Community
cancel
Showing results for 
Search instead for 
Did you mean: 
BMull
Novice
1,332 Views

WS Translator to Provision AMT Systems Error in Translator log

Hi Everyone,

I have configured SCCM to use WS-MAN to managed to provision three computers with version 3.0.1 on it however when I force a discovery I see the attached in the translator log.

The error that I am seeing is Discovery failed for https://FQDN:16993 https://FQDN:16993

In have attached the amtopmgr.log and the error that I'm thinking may help is ERROR: Invoke(get) failed: 80020009argNum = 0

I have goggled these errors but can't seem to find the answer I need, If anybody could point me in the right direction that would be great.

Regards,

Blair

0 Kudos
4 Replies
Bruno_Domignues
Employee
100 Views

Blair,

It's seen that vPro machine is not listening mode for 16993 port, and you can easily discover if it's the case:

- From SCCM server open a command prompt and type:

c:\>telnet 16993

If fail to connect you must check the following conditions:

- Windows firewall in vPro machine is enabled? if so, try disable just for this test;

- HECI driver and LMS is installed and correctly reporting?

If all these conditions are ok and still facing problem with 16993 connection, download the ZTCLocalAgent.exe from Intel http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?tur... AMT SDK and execute as administrator in vPro machine:

c:\>ZTCLocalAgent -discovery

if the "Setup and Configuration" status is "Not started", means that SCCM agent didn't trigger the activation process and you can force it running the command:

c:\>ZTCLocalAgent -activate

Best Regards!

--bruno

BMull
Novice
100 Views

Hey Bruno,

Thanks for your help,

I have the following in the Device Manager under Ports

Intel® Active Management Technology – SOL (COM3)

I have the following services running

Intel(R) Active Management Technology Local Management Service

Intel(R) Active Management Technology System Status Service

Intel(R) Active Management Technology User Notification Service

I can telnet to the pc on port 16993

When I run the ZTCLocalAgent –discovery I get the following

Intel ZTCLocalAgent Version: 6.0.2.0

BIOS Version: 786F1 v01.04

Intel AMT code versions:

Flash: 3.0.1

Netstack: 3.0.1

AMTApps: 3.0.1

AMT: 3.0.1

Sku: 14

VendorID: 8086

Build Number: 1104

Recovery Version: 3.0.1

Recovery Build Num: 1104

Legacy Mode: False

Setup and Configuration:

In process

Found 4 certificate hashes in following Handles:

0,1,2,3,

Certificate hash entry:

Friendly Name = VeriSign Class 3 Primary CA-G1

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

74 2C 31 92 E6

07 E4 24 EB 45

49 54 2B E1 BB

C5 3E 61 74 E2

Certificate hash entry:

Friendly Name = VeriSign Class 3 Primary CA-G3

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

13 2D 0D 45 53

<strong style=...

Bruno_Domignues
Employee
100 Views

Hi Blair,

If you are able to connect remotely to 16993 port it means that nothing is blocking the communication, as showed in ZTClocalAgent. In this case the root cause looks to be in TLS layer, so some commons problems:

In case you are using PSK:

-Did you enter manualy/or by USB key the PSK into ME (i.e. PID 4444-4444 and PPS 0000-0000-0000-0000-0000-0000-0000-0000, as WS-Traslator suggest or any other that you configured)?

-Did you configure the new ME admin password in SCCM OOB console?

In case you are using PKI:

- Are you using option 6 and 15 in your DHCP?

- If you are using an internal certificate, did you include the hash of root CA in ME? do you have the correct OID or OU name?

- If you are using the external certificate, did you name correctly the OU=Intel(R) Client Setup Certificate?

Steve Rachui from Microsoft, wrote a http://blogs.msdn.com/b/steverac/archive/2009/05/18/tool-to-verify-amt-certificates.aspx script that can help you identify if there is issues with your certificate.

Just an overall recommendation: there are some improvents and bug fix since AMT versions 3.0 and upgrading the firmware to latest you can just disable/uninstall the WS-Traslator and simplicy the provisioning process.

Best Regards!

--Bruno Domingues

BMull
Novice
100 Views

Hey Bruno,

Thanks for all your help.

It turns out it was just time. I thought I could force it to provision and I thought I did everything to force it using the sendsched.vbs command and the discover Management Controllers however it must still require some time.

Regards,

Blair

Reply