Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Microsoft Manageability > Discussions
Up to Discussions in Microsoft Manageability
5 Replies Last post: Jun 29, 2009 2:48 AM by kin.dim@gmail.com  
kin.dim@gmail.com
kin.dim@gmail.com
11 posts since
May 18, 2009  
Currently Being Moderated

May 20, 2009 7:36 AM

Intel AMT Provisioning Error

Hello All,

we are trying to test Intel AMT technology with SCCM 2007 R2. The current version on the Lenovo machine M58, which we are using for testing is the following:

-----------------------------------------------------------------------------------------

Intel(R) MEInfo Win Version: 2.5.0.1032

BIOS Version:                5CKT48AUS

Intel(R) AMT code versions:
        Flash:                       5.1.0
        Netstack:                    5.1.0
        Apps:                        5.1.0
        Intel(R) AMT:                5.1.0
        Sku:                         18462
        VendorID:                    8086
        Build Number:                1167
        Recovery Version:            5.1.0
        Recovery Build Num:          1167
        Legacy Mode:                 False

Link status:                 Link up
Cryptography fuse:           Enabled
Flash protection:            Enabled
Last reset reason:           Power up
Setup and Configuration:     Not started
BIOS Mode:                   Post Boot

Error: The operation failed due to an internal error.
FWU Override Counter:        Always
FWU Override Qualifier:      Always
FW on Flash Desc Override:   Disable
Kedron Driver Version:       Not Available
Kedron HW Version:           Not Available
UNS Version:                 5.0.5.1102
LMS Version:                 5.0.6.1102
HECI Version:                5.0.1.1055

-----------------------------------------------------------------------------------------

We are using internal CA and have entered manually the thumbprint of our Root Test CA. We have tried with different passwords and we are sure that they are the same on both place SCCM and MEBx, but when we are trying to provision the machine we receive the following message:

-----------------------------------------------------------------------------------------

>>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<<
Provision target is indicated with SMS resource id. (MachineId = 9 <machine FQDN>)
Found valid basic machine property for machine id = 9.
Warning: Currently we don't support mutual auth. Change to TLS server auth mode. 
The provision mode for device <machine FQDN> is 1.   
Attempting to establish connection with target device using SOAP.  
Found matched certificate hash in current memory of provisioning certificate   
Create provisionHelper with (Hash: 7FE17D626D37ACF378A39A93194C4842F80DDE4E)   
Set credential on provisionHelper...
Try to use provisioning account to connect target machine <machine FQDN>...  
Fail to connect and get core version of machine <machine FQDN> using provisioning account #0.
Try to use default factory account to connect target machine <machine FQDN>...
Fail to connect and get core version of machine <machine FQDN> using default factory account.
Try to use provisioned account (random generated password) to connect target machine <machine FQDN>...
Fail to connect and get core version of machine <machine FQDN> using provisioned account (random generated password).
Error: Device internal error. Check Schannel, provision certificate, network configuration, device. (MachineId = 9)
Error: Can NOT establish connection with target device. (MachineId = 9) 
>>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<<

-----------------------------------------------------------------------------------------

We have posted this error and on the following MS forum:

http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/46a5cf28-0891-4cf7-a895-c8cf46aaa28c

According to discussions there we have prepared a DHCP server with options 6 and 15 and have checked the DNS server for the forward (A) and reverse (PTR) DNS records for the client and ConfigMgr site server. The certificate templates we have prepared according to the following MS guide: http://technet.microsoft.com/en-us/library/cc161804.aspx

 

So what we are doing wrong. Can anyone help us in order to solve this problem.

 

Thanks in advance.

Tags: provisioning, error
Average User Rating
(0 ratings)




Johnny Cadavid  
Johnny Cadavid
15 posts since
Jan 5, 2009
Currently Being Moderated
1. May 20, 2009 12:20 PM in response to: kin.dim@gmail.com
Re: Intel AMT Provisioning Error

Welcome to the forums and the road to vPro.

 

From the logs it looks like your One Time Password is not set properly in the OOB Management Component Config. Since

you are using a self singed cert, you need to enter the hash for it in the MEBx which you are doing correctly. By default, when

you first log into the MEBx, the password is admin. You then must change that password after you connect.

 

What you need to do is make note of that password and then set it up in the Out Of Band Management.

To do this, navigate to Site Database>Site Management>%Site Name%>Site Settings>Component Configuration.

When you go to that node, right click on Out of Band Management, click Properties.

You will then see Provisioning Settings section in that dialog box. I am going to assume that everything else is set up properly.

Where you see MEBx Account: it should read "admin" in the box.

You need to click "Set..." and enter the password that you changed the MEBx PW when you entered your cert hash.

 

Let me know if this helps.

Report Abuse
kin.dim@gmail.com  
kin.dim@gmail.com
11 posts since
May 18, 2009
Currently Being Moderated
2. May 21, 2009 5:29 AM in response to: Johnny Cadavid
Re: Intel AMT Provisioning Error

Hello Johny,

 

thank you for you quick response. I have already set up this account, as you already mention i should change the default password in order to input the thumbprint of the certificate. I tried with different passwords, also to reinstall the patch KB94284, but that didn't help me in order to have successfull provisioning. I am wondering if the username for the MEBx is not the default one "admin", how can i see it ? Is there any possibilities for that.

 

Thanks in advance for you reply

Report Abuse
Matt Royer  
Matt Royer
162 posts since
Aug 31, 2007
Currently Being Moderated
3. Jun 5, 2009 7:43 PM in response to: kin.dim@gmail.com
Re: Intel AMT Provisioning Error

Under "Site Database" -> "Site Management" -> <Site Code> -> "Site Settings" -> "Component Configuration" -> "Out of Band Management" -> "Provisioning Account" Tab, try adding a provisioning account of "admin" with a password of what ever you made the MEBx password.

--Matt Royer

Report Abuse
kin.dim@gmail.com  
kin.dim@gmail.com
11 posts since
May 18, 2009
Currently Being Moderated
4. Jun 9, 2009 6:58 AM in response to: Matt Royer
Re: Intel AMT Provisioning Error

Hello Matt,

 

thanks for your answer.

I already did this but without success.

 

Regards

Kin

Report Abuse
kin.dim@gmail.com  
kin.dim@gmail.com
11 posts since
May 18, 2009
Currently Being Moderated
5. Jun 29, 2009 6:16 AM in response to: kin.dim@gmail.com
Re: Intel AMT Provisioning Error

Hello All,

we have found the problem. It appears that the problems came's from nested groups. As soon as we allow permissions for the computer account of the configuration manager server instead of the group we had no problems to make the provisioning.
The other problem with the client, which we saw in BIOS was the following:

Machine Type: Invalid
System Serial Number: Invalid
UUID: FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

We had to update the BIOS with the boot CD image, downloaded from the manufacturer.

After that everything worked as expected.

With best Regards
Kin

Report Abuse

More Like This

  • Retrieving data ...