Looking for help now, I've been fighting with this for some time now. I believe everything is setup correctly because a handful of our AMT enabled machines are actually provisioned (18 of them). I've got another 43 machines that are simply just stuck at detected. These are AMT versions ranging from 3.3.2 to 5.2.10. I am also running WS-MAN Translator for machines that I know we have for AMT firmware versions older than 3.0. We are using a cert from GoDaddy. Like I said I assume stuff is setup correctly as I had some clients provision correctly. And have gone over all the SCCM + vPro setup over and over. Below is an example of a client machine failing the provision from the AMTOPMGR.log >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Provision target is indicated with SMS resource id. (MachineId = 992 RDWS14.lonkar.com) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Found valid basic machine property for machine id = 992. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) The provision mode for device RDWS14.lonkar.com is 1. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Check target machine (version 5.2.0) is a SCCM support version. (TRUE) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) The IP addresses of the host RDWS14.lonkar.com are 192.168.26.59. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Found matched certificate hash in current memory of provisioning certificate SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Create provisionHelper with (Hash: 5DE565FE440C4067BEFAD938A1682BB405242D90) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Try to use default factory account to connect target machine RDWS14.lonkar.com... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Server unexpectedly disconnected when TLS handshaking. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) **** Error 0x46babe4 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Fail to connect and get core version of machine RDWS14.lonkar.com using default factory account. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Try to use provisioned account (random generated password) to connect target machine RDWS14.lonkar.com... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Server unexpectedly disconnected when TLS handshaking. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) **** Error 0x46babe4 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Fail to connect and get core version of machine RDWS14.lonkar.com using provisioned account (random generated password). SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Error: Device internal error. This may be caused by: 1. Schannel hotfix applied that can send our root certificate in provisioning certificate chain. 2. incorrect network configuration(DHCP option 6 and 15 required for AMT firmware). 3. AMT firmware self signed certificate issue(date zero). 4. AMT firmware is not ready for PKI provisioning. Check network interface is opening and AMT is in PKI mode. 5. Service point is trying to establish connection with wireless IP address of AMT firmware but wireless management has NOT enabled yet. AMT firmware doesn't support provision through wireless connection. (MachineId = 992) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Error: Can NOT establish connection with target device. (MachineId = 992) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 21/04/2010 8:42:01 AM 1868 (0x074C) Another example from a different machine...similar message but different error after the TLS handshake >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Provision target is indicated with SMS resource id. (MachineId = 1027 LKR108.lonkar.com) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Found valid basic machine property for machine id = 1027. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) The provision mode for device LKR108.lonkar.com is 1. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Check target machine (version 5.0.1) is a SCCM support version. (TRUE) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) The IP addresses of the host LKR108.lonkar.com are 192.168.102.15. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Found matched certificate hash in current memory of provisioning certificate SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Create provisionHelper with (Hash: 5DE565FE440C4067BEFAD938A1682BB405242D90) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) Try to use default factory account to connect target machine LKR108.lonkar.com... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 9288 (0x2448) AMT Provision Worker: 1 task(s) are sent to the task pool successfully. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 4224 (0x1080) AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:49:45 AM 4224 (0x1080) Auto-worker Thread Pool: Current size of the thread pool is 1 SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:05 AM 9344 (0x2480) AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:05 AM 4224 (0x1080) AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:05 AM 4224 (0x1080) Server unexpectedly disconnected when TLS handshaking. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:06 AM 9288 (0x2448) **** Error 0x3d0b050 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:06 AM 9288 (0x2448) Fail to connect and get core version of machine LKR108.lonkar.com using default factory account. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:06 AM 9288 (0x2448) Try to use provisioned account (random generated password) to connect target machine LKR108.lonkar.com... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:06 AM 9288 (0x2448) AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:25 AM 4224 (0x1080) AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:25 AM 4224 (0x1080) Server unexpectedly disconnected when TLS handshaking. SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:27 AM 9288 (0x2448) **** Error 0x3d0b050 returned by ApplyControlToken SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:27 AM 9288 (0x2448) Fail to connect and get core version of machine LKR108.lonkar.com using provisioned account (random generated password). SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:27 AM 9288 (0x2448) Error: Device internal error. This may be caused by: 1. Schannel hotfix applied that can send our root certificate in provisioning certificate chain. 2. incorrect network configuration(DHCP option 6 and 15 required for AMT firmware). 3. AMT firmware self signed certificate issue(date zero). 4. AMT firmware is not ready for PKI provisioning. Check network interface is opening and AMT is in PKI mode. 5. Service point is trying to establish connection with wireless IP address of AMT firmware but wireless management has NOT enabled yet. AMT firmware doesn't support provision through wireless connection. (MachineId = 1027) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:27 AM 9288 (0x2448) Error: Can NOT establish connection with target device. (MachineId = 1027) SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:27 AM 9288 (0x2448) >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 21/04/2010 8:50:27 AM 9288 (0x2448) single site server, Windows 2008, SCCM 2007R2 HELP please!!!!

ok, I suspected this was my problem. Reset the BIOS and ran a full unprovision in the AMT firmware. Initiated a provision using the powershell script and it provisioned fine. My only issue now is accessing the web interface https://hostname:16993 works but I can't log into it. I confirmed my password that I set in SCCM OOB component by doing the control-P and logging into it from the physical machine. Does it have something to do with a domain enviroment? Like when I get prompted to login I type in admin and my password that was set. The wrong password dialoge box that comes back places the hostname in front of admin.

KB908209 was my fix. Although I did see the article I expected it not to be an issue in I.E 8.