The submit failure usually cased by... Not being able to find the Issuing CA or the SCCM Site Server not having sufficent permission to request the certificate. I would recommend checking the following...
- Verify that you have created the Web Server Certificates template on your Certificate Authority and that your SCCM Primary Site Servers has the appropriate permission. SCCM SP1 Help File Article: "[Step-by-Step Example Deployment of the PKI Certificates Required for AMT and Out of Band Management|http://technet.microsoft.com/en-us/library/cc161804(TechNet.10).aspx]"; Section: "Preparing the Web Server Certificates for AMT-Based Computers".
- Verify that you have configured the certificate template in the Out of Band Management Properties: General Tab. SCCM SP1 Help File Article: "[How to Configure AMT Provisioning|http://technet.microsoft.com/en-us/library/cc161966(TechNet.10).aspx]"; Section: "To configure the out of band management component for AMT provisioning"; Steps: 7-8.
Like I said, the environment was happily chugging along until the CA was rebuilt. I really don't want to rebuild the OOB Role from scratch if I don't have to because nothing was touched. Is it a matter of a GUID changing or something that would cause this to happen? I'm just trying to get an understanding of why.
Thanks for the pointer. It ended up being that the OOB MP wasn't actually placed in the CERTSRV_DCOM_ACCESS Security Group for the CA in our top domain. After a reboot, the provisioning started working. It's brought up another interesting problem, but I am going to start a new thread for that.