - DDR written to

 

c:\ConfigMgr\inboxes\auth\ddm.box

 

Auto-worker Thread Pool: Succeed to run the task . Remove it from task list.

 

AMT Discovery Worker: Wakes up to process instruction files

 

AMT Discovery Worker: Wait 3600 seconds...

 

Auto-worker Thread Pool: Work thread 3156 has been requested to shut down.

 

Auto-worker Thread Pool: Work thread 3156 exiting.

 

Auto-worker Thread Pool: Work thread 4652 has been requested to shut down.

 

Auto-worker Thread Pool: Work thread 4652 exiting.

 

Auto-worker Thread Pool: Current size of the thread pool is 0

 

----------------------------------------------------------------------------------------------

 

My test computer name is DELL01.vprolab.com and his ip is 10.1.12.21.

 

In collection "AMT Systems" computer show status "Detected" in AMT Status

 

column and 3.2.3 on AMT Version column.

 

Computer don't change status to "Provisioned". Is still "Detected".

 

I can't manage it via Out of Band Management Console.

 

Could you help me with this trouble?

--

 

piotrek
0 Kudos
3 Replies
idata
Employee
574 Views

Piotrek,

Thanks for your thorough, informational post!

Has this device ever been provisioned before? If yes, please enter the MEBx and make sure it is unprovisioned first. If the device is provisioned, but ConfigMgr is unable to communicate with it, due to lack of proper credentials, this could cause the "Detected" state to appear.

Does the client have forward and reverse lookup records in DNS? In order for AMT to function, the client must have a A and PTR record in DNS, in the zone that matches the name of the Active Directory domain that the client is a member of. For example: if the client's hostname is AmtClient, and it is a domain member of DomainA.local, and it has IP address 10.1.1.100, then an A record must exist called AmtClient.DomainA.local, and a PTR record must exist for 10.1.1.100, pointing to AmtClient.DomainA.local.

What provisioning certificate provider are you using? Do you have a valid SSL certificate that has the correct OU name of "Intel(R) Client Setup Certificate" and is published to a member server of the Active Directory domain in your lab (eg. sccmsp1.DomainA.local)?

If these things have been checked, then please try resetting the system to factory defaults by disconnecting power, and pulling the CMOS battery on the motherboard for ~10 seconds. Do not log into the MEBx, and try reprovisioning the device.

I hope this helps! Please post back your results, and let me know if I can further assist you!

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
William_Y_Intel
Employee
574 Views

Does your DHCP server have option 15 enabled when offering an IP address to your AMT system? And does that value match the FQDN of the provisioning certificate you are using? For example, if the provisioning certificate is sccm.domain1.com is the Option 15 value domain1.com? Also, please make sure you are running the latest BIOS from Dell's web site for the 755.

0 Kudos
idata
Employee
574 Views

Trevor, William

Thanks for you answers.

Has this device ever been provisioned before?

Yes. It was provisioned Out of band provisioning method and it worked, but I deleted his account from SCCM and reset BIOS, because I want to test in band provisioning method.

Does the client have forward and reverse lookup records in DNS?

It has only forward lookup record (A record). I create PTR record for this computer. But still status is "Detected".

What provisioning certificate provider are you using?

I have certificate signed by GoDaddy. His OU is "Intel(R) Client Setup Certificate" and is published in my SCCM server which is a member server of my domain vprolab.com.

Does your DHCP server have option 15 enabled?

Yes, it does (vprolab.com).

Please make sure you are running the latest BIOS from Dell's web site for the 755.

I have BIOS A13 version with AMT 3.2.3 version. It is new version of BIOS for this computer.

Have you any other ideas?

Best regards.

--

 

piotrek
0 Kudos
Reply