8 Replies Latest reply on Feb 19, 2009 4:36 PM by Trevor.Sullivan

    No AMT Showing up

    wadebart

      Well, we've got the Out of Band Service point setup on our primary SCCM Site Server which is Native Mode as well.  The Provisioning Cert (Standard Web SSL Cert) is from Verisign and the AMT Template is from out internal CA.  I've stepped through all the instructions in the Quick Start Guide v1.9 (from Intel) and I'm not seeing any computers listed as supported.  We have a lot that say "Not Supported" for AMT Status and the remaining ones say "Unknown."  The AMTOPMGR.log doesn't have anything glaring, but I'm not sure what to look for to indicate problems with my setup...........

       

      I can initiate a Management Controller Discovery on the All System Collection and the AMTOPMGR.log file scrolls through like any other discovery (i.e. AD System Discovery log file) but my gut tells me something is wrong as I know for a fact we have vPro computers out there from Dell (Optiplex).

        • 1. Re: No AMT Showing up
          Trevor.Sullivan

          Hello,

           

          First things first ... let's make sure that your systems are being properly recognized as AMT clients by Configuration Manager. The ConfigMgr client inventories AMT details during hardware inventory cycles, and stores the data in a "AMT Agent" section in Resource Explorer. In order for the ConfigMgr client to detect the management controller however, you will need to make sure that the HECI driver (Intel Management Engine Interface) device is installed on the AMT clients. Here are a couple steps to try:

           

          1) Open Device Manager on one of your AMT clients, open the System category, and look for "Intel(R) Management Engine Interface" .... if you cannot find it, then ConfigMgr probably doesn't know that your client is an AMT client.


          2) Open Resource Explorer in your ConfigMgr console for the same ConfigMgr resource you are working with in step #1. Look for an AMT Agent section in the hardware inventory for the system. If the section doesn't exist, or doesn't contain any information, you probably don't have the HECI driver installed on the AMT system.

           

          3) Run the MEinfowin tool from IBM. This retrieves information about the AMT chipset using the HECI driver. If it fails to run, your HECI / MEI (Management Engine Interface) probably isn't installed correctly. Download MEinfowin

           

          Post back with your results.

           

          Trevor Sullivan

          Systems Engineer

          OfficeMax Corporation

          • 2. Re: No AMT Showing up
            wadebart

            Okay, the driver is in Device Manager and the Resource Explorer is showing AMT.  In the AMTOPMGR.LOG I'm getting this

             

            CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 10.0.18.183:16992

            CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 10.0.18.183:16993

            CSMSAMTDiscoveryTask::Execute - DDR written to E:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box

            Auto-worker Thread Pool: Succeed to run the task . Remove it from task list.

            AMT Discovery Worker: Wakes up to process instruction file.

             

            I have the firewall turned off on the client!  Why wouldn't it be able to connect to those ports?

            • 3. Re: No AMT Showing up
              wadebart

              Okay, I now installed all the latest Dell Intel Drivers for this one computer and now I'm seeing this in the AMTOPMGR.log

               

              Server unexpectedly disconnected when TLS handshaking.

              **** Error 0x84fb970 returned by ApplyControlToken

              Server unexpectedly disconnected when TLS handshaking.

              **** Error 0x84fb970 returned by ApplyControlToken

              session params : http://WCOR3J7C1J1.xxxxxx.com:16992   ,  111001

              ERROR: Invoke(get) failed: 80020009argNum = 0

              Description: The client cannot connect to the remote host specified in the request. Verify that the service on the remote host is running and is accepting requests. You may use the following command to analyze the state of the WinRM service and to configure the service, if necessary: "winrm quickconfig".

              Error: Failed to get AMT_SetupAndConfigurationService instance

              • 4. Re: No AMT Showing up
                Trevor.Sullivan

                Can you run MEinfowin and paste the results here? Also, please validate the following:

                 

                1) DHCP Option 15 matches the FQDN of the Active Directory domain that your ConfigMgr site server resides in

                2) Use nslookup to verify the forward (A) and reverse (PTR) DNS records for the client and ConfigMgr site server (do this step from the site server)

                3) Create a collection with your vPro system in it and enable Automatic Provisioning (right-click collection and choose Modify Collection Settings)

                 

                By the way, while you're troubleshooting an issue with AMT provisioning, you can do a couple of things to speed up the process:

                 

                1) Modify your sitectrl file to enable a higher provisioning attempt frequency (mine's set to 10 minutes right now)

                2) Use the sendsched.vbs script to make a connection to WMI on the vPro client, and force-trigger an AMT provision attempt

                3) Force a machine policy update from the ConfigMgr control panel applet (after you set the )

                 

                FYI, I've never really had a whole lot of success with the "Discover management controllers" task ... it never seems to work right, and I'm not sure what it is supposed to do. Rather, if I were you, I'd just go ahead and try to provision a device.

                 

                Hope this helps,

                 

                Trevor Sullivan

                Systems Engineer

                OfficeMax Corporation

                • 5. Re: No AMT Showing up
                  wadebart

                  1.  DHCP Option 15 matches

                  2.  NSLookup verified records

                  3.  Got the collection setup.

                   

                  MEInfo

                   

                  Intel(R) MEInfo Win Version: 2.5.0.1032

                  BIOS Version:                A02

                  Intel(R) AMT code versions:
                          Flash:                       5.0.1
                          Netstack:                    5.0.1
                          Apps:                        5.0.1
                          Intel(R) AMT:                5.0.1
                          Sku:                         18440
                          VendorID:                    8086
                          Build Number:                1111
                          Recovery Version:            5.0.1
                          Recovery Build Num:          1111
                          Legacy Mode:                 False

                  Link status:                 Link up
                  Cryptography fuse:           Enabled
                  Flash protection:            Enabled
                  Last reset reason:           Power up
                  Setup and Configuration:     In process
                  BIOS Mode:                   Post Boot

                  Error: The operation failed due to an internal error.
                  FWU Override Counter:        Always
                  FWU Override Qualifier:      Always
                  FW on Flash Desc Override:   Disable
                  Kedron Driver Version:       Not Available
                  Kedron HW Version:           Not Available
                  UNS Version:                 5.0.5.1102
                  LMS Version:                 5.0.6.1102
                  HECI Version:                5.0.1.1055

                   

                   

                  1.  I don't know how to modify the sitectrl file

                  2.  where is the sendsched.vbs?

                  3.  I can force Machine Policy Updates.

                  • 6. Re: No AMT Showing up
                    Trevor.Sullivan

                    Attached to this post are the scripts necessary to manually fire off a provisioning attempt. Simply run "AMT Policy Scheduler.bat" vProClient.vProdemo.com.

                     

                    Here is more information about how to modify your sitectrl file.

                     

                    http://social.technet.microsoft.com/forums/en-US/configmgrgeneral/thread/3f52755a-24a6-4d62-9fa4-db4c23a9a305/

                     

                    Trevor Sullivan

                    Systems Engineer

                    OfficeMax Corporation

                    • 7. Re: No AMT Showing up
                      wadebart

                      Here's what I get on the client when running the script.

                       

                      From the oobmgmt.log

                       

                      Can not read last OTP from [Software\Microsoft\Sms\Mobile Client\OutOfBand Management\OneTimePassword], (0x80070002)

                      Can not set new OTP or load last OTP!

                      Failed to Call GenerateOTPPassword provider method, 80041001

                      • 8. Re: No AMT Showing up
                        Trevor.Sullivan

                        Have you ever logged into the MEBx on this system, and if so, did you change the password on the MEBx? I would recommend setting the MEBx back to factory defaults. The way I usually do this is to pull the power cord & the CMOS battery, and then give the BIOS a few seconds to reset.

                         

                        Trevor Sullivan

                        Systems Engineer

                        OfficeMax Corporation