Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

Error Intel vPRO with SCCM 2012 R2 - OOB AMT

TSala3
Beginner
2,208 Views

I am running SCCM 2012 R2 to make the provisioning of vPRO, but I'm encountering some difficulties.

At first when efetued the configuration of Intel SCS 9, unable to login normally efetued some tests shutdown and power on and functioned normally. The next day when I got to the office, was no longer running the web interface, I'm not getting login. No changes were made in the environment during this period. When I try to make the AMT discovery in SCCM, it generates me the error "Failed to establish tcp session" and gives me the IP and the host port 16993. If I place the PSK or PKI configuration within the MEBx, it generates a user and password error saying it can not authenticate with the Admin user.

Already redid the procedure following the Intel and Microsoft manual, but the error persists. SCCM can identify the version of vPRO, but the status it says "Can not Stand", regardless of the version ... 4.x, 5.x and 6.x, it displays the same message every time.

This is the log of the error when I'm not using PSK setting in the MEBx that is generated in the AMT discovery of SCCM

================================================================

AMT Discovery Worker: Wait 9 seconds... SMS_AMT_OPERATION_MANAGER 05/12/2014 14:49:47 2984 (0x0BA8)

Discover INFRANOTE using IP address 10.234.9.13 SMS_AMT_OPERATION_MANAGER 05/12/2014 14:49:46 4492 (0x118C)

CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 10.234.9.13:16993. SMS_AMT_OPERATION_MANAGER 05/12/2014 14:49:48 4492 (0x118C)

DoPingDiscoveryForAMTDevice succeeded. SMS_AMT_OPERATION_MANAGER 05/12/2014 14:49:48 4492 (0x118C)

Discovery to IP address 10.234.9.13 succeed. AMT status is 0. SMS_AMT_OPERATION_MANAGER 05/12/2014 14:49:48 4492 (0x118C)

CSMSAMTDiscoveryTask::Execute, discovery to INFRANOTE succeed. AMT status is 0. SMS_AMT_OPERATION_MANAGER 05/12/2014 14:49:48 4492 (0x118C)

================================================================

And this is the log generated when using PSK / PKI configuration in MEBx:

================================================================

DoPingDiscoveryForAMTDevice succeeded.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:255336 (0x14D8)Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:255336 (0x14D8)**** Error 0x1d38b100 returned by ApplyControlTokenSMS_AMT_OPERATION_MANAGER08/12/2014 17:01:255336 (0x14D8)DoSoapDiscovery failed with user name: admin.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)**** Error 0x1d38b100 returned by ApplyControlTokenSMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)DoSoapDiscovery failed with user name: admin.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Flag iWSManFlagSkipRevocationCheck is not set.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)session params : / https://FQDN COMPUTER:16993 , 11001SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)ERROR: Invoke(get) failed: 80020009argNum = 0SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Description: A security error occurredSMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Error: Failed to get AMT_SetupAndConfigurationService instance.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)DoWSManDiscovery failed with user name: admin.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Flag iWSManFlagSkipRevocationCheck is not set.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)session params : / https://FQDN COMPUTER:16993 , 11001SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)ERROR: Invoke(get) failed: 80020009argNum = 0SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Description: A security error occurredSMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Error: Failed to get AMT_SetupAndConfigurationService instance.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)DoWSManDiscovery failed with user name: admin.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Start Kerberos DiscoverySMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Flag iWSManFlagSkipRevocationCheck is not set.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)session params : / https://FQDN COMPUTER:16993 , 484001SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)ERROR: Invoke(get) failed: 80020009argNum = 0SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Description: A security error occurredSMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Error: Failed to get AMT_SetupAndConfigurationService instance.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)DoKerberosWSManDiscovery failed.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)Flag iWSManFlagSkipRevocationCheck is not set.SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)session params : https://10.234.10.84:16993/ https://10.234.10.84:16993 , 15001SMS_AMT_OPERATION_MANAGER08/12/2014 17:01:265336 (0x14D8)ERROR: Invoke(g...
0 Kudos
3 Replies
Bruno_Domignues
Employee
588 Views

some causes of this problem:

- port filtering in your network, on 16992/16993, that also can be the Windows Firewall blocking this connection on client side - you can test for this case, trying to close a telnet connection in these ports remotely;

- You also may be missing the LMS component on client side - this services can be downloaded from OEM website and while OS is running, this service is responsible to redirect connection for this ports to ME - that is the reason, that works while machine is powered down and doesn't while powered on.

Best Regards!

-Bruno Domingues

0 Kudos
idata
Employee
589 Views

I'm getting the same error messages that you have mentioned in your log.

What was the resolution to this?

0 Kudos
Dariusz_W_Intel
Employee
589 Views

Open Intel AMT TCP ports in your network (servers, switches, etc, Intel AMT clients OS firewall is not impacting AMT connection as it goes straight to HW).

Make sure you have Intel LMS service installed as well - Intel MEI Driver (that is included in default MS Windows 10 OS) is not enaugh.\

If you have Intel AMT 8 or newer you may use the latest Intel MEI SW 5 MB (enterprise not cusumer) package (11.x currently).

 

Check your OEM support Web for it or try searching at Intel Download Center https://downloadcenter.intel.com/search?keyword=Intel%C2%AE+Management+Engine+Driver Drivers & Software

rgds

Dariusz Wittek

 

Intel EMEA Biz Client Solution Architect
0 Kudos
Reply