3 Replies Latest reply: Jan 26, 2010 4:39 AM by dlecy RSS

Help required with getting Activator Utility to run via SMS

superbock Community Member
Currently Being Moderated

I'm experiencing an issue provisioning Dell 755s via an SMS distribution. When the activator command and tool is distributed via sms, the context in which the sms runs the job under isn’t working  as the job runs, but SCS won’t allow it to provision. The command line syntax being passed is:

 

Activator\Activator.exe /s http://<server>/amtscs /h /p 3 /o OU=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx,DC=xxxx /t on /u "NT AUTHORITY"\System

 

The activator account is set to use the local system and the account is in a group which has configurator role or enterprise admin in SCS. I am able to run this locally with domain admin credentials on the local machine and the machine provisions.

 

Provisioning is with a PKI from a trusted root certificate.

 

Activator log from test client is below:

 

Step Into: CheckAMT
Connected to HECI driver, version: 3.0.30.1086

BIOS Version:   Not available


Intel AMT code versions:
Flash:                   3.2.1
Netstack:                3.2.1
AMTApps:                 3.2.1
AMT:                     3.2.1
Sku:                     12
VendorID:                8086
Build Number:            1022
Recovery Version:        3.2.1
Recovery Build Num:      1022
Legacy Mode:             False


Setup and Configuration:     
In process

Setup and Configuration TLS Mode:
PKI
Step Into: CheckPKIPPSPIDStatus
Connected to HECI driver, version: 3.0.30.1086
Step out: CheckPKIPPSPIDStatus error 0
Step Into: CSCSER::PerformSCSRemoteConfiguration
Step Into: CSCSER::SCSSetAMTIdentity
Error 'http://<server>/amtscs_rcfg/mod_gsoap.dll?services -  0 SetAMTIdentity Response <faultcode>1865</faultcode><faultstring xsi:type="xsd:string">(client pc) attempted to assume another platforms identity.</faultstring><detail>(client pc)attempted to assume another platforms identity.</detail>
AMT version: 3.2 Step Into: StartConfiguration

BIOS Version:   Not available


Intel AMT code versions:
Flash:                   3.2.1
Netstack:                3.2.1
AMTApps:                 3.2.1
AMT:                     3.2.1
Sku:                     12
VendorID:                8086
Build Number:            1022
Recovery Version:        3.2.1
Recovery Build Num:      1022
Legacy Mode:             False


Setup and Configuration:     
In process

Intel AMT Mode:      
Non Legacy

Remote Configuration:  
enabled

Setup and Configuration TLS Mode:
PKI

RNG seed status:
exists

PT_STATUS_INVALID_PT_MODE: Command is not permitted in current operating mode.
Activate Intel AMT configuration:
failure
PT_STATUS_INVALID_PT_MODE: Command is not permitted in current operating mode.Step Into: StartConfiguration
Step out: StartConfiguration error 3
After StartConfiguration 3
Connect to <server>: at port: 9971:Sent hello message successfully!
Connect to <server>:  at port: 9971:Sent hello message successfully!
Connect to <server>:  at port: 9971:Sent hello message successfully!
Exit with code 8
Error code received from SCS. See the SCS logs for the specific error.

 

Checking the SCS event logs I get the following error:

 

"Error Configuring Intel AMT device: No rows found in get Configuration Parameters."

 

 

Please could someone advise if they have seen this issue before with SMS and whether a solution exists to resolve this?

 

 

Thanks

  • 1. Re: Help required with getting Activator Utility to run via SMS
    dlecy Community Member
    Currently Being Moderated

    would like you do the following items:

    Check your IIS in the application pool for AMTSCS remote configuration poperties Identity and verify that it is predefined as "Network Service"

    Change the /u parameter to /u "NT Authority\System" (quotes on the whole name)

    Change your group in SCS to "Domain Computers"

    Restart AMTConfig service

    Try it again

  • 2. Re: Help required with getting Activator Utility to run via SMS
    superbock Community Member
    Currently Being Moderated

    Thanks for the advice. I have tried this and I still can't get my test machine to provision.

     

    From my testing, the test machine provisions when ran manually logged on as a domain user and so I am happy that the provisioning certificate residing in the personal certificates for the SCS user works. I wasn't sure if the certificate was is in the Intermediate and Trusted root certificate stores for the Local Machine user. I imported the certificate into these stores, reset the vPro client platform to factory default settings and also deleted the object from SCS. Tried to provision again via SMS and the following error appears in SCS:

    "Error Configuring Intel AMT device: Failed to connect to un-configured Intel AMT device at IP xx.xx.xx.xx: Proper certificate that matches the pre loaded certificate was not found in the user certificate store. PKI configuration failed."

     

    I am at a loss now as how to proceed and so any help would be really appreciated.

  • 3. Re: Help required with getting Activator Utility to run via SMS
    dlecy Community Member
    Currently Being Moderated

    Ok, Take two.

    Let's verify if the activator with your parameters are correct when run in a known local user context.

     

    • From the activator command line copy the parameters of the activator to the clipboard.  Make sure the local user id is "NT AUTHORITY\System" (Quotes on the whole name as stated before).

    • On the client run gpedit.msc

    • Go to Computer Configuration\Windows Settings\Scripts\Startup

    • Click Add and in Script Name select browse and navigate to activator.exe, highlight and click open.

    • Paste the activator parameters copied above in the Script Parameters field. (/s /p /o /u and not /c we want the log file).

    • Click on OK and exit gpedit.

    • Delete any objects in SCS pertaining to this client.

    • Restart the system.  The script runs at startup as local user.

     

    If this works then we will have to look at SMS to see why it is not in the local user context when it runs the activator with these parameters.

More Like This

  • Retrieving data ...