OK so I have successfully provisioned a good ammount of computers using SCCM oob mgmt. Of these, there were several Optiplex 755 machines. After upgrading the BIOS on these machines and getting AMT firmware to 3.2.2, almost all of these 755's have provisioned just fine (no WSMAN translater... just normal routine through SCCM).

However, I have a handful of these machines that still will not provision and Im officially stuck. If I force the autoprovision the amtopmgr.log indicates:

Provision target is indicated with SMS resource id. (MachineId = 9009 xxx.xxx.com) SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Found valid basic machine property for machine id = 9009. SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

The provision mode for device xxx,xxx.com is 1. SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Check target machine (version 5.2.20) is a SCCM support version. (TRUE) SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

The IP addresses of the host xxx,xxx.com are 10.1.23.199. SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Found matched certificate hash in current memory of provisioning certificate SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Create provisionHelper with (Hash: 02A960090CA8022478BE4EF9018624BA5526C8CF) SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Try to use default factory account to connect target machine xxx,xxx.com ... SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:16 PM 1180 (0x049C)

 

Fail to connect and get core version of machine xxx,xxx.com using default factory account. SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:17 PM 1180 (0x049C)

 

Try to use provisioned account (random generated password) to connect target machine xxx,xxx.com... SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:17 PM 1180 (0x049C)

 

Fail to connect and get core version of machine xxx,xxx.com using provisioned account (random generated password). SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:18 PM 1180 (0x049C)

 

Error: Device internal error. This may be caused by: 1. Schannel hotfix applied that can send our root certificate in provisioning certificate chain. 2. incorrect network configuration(DHCP option 6 and 15 required for AMT firmware). 3. AMT firmware self signed certificate issue(date zero). 4. AMT firmware is not ready for PKI provisioning. Check network interface is opening and AMT is in PKI mode. 5. Service point is trying to establish connection with wireless IP address of AMT firmware but wireless management has NOT enabled yet. AMT firmware doesn't support provision through wireless connection. (MachineId = 9009) SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:18 PM 1180 (0x049C)

 

Error: Can NOT establish connection with target device. (MachineId = 9009) SMS_AMT_OPERATION_MANAGER 10/25/2010 12:00:18 PM 1180 (0x049C)

To troubleshoot, I have reset CMOS battery, and tried to reopen ports using activator. Nothing seems to work. Our cert is from godaddy and is working fine, as i can consistently provision all the new computers we bring online. I know that dhcp options are set properly because other machines at these sites provision fine. Connection is wired not wireless. Any idea where to go with this next?

Thanks in advance.