1 2 Previous Next 16 Replies Latest reply on Nov 1, 2011 2:34 PM by stepland

    sccm primary site provisioning problem

    stepland

      Hi, I have installed my provisioning certificate on my parent sccm server and i am able to provision clients that have their site settings pointing to this server.

       

      We have quite a few branch offices that point to this parent sccm server for its site settings and they are provisioning as well. However, one of our branch offices has its own primary child sccm server on which none of the client are getting provisioned.

       

      they all have this error in the oobmgt.log file

       

      <![LOG[Failed to Call CheckCertificate provider method, 80041001]LOG]!><time="19:44:56.976+180" date="05-16-2011" component="oobmgmt" context="" type="3" thread="6392" file="amtprovisionendpoint.cpp:412">
      <![LOG[END]LOG]!><time="19:44:56.992+180" date="05-16-2011" component="oobmgmt" context="" type="1" thread="6392" file="amtprovisionendpoint.cpp:881">

       

      does anyone have documentation on how to set this up?

        • 1. Re: sccm primary site provisioning problem
          brunodom

          Stéphane,

           

               Does your branch that is facing this provisioning problem using a different FQDN? See if is not the case of disjoined namespace.

           

          Best Regards!

          --Bruno Domingues

          • 2. Re: sccm primary site provisioning problem
            stepland

            Hey Bruno,

             

            My parent sccm server that has the certificate installed on has a different FQDN than the branch server

             

            parent sccm server = serverA.ab.cde.fghi.ca

             

            primary child sccm server= serverB.ab.cde.fghi.ca

             

            my certificate was generate with an alias of = intelvpro.ab.cde.fghi.ca

             

            the alias is pointing to serverA

             

            all branchs are all on the same domain including serverb

             

            the fully qualified domain name string is the same but the host name is diffenrent.

             

            is that have you are asking??

             

            thanks

            • 3. Re: sccm primary site provisioning problem
              stepland

              Can someone help me with my previous question please?

              • 4. Re: sccm primary site provisioning problem
                brunodom

                Sthéphane,

                 

                     I'm not sure that I understand your case, based on your last post, this diagram represent your environment?

                 

                     DomainDiagram.jpg

                     It's means that you have a single forest, a single domain with multiples sites, correct? In this case, there is no reason to provision fail, and we should see others option... please, let me know if I understood correctly.

                 

                Best Regards!

                --Bruno Domingues

                • 5. Re: sccm primary site provisioning problem
                  stepland

                  Yes, you got it. single domain, single forest with multiple sites.

                   

                  sccm serverA set up as primary parent and failing clients are on serverB sccm primary child

                   

                  On ServerA i noticed that looking at the sccm console site settings for serverB there is the OOB component configuration options there as well, does it need to be configured there as well, you can set every option that you can on serverA under component configuration then OOB console options but the provisioning certificate and certificate template part is not available....in both boxes it says "not available on parent site" but my parent site is server A.

                   

                   

                   

                  oob.png

                   

                  thanks for your help.

                   

                  Stéphane

                  • 6. Re: sccm primary site provisioning problem
                    brunodom

                    Stéphane,

                     

                         I believe that the problem is because you are managing the child primary from primary site.

                         Configuration Manager prevents you configuring the AMT provisioning certificate in this case because it would result in overwriting the AMT provisioning certificate in the parent site.

                         Try configure directly from the child site.

                     

                    Best Regards!

                    --Bruno Domingues

                    • 7. Re: sccm primary site provisioning problem
                      stepland

                      ok, i just looked at the settings for this from the primary child, it looks like i need another provisioning certificate on my primary child sccm server....right?

                       

                      i tried pointing it to the primary parent prov cert but brought up a certificate error??

                       

                      let me know

                       

                      thanks

                       

                      Stéphane

                      • 8. Re: sccm primary site provisioning problem
                        brunodom

                        Stéphane,

                         

                             As far child is part of same dns domain, there is no reason to use another certificate. can you send me the error message and amtopmgr.log in order to make easier to figure out what is going on?

                         

                        Best Regards!

                        --Bruno Domingues

                        • 9. PuYvhRcPUNJyjcCZg
                          Your reply was rejected by a moderator. Please edit your reply and resubmit it for approval.

                          Well mcadaaima nuts, how about that.

                          • 10. WhwDGOLJYUGfI
                            Your reply was rejected by a moderator. Please edit your reply and resubmit it for approval.

                            Well done article that. I'll make sure to use it wseily.

                            • 11. Re: sccm primary site provisioning problem
                              stepland

                              Hi Bruno, sorry for the late reply

                               

                              Here is both the parent and primary child logs

                               

                              see attachement.

                               

                              please help me!!!   :O)

                               

                              thanks

                               

                               

                              Stéphane

                              • 12. Re: sccm primary site provisioning problem
                                brunodom

                                Stéphane,

                                 

                                     Looking into your logs I just found there are some vPro 2.2 versions trying be provisioned as showed in this piece of log:

                                 

                                    Ws-Translator.PNG

                                Have you installed the Intel WS-Translator in you SCCM? it's required to provision machines with Me firmware 3.2.1 and older.

                                 

                                About the certificate issue, can you send the me printscreen of OOB component directly from primary child (using RDP), not from parent? I can see this mensage in your logs:

                                 

                                Certificate_Missing_amtopmgr.PNG

                                 

                                Can you confirm vPro versions and also which certificate did you issue?

                                 

                                Best Regards!

                                --Bruno Domingues

                                • 13. Re: sccm primary site provisioning problem
                                  stepland

                                  Hi Bruno,

                                   

                                  The AMT versions 2.2 I am neglecting for now as they will be getting life cycled shortly .

                                   

                                  The versions i have in the child location are a mix of 3.2.1 up to 7.14 and pretty much everything in between.

                                   

                                  These versions are provisioning fine in all other locations where there site settings point to the primary parent.

                                   

                                  I am using a verisign cert.

                                   

                                  As you can see in the screen shot below there is partial info entered in the general tab on the component for the primary child. That is because when i configured the primary parent and all locations except the child started provisioning i figured that the child needed the same configuration as the parent so i put it in for a test, it did not seem to change anything so i removed the info but could not remove the top 2 entries. Should the configuration be in the child as well. The cert i got from verisign was done based on the parent fqdn.

                                   

                                  please see attachement below

                                   

                                  Also, here is a oobmgmt log entry from one of those clients under the child location, all clients at the child location have these entries in the log

                                   

                                  <![LOG[Successfully submitted event to the Status Agent.]LOG]!><time="16:27:38.399+180" date="08-15-2011" component="oobmgmt" context="" type="0" thread="4064" file="event.cpp:543">
                                  <![LOG[Failed to Call CheckCertificate provider method, 80041001]LOG]!><time="16:27:38.399+180" date="08-15-2011" component="oobmgmt" context="" type="3" thread="4064" file="amtprovisionendpoint.cpp:412">
                                  <![LOG[END]LOG]!><time="16:27:38.446+180" date="08-15-2011" component="oobmgmt" context="" type="1" thread="4064" file="amtprovisionendpoint.cpp:881">

                                   

                                  Please advise and thanks for your help

                                   

                                  Stéphane

                                  1 2 Previous Next