- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Private certificate installed 2008 CA
Certs installed and OOB configured in SCCM
Windows 7 machine, HP DC7800
Exists in AD in Out of Band Management OU
Added Hash into BIOS, and set mebx password to match SCCM setup
Log from PC - oobmgmt.log
BEGIN oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)
Retrying to activate the device. oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)
Resending last OTP oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)
Upload provisioning data state message sent successfully. TopicType = STATE_TOPICTYPE_AMT_CLIENT_DATA_SYNCHRONIZE, OTPHash = 99C6D88E95C1ABCEA8EB593C6E633AA99CC404C1, RetryCount = 1 oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)
Successfully activated the device. oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)
Upload manufacturing data state message sent successfully. TopicType = STATE_TOPICTYPE_AMT_CLIENT_DATA_SYNCHRONIZE, Root Certificate Hash = BBB207F3734D31182FC72EA24E4675C31764D4F4, AMT Core Version = 3.0.1 oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)
END oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)
Log from server amtopmgr.log
RETRY(5) - Validate client certificate for AMT device TAC8205.site.tomago.com.au being generated. SMS_AMT_OPERATION_MANAGER 2/06/2011 4:21:51 PM 6288 (0x1890)
Error: Missed device certificate. To provision device with TLS server or Mutual authentication mode, device certficate is required. (MachineId = 4194) SMS_AMT_OPERATION_MANAGER 2/06/2011 4:21:51 PM 6288 (0x1890)
Error: Can't finish provision on AMT device TAC8205.site.tomago.com.au with configuration code (0)! SMS_AMT_OPERATION_MANAGER 2/06/2011 4:21:52 PM 6288 (0x1890)
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which cert hash did you enter into the MEBx? The hash for the actual provisioning cert, or the hash for your root CA that issued the cert? In order for everything to work, you have to enter the has of the root CA.
-Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the CA Hash has been entered
we have the machines in AD
and they show provisioned in SCCM, but cannot connect to the management console
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried power control operations?
Right click on a provisioned system, select "Out of Band Management" then "Power Control".
While the OOB Management Console uses Kerberos authentication, these power control commands use the digest user. If the power control commands work, that tells us that there's a problem with Kerberos authentication. If the power controls commands do not work, that's usually a sign that there's something wrong with the TLS cert assigned to AMT.
If the power control command does work, I recommend checking the AMT OU you are using in Active Directory to make sure that there are objects there for your provisioned systems.
-Dan
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page