1 Reply Latest reply on Mar 22, 2010 9:59 AM by ChrisF

    SCCM & vPro Provisioning failure with unknown failure code

      Hi,

       

      We'd been successfully vPro provisioning our Viglen PCs (on firmware 3.2.1) under SCCM 2007 SP1 for some months. At the end of July we had to upgrade our SCCM server hardware and migrated our existing SCCM infrastructure from the old server on 32 bit Windows 2003 Server to 64 bit Windows Server 2008 Standard, we also moved from SCCM SP1 to R2.

       

      Up until the server move/upgrade provisioning had been fine using a Comodo cert for our AMT Provisioning Certificate and a Windows 2003 Enterprise Server internal PKI for issuing the AMT Web Server Certs to our vPro clients. Since the upgrade, the provisioning process starts and the SCCM amtopmgr.log shows a number of tasks successfully completed but provisioning finally fails with a 126 error code and we ideally need some advice as to which part of the provisioning process is at fault. I've posted below the entries from one of the failing provisions (having changed the computer and domain name) and would be grateful if anyone can provide any pointers on the 126 failure code.

       

      Thanks

       

      Ebe

       

       

       

       

       

      Succeed to connect target machine computername.internal.domain.name and core version with 3.2.1 using default factory account. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:48 10500 (0x2904)
      GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:52 10500 (0x2904)
      Get device provisioning state is In Provisioning SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:52 10500 (0x2904)
      Passed OTP check on AMT device computername.internal.domain.name. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:55 10500 (0x2904)
      Machine computername.internal.domain.name will be added and published to AD and OU is LDAP://OU=vPro Management Controllers,OU=Computer Accounts,DC=internal,DC=domain,DC=name. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:55 10500 (0x2904)
      Send request to AMT proxy component to add machine computername.internal.domain.name to AD. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:55 10500 (0x2904)
      Successfully created instruction file for AMT proxy task: D:\SMS\inboxes\amtproxymgr.box SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:55 10500 (0x2904)
      Processing provision on AMT device computername.internal.domain.name... SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:55 10500 (0x2904)
      Found client certificate already being generated for AMT device computername.internal.domain.name. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:55 10500 (0x2904)
      Start 1st stage provision on AMT device computername.internal.domain.name. (SOAP) SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:55 10500 (0x2904)
      SecurityAdministration.ClearTLSCredentials finished with HResult = 0x0, status = 0x10, clientError = 0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:58:59 10500 (0x2904)
      NetworkTime.GetLowAccuracyTimeSynch finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:03 10500 (0x2904)
      Auto-worker Thread Pool: Work thread 10908 has been requested to shut down. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:05 10908 (0x2A9C)
      Auto-worker Thread Pool: Work thread 10908 exiting. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:05 10908 (0x2A9C)
      Auto-worker Thread Pool: Current size of the thread pool is 1 SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:05 4268 (0x10AC)
      AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:05 4312 (0x10D8)
      AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:05 4312 (0x10D8)
      NetworkTime.SetHighAccuracyTimeSynch finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:05 10500 (0x2904)
      NetworkAdmin.SetHostName finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:09 10500 (0x2904)
      NetworkAdmin.SetDomainName finished with HResult = 0x0, status = 0x0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:13 10500 (0x2904)
      AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:25 4312 (0x10D8)
      AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:25 4312 (0x10D8)
      SecurityAdministration.SetTLSCertificateWithKeyPair finished with HResult = 0x0, status = 0x0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:25 10500 (0x2904)
      SecurityAdministration.SetTlsServerAuthentication finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:29 10500 (0x2904)
      SecurityAdministration.GetDigestRealm finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:33 10500 (0x2904)
      SecurityAdministration.SetAdminAclEntryEx finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:37 10500 (0x2904)
      Error: Failed to decrypt the input data. SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:37 10500 (0x2904)
      Error: Can't finish provision on AMT device computername.internal.domain.name with configuration code (126)! SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:37 10500 (0x2904)
      >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 30/09/2009 07:59:37 10500 (0x2904)

        • 1. Re: SCCM & vPro Provisioning failure with unknown failure code
          ChrisF

          Error: Failed to decrypt the input data. SMS_AMT_OPERATION_MANAGER

          Error: Can't finish provision on AMT device <FQDN >with configuration code (126)! SMS_AMT_OPERATION_MANAGER

           

          The next entry in the provisioning log after SecurityAdministration.SetAdminAclEntryEx should be SecurityAdministration.SetMEBxPassword.  Both with HResult = 0x0

           

          When you migrated your SCCM hardware your SCCM Site's Root Key likely was changed.  This key is in the file .\SMS\bin\I386\MobileClient.tcf on your site server, the parameter is SMSPublicRootKey= and I believe that the site RootKey is used by the site's SCCM Provider to encrypt the AMT MEBx Passwords. (and many other things, too!).  I would not recommend trying to change the root key back, but would recommend reentering all your SCCM passwords.

            Reenter the MEBx Password for your 'admin' account on the General tab and reenter the passwords for every wired and wireless provisioning account on the AMT Provisioning tab on the Out of Band Management site component interface.  This should resolve the problem.

           

          Good Luck Everyone!