Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2879 Discussions

unprovisionex.exe issue


SCCM 2007 SP2. We are using in-band provisioning for our out of band management. On the whole it seems to work fine, however, there are a significant number of machines (>100) where SCCM sees the clients as "Unknown". The oobmgmt.log files on these clients all show "!! Device is already provisioned".

These are machines which have been rebuilt (not renamed) without being unprovisioned first.

I booted into the Mbex bios (CTRL P). Unprovisioned a couple of the machines. SCCM then displayed these as "Not Provisioned". They then provisioned no problem.

Because there are over one hundred of these "Unknown" machines I would like to find a way to automate the unprovisioning in the Mbex bios so that it isn't necessary to visit all the machines with this issue.

Unprovisionex.exe Utility

Have been trying to use the unprovisionex.exe utility. Windows 7 32-bit, IE10. Have tried the following:

Unprovisionex.exe -hostname -tls -full

Unprovisionex.exe -hostname -tls -ignorecert -full

Unprovisionex.exe -hostname -user admin -pass password -full

But keep getting "And exception occurred while attempting to unprovision (FULL) the system. The request failed with HTTP status 401: Unauthorized.

Web Access

I have also tried to connect as follows:

This gets me to a login screen but I am then unable to logon. I have tried adding the registry key FEATURE_INCLUDE_PORT_IN_SPN_KB908209.

Any help would be greatly appreciated.


0 Kudos
3 Replies

Hi Finbar67,

It sounds like TLS is working fine, but Kerberos is broken for these machines. This means you will need to run UnprovisionEx.exe using digest credentials. The problem with that is SCCM randomizes the digest password for each computer it configures. Fortunately, there is a PowerShell script that was created by a community member that allows for the retrieval of these randomized passwords.

/message/160401# 160401 160401

Once you get the digest passwords for these systems, run UnprovisionEx.exe with the following switches: UnprovisionEx.exe -hostname -user admin -pass password -tls -full

After you get this resolved, I would suggest looking into moving away from configuring your vPro machines with SCCM 2007 and use Intel SCS instead. There are two main reasons for this, the first is that Intel SCS is a more robust configuration tool. The second reason is moving forward (AMT 9+) SCCM will no longer be able to configure new versions of vPro computers.

0 Kudos

Hey FinBarand Alan,

I have excectly the same problems with some of my desktops.

Problem is when the machine is stuck in deteced mode there is no digest password in WMI/SCCM present.

is there a way to flash the me bios with reset to factory default?

I tried updating the ME Bios but it keeps the settings (with is good off course)

i also really need a automated way to reset the ME bios or unprovision.

so hoop you figure it out FinBar.



0 Kudos


If you're unable to connect to these computers remotely because of a lack of working credentials. Then the only option available to reset AMT to factory default settings is to pull the computers CMOS battery.

0 Kudos