It sounds like TLS is working fine, but Kerberos is broken for these machines. This means you will need to run UnprovisionEx.exe using digest credentials. The problem with that is SCCM randomizes the digest password for each computer it configures. Fortunately, there is a PowerShell script that was created by a community member that allows for the retrieval of these randomized passwords.
Once you get the digest passwords for these systems, run UnprovisionEx.exe with the following switches: UnprovisionEx.exe -hostname hostname.domain.com -user admin -pass password -tls -full
After you get this resolved, I would suggest looking into moving away from configuring your vPro machines with SCCM 2007 and use Intel SCS instead. There are two main reasons for this, the first is that Intel SCS is a more robust configuration tool. The second reason is moving forward (AMT 9+) SCCM will no longer be able to configure new versions of vPro computers.
Hey FinBarand Alan,
I have excectly the same problems with some of my desktops.
Problem is when the machine is stuck in deteced mode there is no digest password in WMI/SCCM present.
is there a way to flash the me bios with reset to factory default?
I tried updating the ME Bios but it keeps the settings (with is good off course)
i also really need a automated way to reset the ME bios or unprovision.
so hoop you figure it out FinBar.
If you're unable to connect to these computers remotely because of a lack of working credentials. Then the only option available to reset AMT to factory default settings is to pull the computers CMOS battery.