2 Replies Latest reply: Aug 8, 2012 11:29 AM by Kyle RSS

vPro machines stuck in "Detected" state

Currently Being Moderated

We implemented vPro using Microsoft SCCM about 7 days ago. So far, out of 4000 machines, we have about 180 showing as "Provisioned" so I believe that the provisioning certificate we're using from GoDaddy and our internal CA server is working as expected. The 180 which are provisioned are running various versions of the AMT firmware from 5.2.0 up. Unfortunately the remainder of the machines are stuck in the "Detected" phase. The oobmgmt.log file on a client shows "Successfully activated the device". The amtopmgr.log file in SCCM shows the following:

 

>>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=SCCM_SERVER SITE=SC1 PID=3840 TID=4616 GMTDATE=Tue Jun 26 23:32:46.779 2012 ISTR0="1" ISTR1="0" ISTR2="0" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 4616 (0x1208)
Provision target is indicated with SMS resource id. (MachineId = 18550 R94107067.mycompany.org) SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 4616 (0x1208)
AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 4616 (0x1208)
AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 4616 (0x1208)
Start to send a basic machine property creation request to FDM. (MachineId = 18550) SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Fill Machine Property' SID=1 MUF=0 PCNT=5, P1='R94107067' P2='89130000B83B6FEEF583264126BBB895831101B656DD7867162F9538ABCDBF1E265072FD1931B7F76B74AA6D14000000420000004800000003660000000000001E7517949FAA118617D35AF06962E40744DC47C8B481E2E6ABB1A48280EAC305C232D10F98E0EC1E4441A5F615C1C85980D18D45B74E58F98AF6FC6B761434F841DFFBF79D48A0392C30' P3='R94107067.mycompany.org' P4='admin' P5='2796BAE63F1801E277261BA0D77770028F20EEE4' SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\85wf2liu.SMX SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
The provision mode for device R94107067.mycompany.org is 1. SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
Check target machine (version 5.0.3) is a SCCM support version. (TRUE) SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
The IP addresses of the host R94107067.mycompany.org are 10.99.105.87. SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
Found matched certificate hash in current memory of provisioning certificate SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
Create provisionHelper with (Hash: BDEBC6D210957AE26726C0D12B3B9DFA3024C5AD) SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
Try to use provisioning account to connect target machine R94107067.mycompany.org... SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:46 AM 7300 (0x1C84)
Fail to connect and get core version of machine R94107067.mycompany.org using provisioning account #0. SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:47 AM 7300 (0x1C84)
Try to use default factory account to connect target machine R94107067.mycompany.org... SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:47 AM 7300 (0x1C84)
Fail to connect and get core version of machine R94107067.mycompany.org using default factory account. SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:48 AM 7300 (0x1C84)
Try to use provisioned account (random generated password) to connect target machine R94107067.mycompany.org... SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:48 AM 7300 (0x1C84)
Fail to connect and get core version of machine R94107067.mycompany.org using provisioned account (random generated password). SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:49 AM 7300 (0x1C84)
Error: Device internal error. This may be caused by: 1. Schannel hotfix applied that can send our root certificate in provisioning certificate chain. 2. incorrect network configuration(DHCP option 6 and 15 required for AMT firmware). 3. AMT firmware self signed certificate issue(date zero). 4. AMT firmware is not ready for PKI provisioning. Check network interface is opening and AMT is in PKI mode. 5. Service point is trying to establish connection with wireless IP address of AMT firmware but wireless management has NOT enabled yet. AMT firmware doesn't support provision through wireless connection. (MachineId = 18550) SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:49 AM 7300 (0x1C84)
Error: Can NOT establish connection with target device. (MachineId = 18550) SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:49 AM 7300 (0x1C84)
>>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 27/06/2012 9:32:49 AM 7300 (0x1C84)

 

As some of the machines have been provisioned and I can connect to them from the console I can't see how the problem would be with certificates. Can anyone shed any light on the error message I'm seeing?

 

Regards
Kate

More Like This

  • Retrieving data ...