Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Microsoft Manageability > Blog > Tags > matt_royer
Up to Blog Posts in Microsoft Manageability
1 2 3 Previous Next

Microsoft Manageability

41 Posts tagged with the matt_royer tag
Matt Royer
0

 

Version 3.3 of the Intel Client Manageability Add-on has been released to bring more vPro manageability features to SMS. The following new features have been added:

 

  • Scheduled power command operations on collections. (Note that scheduled power commands are not executed on subcollections.)

  • Graceful shutdown (attempting to shut down a platform via its operating system) for Power Down operations on collections

  • Changes in the way the Add-on interprets and applies IP site boundaries within SMS, including an optional registry switch. If the switch is set, if the platform's subnet does not appear in the SMS properties for the platform, the platform will be considered as being in the site boundaries. Note: There is no change in the way the Add-on interprets and applies Active Directory site boundaries.

 

Intel Client Manageability Add-on version 3.3 can be downloaded from the following location: http://downloadcenter.intel.com/Filter_Results.aspx?strOSs=All&strTypes=All&ProductID=2609&lang=eng&OSFullName=All%20Operating%20Systems :

 

 

 

 

 

--Matt Royer

0 Comments Permalink Tags: sms, addon, vpro, amt, matt_royer
Matt Royer
2

One of the advantages that is brought with SCCM SP1 having integrated support with vPro is the ability to leverage vPro Power On command with Advertisements. What this allows you to do is power up a vPro client that is currently turned off and executive a desired task sequence or software distribution package. So in a scenario where you want to patch your clients at 2:00 am in the morning, you can leveraging vPro and SCCM SP1 to wake your clients up, patch them, and shutdown them back down. This gives you the option of shutting down your vPro clients (to save power) without sacrificing ideal patching / software upgrade times at night (which may be less impactful to your end users) and then gracefully shut them back down again when the patching is complete.

 

 

 

 

In a limited fashion, Wake On LAN (WOL) has given us this option in the past. However unlike WOL, Intel vPro Technology allows you to securely and reliability power up a client without the challenges and potential security issues that comes with the transitional WOL Magic Packet. The following abstract has a pretty good explanation of the differences between WOL and vPro Power On.

 

 

 

 

 

 

To configure SCCM SP1 to use the vPro Power Up commands, you will need to drill down to "Site Database" -> "Site Management" and select properties from the right click menu on your site server. Once the "Site Properties" window appears, click on the Wake On LAN Tab. After ensuring that the "Enable Wake On LAN for this site" is Checked, you will notice three additional configurable options:

 

  • Use power on commands if the computer supports this technology; otherwise, use wake-up packets

  • Use power on commands only

  • Use wake-up packets only

 

 

 

 

 

The reference to "use power on commands" is Microsoft's definition of leveraging vPro Power Management. So to use vPro Power Management for client power on during an advertisements, you will need to ensure that either "Use power on commands if the computer supports this technology; otherwise, use wake-up packets" or "Use power on commands only" is selected. Since you are likely to have a mix of vPro and non-vPro clients in your environment, it is recommended that you use the "Use power on commands if the computer supports this technology; otherwise, use wake-up packets" option.

 

 

 

 

 

 

To allow for easy use of both vPro Power Control and WOL within SCCM SP1, Microsoft decided to bundle both options under "Wake on LAN". So when you are leverage vPro Power Up control on Advertisement, you just need to specify use to Wake on LAN (WOL) and depending on the configuration in the "Site Properties: Wake On LAN Tab" it will use vPro Power or the traditional Legacy WOL packet.

 

 

 

 

 

 

To create an advisement that leverages vPro Power up command...

 

  1. Right Click on the Collection you want the advertisement for and select "Advertise Task Sequence".

  2. When the "New Advertisement Wizard" window appears, enter in the Name of the Advertisement and a comment.

  3. Select the desired "Task Sequence" you have created (To create a Task Sequence, please reference the following article: http://technet.microsoft.com/en-us/library/bb693631.aspx). Click "Next" to Proceed.

  4. On the Schedule Screen, specify your Advertisement Start & Expires (if required) dates.

  5. To allow the "Enable Wake on LAN" option to be selected, you must first specify a "Mandatory Assignments". Click the new icon and define a schedule or immediate action and click "OK".

  6. Once the "Mandatory Assignments" has been defined, check the "Enable Wake on LAN". Select other option and priority as necessary and click "Next".

  7. Select the desired "Distribution Points" options and click "Next".

  8. Select the desired "Interaction" options and click "Next".

  9. Select the desired "Security" options and click "Next".

  10. When the "Summary" Appears, confirm and click "Next".

 

 

 

The advertisement with vPro Power Up control has now been configured. Based on the Mandatory Assignments specified, you should see the vPro Client power on and execute the task sequence. For more details on how to create Advertisements within SCCM SP1, please visit Microsoft Web site.

 

 

 

 

 

--Matt Royer

 

 

2 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro, wol, matt_royer
Matt Royer
2

Some enterprises may find that they want to take advantage of both Microsoft System Center Configuration Manager 2007 (SP1) and System Center Operation Manager 2007 in their environment. Each independently have the ability to provision and manage vPro clients (natively from SCCM and through the Intel SCOM MP for SCOM), but is there a way so that both can manage the same vPro clients? YES, there is!

 

 

 

 

 

The way it works is that SCCM owns the provisioning (setting up certification, ACL, base configuration) and then both SCCM and SCOM w/ Intel SCOM MP can invoke vPro Use Cases. To get SCCM and SCOM w/ Intel AMT Management Pack to work together with vPro, here are the high level steps:

 

 

  1. If you have not already installed Microsoft SCCM SP1, Microsoft SCOM 2007, and the Intel SCOM MP, following the standard install documentation.

  2. Create a domain account that the Intel SCOM MP Service will run under. Once created, ensure you set the Log-in Account for the Intel SCOM MP Service to run under that account.

  3. Within SCCM under the Component Configuration -> AMT Settings -> AMT User Account Setting, add the domain account you created to run the Intel SCOM MP service under. Ensure you give that account sufficient access to perform the desired vPro function.

  4. Within SCOM Intel Management Pack, navigate to the "Intel AMT Management Pack Settings". Under Security Settings, set Kerberos to be used and check the "TLS Enable" check box. Under the CA Certificate, ensure to specify the file location of an export of the Root CA cert (This should be the same CA that SCCM is using to issue AMT client certificates). Once complete, make sure you restart the Intel SCOM MP Service.

  5. Now that base configuration is done, provision your vPro Client normally through SCCM. If you have already provisioned the vPro Client, ensure you "update management controller" so that new ACL is pushed to the vPro Clients. Once provisioned, you should be able to invoke vPro Use Case through SCCM Collection Based power control or the Out of Band Console without issue.

  6. Within SCOM, configure the IP range that includes all vPro Clients to be monitored by the Intel SCOM Management Pack. After the vPro Clients are discovered, you should be able to invoke vPro Usage from within SCOM as well.

 

 

 

 

--Matt Royer

2 Comments Permalink Tags: sccm, sccm_sp1, scom, amt, vpro, matt_royer
Matt Royer
1

As noted in a previous blog, Microsoft SCCM SP1 natively supports vPro hardware that is running firmware version 3.2.1 or higher. Although SCCM SP1 can support vPro firmware versions less than 3.2.1 by leveraging the Intel WS-MAN Translator, it is advised that you upgrade your OEM vPro Client to the latest supported firmware. Dell, HP, and Lenovo have release the 3.2.1 ME firmware for their vPro platforms and the firmware for those platforms can be downloaded from the following locations:

 

 

 

 

 

As a clarifying note, if you have a vPro Clients that are currently running on vPro firmware 2.x, you are not able to upgrade them to the 3.x version and will be required to use the Intel WS-MAN Translator to provision and manage those systems within SCCM SP1.

 

 

 

 

 

 

--Matt Royer

1 Comments Permalink Tags: sccm, sccm_sp1, amt, vpro, matt_royer
Matt Royer
0

By default, the Intel WS-MAN Translator has logging turned off. To turn logging on, browse to "C:\Program Files\Intel Corporation\Intel WS-Management Translator\" directory and open "wstrans.exe.config" file with a text editor. Within the wstrans.exe.config file, browse to the the system.diagnostics section. You can change the values of the switches from "off" to "verbose".

 

 

 

 

<system.diagnostics>

 

 

<switches>

<add name="Intel.Wstrans" value="verbose" />
<add name="Intel.Wstrans.Eoi" value="verbose" />
<add name="Intel.Wstrans.WsMan" value="verbose" />

</switches>

</system.diagnostics>

 

 

 

 

After you make the changes, you will be required to restart the Intel WS-MAN translator service for the changes to take effect. After which, the Intel WS-MAN Translator will report actions and errors in the "C:\Program Files\Intel Corporation\Intel WS-Management Translator\wstrans.log".

 

 

 

 

The wstrans.log has been formatted to allow easy readablity via Microsoft SMS Trace utility which is included in the Microsoft System Center Configuration Manager 2007 Toolkit.

 

 

 

 

Matt Royer

 

 

0 Comments Permalink Tags: ws-man_translator, vpro, amt, matt_royer
Matt Royer
0

Here is a closer look at the install and configuration of the Intel WS-MAN translator for Microsoft SCCM SP1. The included video should be used as a reference only and not a replacement for the steps defined in the following documentation.

 

High Level Installation steps & reference documentation:

 

 

 

 

 

 

 

 

 

Matt Royer

0 Comments Permalink Tags: sccm, sccm_sp1, ws-man_translator, vpro, amt, matt_royer
Matt Royer
0

The Intel WS-MAN translator is a crucial component for providing vPro legacy (less than firmware 3.2.1) support within Microsoft SCCM SP1. The beta of the WS-MAN Translator has been released and can be downloaded from the following location:[http://softwarecommunity.intel.com/articles/eng/3840.htm]

 

 

 

 

The installation and configuration of the WS-MAN Translator is a fairly straight forward process and can be broken up in three key steps: Configuring ISS Certificate, WS-MAN Install & Configuration, and Enabling support for Intel WS-MAN translator within SCCM.

 

 

 

 

 

 

 

High Level Installation steps & reference documentation:

 

 

 

 

 

 

 

 

For additional information on the WS-MAN Translator, please visit the FAQ

 

 

 

 

 

 

Note: The Intel WS-MAN Translator is current in Beta status and not considered a released product at this time.

 

 

 

 

 

 

 

Matt Royer

 

 

0 Comments Permalink Tags: ws-man_translator, sccm_sp1, sccm, amt, vpro, matt_royer
Matt Royer
1

As referenced in the Overview of SMS/Intel SCS migration to SCCM SP1 blog post, Intel has developed a utility to easy the migration of vPro Client that have been activated on SMS/SCS to SCCM SP1.

 

 

 

The beta of the Intel SCStoSCCM Migration Utility has been released and can be downloaded from the following location: http://communities.intel.com/openport/docs/DOC-1660

 

 

 

A User Guide on how to use the migration utility has been included in the download. Since SCCM SP1 has a dependency on the Intel WS-MAN Translator for any vPro Client less than firmware version 3.2.1, the WS-MAN translator will need to be installed and configured before proceeding with the migration if you have legacy system already activated in your environment.

 

 

 

Note: Intel SCStoSCCM Migration Utility is currently in Beta status and not considered a released product at this time.

 

 

 

 

Matt Royer

1 Comments Permalink Tags: sccm_sp1, sccm, sms, amt, vpro, migration, matt_royer
Matt Royer
4

 

As noted in a previous blog, SCCM SP1 only natively supports vPro firmware version 3.2.1 and higher. For legacy (less than 3.2.1) vPro clients to be supported, SCCM SP1 depends on the WS-MAN Translator.

 

 

 

 

 

There has been an issue identified within SCCM SP1 (RTW version) Out of Band Console that does not route AMT management communication through the WS-MAN Translator for legacy systems. Microsoft is aware of the issue and will be releasing a SCCM SP1 HotFix (targeted for July’2008) to address the problem.

 

 

 

 

 

Provisioning and collection based (power control / WOL via AMT) are not impacted by this issues; vPro firmware version 3.2.1 and above are also not impacted.

 

 

 

 

 

Matt Royer

4 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro, hotfix, matt_royer
Matt Royer
0

 

Microsoft has announced today (May 22, 2008) that they are shipping System Center Configuration Manager SP1. For more detail on the announcement, please visit http://blogs.technet.com/systemcenter/ .

 

 

 

 

 

You can now download SCCM SP1 RTM from Microsoft web site

 

 

 

 

 

 

Matt Royer

0 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro, matt_royer
Matt Royer
0

One of the great features of SCCM SP1 is the ability to provision vPro Clients through the SCCM SP1 client agent. This allows for vPro clients to be deployed in an unprovisioned state and then later provisioned via the client agent once the client agent has been deployed using in-band methodologies.

 

Prior to Client Agent provisioning to occurs, there are a couple of configuration steps you need to do within SCCM SP1. First, it is recommended that you create a new collection that will house your vPro clients that have been discovered and are in an unprovision state. It is viable to use the "All Systems" collection to set the policy for automatic provisioning via the clients agent; however, it is not advised.

 

To create a new collection...

  1. Right Click on Collection, and select "New Collection"

  2. When the "New Collection" window appears, enter in a Collection Name. Something like "Unprovisioned vPro Clients" is recommended. Fill in the comment field appropriately and click "Next"

  3. When the "Membership Rules" appear, click on the "Query Rule Properties" (it is the Database icon)

  4. In the "Query Properties", enter in a name something similar to "Unprovisioned vPro Client Query" and then click "Edit Query Statement..."

  5. When the Query Properties appear, click "Show Query Language"

  6. In the Query Statement textbox, type in the following: Select * from sms_r_system where AMTStatus=2
    This will pull all the clients that are vPro capable and in an unprovisioned state

  7. Once completed, click "OK" and "OK" again on the Query Rule Properties. When returned to the "Membership Rules" screen, click "Next"

  8. Add any desired advertisements and click "Next"

  9. On the "Security" screen, add any appropriate users or groups and click "Next".

  10. On the Confirmation screen, click "Close".

 

You should now see your new Collection in the collection list. The next step is to configure this collection so that vPro Clients in the collection are automatically provisioned.

  1. Right Click on the "Unprovisioned vPro Clients" collection and select "Modify Collection Settings".

  2. In the Settings windows, click on the "Out of Band" tab.

  3. Check the checkbox "Enable Automatic out of band management controller provisioning" and click "OK"

 

It is also recommended that you add the "AMT Status", "AMT Version" and "Automatic AMT Provisioning" columns to the collection for easier troubleshooting.

 

To do so...

 

  1. Select the "Unprovisioned vPro Client" collection and right click in the open white space

  2. When the context menu appears, select "View" -> "Add/Remove Columns"

  3. When the "Add/Remove Columns" screen appears, add "AMT Status", "AMT Version", and "Automatic AMT Provisioning" to the collection view. Click "OK" when finished.

 

This collection is now setup so that any vPro client in the collection will be automatically provisioned through the SP1 client agent. With the collection defined, you can use any of the client discover methods that SCCM SP1 provides (AD System Group, AD Security Group, AD System , AD User, Heartbeat, or Network) to discover the client. If you decide to use Network discovery, you can also check the checkbox on the "General" tab to "Enable Discovery of out of band controllers"; by doing so it will also check to see if the client is vPro capable. After you run the discover method and update the collection (either manually or via scheduled policies), you should now be able to see the client in the "All Systems" Collection.

 

Now that the clients have been discovered by SCCM, you will need to perform a "Discover Management Controller" to see if any of them are vPro capable. On the "All Systems" right click and select "Out of Band Management" -> "Discovery Management Controller". This will scan through your collection and validate which clients are ready to be provisioned.

 

After a few minutes, depending on the size of your collection, you can update your collection membership by right click on "Collections" and select "Update Collection Membership". If you now refresh your "Unprovisioned Vpro Clients" collection, you should see a list of unprovisioned vPro clients ready to be provisioned. The AMT Status of the client should be listed as "Not Provisioned".

 

Depending on your SCCM SP1 Client Pulling schedule, it may take a few hours for the client agent to pull down the new provisioning policy. You can, however, force the policy to be refreshed earlier by opening the Configuration Manager Properties within the client's Windows Control Panel and selecting the "Action" tab. Once in the Action Tab, select "Machine Policy Retrieval & Evaluation Cycle" and click "Initiate Action". For instructions on how to deploy the SCCM SP1 client agent, please

reference the SCCM SP1 Help and look for the “Overview of Configuration

Manager Client Deployment” article.

 

After the provisioning has occurred, the vPro Client will be removed from the newly created "Unprovisioned vPro Clients" collection and be listed as an "AMT Status" as provisioned.

 

Similar to provisioning via the Out Of Band Wizard, you can track the progress of the provisioning process through the SCCM Out Of Band reports or for more detail amtopmgr.log. There is also the oobmgmt.log on the client machine that will track the Agent based provisioning process.

 

Another clarifying note is that once the SCCM SP1 Agent is installed and acknowledged by SCCM, the Client Agent initiated provisioning is the only provisioning method supported; SCCM will ignore any vPro hello packets it receives from the client. Also, the vPro client must be in a unprovisioned state with for the Agent based provisioning to occur.

 

Here is a video that goes over the high level process

 

0 Comments Permalink Tags: sccm, vpro, amt, provisioning, matt_royer, sccm_sp1
1 2 3 Previous Next

Popular Blog Posts

Incoming Links