1 Reply Latest reply on Jan 18, 2012 11:18 AM by

    802.1 Provisioning Issue

    ianfraser

      Hi

       

      I've run into an issue with AMT provisioning on a Lenovo M91p running firmware / MEI  7.x

       

      Running the provision from SCCM with SP2 installed. I can fully provision a device without using the 802.1x and wireless options on the OOBM settings, but when configuring the 802.1x and wireless options I get the following information in the log:

       

       

      Error: Failed to add a new Trusted root certificate,Device does not support the certificate format.

      Error: Failed to add a new Trusted root certificate,return value:2063.

      Error: Failed to finish critical setup and configuration step. (AMTWSManUtilities::AddCertificate)

      Warning: CSMSAMTProvTask::StartProvision Fail to call SetWirelessServerCertificate

      Begin to set Wired 8021x Profile...

      No Trust Root Certificate

      The wired profile is invaid. Skip adding...

       

      I have both imported the .CER and tried pulling directly from the issuing CA - but still get the same issue.

       

      Are there any specific settings related to the Trusted Root Cert? Do I need the entire Cert chain as well?

       

      We use a CA with issuing CA's on 2008.

       

      Thanks

       

      Ian

        • 1. Re: 802.1 Provisioning Issue

          I've worked out the problem, we need to use a shorter Root Cert. Ours is currently 4096, wheras we should be using a key length of no greater than 2048 for AMT.

           

          I didnt run into the issue up to now as we use a Comodo Cert for provisioning.

           

          The give away was:

           

          Error: Failed to add a new Trusted root certificate,Device does not support the certificate format.

          Error: Failed to add a new Trusted root certificate,return value:2063.

           

          Solution:

           

          Build a second CA with a Root key of 2048 in length. and issue this for purposes of 802.1x.