Hi all, I have a SCCM R2 Windows 2008 System that has been functioning great! I have setup AMT in the past successfully however I am having difficulty getting our vPro systems Provisioned on SCCM. At this point, none are provisioned. I have all the required pre-req's in place and i have installed our external GoDaddy cert successfully as well... The server is attempting to provision the systems, but fais with the following error: Failed to create SSPI credential with error=0x8009030E by AcquireCredentialsHandle. Very little information can be found for this specific error code but from what i could find it points to the SSL cert. I created my CSR to GoDaddy using OpenSSL (openssl.exe) and i I rcvd two files from GoDaddy. My Provisioning ".cer" and their Root Chain. I needed the ".cer" to be in ".pfx" (12) format so I used openssl and created a pfx using my private key that accompanied the initial request when i first generated and then sent the information to GoDaddy. and imported the pfx into SCCM successfully I'm pretty sure my request was properly formatted (they require 2048 bit now) but i do have my private key so is there a way to attach/import that into the Local Computer Store (where the public key already is) and then export to .pfx to try that? I have attached a screen shot of the "Start Task" to "End Task" You can also download the screen shot here Has anybody expierenced this before? Any help is appreciated ! THanks!

Update, i was able to resolve the above errors by importing the PFX into the local computer store (Doh)....It was never imported locally just into SCCM....now that error is gone and i am hit with "Error 0x80090304 returned by InitializeSecurityContext during follow up TLS handshaking with server. " This says that my Root Certificate has a key length og 2048 or higher (TRUE) According to Microsoft "When this certificate is installed on AMT-based computers, the certificate chain to the root CA is also installed. AMT-based computers cannot support CA certificates with a key length greater than 2048 bits." My key is exactly 2048...not higher....Why am i getting hit with this error? Anybody shed some light???

*********RESOLVED********** Short Answer - The Root CA Chain needs to be included in the PFX file you use for SCCM / WS Man Trans Answer - This was the first time I used OpenSSL binaries to create the cert request to the 3rd party cert provider. Not a problem....It worked and i rcvd two files back...The .CER file and the Certificate Root Chain. Since I used OpenSSL to create the request, i had to use OpenSSL to convert the CER into a PFX using the Private Key i initially created via OpenSLL. Once you convert the CER into a PFX, you need to import all 3 files (CER, Root Chain, and PFX) into the Local Computer Store. Once its imported, you need to Right Click on the Provisiong Cert (PFX) and select export. There will be an option for "Export all certificates in the chain if possible" or something along the lines of that. Once the export is complete, the PFX file you now exported is the PFX file you will use in SCCM and WSMan Trans. The problem i had was that I didnt include the cert root chain when converting my CER into PFX using OpenSSL....Once i imported / exported from the Windows Local Computer Store, the gates opened and within 15 min i see them all coming into the AD OU i created and all is well!!! For anyone interested, the commands i used to request and subsquently convert the cer into a PFX are as follows: REQUEST - openssl.exe req -config YOUROWN.cfg -new -keyout private.pem -out request.pem -days 365 CONVERT to PFX - openssl.exe pkcs12 -export -in PROVISIONCERT.pem -inkey private.pem -out FINALPROVCERT.pfx -name "Intel vPro" -password "pass:XXXXXXX"