Hello, I'm running SCCM SP2 R2 on server 2008 R2 x64. I'm trying to remote provision AMT system with firmware 4.1.3. the AMT status stops at 1. I have followed the how to located at http://technet.microsoft.com/en-us/library/dd252737.aspx as closely as I can. my environment is very limited. the major difference between my environment and the one in the how to is I have an SBS2008 DC instead of Server 2008 enterprise. I ran into the issue of the multi layer cert not being recognized by the AMT system and couldn't get a response out of it. I then brought up a server 2008 enterprise as a stand alone enterprise CA. I then input the root CA hash into the MEBx console on the AMT machine. I also imported the root CA of the 2008 CA to my SCCM servers Trusted Root CAs store. I was then able to get a response out of the AMT machine. Now I am seeing these errors in the AMTOPMGR.LOG on the SCCM server: AMT Discovery Worker: Wait 20 seconds... $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:09.956 2010 Mountain Daylight Time><thread=4508 (0x119C)>CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 10.100.1.207:16992.~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:10.959 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Server unexpectedly disconnected when TLS handshaking.~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:10.995 2010 Mountain Daylight Time><thread=6100 (0x17D4)>**** Error 0x418b460 returned by ApplyControlToken~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:10.996 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Server unexpectedly disconnected when TLS handshaking.~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.011 2010 Mountain Daylight Time><thread=6100 (0x17D4)>**** Error 0x418b460 returned by ApplyControlToken~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.012 2010 Mountain Daylight Time><thread=6100 (0x17D4)>session params : https://machine and domain name:16993 , 11001 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.014 2010 Mountain Daylight Time><thread=6100 (0x17D4)>ERROR: Invoke(get) failed: 80020009argNum = 0 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.026 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Description: The SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for HTTPS requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig -transport:https". $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.026 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Error: Failed to get AMT_SetupAndConfigurationService instance.~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.026 2010 Mountain Daylight Time><thread=6100 (0x17D4)>session params : https://machine and domain name:16993 , 11001 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.027 2010 Mountain Daylight Time><thread=6100 (0x17D4)>ERROR: Invoke(get) failed: 80020009argNum = 0 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.042 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Description: The SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for HTTPS requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig -transport:https". $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.042 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Error: Failed to get AMT_SetupAndConfigurationService instance.~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.043 2010 Mountain Daylight Time><thread=6100 (0x17D4)>session params : https://10.100.1.207:16993 , 15001 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.045 2010 Mountain Daylight Time><thread=6100 (0x17D4)>ERROR: Invoke(get) failed: 80020009argNum = 0 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.051 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Description: The SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for HTTPS requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig -transport:https". $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.051 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Error: Failed to get AMT_SetupAndConfigurationService instance.~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.051 2010 Mountain Daylight Time><thread=6100 (0x17D4)>session params : https://10.100.1.207:16993 , 15001 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.052 2010 Mountain Daylight Time><thread=6100 (0x17D4)>ERROR: Invoke(get) failed: 80020009argNum = 0 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.058 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Description: The SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for HTTPS requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig -transport:https". $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.058 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Error: Failed to get AMT_SetupAndConfigurationService instance.~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.058 2010 Mountain Daylight Time><thread=6100 (0x17D4)>CSMSAMTDiscoveryTask::Execute - DDR written to C:\Program Files (x86)\Microsoft Configuration Manager\inboxes\auth\ddm.box~ $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.059 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Auto-worker Thread Pool: Succeed to run the task . Remove it from task list. $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:11.063 2010 Mountain Daylight Time><thread=6100 (0x17D4)>AMT Discovery Worker: Wakes up to process instruction files $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:29.964 2010 Mountain Daylight Time><thread=4508 (0x119C)>AMT Discovery Worker: Wait 3600 seconds... $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:29.968 2010 Mountain Daylight Time><thread=4508 (0x119C)>Auto-worker Thread Pool: Work thread 6100 has been requested to shut down. $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:51.077 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Auto-worker Thread Pool: Work thread 6100 exiting. $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:51.079 2010 Mountain Daylight Time><thread=6100 (0x17D4)>Auto-worker Thread Pool: Current size of the thread pool is 0 $$<SMS_AMT_OPERATION_MANAGER><Wed Mar 31 18:23:51.082 2010 Mountain Daylight Time><thread=3800 (0xED8)> I created the web cert and applied the necessary permissions in AD so the SCCM server could request if from the 2008CA. It seems like the web cert is not getting pushed to the AMT machine. I ran the "winrm quickconfig -transport:https". command on the AMT machine and this was the response: C:\Windows\System32>winrm quickconfig -transport:httpsWinRM already is set up to receive requests on this machine.WSManFault Message ProviderFault WSManFault Message = Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed. Error number: -2144108267 0x80338115Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed. C:\Windows\System32> I'm not too familiar with PKI so if I'm just doing this the COMPLETELY wrong way it wouldn't surprise me.

i've tried to mix and match where i was pulling my certs from and took a step back and could not get the AMT machine to respond again. so i used the option in the BIOS to UNPROVISION AMT ON NEXT REBOOT and that fixed that issue. but now the errors in the log are a bit differet: Description: The I/O operation has been aborted because of either a thread exit or an application request. $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.512 2010 Mountain Daylight Time><thread=7904 (0x1EE0)>Error: Failed to get AMT_SetupAndConfigurationService instance.~ $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.512 2010 Mountain Daylight Time><thread=7904 (0x1EE0)>session params : https://10.100.1.207:16993 , 15001 $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.515 2010 Mountain Daylight Time><thread=7904 (0x1EE0)>ERROR: Invoke(get) failed: 80020009argNum = 0 $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.524 2010 Mountain Daylight Time><thread=7904 (0x1EE0)>Description: The I/O operation has been aborted because of either a thread exit or an application request. $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.524 2010 Mountain Daylight Time><thread=7904 (0x1EE0)>Error: Failed to get AMT_SetupAndConfigurationService instance.~ $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.524 2010 Mountain Daylight Time><thread=7904 (0x1EE0)>session params : https://10.100.1.207:16993 , 15001 $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.524 2010 Mountain Daylight Time><thread=7904 (0x1EE0)>ERROR: Invoke(get) failed: 80020009argNum = 0 $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.532 2010 Mountain Daylight Time><thread=7904 (0x1EE0)>Description: The I/O operation has been aborted because of either a thread exit or an application request. $$<SMS_AMT_OPERATION_MANAGER><Thu Apr 01 14:54:31.532 2010 Mountain Daylight Time><thread=7904 (0x1EE0)> no more "WINRM...." error.

Hi Chykun, Please let me know how you figured it out. I'm facing the same issue. Thanks