1 Reply Latest reply on Nov 30, 2017 2:38 PM by Intel Corporation

    Event viewer error with RCS remote configuration


      So I've made an RCS/SCS server, set up the database and CA, set up the DNS, etc but still running into issues when the server-script .bat/.vbs script is called by the scs software.

      WMI works to the remote system, I can query for domain name and see the results in the log file.



      it's the part of the script which calls ConfigAMT which fails.


      retVal = objWMIService.ConfigAMT(uuid, fqdn, ConfMethod, profileName, pid, "", "", "", "", strComputer, "", "", "", "", "", "", "", errorStr)


      fqdn, uuid, strComputer, all reflect the test PC's fqdn, uuid, and IP address respectively. That was obviously the intent of the sample scripts.  ConfMethod is 2 (PKI), profile name is "CSIT_Managed" which matches a profile I defined in scs. errorStr is always returned empty.


      All the variables and their values appear to be correct, but I get an erroneous return value of -1073741718 and in the windows event viewer I see this message:


      The following information was included with the event:

      Method call ConfigAMT is denied because computer SERVERNAME$ made the call for PCNAME.DOMAIN.CA instead of for itself.



      I do not understand where the error is coming from, the error makes no sense.... isn't the whole point for RCS is that the SERVERNAME$ can make a call to provision PCNAME.DOMAIN.CA?

        • 1. Re: Event viewer error with RCS remote configuration
          Intel Corporation
          This message was posted on behalf of Intel Corporation


          RCS has a relatively new code that locks configurations by default from a computer account from a different computer.  In this case you'd only be able to configure your computer.  If on Computer 1, then computer 1 can configure but Computer 2 cannot.  There is an option to change this behavior.  ConfigAMT is 

          HKLM/Software/WOW64(32)node/Intel/Intel Setup and Configuration Software/11.2/RCS/General Settings

          Key: EnhancedSecurityEnabled 

          Value: 01 (default) so, change to 00.

          The other workaround (assuming you are using an account that is a local account) to use an account that has local admin rights to the AMT computer and appropriate rights to Intel_RCS NameSpace.