1 Reply Latest reply on Mar 20, 2015 3:11 AM by martin.lloyd

    SCCM 2012 R2 - Unable to connect using Out of Band Management Console / KVMView




      I have been working on this for two weeks now, with some progress. I would really appreciate any suggestions.


      Overview of setup:

      SCCM 2012 R2 w/

      Intel SCS integrated

      Intel SCS_SCCMAddon

      and Intel vPro SCCM add on -v2

      I setup the SCS integration using the following documentation:

      Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 1 : Introduction | SCCM GURU


      PKI Hierarchy

      I have setup a Two-Tier PKI Hierarchy using the following documentation:

      Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy


      At this point, I am able to run the following 3 task sequences:

      Intel SCS: Platform Discovery

      Intel AMT: Discovery

      Intel AMT: Configuration


      Once this is complete, I see

      AMT Status: Externally Provisioned &

      AMT Version: 10.0.33


      I am able to utilize the "power control" under Manage out of band.


      I am unable to:

      Use the Out of Band Management Console

      Connect to the webui using https://fqdn:16993

      Use KVMView


      To elaborate

      Use the Out of Band Management Console

      When I attempt to connect I see "System: Connecting" and then it changes to "System: Disconnected"

      Under the AdminUILog I see the following:

      [15, PID:20500][03/19/2015 14:02:17] :GetAMTPowerState fail with result:0x80072F8F

      [12, PID:20500][03/19/2015 14:02:26] :GetAMTPowerState fail with result:0x80072F8F

      [14, PID:20500][03/19/2015 14:02:36] :GetAMTPowerState fail with result:0x80072F8F

      [15, PID:20500][03/19/2015 14:02:36] :OOBPrepareNormalBootOption: BypassPassword:False, LockKeyboard:False, EnableSOL:False. fail with result:0x80072F8F

      [1, PID:20500][03/19/2015 14:02:37] :Microsoft.ConfigurationManagement.ManagementProvider.SmsException\r\nSystem error.\r\n   at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtWSMan.CheckResult(Int32 result)

         at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtWSMan.PrepareNormalBootOption(Boolean enableBypassPassword, Boolean enableLockKeyboard, Boolean enableSOL)

         at Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.AmtDevice.CleanUpAmtSettings(Object sender, DoWorkEventArgs e)

         at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)

         at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)\r\nNo details are available for this error.\r\n


      Connect to the webui using https://fqdn:16993

      I reach the webpage I can see my rootca has identified the webpage as the fqdn of the computer / amt device

      However, when I attempt to login with my AD credentials, it fails repeatedly.

      I have completed the registry fix for IE


      Use KVMView


      Initializing Viewer...


      Using TLS security


      Connecting to: fqdn


      Using Kerberos authentication


      AMT version is 10.0.33


      Enabling KVM service access point


      Applying KVM settings


      The sender was not authorized to access the resource.




      Connecting to: fqdn


      Using Proxy




      A few things I have noted:

      1. I was only able to complete the 3 task sequences when I disabled CRL checking. However, when I check the CRL Distribution Point of the certificate, and plug in the URL, the .crl file opens right up. If I have CRL checking enabled, I receive the following error in the amtopmgr.log:

      ERROR: Invoke(get) failed: 80020009argNum = 0 SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)

      Description: A security error occurred SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)

      Error: Failed to get AMT_SetupAndConfigurationService instance. SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)

      DoWSManDiscovery failed with user name: admin. SMS_AMT_OPERATION_MANAGER 3/19/2015 9:17:24 AM 4904 (0x1328)

      2. Although all 3 task sequences have completed, if I login to the MEBx in the bios

      A. The admin password has NOT been set (although defined in my profile)

      B. The current provisioning Mode says PKI, Provisioning Record says "Provision Record is not present"

      C. I have pulled the cmos battery, reimaged the machine, & provisioned the computer dozens of times (after every change I made to ensure nothing was left behind)

      D. I can see my CA issue a certificate each time I run the Intel AMT: Configuration task sequence


      Thank you for any help you can provide,