I've been struglling with this for a week now and I would appreciate some help. OOB is configured to use GoDaddy cert for provisioning. I have a enterprise root CA running on 2008 Enterprise 32-bit. I duplicated the web server certificate template and named the new one "ConfgMgr ATM Client Cert". I published the cert template in regedit AD and gave the site system/oob point read/write/enroll and auto enroll rights. I am trying to provisioning an in-band computer which has ATM version 5.2.1. The provisinoing process starts but it breaks when the site system tries to request a certificate on behalf of the ATM contorller. I see the following in atmproxymgr.log: ------------ Beginning enumeration of E:\Program Files (x86)\Microsoft Configuration Manager\inboxes\amtproxymgr.box\mtn.box SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Processing Maintenance Inbox...Done SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Found instruction file: E:\Program Files (x86)\Microsoft Configuration Manager\inboxes\amtproxymgr.box\{77952F3D-D5C7-4FD5-9DA9-BA851F247AD2}.apx SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Processing Instruction: RCT 1;1;382;3.2.1;xplocaltest.healthcare.local;SMS_AMT_OPERATION_MANAGER_PROV; SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Request certificate task begin to read Site Control File. SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Changes to the site control file settings detected. SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Request certificate task success to read parameters from Site Control File. SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Request certificate task success to connect to the SQL database. SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) ERROR: CertCreateCertificateContext failed: 0x80093102, msg=ASN1 unexpected end of data. SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Error: CTaskRequestClientCert::RevokeExistedCertificate failed to get serial number from the certificate binary. SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) Request certificate task disConnected to the SQL database. SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:53 AM 5920 (0x1720) ERROR: ICertRequest2->Submit failed: 0x800706ba SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:55 AM 5920 (0x1720) INFO: Enter process request 3 SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:55 AM 5920 (0x1720) INFO: Delete Request SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:55 AM 5920 (0x1720) INFO: Request to delete not found SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:55 AM 5920 (0x1720) Failed to run instruction: RCT 1;1;382;3.2.1;xplocaltest.healthcare.local;SMS_AMT_OPERATION_MANAGER_PROV; SMS_AMT_PROXY_COMPONENT 5/16/2011 8:46:55 AM 5920 (0x1720) --------------------------------------------- I also see the following in the atmoprmgr.log: >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Provision target is indicated with SMS resource id. (MachineId = 382 xplocaltest.healthcare.local) SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Found valid basic machine property for machine id = 382. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) The provision mode for device xplocaltest.healthcare.local is 1. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Check target machine (version 5.2.1) is a SCCM support version. (TRUE) SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) The IP addresses of the host xplocaltest.healthcare.local are 10.1.80.52. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Found matched certificate hash in current memory of provisioning certificate SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Create provisionHelper with (Hash: A2D3C6A3361957DCF9031FA18E7AFE069A73D14A) SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Try to use provisioning account to connect target machine xplocaltest.healthcare.local... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:03 AM 2000 (0x07D0) Succeed to connect target machine xplocaltest.healthcare.local and core version with 5.2.1 using provisioning account #0. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:07 AM 2000 (0x07D0) GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:10 AM 2000 (0x07D0) Get device provisioning state is In Provisioning SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:10 AM 2000 (0x07D0) Passed OTP check on AMT device xplocaltest.healthcare.local. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:14 AM 2000 (0x07D0) Machine xplocaltest.healthcare.local will be added and published to AD and OU is LDAP://OU=OOB Computers,DC=healthcare,DC=local. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:14 AM 2000 (0x07D0) Send request to AMT proxy component to add machine xplocaltest.healthcare.local to AD. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:14 AM 2000 (0x07D0) Successfully created instruction file for AMT proxy task: E:\Program Files (x86)\Microsoft Configuration Manager\inboxes\amtproxymgr.box SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:14 AM 2000 (0x07D0) Processing provision on AMT device xplocaltest.healthcare.local... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:14 AM 2000 (0x07D0) Send request to AMT proxy component to generate client certificate. (MachineId = 382) SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:14 AM 2000 (0x07D0) Successfully created instruction file for AMT proxy task: E:\Program Files (x86)\Microsoft Configuration Manager\inboxes\amtproxymgr.box SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:14 AM 2000 (0x07D0) Wait 20 seconds to find client certificate for AMT device xplocaltest.healthcare.local being generated again... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:14 AM 2000 (0x07D0) AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:23 AM 5280 (0x14A0) AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:23 AM 5280 (0x14A0) Auto-worker Thread Pool: Current size of the thread pool is 1 SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:23 AM 7392 (0x1CE0) RETRY(1) - Validate client certificate for AMT device xplocaltest.healthcare.local being generated. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:34 AM 2000 (0x07D0) Wait 20 seconds to find client certificate for AMT device xplocaltest.healthcare.local being generated again... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:34 AM 2000 (0x07D0) AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:43 AM 5280 (0x14A0) AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:43 AM 5280 (0x14A0) RETRY(2) - Validate client certificate for AMT device xplocaltest.healthcare.local being generated. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:54 AM 2000 (0x07D0) Wait 20 seconds to find client certificate for AMT device xplocaltest.healthcare.local being generated again... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:51:54 AM 2000 (0x07D0) AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:03 AM 5280 (0x14A0) AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:03 AM 5280 (0x14A0) RETRY(3) - Validate client certificate for AMT device xplocaltest.healthcare.local being generated. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:14 AM 2000 (0x07D0) Wait 20 seconds to find client certificate for AMT device xplocaltest.healthcare.local being generated again... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:14 AM 2000 (0x07D0) AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:23 AM 5280 (0x14A0) AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:23 AM 5280 (0x14A0) RETRY(4) - Validate client certificate for AMT device xplocaltest.healthcare.local being generated. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:34 AM 2000 (0x07D0) Wait 20 seconds to find client certificate for AMT device xplocaltest.healthcare.local being generated again... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:34 AM 2000 (0x07D0) AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:43 AM 5280 (0x14A0) AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:43 AM 5280 (0x14A0) RETRY(5) - Validate client certificate for AMT device xplocaltest.healthcare.local being generated. SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:54 AM 2000 (0x07D0) Error: Missed device certificate. To provision device with TLS server or Mutual authentication mode, device certficate is required. (MachineId = 382) SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:54 AM 2000 (0x07D0) Error: Can't finish provision on AMT device xplocaltest.healthcare.local with configuration code (0)! SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:54 AM 2000 (0x07D0) >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 5/16/2011 8:52:54 AM 2000 (0x07D0) The renewed the revocation list on the CA and that didn't do it. The revocation list is valid. From the atmproxymgr.log it seems the site system is failing to request CA because its failing to get a the serial number for root CA? I am not sure how to go about this. Thanks,

Hi, You have posted this issue for several times: OOB Fails to provision Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.