7 Replies Latest reply on Jul 19, 2010 3:00 PM by chykun

    Provision Intel vPro with SCCM 2007 SP2 - strange error

    mr0range

      We are trying to provision our Intel vPro  clients with SCCM 2007 SP2. We use a test certificate from Verisign with a bit length of 1024 and the Root CA has 2048-bits (there is a 2048-bit limit on vPro clients). The Vpro client has the hash of the Root CA entered (as seen in the log below). The local password in MEBx is configured in SCCM to match the local MEBx password. We have un-provisioned the client multiple times.

       

      I'm particularly interested in the error:

       

      Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.     

       

      **** Error 0x431b240 returned by ApplyControlToken

       

      I have tried to search for "Error 0x431b240 returned by ApplyControlToken", but without success. Strange!

       

       

      This is the AMTOPMGR.log on the SCCM Provisioning server:

       

      >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<<

      Provision target is indicated with SMS resource id.  (MachineId = 52861 lovdotvpro1.orebroll.se)      SMS_AMT_OPERATION_MANAGER       2010-07-16 09:34:26      10428 (0x28BC)
      Found valid basic machine  property for machine id = 52861.      SMS_AMT_OPERATION_MANAGER      2010-07-16  09:34:26      10428 (0x28BC)
      Warning: Currently we don't support mutual auth.  Change to TLS server auth mode.      SMS_AMT_OPERATION_MANAGER      2010-07-16  09:34:26      10428 (0x28BC)
      The provision mode for device  lovdotvpro1.orebroll.se is 1.      SMS_AMT_OPERATION_MANAGER      2010-07-16  09:34:26      10428 (0x28BC)
      Check target machine (version 5.2.10) is a SCCM  support version. (TRUE)      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26       10428 (0x28BC)
      The IP addresses of the host lovdotvpro1.orebroll.se are  10.20.19.106.      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Attempting to establish connection with target device using SOAP.       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Found matched certificate hash in current memory of provisioning  certificate      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Create provisionHelper with (Hash:  6CC51B70B989FAD4BAB6C83649EE68C4CA6A0999)       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Set credential on provisionHelper...      SMS_AMT_OPERATION_MANAGER       2010-07-16 09:34:26      10428 (0x28BC)
      Try to use provisioning account  to connect target machine lovdotvpro1.orebroll.se...       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      AMT Provision Worker: 1 task(s) are sent to the task pool  successfully.      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      12036  (0x2F04)
      STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server"  COMP="SMS_AMT_OPERATION_MANAGER" SYS=VEYRON SITE=CM1 PID=7296 TID=12036  GMTDATE=Fri Jul 16 07:34:26.421 2010 ISTR0="1" ISTR1="0" ISTR2="0" ISTR3=""  ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      12036  (0x2F04)
      AMT Provision Worker: Wait 20 seconds...       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      12036  (0x2F04)
      AMT Provision Worker: Wakes up to process instruction files       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      12036  (0x2F04)
      AMT Provision Worker: Wait 20 seconds...       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      12036  (0x2F04)
      AMT Provision Worker: Wakes up to process instruction files       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      12036  (0x2F04)
      AMT Provision Worker: Wait 20 seconds...       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      12036  (0x2F04)
      Error 0x80090304 returned by InitializeSecurityContext during follow  up TLS handshaking with server.      SMS_AMT_OPERATION_MANAGER      2010-07-16  09:34:26      10428 (0x28BC)
      **** Error 0x431b240 returned by  ApplyControlToken      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26       10428 (0x28BC)
      Fail to connect and get core version of machine  lovdotvpro1.orebroll.se using provisioning account #0.       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Error 0x80090304 returned by InitializeSecurityContext during follow  up TLS handshaking with server.      SMS_AMT_OPERATION_MANAGER      2010-07-16  09:34:26      10428 (0x28BC)
      **** Error 0x431b240 returned by  ApplyControlToken      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26       10428 (0x28BC)
      Fail to connect and get core version of machine  lovdotvpro1.orebroll.se using provisioning account #1.       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Try to use default factory account to connect target machine  lovdotvpro1.orebroll.se...      SMS_AMT_OPERATION_MANAGER      2010-07-16  09:34:26      10428 (0x28BC)
      Error 0x80090304 returned by  InitializeSecurityContext during follow up TLS handshaking with server.       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      **** Error 0x431b240 returned by ApplyControlToken       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Fail to connect and get core version of machine  lovdotvpro1.orebroll.se using default factory account.       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Try to use provisioned account (random generated password) to  connect target machine lovdotvpro1.orebroll.se...       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Error 0x80090304 returned by InitializeSecurityContext during follow  up TLS handshaking with server.      SMS_AMT_OPERATION_MANAGER      2010-07-16  09:34:26      10428 (0x28BC)
      **** Error 0x431b240 returned by  ApplyControlToken      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26       10428 (0x28BC)
      Fail to connect and get core version of machine  lovdotvpro1.orebroll.se using provisioned account (random generated password).       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Error: Device internal error. This may be caused by: 1. Schannel  hotfix applied that can send our root certificate in provisioning certificate  chain. 2. incorrect network configuration(DHCP option 6 and 15 required for AMT  firmware). 3. AMT firmware self signed certificate issue(date zero). 4. AMT  firmware is not ready for PKI provisioning. Check network interface is opening  and AMT is in PKI mode. 5. Service point is trying to establish connection with  wireless IP address of AMT firmware but wireless management has NOT enabled yet.  AMT firmware doesn't support provision through wireless connection. (MachineId =  52861)      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      Error: Can NOT establish connection with target device. (MachineId =  52861)      SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)
      >>>>>>>>>>>>>>>Provision  task end<<<<<<<<<<<<<<<       SMS_AMT_OPERATION_MANAGER      2010-07-16 09:34:26      10428  (0x28BC)



      Regards