Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Problems provisioning clients after update to SCS 12.1.0

TKrem1
New Contributor I
866 Views

Hello, everybody,

 

we have recently updated our Out of Band server to Intel SCS 12.1.0.

So far we have configured clients with the command line:

 

acuconfig.exe /LowSecurity /output file configAMT.log /Verbose ConfigViaRCSOnly Server.FQDN Provisioning 

 

without any problems.

 

As certificate we use a Verisign Sha1 private certificate, whose thumbprint can be found in the ME.

 

Since the update, older and also new computers can no longer be provisioned. The error message appears:

 

0xc000521f: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable. Valid certificate for PKI configuration not found. 

 

The certificate has been entered under the used service account via RCSUtil.exe again after the update.

Neither the infrastructure, nor the name of the server or similar has changed.

 

Computers that have already been provisioned run against the server without any problems when they are reconfigured and do not report an error. It only happens with new provisioning attempts.

 

Can anyone give me a hint how I can solve this problem?

 

0 Kudos
3 Replies
Emeth_O_Intel
Moderator
624 Views

Hello TKrem1,

 

Thank you for contacting Intel AMT Community Support.

 

I was reviewing the information provided and It looks like that provision certificate that you are using is not been seen or there is an error, please try the following steps:

 

  1. As far you are using a user domain account, you must log-in in RCS using this same account and add the provisioning certificate in User Context, i.e. MMC -> Certificates -> User.
  2. Also, double-check OU and/or OID is present in the certificate, because OU, for instance, it may be supplied in the request instead of template.

 

As an addition, I would like to ask you the following:

 

  1. Are you using a specific TLS Version?
  2. Which version were running on your system before the update to 12.1.0?
  3. Which version is running on the computers?

 

Please provide us the RCS Log from the RCS Server in order to take a look at the logs and figure out the root cause of the issue.

 

I will be waiting for your outcome in order to proceed with the next step.

 

Best regards,

 

Emeth O.

Intel® Server Specialist 

A Contingent Worker at Intel.

 

0 Kudos
TKrem1
New Contributor I
624 Views

Hello Emeth,

 

I already installed the certificate under the Account we use to run the RCS Service. 

 

I double checked the installation., the certificate is installed in the personal store.

 

The OU is:

OU = Intel(R) Client Setup Certificate

The Certificate has the following OIDs:

 

Server Authentication (1.3.6.1.5.5.7.3.1)

Client Authentication (1.3.6.1.5.5.7.3.2)

 

We are using the standart TLS settings no special Versions here.

Before the update we had RCS Version 11.0.1 i think. 

We waited some time with the update because we had clients without the proper firmware update.

 

We have computers with different Intel AMT versions. 

The error occured with a 11.8.50 and a 9.1.37 and a 11.0.0.

 

I copied the RCS log. The error is logged beginning at 2020-01-28 12:34:39.

If you need more information, please let me know.

0 Kudos
Emeth_O_Intel
Moderator
624 Views

Hello TKrem1,

 

Thank you so much for the information provided.

 

Let me check the log provided and as soon as possible I will be contacting you back in order to proceed with the next step.

 

Best regards,

 

Emeth O.

Intel® Server Specialist 

A Contingent Worker at Intel.

 

0 Kudos
Reply