Hi all,
We have a problemwith theIntel AMTVPROfunction. This functionhas alwaysfunctionedinSCCM 2007. We initiated amigration toSCCM2012.We createdmodelscorrepsondantscertificatefor SCCM2012.However,failing toaccruemachinery,we have openedan incidentwith Microsoft. Manipulation byMicrosofttosolve the problemwas to modify thecertificatetemplateto useWebUPN.From thispoint,weactually managedto provisionmachines.
Theproblem is, the template that was modifiedwas thecertificatetemplatewebsiteused bySCCM 2007and not the2012 !
Result : 88 machines isstillclingingto the oldSCCM 2007infrastructure. Impossible todeprovisioningthemfrom the console2007 orimpossible toprovision for thesemachines fromtheconsolein 2012! Errorsspecifiedstipulatea connection problemrelated towebusecertificate(TLS error).
Microsoft's explanation is:"The certificatehoused in the "chip" AMT rejects uswith a401 (Unauthorized). Certificate isa prioriwrongfollowing the sharingofinfrastructurebetweentemplateConfigMgr2007/2012. KnowsConfigMgr 2007not exceededprovisionedmachinesin this scenario"unexpected"as thetemplatethat was usedwas not consistent. this amounts toputtingsomethingin a box, which we donot havethe key " The onlysolutionfoundso farisremoving theBIOSbattery !!
ToolsintelUnprovisionEx.exedoes not work!-> Error401. Evenspecifyinga specific certificatein thecommand line !
# PSexec -i -s -d CMD.exe /k
# UnprovisionEx.exe -hostname Machine_Name -user admin -pass ******** -full -cert XXXXXXX (Failed 401)
Scenario: To simulatewhatSCCMtries to...
When we try to log on to the web portal of AMT machines problematic using the correct login and password correctly, we rejected. If you check the certificate used by the AMT portal, we do seet hat it is still linked to the old server 2007. As web template for SCCM 2007 was amended and SCCM 2012 can not access this machine, It is unmanageable !!!
If we trigger the provisioning for the SCCM 2012 HASH used is actually not the one expected by the target customer ... (See the screenshot attached to this message) ; Idem from the SCCM console, 2007 model web certificate has been altered by the action of Microsoft (following the opening of the incident)
My question is : Do you have amethod(Tools, Script, etc..) to clearthe AMT informationfrom the chipVPROand/or methodto inject thecorrect certificate. A Methodweavoidremoving theBIOSbattery, knowing that we are dealing withlaptops,scatteredin nature?
Thank you for yourhelp,
Sincerely,
Mitchawkes