It has been a while since I played with SCS, but check the following:
is there an entry for the system's UUID in the System Configuration page in SCS (not sure about the name, it's the bottom one on the tree)
make sure the profile selected in that entry exists
check that the UUID sent in the provisioning package (you should see this in the log) is the same as the one you have got in the configuration list
Let me/us know how you get on!
Hello Alex - thanks for the note and the suggestions.
I checked the items you mentioned and here's what I've found...
There is an entry for my systems UUID in the System Configuration page on the console. It's the only one there - the only vPro system we have.
The profile listed there does exist and looks (I hope!) to be configured correctly.
The UUID sent in the package matches the one in the listing in the System Configuration page.
My Log is now filled with two repeating events:
Missing registry key for PKI provisioning, make sure at least one certificate is selected for PKI provisioning
Cannot connect Intel AMT device to 172.23.5.21 (the ip number of the pc)
I've checked and re-checked my Profile and it appears to have all the certs imported correctly. I'm stumped on where else to look.
It sounds like your AMT system is setup to provision using PKI (Remote) provisioning. If this is the type of provisioning you are attempting, you'll need to verify that you entered in the Root Certificate hash value for your CA into the PKI provisioning hash table for the AMT system you are using. Alternatively, you can also use one of the built in hash values built into the AMT firmware. This will require you to purchase an external certficate from one of the vendors (ex. Verisign) and import that certificate into your SCS system. You'll also want to make sure you have created the PKI (Remote) provisioning certificate (different certificate using the OID value 220.127.116.11.18.104.22.168.1,2.16.840.1.113722.214.171.124) and then using the Loadcert.exe utilities included with the SCS installation, select this certificate for PKI (Remote) configuration.
If you aren't meaning to perform PKI (Remote) configuration, then you'll need to enter the MEI for your system and disable PKI (Remote) configuration and instead change to PSK provisioning and enter in the PID/PPS key combination generated by SCS (under Security Keys).
Thanks for the info. Yes, I was afraid of that. I noticed the AMT device we have on loan from HP has 4 hashes in it, and of course our Root Cert hash is not there. We spoke to HP and it appears it would be a bit extra cost to add our Root CA to the AMT device has table so it would be there when the system comes in the door. Additionally, we don't really want to buy one of the built-in hashes at this point.
On a hopeful note, we spoke with our local HP and Intel folks last week and the agreed to come in and sit down with us to help sort out our problems. They assured us we didn't need to purchase a third-party cert or even have ours put in the AMT device. Sounds good to us!
We'll see how we do!