- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I've made an RCS/SCS server, set up the database and CA, set up the DNS, etc but still running into issues when the server-script .bat/.vbs script is called by the scs software.
WMI works to the remote system, I can query for domain name and see the results in the log file.
it's the part of the script which calls ConfigAMT which fails.
retVal = objWMIService.ConfigAMT(uuid, fqdn, ConfMethod, profileName, pid, "", "", "", "", strComputer, "", "", "", "", "", "", "", errorStr)
fqdn, uuid, strComputer, all reflect the test PC's fqdn, uuid, and IP address respectively. That was obviously the intent of the sample scripts. ConfMethod is 2 (PKI), profile name is "CSIT_Managed" which matches a profile I defined in scs. errorStr is always returned empty.
All the variables and their values appear to be correct, but I get an erroneous return value of -1073741718 and in the windows event viewer I see this message:
The following information was included with the event:
Method call ConfigAMT is denied because computer SERVERNAME$ made the call for PCNAME.DOMAIN.CA instead of for itself.
I do not understand where the error is coming from, the error makes no sense.... isn't the whole point for RCS is that the SERVERNAME$ can make a call to provision PCNAME.DOMAIN.CA?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
RCS has a relatively new code that locks configurations by default from a computer account from a different computer. In this case you'd only be able to configure your computer. If on Computer 1, then computer 1 can configure but Computer 2 cannot. There is an option to change this behavior. ConfigAMT is
HKLM/Software/WOW64(32)node/Intel/Intel Setup and Configuration Software/11.2/RCS/General Settings
Key: EnhancedSecurityEnabled
Value: 01 (default) so, change to 00.
The other workaround (assuming you are using an account that is a local account) to use an account that has local admin rights to the AMT computer and appropriate rights to Intel_RCS NameSpace.
Regards,
Michael
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page