6 Replies Latest reply on Jun 23, 2010 12:28 PM by ralmoni

    Provisioning Problems with Verisign Certificate

    ralmoni

      Hello, I have a Certification Authority on a Windows 2008 Enterprise, SCCM SP2 and a Verisign certificate.
      I try to make a provisioning a computer without SCCM client. I connect to the network and start sending messages "Hello", but in the amtpmgr.log shows me the following:

       

      Start processing incoming hello message from 10.100.1.3:16994. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      Incoming data is - Configuration version: PKI Configuration. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      Count  : 7 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      UUID   : 4C4C4544-0038-4E10-8050-B4C04F38344A SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      Found matched hash from hello message with current provision certificate. (Hash: 742C3192E607E424EB4549542BE1BBC53E6174E2) SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      ** Requesting AMT Discovery - Source,Custom,IPV4Address,10.100.1.3,NetBios,Vpro01, ** SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      Successfully created instruction file for AMT Discovery. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      Warning: AMT device 4C4C4544-0038-4E10-8050-B4C04F38344A has not been discovered by SMS or previously detected with NOT AMT capable machine. Send discovery instruction file. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      Successfully processed incoming hello message from 10.100.1.3:16994. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      Waiting for incoming hello message from AMT devices... SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 3588 (0x0E04)
      AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Wait 3600 seconds... SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Reading Discovery Instruction F:\Microsoft Configuration Manager\inboxes\amtopmgr.box\disc\{20F3B2DA-F0B7-40FA-A862-8CEFAA075212}.DSC... SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Execute query exec AMT_IPToResourceID '10.100.1.3', 'F00' SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: CSMSAMTDiscoveryWorker::IPv4ToResouceID - Found matched machine SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Execute query exec AMT_GetThisSitesNetBiosNames NULL, 'GUID:492F180F-95E7-4A9D-AABD-3690A8E8B3AF', 'F00' SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: CSMSAMTDiscoveryWorker::RetrieveInfoFromResource - Found machine Vpro01 (Vpro01.vprolab), ID: 20491 - 10.100.1.3 from Resource GUID:492F180F-95E7-4A9D-AABD-3690A8E8B3AF. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Execute query exec AMT_GetAMTMachineProperties 20491 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Execute query exec AMT_GetProvAccounts SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Finish reading discovery instruction F:\Microsoft Configuration Manager\inboxes\amtopmgr.box\disc\{20F3B2DA-F0B7-40FA-A862-8CEFAA075212}.DSC SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Parsed 1 instruction files SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Send task  to completion port SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      Auto-worker Thread Pool: Current size of the thread pool is 1 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: 1 task(s) are sent to the task pool successfully. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=ZVSCCM01 SITE=F00 PID=468 TID=8612 GMTDATE=vie jun 11 10:36:09.368 2010 ISTR0="1" ISTR1="0" ISTR2="0" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 8612 (0x21A4)
      Auto-worker Thread Pool: Work thread 6776 started SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:09 6776 (0x1A78)
      AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:29 8612 (0x21A4)
      AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:29 8612 (0x21A4)
      CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 10.100.1.3:16992. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      **** Error 0x426b1ec returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      **** Error 0x426b1ec returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      session params :
      https://capppre029.vprolab:16993   ,  11001 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Description: A certificate is required to complete client authentication SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      session params :
      https://capppre029.vprolab:16993   ,  11001 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Description: A certificate is required to complete client authentication SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      session params :
      https://10.100.1.3:16993   ,  15001 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Description: A certificate is required to complete client authentication SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      session params :
      https://10.100.1.3:16993   ,  15001 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Description: A certificate is required to complete client authentication SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)

      CSMSAMTDiscoveryTask::Execute - DDR written to F:\Microsoft Configuration Manager\inboxes\auth\ddm.box SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      Auto-worker Thread Pool: Succeed to run the task . Remove it from task list. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:30 6776 (0x1A78)
      AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:49 8612 (0x21A4)
      AMT Discovery Worker: Wait 3600 seconds... SMS_AMT_OPERATION_MANAGER 11/06/2010 12:36:49 8612 (0x21A4)
      Auto-worker Thread Pool: Work thread 6776 has been requested to shut down. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:37:10 6776 (0x1A78)
      Auto-worker Thread Pool: Work thread 6776 exiting. SMS_AMT_OPERATION_MANAGER 11/06/2010 12:37:10 6776 (0x1A78)
      Auto-worker Thread Pool: Current size of the thread pool is 0 SMS_AMT_OPERATION_MANAGER 11/06/2010 12:37:10 3376 (0x0D30)


      Any ideas?

        • 1. Re: Provisioning Problems with Verisign Certificate
          dbrunton

          Have you imported the computer into SCCM using the "Import Out of Band Computers" wizard?  Are you able to ping the computer from your SCCM server using it's FQDN?

          • 2. Re: Provisioning Problems with Verisign Certificate
            ralmoni

            Yes, I use "Import Out Of Band Computers" wizard. And the computer responds to ping. When I try to make a provisioning a computer with SCCM client, provisioning In-Bound, the amtpmgr.log shows me the following

             

            AMT Discovery Worker: CSMSAMTDiscoveryWorker::RetrieveInfoFromCollection: Found machine CTVOL000 - 10.61.217.83 from Collection F00000A9. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Execute query exec AMT_GetAMTMachineProperties 19864 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Execute query exec AMT_GetProvAccounts SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Finish reading discovery instruction F:\Microsoft Configuration Manager\inboxes\amtopmgr.box\disc\{F8F0677A-26C1-420C-BF1F-32CD1812B5EF}.RDC SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Parsed 1 instruction files SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: There are 3 tasks in pending list SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Send task  to completion port SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            Auto-worker Thread Pool: Current size of the thread pool is 1 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Send task  to completion port SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            Auto-worker Thread Pool: Work thread 5124 started SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Auto-worker Thread Pool: Work thread 7928 started SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 7928 (0x1EF8)
            Server unexpectedly disconnected when TLS handshaking. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            **** Error 0x446b548 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Server unexpectedly disconnected when TLS handshaking. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            **** Error 0x446b548 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            session params : https://ctvol000.vprolab:16993   ,  11001 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Auto-worker Thread Pool: Current size of the thread pool is 2 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Send task  to completion port SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            Auto-worker Thread Pool: Current size of the thread pool is 3 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: 3 task(s) are sent to the task pool successfully. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            Auto-worker Thread Pool: Work thread 10832 started SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 10832 (0x2A50)
            STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=ZVSCCM01 SITE=F00 PID=12196 TID=3700 GMTDATE=Mon Jun 14 07:36:56.749 2010 ISTR0="3" ISTR1="0" ISTR2="0" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 3700 (0x0E74)
            ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Description: The I/O operation has been aborted because of either a thread exit or an application request. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            session params : https://ctvol000.vprolab:16993   ,  11001 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Description: The I/O operation has been aborted because of either a thread exit or an application request. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            session params : https://10.61.217.83:16993   ,  15001 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Description: The I/O operation has been aborted because of either a thread exit or an application request. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            session params : https://10.61.217.83:16993   ,  15001 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Description: The I/O operation has been aborted because of either a thread exit or an application request. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            CSMSAMTDiscoveryTask::Execute - DDR written to F:\Microsoft Configuration Manager\inboxes\auth\ddm.box SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)
            Auto-worker Thread Pool: Succeed to run the task . Remove it from task list. SMS_AMT_OPERATION_MANAGER 14/06/2010 9:36:56 5124 (0x1404)

            • 3. Re: Provisioning Problems with Verisign Certificate
              dbrunton

              What kind of client are you working with.  What version of AMT firmware is it running?

              • 4. Re: Provisioning Problems with Verisign Certificate
                ralmoni

                Hi, I have SCCM SP2 and AMT version is 3.2.10 and 5.0

                • 5. Re: Provisioning Problems with Verisign Certificate
                  dbrunton

                  Are you using DHCP or static IP's?

                  • 6. Re: Provisioning Problems with Verisign Certificate
                    ralmoni

                    Hi, i'm using DHCP and the DHCP server with an active scope (DNS servers (006) and Domain name (015))