What would make SystemDiscovery fail to find FQDN?

Joe_Salzano · ‎02-01-2019

Hey folks having trouble with remote provisioning and system discovery.

I have successfully setup a test domain environment with AMT before. I was able to run SystemDiscovery and remotely provision using the RCS with ACUConfig.exe.

But I setup a new enviornment recently (AD, CA, DHCP, DNS, SQL, and SCCM) and tried to do similar tests.

Now I can't even run SystemDiscovery from the ACU. It fails on the attempt to GetDnsLookupName. It says the FQDN could not be found and the a DNS could not be found. What would cause this?

I also have noticed that now the remote provisioning does not work unless I enable Network Access from the MEBx menu manually. Here it fails because the PKI cert can not be validated. I am assuming it means the provisioning cert which has a CN equal to the FQDN of the server running the RCS. I am guessing it can not trust the certificate because it is unable to find something about the domain environment but I can't be sure.

Can anyone help me out?

EDIT: I have log files from both the ACUConfig and the RCS server for SystemDiscovery, ConfigViaRCSOnly, and ConfigAmt. I didn't want to overwhelm anyone by posting them with the initial question but if they are needed let me know.

Also, I do have a provisioning certificate in the Personal Cert Store of the RCS Service Account and the Hash of the root cert that issued it is sitting in the AMT device

Joe_Salzano · ‎02-05-2019

So I found out my problem with remote provisioning. There was actually 2 different problems that affected my 2 machines differently. Neither actually had to to with the PKI cert.

One solution was to add the DHCP Option 15 configuration to the global DHCP configuration and not only to the scope. Once I added it as a global config option the HP Z2 Mini (AMT version 12) was able to provision remotely.

But I still had a HP Z640 (AMT version 9) that would not provision. I found out that my issue was that I installed the SCS without enabling TLS 1.0 support. I knew that 1.0 had been depreciated and since I hadn't used an older AMT machine for testing before I had never needed the support. Reinstalled SCS today with the TLS 1.0 support and now the Z640 also can be provisioned remotely.

Was kind of tricky because the error messages did not really point to these solutions, but I finally found these to work. Just incase it helps anyone in the future.

However, I still can not run SystemDiscovery. (Even when already provisioned)

I still get the error about how the DNS name can not be found. I moved DHCP option 5 to the global settings as well but this did not help.

Any guidance would be greatly appreciated!

Emeth_O_Intel · ‎02-06-2019

Hello JSalz, Thank you so much for the information provided. Let us double check this information form our end in order to figure out the root cause of the issue. As soon as possible I will get back to you with the next step. Best regards, Emeth O. Intel Customer Support Technician. Under Contract to Intel Corporation.

Joe_Salzano · ‎02-11-2019

Any update on this?

All DNS operations work for remote provisioning just not for SystemDiscovery. Only reason I really need it is to be able to use the SCCM add on without the configuration failing. Currently I need to edit the task sequence scripts.

MichaelA_Intel · ‎02-11-2019

Hi Joseph, Your case has been escalated to me and am looking through it. Will contact you momentarily. Regards, Michael

MichaelA_Intel · ‎02-11-2019

Joseph, Can you attach the RCSLog.log file showing failures of the system discovery? Regards, Michael

Joe_Salzano · ‎02-11-2019

There isn't anything in the RCSLog.log file for anything related to system discovery.

However I do have the verbose output from the ACU. I attached that.

MichaelA_Intel · ‎02-11-2019

Joseph, do you have availability to meet this afternoon? I'm open and can set up a webex meeting for a troubleshooting session for the time you are available. Regards, Michael