- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Everyone,
I have configured SCCM to use WS-MAN to managed to provision three computers with version 3.0.1 on it however when I force a discovery I see the attached in the translator log.
The error that I am seeing is Discovery failed for https://FQDN:16993 https://FQDN:16993
In have attached the amtopmgr.log and the error that I'm thinking may help is ERROR: Invoke(get) failed: 80020009argNum = 0
I have goggled these errors but can't seem to find the answer I need, If anybody could point me in the right direction that would be great.
Regards,
Blair
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blair,
It's seen that vPro machine is not listening mode for 16993 port, and you can easily discover if it's the case:
- From SCCM server open a command prompt and type:
c:\>telnet 16993
If fail to connect you must check the following conditions:
- Windows firewall in vPro machine is enabled? if so, try disable just for this test;
- HECI driver and LMS is installed and correctly reporting?
If all these conditions are ok and still facing problem with 16993 connection, download the ZTCLocalAgent.exe from Intel http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments/runningthelocalagentsample1.htm AMT SDK and execute as administrator in vPro machine:
c:\>ZTCLocalAgent -discovery
if the "Setup and Configuration" status is "Not started", means that SCCM agent didn't trigger the activation process and you can force it running the command:
c:\>ZTCLocalAgent -activate
Best Regards!
--bruno
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Bruno,
Thanks for your help,
I have the following in the Device Manager under Ports
Intel® Active Management Technology – SOL (COM3)
I have the following services running
Intel(R) Active Management Technology Local Management Service
Intel(R) Active Management Technology System Status Service
Intel(R) Active Management Technology User Notification Service
I can telnet to the pc on port 16993
When I run the ZTCLocalAgent –discovery I get the following
Intel ZTCLocalAgent Version: 6.0.2.0
BIOS Version: 786F1 v01.04
Intel AMT code versions:
Flash: 3.0.1
Netstack: 3.0.1
AMTApps: 3.0.1
AMT: 3.0.1
Sku: 14
VendorID: 8086
Build Number: 1104
Recovery Version: 3.0.1
Recovery Build Num: 1104
Legacy Mode: False
Setup and Configuration:
In process
Found 4 certificate hashes in following Handles:
0,1,2,3,
Certificate hash entry:
Friendly Name = VeriSign Class 3 Primary CA-G1
Default = true
Active = true
Hash Algorithm = SHA1
Certificate Hash:
74 2C 31 92 E6
07 E4 24 EB 45
49 54 2B E1 BB
C5 3E 61 74 E2
Certificate hash entry:
Friendly Name = VeriSign Class 3 Primary CA-G3
Default = true
Active = true
Hash Algorithm = SHA1
Certificate Hash:
13 2D 0D 45 53
<strong style=...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Blair,
If you are able to connect remotely to 16993 port it means that nothing is blocking the communication, as showed in ZTClocalAgent. In this case the root cause looks to be in TLS layer, so some commons problems:
In case you are using PSK:
-Did you enter manualy/or by USB key the PSK into ME (i.e. PID 4444-4444 and PPS 0000-0000-0000-0000-0000-0000-0000-0000, as WS-Traslator suggest or any other that you configured)?
-Did you configure the new ME admin password in SCCM OOB console?
In case you are using PKI:
- Are you using option 6 and 15 in your DHCP?
- If you are using an internal certificate, did you include the hash of root CA in ME? do you have the correct OID or OU name?
- If you are using the external certificate, did you name correctly the OU=Intel(R) Client Setup Certificate?
Steve Rachui from Microsoft, wrote a http://blogs.msdn.com/b/steverac/archive/2009/05/18/tool-to-verify-amt-certificates.aspx script that can help you identify if there is issues with your certificate.
Just an overall recommendation: there are some improvents and bug fix since AMT versions 3.0 and upgrading the firmware to latest you can just disable/uninstall the WS-Traslator and simplicy the provisioning process.
Best Regards!
--Bruno Domingues
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Bruno,
Thanks for all your help.
It turns out it was just time. I thought I could force it to provision and I thought I did everything to force it using the sendsched.vbs command and the discover Management Controllers however it must still require some time.
Regards,
Blair
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page