Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

Error 0x80090325 returned by InitializeSecurityContext during follow up TLS handshaking with serve

idata
Employee
‎12-05-2009 05:42 AM
1,830 Views

I am not sure if its a certificate issue or a mebx password issue please advise.

we purchased the certificate from verisign for intel vpro. before we pruchased the certificate we tested the secnario using an internal CA and by manually entering the hash in the client device, i was able to provision successfully and was able to connect the devicee also. now that i have a certificate from a public CA. i installed the new certificate with certification chain and unprovisioned the vpro client to provision it with the new certificate. provisoning fails. the thumbprint int he certificate that we received from verisign in the certificate is not matching the already existiing cert hashes in the bios. we contacted verisign and ll they gave us is a root and intermediate CA cert that i installed on the on the sccm sp1 server. if i manually enter the hash of the purchased certificate in the client is is provisioned successfully but i am not able to connect to it using the oob console. it says provisioned both in the client and in the sccm collection. but couldnt connect not even power control. but this was just to test. client log says cannot provision as root hash does not match and server log saya not able to connect and something to do with the password or the account. as i was bale to provision successfully using an intenal CA i guess the prerequisites and infrastructure components are in place. only change to the infrastructure was our sccm server once had an inssue and some components like iis were reinstalled. so do i have to install the hotfixes allover again?. CA seems to be issuing the web server certificates prop[erly to the client not the sccm server. so i guess its an certificate issue or the mebx password issue. any advise to what i need to check

on the client oobmgmt.log i get an error "Failed to call checkcertificateprovider method 80041001"

on the server in amtopmgr.log it says found " found matched certificate hash in memory and fails to connect to the client. detailed log file attached. i am not sure if its a certificate issue or a password issue. appreciate if some experts can view the detailed log and identify the issus so that i can troubleshoot in that direction.

amtlog.log

Link Copied

1 Reply
idata
Employee
‎12-05-2009 09:16 PM
899 Views

Hi,

Personally, I'd recommend upgrading to ConfigMgr SP2, if you haven't already. You'll probably find that it is more reliable and predictable than SP1, since it has all the hotfixes built into it already. Either way, I doubt that the this will resolve the issue you're seeing here, just a recommendation ...

---

I'm curious about the "Failed to call CheckCertificate provider method" message though. Typically, you'll receive that message if the root CA hash is not properly entered into the MEBx. Check out this post from Buz Brodin at Microsoft:

http://blogs.technet.com/configurationmgr/archive/2009/04/30/configmgr-2007-amt-provisioning-error-hash-list-of-amt-device-doesn-t-contain-our-provision-server-certificate-hash.aspx http://blogs.technet.com/configurationmgr/archive/2009/04/30/configmgr-2007-amt-provisioning-error-hash-list-of-amt-device-doesn-t-contain-our-provision-server-certificate-hash.aspx

Cheers,

Trevor Sullivan

Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.