- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have been working on this for two weeks now, with some progress. I would really appreciate any suggestions.
Overview of setup:
SCCM 2012 R2 w/
Intel SCS 10.0.11.35 integrated
Intel SCS_SCCMAddon 2.1.6.3
and Intel vPro SCCM add on -v2
I setup the SCS integration using the following documentation:
https://sccmguru.wordpress.com/2013/12/20/integrating-configuration-manager-2012-r2-with-intel-scs-9-0-part-1/ Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 1 : Introduction | SCCM GURU
PKI Hierarchy
I have setup a Two-Tier PKI Hierarchy using the following documentation:
https://technet.microsoft.com/library/hh831348.aspx Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy
At this point, I am able to run the following 3 task sequences:
Intel SCS: Platform Discovery
Intel AMT: Discovery
Intel AMT: Configuration
Once this is complete, I see
AMT Status: Externally Provisioned &
AMT Version: 10.0.33
I am able to utilize the "power control" under Manage out of band.
I am unable to:
Use the Out of Band Management Console
Connect to the webui using https://fqdn:16993/ https://fqdn:16993
Use KVMView
To elaborate
Use the Out of Band Management Console
When I attempt to connect I see "System: Connecting" and then it changes to "System: Disconnected"
Under the AdminUILog I see the following:
[15, PID:20500][03/19/2015 14:02:17] :GetAMTPowerState fail with result:0x80072F8F
[12, PID:20500][03/19/2015 14:02:26] :GetAMTPowerState fail with result:0x80072F8F
[14, PID:20500][03/19/2015 14:02:36] :GetAMTPowerState fail with result:0x80072F8F
[15, PID:20500][03/19/2015 14:02:36] :OOBPrepareNormalBootOption: BypassPassword:False, LockKeyboard:False, EnableSOL:False. fail with result:0x80072F8F
[1, PID:20500][03/19/2015 14:02:37] :Microsoft.ConfigurationManagement.ManagementProvider.SmsException\r\nSystem error.\r\n at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtWSMan.CheckResult(Int32 result)
at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtWSMan.PrepareNormalBootOption(Boolean enableBypassPassword, Boolean enableLockKeyboard, Boolean enableSOL)
at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtDevice.CleanUpAmtSettings(Object sender, DoWorkEventArgs e)
at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)\r\nNo details are available for this error.\r\n
Connect to the webui using https://fqdn:16993/ https://fqdn:16993
I reach the webpage I can see my rootca has identified the webpage as the fqdn of the computer / amt device
However, when I attempt to login with my AD credentials, it fails repeatedly.
I have completed the registry fix for IE
Use KVMView
Initializing Viewer...
Using TLS security
Connecting to: fqdn
Using Kerberos authentication
AMT version is 10.0.33
Enabling KVM service access point
Applying KVM settings
The sender was not authorized to access the resource.
Intel.Management.Wsman.WsmanFault
Connecting to: fqdn
Using Proxy 127.0.0.1:57705
Disconnected
A few things I have noted:
1. I was only able to complete the 3 task sequences when I disabled CRL checking. However, when I check the CRL Distribution Point of the certificate, and plug in the URL, the .crl file opens right up. If I have CRL checking enabled, I receive the following error in the amtopmgr.log:
ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)
Description: A security error occurred SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)
Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)
DoWSManDiscovery failed with user name: admin. SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)
2. Although all 3 task sequences have completed, if I login to the MEBx in the bios
A. The admin password has NOT been set (although defined in my profile)
B. The current provisioning Mode says PKI, Provisioning Record says "Provision Record is not present"
C. I have pulled the cmos battery, reimaged the machine, & provisioned the computer dozens of times (after every change I made to ensure nothing was left behind)
D. I can see my CA issue a certificate each time I run the Intel AMT: Configuration task sequence
Thank you for any help you can provide,
Jay
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jay,
Sounds like you've made some good progress and you have provisioned Intel AMT systems using SCS and remote configuration using certificates!
However integrating AMT into an SCCM environment does require some additional steps related to setting up Kerberos, certificates and ACL's correctly so please contact the Intel® Business Support portal (https://bizsupport.intel.com/ https://bizsupport.intel.com/) and register. You can then log a ticket and get access to Intel vPro experts who can get you up and running.
Regards
- Martin.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page