1 Reply Latest reply on May 26, 2010 1:06 PM by

    Problem with WS-MAN Translator

    piotreks

      When I trying provision computer in configuration with WS-MAN Translator and SCCM SP2 I have some errors in amtopmgr.log

      -------------------------------
      Count  : 5
      UUID   : 4C4C4544-004C-4210-8032-C6C04F4D344A
      PID  : 4444-4444
      AMT Provision Worker: Wakes up to process instruction files
      Incoming instruction file D:\ConfigMgr\inboxes\amtopmgr.box\prov\{384DDFDF-196E-4EE2-B6D1-F6109A4C9A51}.PRV to Provision Worker.
      Generate bare metal provision task for AMT device 4C4C4544-004C-4210-8032-C6C04F4D344A.
      Successfully processed incoming hello message from 10.1.1.149:16994.
      Waiting for incoming hello message from AMT devices...
      Found one 'Bare-Metal Provision' task with type 'Machine Resource' and target ID '524' and IP address '167838101'.
      Target machine 524 is a AMT capable machine.
      Succeed to add new task to pending list.
      AMT Provision Worker: Parsed 1 instruction files
      AMT Provision Worker: There are 1 tasks in pending list
      AMT Provision Worker: Send task WRK007.mydomain.corp to completion port
      Auto-worker Thread Pool: Current size of the thread pool is 1
      AMT Provision Worker: 1 task(s) are sent to the task pool successfully.
      STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=VSCCM SITE=PI0 PID=940 TID=2952 GMTDATE=Śr lut 24 11:38:43.180 2010 ISTR0="1" ISTR1="0" ISTR2="0" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
      AMT Provision Worker: Wait 20 seconds...
      AMT Provision Worker: Wakes up to process instruction files
      AMT Provision Worker: Wait 20 seconds...
      Auto-worker Thread Pool: Work thread 5124 started
      >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<<
      Provision target is indicated with SMS resource id. (MachineId = 524 10.1.1.149)
      Found valid basic machine property for machine id = 524.
      Warning: Currently we don't support mutual auth. Change to TLS server auth mode.
      The provision mode for device 10.1.1.149 is 1.
      Check target machine (version 5.2.0) is a SCCM support version. (TRUE)
      Attempting to establish connection with target device using SOAP.
      Warning: We don't have an provision certificate with indicated hash either from hello message or client agent.
      Attempting to try all provision certificate to connect target device.
      Create provisionHelper with (Hash: 04647E873EC30E1CF394700F839FF0C235029C13)
      Set credential on provisionHelper...
      Try to use provisioning account to connect target machine 10.1.1.149...
      Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.
      **** Error 0x3acae00 returned by ApplyControlToken
      Fail to connect and get core version of machine 10.1.1.149 using provisioning account #0.
      Try to use default factory account with MEBX password to connect target machine 10.1.1.149...
      Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.
      **** Error 0x3acae00 returned by ApplyControlToken
      Fail to connect and get core version of machine 10.1.1.149 using default factory account with MEBX password.
      Try to use default factory account to connect target machine 10.1.1.149...
      Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.
      **** Error 0x3acae00 returned by ApplyControlToken
      Fail to connect and get core version of machine 10.1.1.149 using default factory account.
      Try to use provisioned account (random generated password) to connect target machine 10.1.1.149...
      Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.
      **** Error 0x3acae00 returned by ApplyControlToken
      Fail to connect and get core version of machine 10.1.1.149 using provisioned account (random generated password).
      Error: Device internal error. This may be caused by: 1. Schannel hotfix applied that can send our root certificate in provisioning certificate chain. 2. incorrect network configuration(DHCP option 6 and 15 required for AMT firmware). 3. AMT firmware self signed certificate issue(date zero). 4. AMT firmware is not ready for PKI provisioning. Check network interface is opening and AMT is in PKI mode. 5. Service point is trying to establish connection with wireless IP address of AMT firmware but wireless management has NOT enabled yet. AMT firmware doesn't support provision through wireless connection. (MachineId = 524)
      Error: Can NOT establish connection with target device. (MachineId = 524)
      >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<<

      -------------------------------

      The same computer works fine, when I use In-band provisioning with SCCM Client but I want to check how it works with WS-MAN Translator. I have Dell Optiplex 780.
      Have you got any ideas?

      --

      piotrek

        • 1. Re: Problem with WS-MAN Translator

          Hi piotrek

           

          SCCM/SP2 only uses the Wsman-Translator if the detected amt device does not nativly support the Wsman protocol.   That means the reported firmware version has to be below 3.2.1.   Since the machine your are provisioning reported a version of 5.2.0 the translator will never be used.   Also, SCCM/SP2 only supports PKI based provisining protocol so the reason your getting errors is because you are using PSK based provisning.  If you switch to PKI based provisioning you can get SCCM to setup your Optiplex 780.

           

          Randy