Here are two articles that should explain and help you solve the issue you're having with your AMT 5.0.1 systems.
Explanation of why this is happening.
Guide to fix the issue.
thank's for the answer.
I checked the Certificates and Certificate-Chains but we already had the G3 Root certificate in the Trusted Root Certification Authorities and the Intemediate Certificates were in place also.
Our Server Certificate shows the Verisign Class 3 Secure Server CA - G3 entry as part of the Chain. (Picture attached)
I tried to re-chain the certificate following the instructions but that didn't work either.
I also tried a BIOS Update but with no effort.
Based on the screenshot you posted, it looks like your provisioning certificate is not the problem. AMT 5.0.1 has the root cert hash for a VeriSign G3 based certificate. What I would like to know is what your Intel SCS provisioning profile consists of. I’m wondering if you’re using TLS and or Wired 802.1x authentication. If you are, what is your key size?
we are using TLS authentication in our SCS provisioning profile.
Our certificate key size is 2048 bit.
To avoid kerberos problems we use a special provisoning account with a kerberos ticket size of
If you need more information please tell me.
Here is a brief summary of the solution if someone stumbles over the same error.
After some work with Alan Alderson and Mr. Pham from Intel we came to the conclusion that the AMT Version 5.0.1 Firmware has problems with the TLS certificates.
A low security provisioning with the Intel SCS Tool worked fine but SCCM 2012 can't provision the clients.
A firmware Update to Version 5.2.70 solved the problem in our case.