Community
cancel
Showing results for 
Search instead for 
Did you mean: 
idata
Community Manager
1,401 Views

SCCM 2007 R2, AMT vPRO

Private certificate installed 2008 CA

Certs installed and OOB configured in SCCM

Windows 7 machine, HP DC7800

Exists in AD in Out of Band Management OU

Added Hash into BIOS, and set mebx password to match SCCM setup

Log from PC - oobmgmt.log

BEGIN oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)

 

Retrying to activate the device. oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)

 

Resending last OTP oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)

 

Upload provisioning data state message sent successfully. TopicType = STATE_TOPICTYPE_AMT_CLIENT_DATA_SYNCHRONIZE, OTPHash = 99C6D88E95C1ABCEA8EB593C6E633AA99CC404C1, RetryCount = 1 oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)

 

Successfully activated the device. oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)

 

Upload manufacturing data state message sent successfully. TopicType = STATE_TOPICTYPE_AMT_CLIENT_DATA_SYNCHRONIZE, Root Certificate Hash = BBB207F3734D31182FC72EA24E4675C31764D4F4, AMT Core Version = 3.0.1 oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)

 

END oobmgmt 2/06/2011 4:07:44 PM 3684 (0x0E64)

Log from server amtopmgr.log

RETRY(5) - Validate client certificate for AMT device TAC8205.site.tomago.com.au being generated. SMS_AMT_OPERATION_MANAGER 2/06/2011 4:21:51 PM 6288 (0x1890)

 

Error: Missed device certificate. To provision device with TLS server or Mutual authentication mode, device certficate is required. (MachineId = 4194) SMS_AMT_OPERATION_MANAGER 2/06/2011 4:21:51 PM 6288 (0x1890)

 

Error: Can't finish provision on AMT device TAC8205.site.tomago.com.au with configuration code (0)! SMS_AMT_OPERATION_MANAGER 2/06/2011 4:21:52 PM 6288 (0x1890)
0 Kudos
3 Replies
idata
Community Manager
37 Views

Which cert hash did you enter into the MEBx? The hash for the actual provisioning cert, or the hash for your root CA that issued the cert? In order for everything to work, you have to enter the has of the root CA.

-Dan

idata
Community Manager
37 Views

the CA Hash has been entered

we have the machines in AD

and they show provisioned in SCCM, but cannot connect to the management console

idata
Community Manager
37 Views

Have you tried power control operations?

Right click on a provisioned system, select "Out of Band Management" then "Power Control".

While the OOB Management Console uses Kerberos authentication, these power control commands use the digest user. If the power control commands work, that tells us that there's a problem with Kerberos authentication. If the power controls commands do not work, that's usually a sign that there's something wrong with the TLS cert assigned to AMT.

If the power control command does work, I recommend checking the AMT OU you are using in Active Directory to make sure that there are objects there for your provisioned systems.

-Dan

Reply