Hi,

I deleted the computer object for OOB OU that i created erlier with full control permission to SCCM server, after un-provision to the client , a new object created.

but i have the same errors :

1. i can not open the OOBC - status is disconected.

2. i can not logon to https://my_vpro_client:16993/ (i have the log on button but i cant logon, i'm using the MEBx account, local admin account etc with no luck)

i think that solving the logon problem will solve the OOBC problem,

any ideas ?

P.S - i can power control the machine . the AMT status in the discovery data is 3.

I've always simply entered in the certificate hash. That's the minimum required. For security best practice, you can add in the FQDN of your out of band service point, but it's not an absolute requirement.

You will end up having two computer objects in AD for that one physical computer - one of the computer objects represents the Windows based side, the other represents the AMT firmware (AD treats it like a computer) but it will have the same hostname as the Windows based computer object.

So, yes, it's OK that you have two.

dave

Quote

what about the logon problem to https:

myvpropc:16993, what should i check to see if every thing is well configured ?

/Quote

When connecting up to a TLS configured vPro client, like how SCCM provisioning it, you need to connect with the FQDN (https://myvpropc.mydomain.com/). It's a requirement of the certificate / TLS communicate. If you are using Internet Explorer 6, there is a fix you need to install it to address Kerberos authentication on a non-standard port. Please reference http://technet.microsoft.com/en-us/library/cc161817(TechNet.10).aspx and http://go.microsoft.com/fwlink/?LinkId=112179.

--Matt Royer

quoteI believe that Reporting component is runnung on 443. I've istalled the Out of Band component on my SCCM server which also needs IIS installed on it (using port 443).

I changed the wstans.exe.config setting <value>http://:443/wstrans/</value> to <value>https://:443/wstrans/</value> and i was able to start the intel translator service.

Client is on amt status detected but provisioning still fails (see log files).

/quote

oshooda,

The Out of Band Service Point is able to determine that the client is AMT/vPro capable; however, it does not does know the AMT Remote Admin or the MEBx account password. Verify that your AMT Remote Admin or the MEBx account are either "admin" (factory default) or what you have configured as the MEBx password in the Component Configuration -> Out of Band Management. The vPro MEBx password can be reset by logging into the MEBx local on the vPro client (via the ctrl-p during post) while the remote admin password can be reset by performing a full unprovision within MEBx. If the remote admin password is different and know,n you can enter it in the Provisioning Account tab under Component Configuration -> Out of Band Management.

--Matt Royer