Hey folks having trouble with remote provisioning and system discovery.
I have successfully setup a test domain environment with AMT before. I was able to run SystemDiscovery and remotely provision using the RCS with ACUConfig.exe.
But I setup a new enviornment recently (AD, CA, DHCP, DNS, SQL, and SCCM) and tried to do similar tests.
Now I can't even run SystemDiscovery from the ACU. It fails on the attempt to GetDnsLookupName. It says the FQDN could not be found and the a DNS could not be found. What would cause this?
I also have noticed that now the remote provisioning does not work unless I enable Network Access from the MEBx menu manually. Here it fails because the PKI cert can not be validated. I am assuming it means the provisioning cert which has a CN equal to the FQDN of the server running the RCS. I am guessing it can not trust the certificate because it is unable to find something about the domain environment but I can't be sure.
Can anyone help me out?
EDIT: I have log files from both the ACUConfig and the RCS server for SystemDiscovery, ConfigViaRCSOnly, and ConfigAmt. I didn't want to overwhelm anyone by posting them with the initial question but if they are needed let me know.
Also, I do have a provisioning certificate in the Personal Cert Store of the RCS Service Account and the Hash of the root cert that issued it is sitting in the AMT device
So I found out my problem with remote provisioning. There was actually 2 different problems that affected my 2 machines differently. Neither actually had to to with the PKI cert.
One solution was to add the DHCP Option 15 configuration to the global DHCP configuration and not only to the scope. Once I added it as a global config option the HP Z2 Mini (AMT version 12) was able to provision remotely.
But I still had a HP Z640 (AMT version 9) that would not provision. I found out that my issue was that I installed the SCS without enabling TLS 1.0 support. I knew that 1.0 had been depreciated and since I hadn't used an older AMT machine for testing before I had never needed the support. Reinstalled SCS today with the TLS 1.0 support and now the Z640 also can be provisioned remotely.
Was kind of tricky because the error messages did not really point to these solutions, but I finally found these to work. Just incase it helps anyone in the future.
However, I still can not run SystemDiscovery. (Even when already provisioned)
I still get the error about how the DNS name can not be found. I moved DHCP option 5 to the global settings as well but this did not help.
Any guidance would be greatly appreciated!
Any update on this?
All DNS operations work for remote provisioning just not for SystemDiscovery. Only reason I really need it is to be able to use the SCCM add on without the configuration failing. Currently I need to edit the task sequence scripts.