4 Replies Latest reply on Feb 2, 2011 9:36 AM by blair.muller@gmail.com

    WS Translator to Provision AMT Systems Error in Translator log

    blair.muller@gmail.com

      Hi Everyone,

       

      I have configured SCCM to use WS-MAN to managed to provision three computers with version 3.0.1 on it however when I force a discovery I see the attached in the translator log.

       

      The error that I am seeing is Discovery failed for https://FQDN:16993

       

      In have attached the amtopmgr.log and the error that I’m thinking may help is ERROR: Invoke(get) failed: 80020009argNum = 0

       

      I have goggled these errors but can’t seem to find the answer I need, If anybody could point me in the right direction that would be great.

       

      Regards,

       

      Blair

        • 1. Re: WS Translator to Provision AMT Systems Error in Translator log
          brunodom

          Blair,

           

               It's seen that vPro machine is not listening mode for 16993 port, and you can easily discover if it's the case:

               - From SCCM server open a command prompt and type:

           

               c:\>telnet <IP_of_vPro_Machine> 16993

           

               If fail to connect you must check the following conditions:

           

               - Windows firewall in vPro machine is enabled? if so, try disable just for this test;

               - HECI driver and LMS is installed and correctly reporting?

           

               If all these conditions are ok and still facing problem with 16993 connection, download the ZTCLocalAgent.exe from Intel AMT SDK and execute as administrator in vPro machine:

           

               c:\>ZTCLocalAgent -discovery

           

               if the "Setup and Configuration" status is "Not started", means that SCCM agent didn't trigger the activation process and you can force it running the command:

           

               c:\>ZTCLocalAgent -activate

           

          Best Regards!

          --bruno

          • 2. Re: WS Translator to Provision AMT Systems Error in Translator log
            blair.muller@gmail.com

            Hey Bruno,

             

            Thanks for your help,

             

            I have the following in the Device Manager under Ports

             

            Intel® Active Management Technology – SOL (COM3)

             

            I have the following services running

             

            Intel(R) Active Management Technology Local Management Service

            Intel(R) Active Management Technology System Status Service

            Intel(R) Active Management Technology User Notification Service

             

            I can telnet to the pc on port 16993

             

            When I run the ZTCLocalAgent –discovery I get the following

             

            Intel ZTCLocalAgent Version: 6.0.2.0

             

             

            BIOS Version:            786F1 v01.04

             

             

            Intel AMT code versions:

                    Flash:                   3.0.1

                    Netstack:                3.0.1

                    AMTApps:                 3.0.1

                    AMT:                     3.0.1

                    Sku:                     14

                    VendorID:                8086

                    Build Number:            1104

                    Recovery Version:        3.0.1

                    Recovery Build Num:      1104

                    Legacy Mode:             False

             

             

            Setup and Configuration:

            In process

             

            Found 4 certificate hashes in following Handles:

            0,1,2,3,

             

            Certificate hash entry:

             

            Friendly Name = VeriSign Class 3 Primary CA-G1

            Default = true

            Active = true

            Hash Algorithm = SHA1

             

            Certificate Hash:

            74 2C 31 92 E6

            07 E4 24 EB 45

            49 54 2B E1 BB

            C5 3E 61 74 E2

             

            Certificate hash entry:

             

            Friendly Name = VeriSign Class 3 Primary CA-G3

            Default = true

            Active = true

            Hash Algorithm = SHA1

             

            Certificate Hash:

            13 2D 0D 45 53

            4B 69 97 CD B2

            D5 C3 39 E2 55

            76 60 9B 5C C6

             

            Certificate hash entry:

             

            Friendly Name = Go Daddy Class 2 CA

            Default = true

            Active = true

            Hash Algorithm = SHA1

             

            Certificate Hash:

            27 96 BA E6 3F

            18 01 E2 77 26

            1B A0 D7 77 70

            02 8F 20 EE E4

             

            Certificate hash entry:

             

            Friendly Name = Starfield Class 2 CA

            Default = true

            Active = true

            Hash Algorithm = SHA1

             

            Certificate Hash:

            AD 7E 1C 28 B0

            64 EF 8F 60 03

            40 20 14 C3 D0

            E3 37 0E B5 8A

             

            Any other ideas?

            • 3. Re: WS Translator to Provision AMT Systems Error in Translator log
              brunodom

              Hi Blair,

               

                     If you are able to connect remotely to 16993 port it means that nothing is blocking the communication, as showed in ZTClocalAgent. In this case the root cause looks to be in TLS layer, so some commons problems:

               

                   In case you are using PSK:

               

                   -Did you enter manualy/or by USB key the PSK into ME (i.e. PID 4444-4444 and PPS 0000-0000-0000-0000-0000-0000-0000-0000, as WS-Traslator suggest or any other that you configured)?

               

                   -Did you configure the new ME admin password in SCCM OOB console?

               

                   In case you are using PKI:

               

                   - Are you using option 6 and 15 in your DHCP?

                   - If you are using an internal certificate, did you include the hash of root CA in ME? do you have the correct OID or OU name?

                   - If you are using the external certificate, did you name correctly the OU=Intel(R) Client Setup Certificate?

               

               

                   Steve Rachui from Microsoft, wrote a script that can help you identify if there is issues with your certificate.

               

                   Just an overall recommendation: there are some improvents and bug fix since AMT versions 3.0 and upgrading the firmware to latest you can just disable/uninstall the WS-Traslator and simplicy the provisioning process.

               

              Best Regards!

              --Bruno Domingues

              • 4. Re: WS Translator to Provision AMT Systems Error in Translator log
                blair.muller@gmail.com

                Hey Bruno,

                 

                Thanks for all your help.

                 

                It turns out it was just time.  I thought I could force it to provision and I thought I did everything to force it using the sendsched.vbs command and the discover Management Controllers however it must still require some time.

                 

                Regards,

                 

                Blair