Following the AMT setup guide, on the "ConfigMgr AMT Web Server Certificate" certificate template, we should be enabling "Publish certificate in Active Directory."
By selecting this, it causes the certificate to be stored in the Active Directory object's userCertificate multi-value attribute.
As the SMS site server requests all certificates on behalf of all AMT devices, all of the certificates are stored in the userCertificate attribute of our SMS site server's AD computer object.
In Active Directory, any multi-value object has a size limit of 1300 rows/values. This means, that once we exceed 1300 AMT clients (which we have) we start running into problems. Currently, our SMS site server's computer object is no longer replicating the userCertificate attribute as it's exceeded the maximum size. I also suspect that new certificates are not properly being added when requested.
Does this mean that the Intel AMT, by its design, has a 1300 client limit per SMS site? Or is there a way around this?
In cases such as yours, you can easily disregard the action of enabling "Publish certificate in Active Directory."
Just make sure that you select "Supply in Request" within the Subject Name tab. If you are using SCCM 2012, it will be a little different.
Let me know if I can help you further.