SCCM 2007 SP2. We are using in-band provisioning for our out of band management. On the whole it seems to work fine, however, there are a significant number of machines (>100) where SCCM sees the clients as "Unknown". The oobmgmt.log files on these clients all show "!! Device is already provisioned".
These are machines which have been rebuilt (not renamed) without being unprovisioned first.
I booted into the Mbex bios (CTRL P). Unprovisioned a couple of the machines. SCCM then displayed these as "Not Provisioned". They then provisioned no problem.
Because there are over one hundred of these "Unknown" machines I would like to find a way to automate the unprovisioning in the Mbex bios so that it isn't necessary to visit all the machines with this issue.
Have been trying to use the unprovisionex.exe utility. Windows 7 32-bit, IE10. Have tried the following:
Unprovisionex.exe -hostname hostname.domain.com -tls -full
Unprovisionex.exe -hostname hostname.domain.com -tls -ignorecert -full
Unprovisionex.exe -hostname hostname.domain.com -user admin -pass password -full
But keep getting "And exception occurred while attempting to unprovision (FULL) the system. The request failed with HTTP status 401: Unauthorized.
I have also tried to connect as follows:
This gets me to a login screen but I am then unable to logon. I have tried adding the registry key FEATURE_INCLUDE_PORT_IN_SPN_KB908209.
Any help would be greatly appreciated.
It sounds like TLS is working fine, but Kerberos is broken for these machines. This means you will need to run UnprovisionEx.exe using digest credentials. The problem with that is SCCM randomizes the digest password for each computer it configures. Fortunately, there is a PowerShell script that was created by a community member that allows for the retrieval of these randomized passwords.
/message/160401# 160401 https://communities.intel.com/message/160401# 160401
Once you get the digest passwords for these systems, run UnprovisionEx.exe with the following switches: UnprovisionEx.exe -hostname hostname.domain.com -user admin -pass password -tls -full
After you get this resolved, I would suggest looking into moving away from configuring your vPro machines with SCCM 2007 and use Intel SCS instead. There are two main reasons for this, the first is that Intel SCS is a more robust configuration tool. The second reason is moving forward (AMT 9+) SCCM will no longer be able to configure new versions of vPro computers.
Hey FinBarand Alan,
I have excectly the same problems with some of my desktops.
Problem is when the machine is stuck in deteced mode there is no digest password in WMI/SCCM present.
is there a way to flash the me bios with reset to factory default?
I tried updating the ME Bios but it keeps the settings (with is good off course)
i also really need a automated way to reset the ME bios or unprovision.
so hoop you figure it out FinBar.
If you're unable to connect to these computers remotely because of a lack of working credentials. Then the only option available to reset AMT to factory default settings is to pull the computers CMOS battery.