1 Reply Latest reply on Mar 20, 2015 3:11 AM by martin.lloyd

    SCCM 2012 R2 - Unable to connect using Out of Band Management Console / KVMView

    jwaxman

      Hello,

       

      I have been working on this for two weeks now, with some progress. I would really appreciate any suggestions.

       

      Overview of setup:

      SCCM 2012 R2 w/

      Intel SCS 10.0.11.35 integrated

      Intel SCS_SCCMAddon 2.1.6.3

      and Intel vPro SCCM add on -v2

      I setup the SCS integration using the following documentation:

      Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 1 : Introduction | SCCM GURU

       

      PKI Hierarchy

      I have setup a Two-Tier PKI Hierarchy using the following documentation:

      Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy

       

      At this point, I am able to run the following 3 task sequences:

      Intel SCS: Platform Discovery

      Intel AMT: Discovery

      Intel AMT: Configuration

       

      Once this is complete, I see

      AMT Status: Externally Provisioned &

      AMT Version: 10.0.33

       

      I am able to utilize the "power control" under Manage out of band.

       

      I am unable to:

      Use the Out of Band Management Console

      Connect to the webui using https://fqdn:16993

      Use KVMView

       

      To elaborate

      Use the Out of Band Management Console

      When I attempt to connect I see "System: Connecting" and then it changes to "System: Disconnected"

      Under the AdminUILog I see the following:

      [15, PID:20500][03/19/2015 14:02:17] :GetAMTPowerState fail with result:0x80072F8F

      [12, PID:20500][03/19/2015 14:02:26] :GetAMTPowerState fail with result:0x80072F8F

      [14, PID:20500][03/19/2015 14:02:36] :GetAMTPowerState fail with result:0x80072F8F

      [15, PID:20500][03/19/2015 14:02:36] :OOBPrepareNormalBootOption: BypassPassword:False, LockKeyboard:False, EnableSOL:False. fail with result:0x80072F8F

      [1, PID:20500][03/19/2015 14:02:37] :Microsoft.ConfigurationManagement.ManagementProvider.SmsException\r\nSystem error.\r\n   at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtWSMan.CheckResult(Int32 result)

         at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtWSMan.PrepareNormalBootOption(Boolean enableBypassPassword, Boolean enableLockKeyboard, Boolean enableSOL)

         at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtDevice.CleanUpAmtSettings(Object sender, DoWorkEventArgs e)

         at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)

         at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)\r\nNo details are available for this error.\r\n

       

      Connect to the webui using https://fqdn:16993

      I reach the webpage I can see my rootca has identified the webpage as the fqdn of the computer / amt device

      However, when I attempt to login with my AD credentials, it fails repeatedly.

      I have completed the registry fix for IE

       

      Use KVMView

       

      Initializing Viewer...

       

      Using TLS security

       

      Connecting to: fqdn

       

      Using Kerberos authentication

       

      AMT version is 10.0.33

       

      Enabling KVM service access point

       

      Applying KVM settings

       

      The sender was not authorized to access the resource.

       

      Intel.Management.Wsman.WsmanFault

       

      Connecting to: fqdn

       

      Using Proxy 127.0.0.1:57705

       

      Disconnected

       

      A few things I have noted:

      1. I was only able to complete the 3 task sequences when I disabled CRL checking. However, when I check the CRL Distribution Point of the certificate, and plug in the URL, the .crl file opens right up. If I have CRL checking enabled, I receive the following error in the amtopmgr.log:

      ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)

      Description: A security error occurred SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)

      Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)

      DoWSManDiscovery failed with user name: admin. SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)

      2. Although all 3 task sequences have completed, if I login to the MEBx in the bios

      A. The admin password has NOT been set (although defined in my profile)

      B. The current provisioning Mode says PKI, Provisioning Record says "Provision Record is not present"

      C. I have pulled the cmos battery, reimaged the machine, & provisioned the computer dozens of times (after every change I made to ensure nothing was left behind)

      D. I can see my CA issue a certificate each time I run the Intel AMT: Configuration task sequence

       

      Thank you for any help you can provide,

      Jay