In-band Provisioning Problems
For the last three weeks I have been trying to get Out-Of-Band management to work, without success. The Intel AMT 5.1 machines that we have show up as 'Not Supported' and keep that status no matter what I do. This is a desperate plea for help. We're running SCCM 2007 SP1 on Server 2003. We use an internal certificate. The test machines that I try to provision have had the thumbprint added manually along with the DNS suffix. DHCP has got options 6 and 15 properly configured. All the relevant ports are opened up. All the AMT related patches have been installed. The test machines are properly registered in DNS Looking in their BIOSes, the test machines have activated and seem to be provisioned and yet they are still listed as 'Not Supported'. Below is an extract from the amtopmgr.log. Could someone with experience please have a look at this and tell me what I'm doing wrong? My head is sore from banging it on the table. Many thanks, Rolf Habing -------- atmopmgr.log -------------------------- Incoming instruction file D:\SMS\inboxes\amtopmgr.box\prov\84785.OTP to Provision Worker. Found one 'ZTC Provision' task with type 'Machine Resource' and target ID '84785' and IP address '0'. Target machine 84785 is a AMT capable machine. Succeed to add new task to pending list. AMT Provision Worker: Parsed 1 instruction files AMT Provision Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER AMT Provision Worker: Send task C60025152.cc.local to completion port Auto-worker Thread Pool: Current size of the thread pool is 1 AMT Provision Worker: 1 task(s) are sent to the task pool successfully. Auto-worker Thread Pool: Work thread 7484 started AMT Provision Worker: Wait 20 seconds... AMT Provision Worker: Wakes up to process instruction files AMT Provision Worker: Wait 20 seconds... AMT Provision Worker: Wakes up to process instruction files AMT Provision Worker: Wait 20 seconds... >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< Provision target is indicated with SMS resource id. (MachineId = 84785 C60025152.cc.local) Found valid basic machine property for machine id = 84785. Warning: Currently we don't support mutual auth. Change to TLS server auth mode. The provision mode for device C60025152.cc.local is 1. SMS_AMT_OPERATION_MANAGER Attempting to establish connection with target device using SOAP. Found matched certificate hash in current memory of provisioning certificate Create provisionHelper with (Hash: BA1332ACBB5DDDCA5BADE93FF118C7DE299F4DCE) Set credential on provisionHelper... Try to use provisioning account to connect target machine C60025152.cc.local... AMT Provision Worker: Wakes up to process instruction files AMT Provision Worker: Wait 20 seconds... Failed to send TLS client hello message to server with errorcode=0x2733. **** Error 0x3fbb924 returned by ApplyControlToken Fail to connect and get core version of machine C60025152.cc.local using provisioning account #0. Try to use default factory account to connect target machine C60025152.cc.local... AMT Provision Worker: Wakes up to process instruction files AMT Provision Worker: Wait 20 seconds... Failed to send TLS client hello message to server with errorcode=0x2733. **** Error 0x3fbb924 returned by ApplyControlToken Fail to connect and get core version of machine C60025152.cc.local using default factory account. Try to use provisioned account (random generated password) to connect target machine C60025152.cc.local... AMT Provision Worker: Wakes up to process instruction files AMT Provision Worker: Wait 20 seconds... Failed to send TLS client hello message to server with errorcode=0x2733. **** Error 0x3fbb924 returned by ApplyControlToken Fail to connect and get core version of machine C60025152.cc.local using provisioned account (random generated password). Error: Device internal error. Check Schannel, provision certificate, network configuration, device. (MachineId = 84785) Error: Can NOT establish connection with target device. (MachineId = 84785) >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<<
December 8th, 2009 3:04pm

I have exactly the same issue. I can see a provisioning record in the bios of the machines but they all appear as 'Not Supported' in the SCCM console. Have you had any luck resolving this? Does anyone have any ideas?
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2010 3:49am

MrCrayon, Have you tried updating your collection membership, giving it a few seconds to query, then refreshing the view? Trevor Sullivan Consultant | 1E Inc. http://trevorsullivan.wordpress.com
January 16th, 2010 12:38am

I've tried everything I can think of. In a couple of weeks I will be upgrading the servers to SCCM SP2, I hope that has some effect
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2010 1:03am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics