3 Replies Latest reply on Oct 31, 2013 11:39 AM by Alan Alderson

    unprovisionex.exe issue

    Finbar67

      SCCM 2007 SP2.  We are using in-band provisioning for our out of band management.  On the whole it seems to work fine, however, there are a significant number of machines (>100) where SCCM sees the clients as "Unknown".  The oobmgmt.log files on these clients all show "!! Device is already provisioned".

       

      These are machines which have been rebuilt (not renamed) without being unprovisioned first.

       

      I booted into the Mbex bios (CTRL P).  Unprovisioned a couple of the machines.  SCCM then displayed these as "Not Provisioned".   They then provisioned no problem.

       

      Because there are over one hundred of these "Unknown" machines I would like to find a way to automate the unprovisioning in the Mbex bios so that it isn't necessary to visit all the machines with this issue.

       

      Unprovisionex.exe Utility

       

      Have been trying to use the unprovisionex.exe utility.  Windows 7 32-bit, IE10.  Have tried the following:

       

      Unprovisionex.exe -hostname hostname.domain.com -tls -full

       

      Unprovisionex.exe -hostname hostname.domain.com -tls -ignorecert -full

       

      Unprovisionex.exe -hostname hostname.domain.com -user admin -pass password -full

       

      But keep getting "And exception occurred while attempting to unprovision (FULL) the system.  The request failed with HTTP status 401: Unauthorized.

       

      Web Access

       

      I have also tried to connect as follows:

       

      https://hostname.domain.com:16993

       

      This gets me to a login screen but I am then unable to logon.  I have tried adding the registry key FEATURE_INCLUDE_PORT_IN_SPN_KB908209.

       

      Any help would be greatly appreciated.

       

      Thanks.

        • 1. Re: unprovisionex.exe issue
          Alan Alderson

          Hi Finbar67,

           

          It sounds like TLS is working fine, but Kerberos is broken for these machines. This means you will need to run UnprovisionEx.exe using digest credentials. The problem with that is SCCM randomizes the digest password for each computer it configures. Fortunately, there is a PowerShell script that was created by a community member that allows for the retrieval of these randomized passwords.

           

          https://communities.intel.com/message/160401#160401

           

          Once you get the digest passwords for these systems, run UnprovisionEx.exe with the following switches: UnprovisionEx.exe -hostname hostname.domain.com -user admin -pass password -tls -full

           

          After you get this resolved, I would suggest looking into moving away from configuring your vPro machines with SCCM 2007 and use Intel SCS instead. There are two main reasons for this, the first is that Intel SCS is a more robust configuration tool. The second reason is moving forward (AMT 9+) SCCM will no longer be able to configure new versions of vPro computers.

          • 2. Re: unprovisionex.exe issue
            Rogier

            Hey FinBarand Alan,

             

            I have excectly the same problems with some of my desktops.

            Problem is when the machine is stuck in deteced mode there is no digest password in WMI/SCCM present.

             

            is there a way to flash the me bios with reset to factory default?

            I tried updating the ME Bios but it keeps the settings (with is good off course)

             

            i also really need a automated way to reset the ME bios or unprovision.

            so hoop you figure it out FinBar.

            regards

            Roger

            • 3. Re: unprovisionex.exe issue
              Alan Alderson

              Rogier,

               

              If you're unable to connect to these computers remotely because of a lack of working credentials. Then the only option available to reset AMT to factory default settings is to pull the computers CMOS battery.