Blog Post

Security, Compliance, and Identity Blog
4 MIN READ

Updated Troubleshooting Information for Out of Band Management (SP1)

yvetteomeally's avatar
yvetteomeally
Icon for Microsoft rankMicrosoft
Sep 08, 2018
First published on CloudBlogs on Aug, 13 2009

[Today's post is provided by Carol Bailey ]

We have recently updated the Configuration Manager Documentation Library for out of band management for SP2, including revisions to troubleshooting issues.  Some of these revisions are also applicable to Configuration Manager 2007 SP1, but we can't publish them with our monthly updates because of the new SP2 content.  Rather than waiting until SP2 is released, I'm including the revisions here that affect existing customers using out of band management in Configuration Manager 2007 SP1.

Configuration Manager Fails to Provision Computers with a Disjointed Namespace

Out of band management does not support AMT provisioning of computers that have a disjointed namespace. An example of a disjointed namespace is when an AMT-based computer has a DNS name of computer1.corp.fabrikam.com and resides in an Active Directory domain named na.corp.fabrikam.com instead of in an Active Directory domain named corp.fabrikam.com .

Solution

There is no workaround to this requirement other than to align the DNS namespace with the Active Directory namespace.

Computers Fail to Provision Out of Band Because the Computer Has Been Discovered by Configuration Manager

If out of band provisioning is used and the AMT-based computer has already been discovered by Configuration Manager before the provisioning process starts, provisioning fails with Configuration Manager 2007 SP1. In this scenario, after running the Import Computer for Out of Band Management Wizard, the site code is incorrectly missing from the client record, which causes provisioning to fail.

Solution

This issue is addressed with Configuration Manager 2007 SP2. If you cannot upgrade to Configuration Manager 2007 SP2, a workaround to complete out of band provisioning in this scenario is to delete the client record in the Configuration Manager console before running the Import Computer for Out of Band Management Wizard. Alternatively, use in-band provisioning.

The Out of Band Management Console Fails to Connect to AMT-Based Computers That Were Successfully Provisioned Out of Band and Do Not Have an Operating System Installed

If the computer running the out of band management console cannot connect to an AMT-based computer that was successfully provisioned out of band and that does not have an operating system installed, it might be because there is no host record in DNS to resolve the FQDN to the IP address of the AMT-based computer. There is no DNS client supplied with versions of AMT that are supported in Configuration Manager 2007 SP1 and later. Therefore, other methods must be used to create and update this record in DNS. When an operating system is installed, this can update DNS directly or through a DHCP record. However, when provisioning out of band, the initial host name of the AMT-based computer will be a factory default name and might be used on multiple computers rather than be unique. Although your choice of FQDN is written to AMT during the provisioning process, AMT cannot update the initial DHCP record with this new computer name. This results in name resolution failing for the FQDN when the out of band management console tries to connect to the AMT-based computer, and the following entry is logged in the <ConfigMgrInstallationPath>AdminUIAdminUILogOobconsole.log file:

GetAMTPowerState fail with result: 0x800703E3

Solution

When an operating system is installed with the same FQDN that was supplied during AMT provisioning, a host record will be added to DNS either directly or by using DHCP and out of band management communication will then succeed. To manage the AMT-based computer out of band before an operating system is installed, you must manually create host records in DNS for these computers that resolves their FQDN supplied in the Import Computer for Out of Band Management wizard to their current IP address in AMT. You can locate their current IP address from the BIOS extensions, or if you know the MAC address, you can find the corresponding IP address from DHCP.

For new computers that are not yet provisioned for AMT, perform the following steps:

  1. Create a DHCP reservation for this computer and supply the MAC address of the AMT-based computer.
  2. Manually create a host record in DNS such that the host name matches the FQDN supplied in the Import Computer for Out of Band Management wizard and the IP address matches the address in the DHCP reservation.
IDE Redirection Fails When the Out of Band Management Console Runs as a Low-Rights User

IDE redirection requires that the AMT administrator using the out of band management console has local administrator rights on the computer used to run the out of band management console when this computer supports user account control (UAC). For example, this includes Windows Vista and Windows Server 2008.

To help identify this scenario, on the computer running the out of band management console, look for the following data in the Oobconsole.log file, with an entry that begins IMR_IDEROpenTCPSession<number> with user = and then contains user and drive information. This log file is located in the folder <ConfigMgrInstallationPath>AdminUIAdminUILog on the computer that runs the out of band management console.

fail with result:0x2, description:Invalid Parameter

Solution

Add the user account to the local Administrators group on the computer running the out of band management console.

-- Carol Bailey

This posting is provided "AS IS" with no warranties, and confers no rights.

Published Sep 08, 2018
Version 1.0
No CommentsBe the first to comment