Hi, We have AMT provisioning setup and working on supported SCCM clients but we have some models running on AMT version 2.2.30. I have installed and configures the WS-MAN translator but the clients are stuck in "Not Provisioned" status. I have had a look through the OOB service logs and i get the errors below: The out of band service point failed to provision TLT003011.TLTInternal.com with error 0x 0: Failed to finish critical setup and configuration step.. Possible cause: This condition can be caused by transient network connectivity errors. Possible cause: The account used to provision systems is not authorized to provision the management controller. Possible cause: the management controller is not in a state capable of being provisioned or updated. Solution: Verify network connectivity is functional between the out of band service point and the management controller. Verify that the account used to provision the management controller has sufficient permissions to update or provision the management controller. It may be necessary to reset the management controller to factory mode before it can be provisioned. I cannot see that the problem is caused by any of the solutions provided The amtopmgr log is showinf the followinf for clientrs that are in the "Not Provisioned" status Waiting for incoming hello message from AMT devices... SMS_AMT_OPERATION_MANAGER 30/04/2012 11:14:18 2796 (0x0AEC) Start processing incoming hello message from 172.17.101.20:16994. SMS_AMT_OPERATION_MANAGER 30/04/2012 11:22:11 2796 (0x0AEC) Incoming data is - Configuration version: PKI Configuration. SMS_AMT_OPERATION_MANAGER 30/04/2012 11:22:11 2796 (0x0AEC) Count : 6 SMS_AMT_OPERATION_MANAGER 30/04/2012 11:22:11 2796 (0x0AEC) UUID : D4B004B2-5925-11DB-BBDA-717ED67C0018 SMS_AMT_OPERATION_MANAGER 30/04/2012 11:22:11 2796 (0x0AEC) Found matched hash from hello message with current provision certificate. (Hash: 2796BAE63F1801E277261BA0D77770028F20EEE4) SMS_AMT_OPERATION_MANAGER 30/04/2012 11:22:11 2796 (0x0AEC) Warning: AMT device D4B004B2-5925-11DB-BBDA-717ED67C0018 is a SMS client. Reject hello message to provision. SMS_AMT_OPERATION_MANAGER 30/04/2012 11:22:11 2796 (0x0AEC) Error: Failed to process hello message from 172.17.101.20:16994 SMS_AMT_OPERATION_MANAGER 30/04/2012 11:22:11 2796 (0x0AEC) The clients are being created in the AD Group and from looking at the logs i think the certificate is ok. Does anyone have any suggestions on what may be causing this? Thanks Jim

Just to update - i have found this in the amtopmgr.log but i cannot see what could be wrong with the certificate format? >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Provision target is indicated with SMS resource id. (MachineId = 8622 TLT003011.TLTInternal.com) SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Found valid basic machine property for machine id = 8622. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) The provision mode for device TLT003011.TLTInternal.com is 1. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Check target machine (version 2.2.30) is a SCCM support version. (FALSE) SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) The IP addresses of the host TLT003011.TLTInternal.com are 172.17.101.245. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Redirect to Intel Translator for legacy version AMT. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Attempting to establish connection with target device using WSMAN. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Try to use provisioning account to connect target machine TLT003011.TLTInternal.com... SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Using translator for version *. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) session params : https://INF-BRI05.TLTInternal.com/wstrans/setup/eoi20/TLT003011.TLTInternal.com/wsman , 41001 SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Succeed to connect target machine TLT003011.TLTInternal.com and core version with 2.2.30 using provisioning account #0. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Get device TLS mode is 0. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Get device provisioning state is In Provisioning. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Using translator for version 2.2.30. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) session params : https://INF-BRI05.TLTInternal.com/wstrans/setup/eoi20/TLT003011.TLTInternal.com/wsman , 41001 SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Passed OTP check on AMT device TLT003011.TLTInternal.com. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Machine TLT003011.TLTInternal.com will be added and published to AD and OU is LDAP://OU=Out Of Band Management Controllers,DC=TLTInternal,DC=com. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Send request to AMT proxy component to add machine TLT003011.TLTInternal.com to AD. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Successfully created instruction file for AMT proxy task: C:\Program Files (x86)\Microsoft Configuration Manager\inboxes\amtproxymgr.box SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Processing provision on AMT device TLT003011.TLTInternal.com... SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Found client certificate already being generated for AMT device TLT003011.TLTInternal.com. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Start 1st stage provision on AMT device TLT003011.TLTInternal.com. (WSMAN) SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Clean Certificate store... SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Clean Key store... SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Sync time... SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Set Host Name... SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:23 4264 (0x10A8) Set Domain Name... SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:24 4264 (0x10A8) Create Certificate store... SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:24 4264 (0x10A8) Error: Failed to add a new certificate,Device does not support the certificate format. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:24 4264 (0x10A8) Error: Failed to add a new certificate,return value:2063. SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:24 4264 (0x10A8) Error: Failed to finish critical setup and configuration step. (AMTWSManUtilities::AddCertificate) SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:24 4264 (0x10A8) Error: Can't finish provision on AMT device TLT003011.TLTInternal.com with configuration code (126)! SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:24 4264 (0x10A8) >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 30/04/2012 07:10:24 4264 (0x10A8)

It seems to be complaining about the format of the AMT web server certificate - not the provisioning certificate. There is very little to configure here (http://technet.microsoft.com/en-us/library/dd252737.aspx#BKMK_AMTwebserver2008). If this is working for AMT computers that don't need the WS-MAN translator, and only a problem with these AMT 2.2.30 computers, I suggest posting this problem on the Intel site: http://communities.intel.com/community/openportit/vproexpert. If it's a problem for all AMT computers, then check the certificate template configuration again.

I've seen spots where the certificate length is too long and has caused this problem on older firmwares. But as Carol said follow those steps to the T and it should work. You may want to investigate if you can upgrade the firmware on those devices and see if you can bring the AMT version up. Newer versions are always more reliable. Without seeing more of your other logs it's hard to troubleshoot further, posting on the VproExpert forums should be a good way to go.