I have a bunch of AMT 2.2 devices (dc7700). Initially we used the USB key process to preload the PID/PPS pairs on all machines. With the new KB960804 patch I can use SCCM inband provisioning and it's been working well except in a few cases.
First some background. Since SCCM would not work with the different PID/PPS pairs, I'm first provisioning them to the Intel SCS server that has all of the PID/PPS pairs imported. Next, I do a full unprovision on the boxes and can then use SCCM to provision in-band. This works fine for all devices that show up in the SCS console as PSK.
The problem I have is that some devices were missed or have had the MB replaced and they are in PKI mode (I've verified the ME is still set to admin for the password). Of course these fail in the SCS console but I then detect the ME in SCCM and try to provision the client in SCCM. However, all of these boxes fail.
After reading the great PDF posted http://communities.intel.com/message/10377;jsessionid=AB8C15170242B24C5A1022280ADE1BA0 HERE on deploying vPro and SCCM I have a question about the 960804 patch. If you look, it specifically states that it replaces the 961328 fix. This dealt with 2.2/2.6 boxes not provisioning in PKI mode. However, in Appendix A of this same document there is a 959040 patch, which also deals with 2.2/2.6 devices in PKI mode. I don't see any reference to this in the 960804 patch. I also don't see it cross referenced in the 961328 patch. Looking at the file versions it appears that the version is older than the latest 960804 patch, but I'm curious if that same problem has been fixed in the lastest patch since there is no record of it. Since I'm having the same issue it makes me curious.
Micosoft KB 959040 was the original release of the AMT 2.2 / 2.6 remote configuration (PKI Configuration) hotfix that was released in early January. The file versions shown in KB 959040 are 4.0.6221.1130. In KB 960804, the same files that are updated in KB 959040 are at version 4.0.6221.1146. Because two different versions of these files cannot coexist, I would logically conclude that the newer file version (4.0.6221.1146) would include the same code updates as the earlier version (4.0.6221.1130).
Just FYI, about an hour ago, KB 960804 was installed on one of my ConfigMgr site servers, and I will be testing out PKI-provisioning of an AMT 2.6 device as soon as I get out of today's meetings. I will definitely be posting back my results.
Bottom-line: As long as you install KB 960804, you should be good to go.
Thanks for the followup Trevor. I would also hope that is the case that it was included and had they mentioned it I would not have asked. I may follow up with my MSFT TAM just to be safe.
That said, you may want to double check the status of your site after installing the 960804 patch. I'm running on 2008 x64 and had the following issue on 2 separate sites. Check your mpmsi.log file to verify after the site reset that the MP reinstalls correctly. On my first site this never happened, it tried every hour to reinstall, and I had to remove and readd the BITS role, reboot, for it to successfully reinstall. My second install the MP reinstall worked fine but I finally found out my MP was broken after client status updates were failing. Long story short I found the BITS security error by looking at the logs under c:\inetpub\logs\logfiles\w3svc1\
I hope your install worked well. By the way, you have some great posts out here. Thanks for helping out the community. I love your PS script. I have a bunch of AMT 2.5/2.6 devices that also appear to be missing their HASH values. . . not good.
FYI, the 959040 patch does appear to be included in the 960804 patch. Found it listed here:
http://communities.intel.com/docs/DOC-1247# Microsoft_SCCM_2007_SP1_hotfix_rollup_KB960804_includes_KB959040 http://communities.intel.com/docs/DOC-1247# Microsoft_SCCM_2007_SP1_hotfix_rollup_KB960804_includes_KB959040http://communities.intel.com/docs/DOC-1247# Microsoft_SCCM_unable_to_use_Intel_AMT_features_when_run_on_Microsoft_Vista_Operating_System http://communities.intel.com/docs/DOC-1247# Microsoft_SCCM_unable_to_use_Intel_AMT_features_when_run_on_Microsoft_Vista_Operating_System