I have somehow managed to install the HECI but the machines are not getting listed under Unprovisioned v-pro client collection in SCCM 2007. In the query of the statement we have kept the AMT status as 2. Please help

Could you share a copy of the query you are using to build your collection. There are a couple of ways to get the AMT status of clients. One is to look at the results from the port scans that SCCM does, the other is to pull it from the hardware inventory in SCCM. I'd like to see which method you are using.

-Dan

For the collection where i can see the machines as provisioned we are using below query: But there problem is we are only getting 25 client out of 3500 clients in this collection.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from sms_r_system where AMTStatus=3

We are getting 26 clients under the collection where AMTstatus = 2.

We queried the SQL database & found that there are 1800 clients with AMTStatus =0 & 2000 clients with AMTStatus=Null.

Please suggest

Give this query a try:

SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_AMT_AGENT on SMS_G_System_AMT_AGENT.ResourceID = SMS_R_System.ResourceId where SMS_G_System_AMT_AGENT.AMT >= "0" and (SMS_R_System.AMTStatus != "3" or SMS_R_System.AMTStatus is NULL)

It uses a different approach and looks at the client's hardware inventory for the AMT status. This method uses data from the AMT driver stack on the client that us pulled during the SCCM hardware inventory process.

I was able to provision the clients & the query provided was helpfull.

Can someone please guide me if i can take a remote of the provisioned machine for uninstalling the windows patches or remotely troubleshooting to see what screen user can see. I am able to see the bios screen using serial connection but not the one to remove the patches or GUI of Windows.

If there is any video that can guide please let me know

Serial Over LAN is text based which is why it works with the system BIOS. For OS based in band remote if your AMT clients are 6.x and newer you can use the KVM features. If your clients are older you will need some patch managment tool for OS based client managment. Here is a link to a video of the KVM feature: http://www.youtube.com/watch?v=Iix8vqabppw http://www.youtube.com/watch?v=Iix8vqabppw

Thanks,

Dan

I was able to provision around 700 clients out of 1400 clients in my environment, but i am facing issue with rest of the laptops. If i check the amtopmgmt.log on the system i see error messages as stated below: If i check the oobmgmt.log on the systems then i get the error messages as Failed to Call CheckCertificate provider method, 80041001 oobmgmt. I tried to run the discover management controllers & tried to activate the hello packet by using the command cscript sendsched.vbs {00000000-0000-0000-0000-000000000120} computer name but nothing seems to be working. Please suggest.

Fail to connect and get core version of machine AN00602038 using provisioned account (random generated password).

 

Error: Device internal error. This may be caused by: 1. Schannel hotfix applied that can send our root certificate in provisioning certificate chain. 2. incorrect network configuration(DHCP option 6 and 15 required for AMT firmware). 3. AMT firmware self signed certificate issue(date zero). 4. AMT firmware is not ready for PKI provisioning. Check network interface is opening and AMT is in PKI mode. 5. Service point is trying to establish connection with wireless IP address of AMT firmware but wireless management has NOT enabled yet. AMT firmware doesn't support provision through wireless connection. (MachineId = 55587)

Also i have read somewhere that on Lenovo laptops the AMT hello packets are not enabled by default. Is there any way that we can activate it remotely