Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

Problems with the provisioning of SCCM SP1

idata
Employee
‎02-01-2010 01:28 AM
2,224 Views

Hello, I will tell my case to see if anyone can help me. I have a fairly old domain (eg. contoso) with level

 

Windows 2003 functional, I have all the servers and computers. We want to add the vPro functionality, We have

 

installed SCCM 2007 SP1 for to do it.

 

It creates another additional domain in a forest (eg. corporate.com) and implemented a CA on a Windows Server 2008 R2

 

It adds a bilateral trust relationship between the two forests. I get that certificate templates

 

(AMT AMT Provisioning and Web server) are seen by SCCM. The certificate provisioning is created by me and I

 

Hash added in the BIOS of computers. Start to make the discovery and the SCCM log I can see that

 

is the computer, attempt to provision equipment manual by UUID. SCCM is marked as

 

"Detected", and after a few minutes appears as "Not Provision" and though it has added the OU from the Active

 

Directory, the team did not finish supplies. In the log I see the following:

UUID : 4C4C4544-0038-4E10-8050-B4C04F38344A SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2484 (0x09B4)

 

Found matched hash from hello message with current provision certificate. (Hash: 047D872D50E8F7ECA3BF35B434F392DB847AE4C6) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2484 (0x09B4)

 

Generate bare metal provision task for AMT device 4C4C4544-0038-4E10-8050-B4C04F38344A. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2484 (0x09B4)

 

Waiting for incoming hello message from AMT devices... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2484 (0x09B4)

 

AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

Incoming instruction file D:\Microsoft Configuration Manager\inboxes\amtopmgr.box\prov\{72822B84-BB02-41DC-9744-9B3FC259E5F7}.PRV to Provision Worker. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

Found one 'Bare-Metal Provision' task with type 'Machine Resource' and target ID '45' and IP address '3232236065'. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

Target machine 45 is a AMT capable machine. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

Succeed to add new task to pending list. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

AMT Provision Worker: Parsed 1 instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

AMT Provision Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

AMT Provision Worker: Send task carlos22.fremapint to completion port SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

Auto-worker Thread Pool: Current size of the thread pool is 2 SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

AMT Provision Worker: 1 task(s) are sent to the task pool successfully. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

Auto-worker Thread Pool: Work thread 3812 started SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

>>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)<p> Provision target is indicated with SMS resource id. (MachineId = 45 192.168.2.33) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=FSCCM01 SITE=F00 PID=3164 TID=2264 GMTDATE=jue ene 28 16:49:32.761 2010 ISTR0="1" ISTR1="0" ISTR2="0" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)

 

Start to send a basic machine property creation request to FDM. (MachineId = 45) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Fill Machine Property' SID=1 MUF=0 PCNT=5, P1='carlos22' P2='891300000D71B2B67AD85767A3F0CB9209BD9DD9EC31BE303A16FFF3C0F8728C01C54A449A051758CB080860140000004200000048000000036600000000000038C068D70BAB45CEC58931AAA4FB70E6D9E82AA9F1CB269C403B3430032B1E1179D5C4379D20A0662665AC3288C94B253A98DBC7EEF16B850E0301100FCD4576399B14BB9D10B5020043' P3='carlos22.contoso' P4='admin' P5='047D872D50E8F7ECA3BF35B434F392DB847AE4C6' SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

CStateMsgReporter::DeliverMessages - Created state message file: D:\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\xzcwj6k1.SMX SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

The provision mode for device 192.168.2.33 is 1. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

Found matched certificate hash in current memory of provisioning certificate SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

Create provisionHelper with (Hash: 11E83BCCB1937EB38D8F29A78D5110F16D2C1133) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

Try to use provisioning account to connect target machine 192.168.2.33... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)

 

Succeed to connect target machine 192.168.2.33 and core version with 5.0.3 using provisioning account # 0. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:36 3812 (0x0EE4)

 

GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

Get device provisioning state is In Provisioning SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

Machine 192.168.2.33 will be added and published to AD and OU is denied:ldap://OU=Out LDAP://OU=Out of Band Management Controllers,DC=contoso. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

Send request to AMT proxy component to add machine 192.168.2.33 to AD. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

Successfully created instruction file for AMT proxy task: D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

Processing provision on AMT device 192.168.2.33... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

Send request to AMT proxy component to generate client certificate. (MachineId = 45) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

Successfully created instruction file for AMT proxy task: D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

Wait 20 seconds to find client certificate for AMT device 192.168.2.33 being generated again... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)

 

AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:40 3156 (0x0C54)

 

AMT Discovery Worker: ...
0 Kudos

Link Copied

4 Replies
Matthew_R_Intel
Employee
‎02-02-2010 11:25 AM
628 Views

This problem is usually caused by the SCCM Server AD Object not having proper permissions (Read, Enroll, and Autoenroll) on the AMT Web Server Certificate Template on your CA. Configuration Details found here: http://technet.microsoft.com/en-us/library/cc161804.aspx# BKMK_AMTwebserver http://technet.microsoft.com/en-us/library/cc161804.aspx# BKMK_AMTwebserver

You can also find more details on what is causing the Certificate Request failure in the AMTOPMGR.log on the SCCM Site Server.

--Matt Royer

Copy link
idata
Employee
‎02-03-2010 01:34 AM
628 Views
In response to Matthew_R_Intel

Thanks Royer, but permits are well allocated. And amtopmgr.log is what previously sent and I see nothing unusual, except the last message "Error: Missed device certificate. To provision or device with Mutual TLS server authentication mode, device certficate is required. (Machine = 45) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:51:19 3812 (0x0EE4).

 

It is possible to provision between two forests with a trust relationship?

With the CA in the same forest as the provisioning server is working correctly

Thanks

In response to Matthew_R_Intel
0 Kudos
Copy link
Matthew_R_Intel
Employee
‎02-03-2010 09:38 AM
628 Views
In response to idata

Sorry... I meant to specify the \Logs\Amtproxymgr.log (not the AMTOpMgr.log). Actions around AD and CA request are tracked in more detail in the Amtproxymgr.log

It could be a trust issue since the server AD Object (machine object) that SCCM Site Server in running on is what is used to authenticate with the CA. Take a look in the Amtproxymgr.log to see if you can get a more specific error.

--Matt Royer

In response to idata
0 Kudos
Copy link
idata
Employee
‎02-04-2010 01:41 AM
628 Views
In response to idata

Ok, thanks. I thought it would not mistakes, but I've seen these:

"Found instruction file: D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\{5E3CE2A1-31F1-475F-951E-0F23D8AB1D1D}.apx SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28) 

Processing Instruction: ADT CREATE;carlos22.contoso;OU=Out of Band Management Controllers,DC=contoso;4C4C4544-0038-4E10-8050-B4C04F38344A;5.0.3;89130000AF69DD6A9D872A77C715B77515970195E6B4FEE28C14FC3A0802D7EB3A41B7ABB284C07F3E1CC3DF1400000042000000480000000366000000000000F34A991B166FBBC63D89DCA65B6A213D194C2BF8AE3D09AC79808B65C779D1B9204E376448D48A1B4E2F956134674A8E07390FE874E9C1AE65D127030B2F07F4F0A0984FE7EE59CB0044 SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

AD Task - DoExecute. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

AD Task - Create Action Start. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Finished Executing Instruction: ADT CREATE;carlos22.contoso;OU=Out of Band Management Controllers,DC=contoso;4C4C4544-0038-4E10-8050-B4C04F38344A;5.0.3;89130000AF69DD6A9D872A77C715B77515970195E6B4FEE28C14FC3A0802D7EB3A41B7ABB284C07F3E1CC3DF1400000042000000480000000366000000000000F34A991B166FBBC63D89DCA65B6A213D194C2BF8AE3D09AC79808B65C779D1B9204E376448D48A1B4E2F956134674A8E07390FE874E9C1AE65D127030B2F07F4F0A0984FE7EE59CB0044 SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Inboxes for AMT Role... SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Discovery Inbox... SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Inbox for D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\disc.box -> D:\Microsoft Configuration Manager\inboxes\amtopmgr.box\disc SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Beginning enumeration of D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\disc.box SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Discovery Inbox...Done SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Operation Manager Inbox... SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Inbox for D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\om.box -> D:\Microsoft Configuration Manager\inboxes\amtopmgr.box\om SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Beginning enumeration of D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\om.box SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Operation Manager Inbox...Done SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Wake On Lan Inbox... SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Inbox for D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\wol.box -> D:\Microsoft Configuration Manager\inboxes\amtopmgr.box\wkp SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Beginning enumeration of D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\wol.box SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Wake On Lan Inbox...Done SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Provision Inbox... SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Inbox for D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\prov.box -> D:\Microsoft Configuration Manager\inboxes\amtopmgr.box\prov SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Beginning enumeration of D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\prov.box SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Provision Inbox...Done SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Maintenance Inbox... SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Inbox for D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\mtn.box -> D:\Microsoft Configuration Manager\inboxes\amtopmgr.box\mtn SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Beginning enumeration of D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\mtn.box SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Maintenance Inbox...Done SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Found instruction file: D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box\{B01E43DD-59FB-4B97-BD49-7591E8F0EFCF}.apx SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Processing Instruction: RCT 1;1;54;5.0.3;carlos22.contoso;SMS_AMT_OPERATION_MANAGER_PROV; SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Request certificate task begin to read Site Control File. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Changes to the site control file settings detected. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Request certificate task success to read parameters from Site Control File. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Request certificate task success to connect to the SQL database. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

ERROR: CertCreateCertificateContext failed: 0x80093102, msg=ASN1 unexpected end of data. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28)

 

Error: CTaskRequestClientCert::RevokeExistedCertificate failed to get serial number from the certificate binary. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28) Request certificate task disConnected to the SQL database. SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:34 3624 (0x0E28) ERROR: ICertRequest2->Submit failed: 0x800706ba SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:36 3624 (0x0E28) INFO: Enter process request 3 SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:36 3624 (0x0E28) INFO: Delete Request SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:36 3624 (0x0E28) INFO: Request to delete not found SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:36 3624 (0x0E28) Failed to run instruction: RCT 1;1;54;5.0.3;carlos22.contoso;SMS_AMT_OPERATION_MANAGER_PROV; SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:36 3624 (0x0E28) Finished Executing Instruction: RCT 1;1;54;5.0.3;carlos22.contoso;SMS_AMT_OPERATION_MANAGER_PROV; SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:36 3624 (0x0E28) Processing Inboxes for AMT Role... SMS_AMT_PROXY_COMPONENT 03/02/2010 18:43:36 3624 (0x0E28) Process...
In response to idata
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.