1 2 Previous Next 29 Replies Latest reply on Mar 23, 2010 2:05 PM by Go to original post
      • 15. Re: DHCP and DNS registrations with AMT


        It sounds exactly like my issue, plus we're also using HP 7800 systems. Maybe it's something in the HP side of things? I hadn't noticed any problems with users unable to work on their sytems initially, when I first trying to provision in-band, it was when our Help Desk folks called and said they couldn't run the Remote Tools in Config Mgr on many systems. That's when I found the DHCP issue and the leases full of HPsytem.da.ocgov.com. ipconfig /registerdns fixed the DHCP / DNS issue. This just also might be why I'm getting communication failures in my amtopmgr.log when I try to in-band provision. Perhaps the OOB service point can't talk to the machine any more.



        • 16. Re: DHCP and DNS registrations with AMT


          Thanks Matt. I'll stay tuned.



          • 17. Re: DHCP and DNS registrations with AMT


            I think partly, you're seeing a gap in the two provisioning methods that ConfigMgr provides - in and and out of band.  The default behavior of that new HP7800 is to wake up on the network, get a DHCP address, and start sending hello packets.  Assuming you had imported the UUID of that machine using the import wizard, as soon as the computer sent out its hello packet to ProvisionServer (your out of band service point), it would get provisioned, and the hostname in AMT would be reset to whatever was specified in the out of band import wizard.  Once the initial 24 hour period is over, AMT will stop sending hello packets, and at that point, even if the system was placed on the network, AMT wouldn't be getting a DHCP lease.  So, since you have a system that is brand new to the network, and you're expecting to use in-band provisioning, AMT is going to get it's own DHCP lease and register with DNS, and won't change the default hostname until ConfigMgr finishes provisioning.



            I'm not sure what the final solution is for systems in this condition, but let's see what Matt's suggestion(s) are.






            • 18. Re: DHCP and DNS registrations with AMT


              I should have been clearer in my definition of "new" machine in my post. I actually meant "new" in the sense that it had never been provisioned. All our HP 7800's have been attached to our network and in use now for over 5 months now. We've never actually tried to activate / provision them until just a week or so ago. I was waiting to get all the BIOS upgrades down before trying any provisioning. Admittedly, I do remember seeing entries in our DHCP logs over the past months for these machines that have 2 entries - the computername + fqdn as well as hpsystem + fqdn. I always wondered why there were two entries each time a lease was renewed but it never became an issue until now when we saw the computername + fqdn get removed and replaced by hpsystem + fqdn only.



              Thanks for the help and thoughts!



              • 19. Re: DHCP and DNS registrations with AMT


                A short update on my provisioning progress....this morning I located a machine and changed the password in AMT. I then added that password to the SCCM provisioning accounts in SCCM. I put the system into a AMT policy-enabled collection and it came back with






                >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<<

                Provision target is indicated with SMS resource id. (MachineId = 2680 10th_85357.da.ocgov.com)

                Found valid basic machine property for machine id = 2680.

                Warning: Currently we don't support mutual auth. Change to TLS server auth mode.

                The provision mode for device 10th_85357.da.ocgov.com is 1.

                Attempting to establish connection with target device using SOAP.

                Found matched certificate hash in current memory of provisioning certificate

                Create provisionHelper with (Hash: C2512FF7A3A558C88896C7EE51F152B15965C468)

                Set credential on provisionHelper...

                Try to use provisioning account to connect target machine 10th_85357.da.ocgov.com...

                Fail to connect and get core version of machine 10th_85357.da.ocgov.com using provisioning account #0.

                Try to use default factory account to connect target machine 10th_85357.da.ocgov.com...

                Fail to connect and get core version of machine 10th_85357.da.ocgov.com using default factory account.

                Try to use provisioned account (random generated password) to connect target machine 10th_85357.da.ocgov.com...

                Fail to connect and get core version of machine 10th_85357.da.ocgov.com using provisioned account (random generated password).

                Error: Device internal error. Check Schannel, provision certificate, network configuration, device. (MachineId = 2680)

                Error: Can NOT establish connection with target device. (MachineId = 2680)

                >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<<






                Same as before but this time I didn't have the DHCP / DNS issue. The machine had a static ip and did not have to communicate with DHCP. Name resolution was good throughout the provisioning attempt. I'm not sure what this tells me but it may say that the connection issues and DHCP may not be the cause of my provisioning failures.



                • 20. Re: DHCP and DNS registrations with AMT



                  In terms of the DHCP / DNS scenario you saw.  The root of what’s happening is that by default, HP puts HPSystem as the default ME hostname when the client is in an unprovisioned state.  When the vPro Client loads, the Management Engine (ME) is the first thing to come up (happens shortly after post).  When the ME loads, it will request an IP address and will register the IP address in DNS.  Since HP has “HPSystem” as the default hostname in an unprovisioned state, ME will register the HPSystem in DNS with the associated IP address.  When the vPro Client boots up the Operating systems, the OS will grab the same IP address the ME picked up and will register it’s hostname in DNS (essentially overwriting the HPSystem DNS registration with the OS hostname).  During SCCM (our any other ISV for that matter) provisioning process, SCCM will set the ME hostname to what was either A) Enter in the Out Of Band Import Wizard or B) Pulled from the SCCM Client Agent during agent based initiation.  Once provisioned, the ME hostname will match the Operating System and any DNS update (from the OS or ME) will update to the same record.


                  Although I have not been able to reproduce it consistently, it appears that the initiation of the provisioning process sometimes initiates the ME send a DNS update request.  With the ME hostname still being HPSystem, it overwrote the DNS record the OS registered.  If you were to do an ipconfig /renew on the OS or reboot the computer, the OS Hostname should be re-stamped back in DNS.  This does not appear to be an issue with other OEMs that leave the ME hostname blank in an unprovisioned state.


                  Once the provisioning process is complete and the ME hostname is synched with OS, you should not see this problem anymore.


                  --Matt Royer

                  • 21. Re: DHCP and DNS registrations with AMT





                    I've been working with a system that I've assigned a static IP and forced not to look at DHCP at all to see how that works out. I'm still not able to provision the system however I'm not having DNS / DHCP problems either. It almost seems like the communication between the client and the SCCM server goes about half way and initiates the DHCP processes but then it stops due to authentication problems and then the DHCP / DNS records are left in limbo until the next IPCONFIG / REGISTERDNS or similar command.



                    I went to the HP site and downloaded the Intel LMS and SOL to see if that made any difference but alas no change except some new and different failures in the SCCM amtopmgr.log.



                    I tried adding a machine using the OOB wizard by manually entering the machine hash and the wizard ran through but nothing seems to have happened. I've still got only one OOB option in my SCCM console.



                    I'm scratching my head at this point.



                    • 22. Re: DHCP and DNS registrations with AMT


                      In terms of your provisioning issue,


                      Are you seeing the following error in the amtopmgr.log...


                      During SCCM Management Controller Discovery
                      Error 0x80090308 returned by InitializeSecurityContext during follow up TLS handshaking with server.
                      **** Error 0x6fcb970 returned by ApplyControlToken
                      During SCCM attempt to Provision
                      Error 0x80090308 returned by InitializeSecurityContext during follow up TLS handshaking with server.
                      **** Error 0x261b948 returned by ApplyControlToken





                      If not, can you attach a full copy of your amtopmgr.log (from the start of provisioning to the failure)?



                      --Matt Royer



                      • 23. Re: DHCP and DNS registrations with AMT


                        I'm seeing some ApplyControlToken hex errors but the numbers are not as exact as you mention. I'd love to add my amtopmgr.log file...how does one do that?








                        • 24. Re: DHCP and DNS registrations with AMT


                          Well, when you creating a new post, you can attach a file...  Can you just copy and paste the full ApplyControlToken error you are seeing?






                          --Matt Royer



                          • 25. Re: DHCP and DNS registrations with AMT


                            There are so many places where the error occurs I'd rather just send the log.......lazy. I'll create a brand new post just for the log file.



                            • 26. Re: DHCP and DNS registrations with AMT

                              Man, I can't find the 'insert attachment' capability in a new post.....where would I find the option?

                              • 27. Re: DHCP and DNS registrations with AMT

                                Did you ever get an acceptable solution for dealing with your issue?  Curious if any methods you could share for others that may be expereincing this problem.

                                • 28. Re: DHCP and DNS registrations with AMT

                                  I haven't yet gotten to the bottom of my DNS / DHCP issue yet, I'm still working on some pre-deployment requirements in our environment. Most of our workstations were named with an underscore "_" as part of the computer name and AMT will not function with this character in place so we're working on a method to rename all our systems first. In addition there appears to be an issue with 3.2.1 machines that were upgraded to 3.2.1 from an earlier BIOS. We're in the process of setting up a WS-TRAN server to work this issue. Once we get these issues solved, we'll move on to hopefully provisioning and investigating the DNS / DHCP issue!

                                  • 29. Re: DHCP and DNS registrations with AMT

                                    I'm not as fluent in DHCP/DNS as the other posters, but we have never had issue with workstations pulling into DHCP and registering their workstation name. The newest hardware, HP dc7800, are pulling in with HPSystem, not their computer name. We've used the same process for all of our workstations, but this new hardware... that's something else!


                                    There doesn't seem to be a resolution posted. That may mean that over the last two years, nothing has been found to edit the system's info to correct this issue.


                                    The computer name pulls into Novell Zenworks to register the workstation object, but doesn't get read into DNS/DHCP. Was there EVER a resolution?


                                    Thank you ~ Merlyn

                                    1 2 Previous Next