Hi. i have test infrastructure - 2 servers (dc + sccm sp2) trying to setup Intel AMT. Client pc is Lenovo t420. In sccm i can see PC as Un-Provisoned, AMT Version is 7.1.13 but status is Not Supported. How i can change status and provision system. (all documents were readed, right certificate assigned)

Hi, In the provisioning settings tab of OOB component properties set up the AMT provisioning and Discovery Account. Then setup your custom provisioning schedule or use the default 1 day. SCCM will do the provisioning for you. AMT is supported for clients have intel VPro build-in. Here are some useful links: http://blogs.technet.com/b/configurationmgr/archive/2009/03/05/configmgr-2007-amt-vpro-useful-links-for-initial-planning-and-deployment.aspx http://technet.microsoft.com/en-us/library/cc161966.aspx http://scug.be/blogs/sccm/archive/2009/11/27/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-1.aspx Hope this will help. Thanks

For the SCCM to be able to take "ownership" of the AMT chip on the client computers, you will need a third party certificate. Check in the AMT BIOS the ones that are approved. Usually are Global Trust, Verisign, GODaddy etc.. but not so many. You can use your own PKI also, but it's a lot of work you there is not a tool that can automate the injection of you CA root certificate to the AMT. This can be done manually, but its like 40 digits. So, when this is done. The SCCM uses PKI Certificates to communicate further with the Clients. Regards, Nicolai Nicolai

I have add the thumbprint of Root CA to AMT console. But when i try to discover Out-of-band controllers it says that Failed to establish tcp session on port 16993, 16992. Is there any trial Commercial certification with exportable key ?

i have read all those documents few times :((

Try right click the computer in the console. Do you have the Out of band functions. Have you created all the Certificate templates and autoenrolment.Nicolai

as in manual on Microsoft site

no, i have only 1 function - Discover OOB controllers

and if i change query i get the same status NOT SUPORTED.

any ideas ?

there are a couple of things you must have set up prior to provisioning vPro machines. you must have the provisioning certifificate (either from your own internal enterprise CA or a 3rd party) and a microsoft enterprise certificate authority server. here is the step by step for creating certificates required for SCCM and vPro http://technet.microsoft.com/en-us/library/dd252737.aspx you must have an OU in AD where vPro provisioned machine info is published: http://technet.microsoft.com/en-us/library/cc161814.aspx note, this article explains creating an OU and a new Container in AD. you only need one or the other. creating an OU is easier. as you stated above, you must enter the root hash of your internal CA into the MEBx of the vPro machine. Verisign, godaddy, etc, do not give out "trial certificates." manually entering the root hash of your internal CA is quickest, cheapest and best for a test run. create a vPro enabled collection. once you have the certificates set up, enable a collection policy to provision vPro machines. right-click the collection>modify collection settings>out of band tab>enable automatic provisioning. check the logs. Client side look at oobmgmt.log. in that log, if you see "device successfully activated" next go to the server side log amtopmgr.log. any other errors you will see here or you will see success. link for trouble shooting most common errors: http://technet.microsoft.com/en-us/library/cc161834.aspx

i have done all step-by-step, added Thumbprint of CA to AMT Bios, but on client i get message "Failed to call CheckCertificate provider method 80041001"

Hi, I'm using SCCM Sp2. Need some help on the network driver for Lenovo t420 64 bit,can't seem to be able to pass through the pxeboot stage. Already download the driver from lenovo & intel website,still not working. Did ipconfig on the cmd & it just show windows IP configuration. Any idea?