SCCM Out of Band Management Troubleshooting (Part1)

August 10, 2011 at 1:47 pm in AMT, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, OOB, out of band management, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, System Center Service Manager, Tokensize, Vpro by Kenny Buntinx [MVP]

It’s no secret for most people that KVM Remote Control is one of my favorite vPro features within System Center Configuration Manager  (System Center Configuration Manager 2007 R3 / System Center Configuration Manager 2012 Beta 2) or System Center Service Manager (System Center Service Manager 2010).

Why go to an end user to fix his PC when you can use KVM Remote Control to do it from your own desk? With a feature this awesome, it’s challenging to make improvements. With the next generation Intel Core vPro Processors, KVM Remote Control now supports resolutions up to 1920×1200 at 16 bits per pixel color depth.

In my previous blog posts I explained already where to download the Intel vPro KVM stuff for System Center Configuration Manager . You can read the article here at “SCCM 2007 : Intel AMT–VPRO KVM add-on for SCCM 2007

If you want to go and download the tools directly from the Intel site , please go to the following links  :

However to use any of the above plugins , your systems should be made ready to use Vpro. There are a lot of requirements to make it happen , that I am not going to explain here in detail . Here are all my System Center Configuration Manager 2007: Out Of Band Management blog posts. I am just going to list them up  :

After you have performed the installation by the book , it will probably not work directly out of the box and this could have multiple reasons. I will explain below  the necessary steps to debug your potential issues in different blog posts:

1. Kerberos Ticket Size issue !

If you have problem that the Out Of Band Management console won´t connect to client computer, then it might be that Kerberos Ticket size is too big. It means that your user account belongs to too many groups.

You can find more information here:

 

If you have problems to connecting client computer with OOB console then check OOBConsole.log  at <ConfigMgrInstallationPath>\AdminUI\AdminUILog .

I found this error message when I tried to connect with OOB console with user account which has too big Kerberos Ticket size after I modified the OOBConsole.exe.config file and set error logging value in the file to verbose.

[22.07.2011 13:54:32] :System.Management.ManagementException\r\nInvalid parameter \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
[22.07.2011 13:56:25] :RefreshAmtThirdPartyStorage fail with result:0x80338126
[22.07.2011 14:00:26] :GetAMTPowerState fail with result:0x800703E3

or

[22.07.2011 14:54:32] :System.Management.ManagementException\r\nInvalid parameter \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
[22.07.2011 14:56:25] :RefreshAmtThirdPartyStorage fail with result:0x80070005
[22.07.2011 15:00:26] :GetAMTPowerState fail with result:0x80070005

To see the value of the tokensize  , you need the following background information . Each AMT version has a different maximum tokensize as shown below in the table :

 

 

Below I have 2 accounts :

  • My account
  • SCCMAMT – An account especially created to be only in the AMT SCCM group and the rights to execute AMT stuff within SCCM

In the screenshot below , you will clearly see that my accounts tokenize is way to big (9418) :

image

While the SCCMAMT accounts Token Size is (2577) :

image

 

After Logging in with the SCCMAMT account , check OOBConsole.log at <ConfigMgrInstallationPath>\AdminUI\AdminUILog . You will see success to at least connect to the AMT/vPro device :

[9/08/2011 9:39:43] :GetAMTPowerState success with 2.
[9/08/2011 9:39:53] :GetAMTPowerState success with 2.
[9/08/2011 9:39:58] :Open SOL connection…
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession2 with user = VVM\sccmamt fail with result:0x20, description:Failed to Establish TLS Connection
[9/08/2011 9:39:59] :IMR_SOLOpenTCPSession fail with result:0x00000020.
[9/08/2011 9:39:59] :status message Type:Audit, ID:0x00000000C000766A, User:VVM\sccmamt, Machine: xxxx, Target: xxxxx add to queue, waiting for report.
[9/08/2011 9:40:01] :Closing SOL terminal…
[9/08/2011 9:40:01] :SOL terminal closed
[9/08/2011 9:40:02] :GetAMTPowerState success with 2.
[9/08/2011 9:40:12] :GetAMTPowerState success with 2.
[9/08/2011 9:40:21] :GetAMTPowerState success with 2.
[9/08/2011 9:40:31] :GetAMTPowerState success with 2.
[9/08/2011 9:40:40] :GetAMTPowerState success with 2.
[9/08/2011 9:40:50] :GetAMTPowerState success with 2.
[9/08/2011 9:40:59] :GetAMTPowerState success with 2.
[9/08/2011 9:41:08] :GetAMTPowerState success with 2.

You will see that you will connect to the AMT/Vpro chipset , but you still aren’t able to connect to the BIOS with a SOL / IDE connection with the following message “IMR_SOLOpenTCPSession fail with result:0x00000020”.

I will explain the fix for this error in SCCM Out of Band Management Troubleshooting (Part2) , that is under construction.

Hope it Helps ,

Kenny Buntinx

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest