Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

No AMT Showing up

idata
Employee
1,661 Views

Well, we've got the Out of Band Service point setup on our primary SCCM Site Server which is Native Mode as well. The Provisioning Cert (Standard Web SSL Cert) is from Verisign and the AMT Template is from out internal CA. I've stepped through all the instructions in the Quick Start Guide v1.9 (from Intel) and I'm not seeing any computers listed as supported. We have a lot that say "Not Supported" for AMT Status and the remaining ones say "Unknown." The AMTOPMGR.log doesn't have anything glaring, but I'm not sure what to look for to indicate problems with my setup...........

I can initiate a Management Controller Discovery on the All System Collection and the AMTOPMGR.log file scrolls through like any other discovery (i.e. AD System Discovery log file) but my gut tells me something is wrong as I know for a fact we have vPro computers out there from Dell (Optiplex).

0 Kudos
8 Replies
idata
Employee
573 Views

Hello,

First things first ... let's make sure that your systems are being properly recognized as AMT clients by Configuration Manager. The ConfigMgr client inventories AMT details during hardware inventory cycles, and stores the data in a "AMT Agent" section in Resource Explorer. In order for the ConfigMgr client to detect the management controller however, you will need to make sure that the HECI driver (Intel Management Engine Interface) device is installed on the AMT clients. Here are a couple steps to try:

1) Open Device Manager on one of your AMT clients, open the System category, and look for "Intel(R) Management Engine Interface" .... if you cannot find it, then ConfigMgr probably doesn't know that your client is an AMT client.

 

2) Open Resource Explorer in your ConfigMgr console for the same ConfigMgr resource you are working with in step # 1. Look for an AMT Agent section in the hardware inventory for the system. If the section doesn't exist, or doesn't contain any information, you probably don't have the HECI driver installed on the AMT system.

3) Run the MEinfowin tool from IBM. This retrieves information about the AMT chipset using the HECI driver. If it fails to run, your HECI / MEI (Management Engine Interface) probably isn't installed correctly. http://www-307.ibm.com/pc/support/site.wss/MIGR-67953.html Download MEinfowin

 

Post back with your results.

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
idata
Employee
573 Views

Okay, the driver is in Device Manager and the Resource Explorer is showing AMT. In the AMTOPMGR.LOG I'm getting this

CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 10.0.18.183:16992

CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 10.0.18.183:16993

CSMSAMTDiscoveryTask::Execute - DDR written to E:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box

Auto-worker Thread Pool: Succeed to run the task . Remove it from task list.

AMT Discovery Worker: Wakes up to process instruction file.

I have the firewall turned off on the client! Why wouldn't it be able to connect to those ports?

0 Kudos
idata
Employee
573 Views

Okay, I now installed all the latest Dell Intel Drivers for this one computer and now I'm seeing this in the AMTOPMGR.log

Server unexpectedly disconnected when TLS handshaking.

**** Error 0x84fb970 returned by ApplyControlToken

Server unexpectedly disconnected when TLS handshaking.

**** Error 0x84fb970 returned by ApplyControlToken

session params : http://WCOR3J7C1J1.xxxxxx.com:16992 http://WCOR3J7C1J1.xxxxxx.com:16992 , 111001

ERROR: Invoke(get) failed: 80020009argNum = 0

Description: The client cannot connect to the remote host specified in the request. Verify that the service on the remote host is running and is accepting requests. You may use the following command to analyze the state of the WinRM service and to configure the service, if necessary: "winrm quickconfig".

Error: Failed to get AMT_SetupAndConfigurationService instance

0 Kudos
idata
Employee
573 Views

Can you run MEinfowin and paste the results here? Also, please validate the following:

1) DHCP Option 15 matches the FQDN of the Active Directory domain that your ConfigMgr site server resides in

2) Use nslookup to verify the forward (A) and reverse (PTR) DNS records for the client and ConfigMgr site server (do this step from the site server)

3) Create a collection with your vPro system in it and enable Automatic Provisioning (right-click collection and choose Modify Collection Settings)

By the way, while you're troubleshooting an issue with AMT provisioning, you can do a couple of things to speed up the process:

1) Modify your sitectrl file to enable a higher provisioning attempt frequency (mine's set to 10 minutes right now)

2) Use the sendsched.vbs script to make a connection to WMI on the vPro client, and force-trigger an AMT provision attempt

3) Force a machine policy update from the ConfigMgr control panel applet (after you set the )

FYI, I've never really had a whole lot of success with the "Discover management controllers" task ... it never seems to work right, and I'm not sure what it is supposed to do. Rather, if I were you, I'd just go ahead and try to provision a device.

Hope this helps,

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
idata
Employee
573 Views

1. DHCP Option 15 matches

2. NSLookup verified records

3. Got the collection setup.

MEInfo

Intel(R) MEInfo Win Version: 2.5.0.1032

BIOS Version: A02

Intel(R) AMT code versions:

 

Flash: 5.0.1

 

Netstack: 5.0.1

 

Apps: 5.0.1

 

Intel(R) AMT: 5.0.1

 

Sku: 18440

 

VendorID: 8086

 

Build Number: 1111

 

Recovery Version: 5.0.1

 

Recovery Build Num: 1111

 

Legacy Mode: False

Link status: Link up

 

Cryptography fuse: Enabled

 

Flash protection: Enabled

 

Last reset reason: Power up

 

Setup and Configuration: In process

 

BIOS Mode: Post Boot

Error: The operation failed due to an internal error.

 

FWU Override Counter: Always

 

FWU Override Qualifier: Always

 

FW on Flash Desc Override: Disable

 

Kedron Driver Version: Not Available

 

Kedron HW Version: Not Available

 

UNS Version: 5.0.5.1102

 

LMS Version: 5.0.6.1102

 

HECI Version: 5.0.1.1055

1. I don't know how to modify the sitectrl file

2. where is the sendsched.vbs?

3. I can force Machine Policy Updates.

0 Kudos
idata
Employee
573 Views

Attached to this post are the scripts necessary to manually fire off a provisioning attempt. Simply run "AMT Policy Scheduler.bat" vProClient.vProdemo.com.

Here is more information about how to modify your sitectrl file.

http://social.technet.microsoft.com/forums/en-US/configmgrgeneral/thread/3f52755a-24a6-4d62-9fa4-db4c23a9a305/ http://social.technet.microsoft.com/forums/en-US/configmgrgeneral/thread/3f52755a-24a6-4d62-9fa4-db4c23a9a305/

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
idata
Employee
573 Views

Here's what I get on the client when running the script.

From the oobmgmt.log

Can not read last OTP from [Software\Microsoft\Sms\Mobile Client\OutOfBand Management\OneTimePassword], (0x80070002)

Can not set new OTP or load last OTP!

Failed to Call GenerateOTPPassword provider method, 80041001

0 Kudos
idata
Employee
573 Views

Have you ever logged into the MEBx on this system, and if so, did you change the password on the MEBx? I would recommend setting the MEBx back to factory defaults. The way I usually do this is to pull the power cord & the CMOS battery, and then give the BIOS a few seconds to reset.

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
Reply