ok, installed it with option 2 as you mentionned as i have a provisioning cert already installed and working, all amt versions i have 3.2 and up are provisioned.

after installing ws-man translator, most of my clients with amt version 3.2 and lower come up as detected??

is there another log besides the oobmgmt log that i can check if so where is it?

one of the clients that are under 3.2 are HP dc7800 (amt version 3.0.1) the others are dc7700 (amt version 2.1.4)

also, should the ws-man translotator service be running all the time. after installing it was set to automatic...does it just start as needed?

here is the oob log on the dc7700 with a failed to call checkcertificate provider method message

<![LOG[BEGIN]LOG]!>

<![LOG[Retrying to activate the device.]LOG]!>

<![LOG[Raising event:

[SMS_CodePage(850), SMS_LocaleID(4105)]

instance of SMS_OOBMgmt_StartConfig_Failure

{

ClientID = "GUID:8A52E3D9-2301-404C-8BC4-492DE941E685";

DateTime = "20110503193555.299000+000";

ErrorCode = "1";

FailureCategory = "Failed to enumerate certificate hash, please check if the BIOS contains valid certificates.";

MachineName = "WLAB105094E";

ProcessID = 280;

SiteCode = "LAB";

ThreadID = 3052;

};

]LOG]!>

<![LOG[Successfully submitted event to the Status Agent.]LOG]!>

<![LOG<strong>[Failed to Call CheckCertificate provider method, 80041001]LOG]!>

<![LOG[END]LOG]!>

let me know

many thanks

Lets focus on your DC7700's first. They will need to have their firmware updated to AMT 2.2+ to support SCCM. You should be able to find the appropriate firmware package at HP's website.

As for your DC7800 running 3.0.1 I recomend updating to the latest firmware version available from HP as well. It resolves known compatability problems with AMT 3.x and SCCM.

The WS-MAN translator should always be running.

ok, i am starting to update the amt versions tonight...i have about 700 total of 7700 an 7800. This might take a few days as i am doing this in stages and next week I am on the operational queue and not on projects so if i don't reply for a week or so i will get back to you eventually

in the mean time i have 3 small questions

1. can you fully un-provision a pc and reset the mebx pwd remotely with vbs, powershell or something else?

2. do you have documentation on how the auto un-provision should work when a pc is removed from AD, sccm db...does the AD object get deleted..the web cert issued to that pc etc...?

3.When testing in the lab how can you force the provisioning process to start on a particular pc?

many thanks

Stéphane

Hi Dan, can you or someone else answer my 3 questions i posted a while back while i finish updating the amt version on all my 7700 and 7800?

thanks man

Stéphane

My apologies for the delay in getting back to you.

1. can you fully un-provision a pc and reset the mebx pwd remotely with vbs, powershell or something else?

The MEBx password can only be changed remotely when you are provisioning the system.

2. do you have documentation on how the auto un-provision should work when a pc is removed from AD, sccm db...does the AD object get deleted..the web cert issued to that pc etc...?

If a provisioned system's record is deleted from SCCM, it's AD object will remain in place. It should only be deleted if you unprovision the system from SCCM. If the system is deleted from SCCM, the remote admin password will be deleted with it, preventing SCCM from being able to remotely manage AMT. If this occurs you can use the /docs/DOC-1763 unprovision utilityalong with a Kerberos account to unprovision AMT remotely.

3.When testing in the lab how can you force the provisioning process to start on a particular pc?

Yes, you can use a WMI call to the SCCM agent to accelerate the process. Take a look at /community/openportit/vproexpert/microsoft-vpro/blog/2008/09/30/using-wmi-to-force-the-sccm-agent-to-check-for-its-amt-auto-provisioning-policy this blog entry for details.