3 Replies Latest reply on Apr 30, 2009 1:38 AM by piotreks

    In-band provisioning in SCCM

    piotreks

      Hi
      I have lab SCCM 2007 SP1 R2 on Windows 2008 Server.
      I installed all  hotfixes to Windows Server and hotfixes to SCCM (KB954718,
      KB955126,  KB955355, KB956337, KB957469, KB960804)
      I installed Client on my test  computer (Dell 755). OS system is Vista SP1
      x86.
      I want to provision this  computer with in-band agent provisioning.

       

      In OOBMGMT.log on client  is:
      ----------------------------------
      BEGIN
      Retrying to activate the  device.
      New OTP generated
      Successfully activated the  device.
      END
      ----------------------------------
      In create collection  "AMT Systems". I choosed option Out of Band
      Management - Discover Management  Controllers.
      I checked AMTOPMGR.log on SCCM  server:
      ----------------------------------------------------------------------------------------------
      AMT  Discovery Worker: Wakes up to process instruction files
      AMT Discovery Worker:  Wait 3600 seconds...
      AMT Discovery Worker: Wakes up to process instruction  files
      AMT Discovery Worker: Reading Discovery Instruction 
      c:\ConfigMgr\inboxes\amtopmgr.box\disc\{99AD5C16-1204-481F-BE97-52B3CA79113D}.RDC...
      AMT  Discovery Worker: Execute query exec AMT_GetThisSitesNetBiosNames 
      'ISW0000D', NULL, 'ISW'
      AMT Discovery Worker: Execute query exec  AMT_GetAMTMachineProperties 26
      AMT Discovery Worker:  CSMSAMTDiscoveryWorker::RetrieveInfoFromCollection:
      Found machine hp -  10.1.12.22 from Collection ISW0000D.
      AMT Discovery Worker: Execute query exec  AMT_GetAMTMachineProperties 28
      AMT Discovery Worker:  CSMSAMTDiscoveryWorker::RetrieveInfoFromCollection:
      Found machine DELL01 -  10.1.12.21 from Collection ISW0000D.
      AMT Discovery Worker: Execute query exec  AMT_GetProvAccounts
      AMT Discovery Worker: Execute query exec  AMT_GetProvAccounts
      AMT Discovery Worker: Finish reading discovery  instruction 
      c:\ConfigMgr\inboxes\amtopmgr.box\disc\{99AD5C16-1204-481F-BE97-52B3CA79113D}.RDC
      AMT  Discovery Worker: Parsed 1 instruction files
      AMT Discovery Worker: There are  2 tasks in pending list
      AMT Discovery Worker: Send task  to completion  port
      Auto-worker Thread Pool: Current size of the thread pool is 1
      AMT  Discovery Worker: Send task  to completion port
      Auto-worker Thread Pool:  Current size of the thread pool is 2
      Auto-worker Thread Pool: Work thread  3156 started
      Auto-worker Thread Pool: Work thread 4652  started
      CAMTDiscoveryWSMan::DoDetectAMTVersion: recv failed: 10054
      AMT  Discovery Worker: 2 task(s) are sent to the task pool successfully.
      STATMSG:  ID=7203 SEV=I LEV=M SOURCE="SMS Server"
      COMP="SMS_AMT_OPERATION_MANAGER"  SYS=SCCM SITE=ISW PID=3520 TID=5052
      GMTDATE=Wt kwi
      AMT Discovery Worker:  Wait 20 seconds...
      AMT Discovery Worker: Wakes up to process instruction  files
      AMT Discovery Worker: Wait 20 seconds...
      Error 0x80090304 returned  by InitializeSecurityContext during follow up TLS
      handshaking with  server.
      **** Error 0x331b580 returned by ApplyControlToken
      Error  0x80090304 returned by InitializeSecurityContext during follow up TLS 
      handshaking with server.
      **** Error 0x331b580 returned by  ApplyControlToken
      session params : http://DELL01.vprolab.com:16992   ,   111001
      ERROR: Invoke(get) failed: 80020009argNum = 0
      Description: The I/O  operation has been aborted because of either a thread
      exit or an application  request.
      Error: Failed to get AMT_SetupAndConfigurationService  instance.
      session params : http://DELL01.vprolab.com:16992   ,   111001
      ERROR: Invoke(get) failed: 80020009argNum = 0
      Description: The I/O  operation has been aborted because of either a thread
      exit or an application  request.
      Error: Failed to get AMT_SetupAndConfigurationService  instance.
      CSMSAMTDiscoveryTask::Execute - DDR written to 
      c:\ConfigMgr\inboxes\auth\ddm.box
      Auto-worker Thread Pool: Succeed to run  the task . Remove it from task  list.
      CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp  session to
      10.1.12.22:16992.
      GeneralInfo.GetProvisioningState finished  with HResult = 0x0, status = 0x0,
      clientError =  0.
      CSMSAMTDiscoveryTask::Execute - DDR written to 
      c:\ConfigMgr\inboxes\auth\ddm.box
      Auto-worker Thread Pool: Succeed to run  the task . Remove it from task list.
      AMT Discovery Worker: Wakes up to  process instruction files
      AMT Discovery Worker: Wait 3600  seconds...
      Auto-worker Thread Pool: Work thread 3156 has been requested to  shut down.
      Auto-worker Thread Pool: Work thread 3156 exiting.
      Auto-worker  Thread Pool: Work thread 4652 has been requested to shut down.
      Auto-worker  Thread Pool: Work thread 4652 exiting.
      Auto-worker Thread Pool: Current size  of the thread pool is  0
      ----------------------------------------------------------------------------------------------
      My  test computer name is DELL01.vprolab.com and his ip is 10.1.12.21.
      In  collection "AMT Systems" computer show status "Detected" in AMT Status 
      column and 3.2.3 on AMT Version column.
      Computer don't change status to  "Provisioned". Is still "Detected".
      I can't manage it via Out of Band  Management Console.
      Could you help me with this trouble?

       

      -- 
      piotrek

        • 1. Re: In-band provisioning in SCCM
          Trevor.Sullivan

          Piotrek,

           

          Thanks for your thorough, informational post!

           

          Has this device ever been provisioned before? If yes, please enter the MEBx and make sure it is unprovisioned first. If the device is provisioned, but ConfigMgr is unable to communicate with it, due to lack of proper credentials, this could cause the "Detected" state to appear.

           

          Does the client have forward and reverse lookup records in DNS? In order for AMT to function, the client must have a A and PTR record in DNS, in the zone that matches the name of the Active Directory domain that the client is a member of. For example: if the client's hostname is AmtClient, and it is a domain member of DomainA.local, and it has IP address 10.1.1.100, then an A record must exist called AmtClient.DomainA.local, and a PTR record must exist for 10.1.1.100, pointing to AmtClient.DomainA.local.

           

          What provisioning certificate provider are you using? Do you have a valid SSL certificate that has the correct OU name of "Intel(R) Client Setup Certificate" and is published to a member server of the Active Directory domain in your lab (eg. sccmsp1.DomainA.local)?

           

          If these things have been checked, then please try resetting the system to factory defaults by disconnecting power, and pulling the CMOS battery on the motherboard for ~10 seconds. Do not log into the MEBx, and try reprovisioning the device.

           

          I hope this helps! Please post back your results, and let me know if I can further assist you!

           

          Trevor Sullivan

          Systems Engineer

          OfficeMax Corporation

          • 2. Re: In-band provisioning in SCCM
            wryork

            Does your DHCP server have option 15 enabled when offering an IP address to your AMT system?  And does that value match the FQDN of the provisioning certificate you are using?  For example, if the provisioning certificate is sccm.domain1.com is the Option 15 value domain1.com?  Also, please make sure you are running the latest BIOS from Dell's web site for the 755.

            • 3. Re: In-band provisioning in SCCM
              piotreks

              Trevor, William

               

              Thanks for you answers.

               

              Has this device ever been provisioned before?

              Yes. It was provisioned Out of band provisioning method and it worked, but I deleted his account from SCCM and reset BIOS, because I want to test in band provisioning method.

               

              Does the client have forward and reverse lookup records in DNS?

              It has only forward lookup record (A record). I create PTR record for this computer. But still status is "Detected".

               

              What provisioning certificate provider are you using?

              I have certificate signed by GoDaddy. His OU is "Intel(R) Client Setup Certificate" and is published in my SCCM server which is a member server of my domain vprolab.com.

               

              Does your DHCP server have option 15 enabled?

              Yes, it does (vprolab.com).

               

              Please make sure you are running the latest BIOS from Dell's web site for the 755.

              I have BIOS A13 version with AMT 3.2.3 version. It is new version of BIOS for this computer.

               

              Have you any other ideas?

              Best regards.

               

              --
              piotrek