I have a question regarding the amt vpro config. From what i have read if we use enterprise mode and get a cert from one of the approved locations and get that cert on the provisioning server(landesk core) we can then use zero touch provisioning. By zero touch i mean you have a vpro pc out there with the advanced agent on it and once you have set your vpro password in landesk it will automaticaly provision the pc and give you the vpro functionality. Is this correct or am i reading it wrong? also i am having trouble using the amtprovmgr2.exe command to generate a csr file for purchase of certificate. I am using landesk 188.8.131.52 and i got this command from an older document. Is this still the method used to get the info need in order to order your cert?
You are correct in that they will zero touch provision if everything is configured correctly. The way the machine is able to find the server is by looking for a specific DNS name, can't remember the exact name right now. Is the doc you followed for the CSR creation this one http://community.landesk.com/support/docs/DOC-9307? I believe that is the same doc I used originally and it worked for me. What issues are you seeing when you try to generate the file?
Yes that is the document i was using. When i run the command:( amtprovmgr2.exe -domainname ad.hs.uab.edu -country US -state "alabama" -city "Birmingham" -organization "uab") i get this
To generate certificate signing request
thats all it says and there are no .pem or .csr files created that i can find
if i use one of the approved certs that means it will already be on the bios of the pc and will not have to have the oem vendor load it..correct. If i gen'ed my own i would have to have them load it before shipping?
Is ad.hs.uab.edu the FQDN of the LANDesk core server?
To answer your second question, does not need any cert loaded by the manufacturer. All it needs is to have vPro/AMT enabled and the machine will look for the DNS entry and provision itself. I believe the DNS entry is "ProvisionServer".
Not sure if you are using GoDaddy for your cert but they are by far the easiest to setup. This document is what I used when setting it up originally http://communities.intel.com/servlet/JiveServlet/previewBody/2221-102-3-3990/Installing%20GoDaddyCertificate%20for%20Landesk%208.8_v1.2.pdf
This is another helpful doc http://communities.intel.com/docs/DOC-2070
ok. it was a little misleading since the switch is call -domainName. My command now looks like this: amtprovmgr2.exe -domainName vm-landesk-1.ad.hs.uab.edu -country US -state "Alabama" -city "Birmingham" -organization "UAB"
what it returns is this: <amt>
To generate certificate a signing request
Generate certificate signing request successfully
then i assumed it would put those two files on the root of c:\program files <x86>\landesk\managementsuite\amtprov
but there is no .pem or .csr files their or anywhere else on core that i can find........i guess it could be a rights issue but i would think it would return an error.
Landeskwizard you are the man! I got it now thanks for all the help.
Did you resolve the certification signing request problem? I had the same issue initially especially if your LANDesk core is on Server 2008 and preassumably has UAC enabled.
When you open a command line, make sure you right-click "Run as Administratror" and generate the signing request using this command prompt otherwise you will not have the rights to create files in that directory
I had followed all the instructions for getting a GoDaddy cert and installing it, but it didn't work. I found the OU was not set to Intel(R) Client Setup Certificate even though I specified to GoDaddy it was for vPro Provisioning. I think GoDaddy only goes by the text in certreq.csr where you can not specify the OU using AMTProvMgr2.exe. Does anyone know how you get Intel(R) Client Setup Certificate set as the OU? I cannot find any documentation in this community, Intel or GoDaddy's support for that one piece of the puzzle, unless it's for a SCCM server. Also, does this mean GoDaddy did it wrong and I'll have to cancel and create a new cert?
You will most likely have to be re-issued a new certificaiton. Did you specify Deluxe SSL cert when going through GoDaddy? I remember there was an option for vPro under Deluxe when I did my certifcate.
Thanks for the response Macado. GoDaddy said I would have to get a new cert. I did get a Deluxe cert and made sure it was for vPro, but the OU was set to Information Systems, which is the OU of the user account that generated the certreq.csr. So I'm thinking that's how that field was populated. I would think GoDaddy would know to change that value to Intel(R) Client Setup Certificate, but that didn't happen. I'll create a new cert request today and test it with openssl once I get it.
Update: I found out why the OU was wrong. When filling out your customer information you must put Intel(R) Client Setup Certificate as your division and that becomes the OU. Do not use the billing info. The GoDaddy tech support didn't even know that was the case. Even if your CSR is correct, as mine was, they will overwrite it with your customer information. The instructions here and on Intel's site are a little out of date as GoDaddy has changed their site since they were posted.
Message was edited by: DaddyG
LANDeskWizrd : I have a question with the "AMTProvMgr2.exe" -domainName Command.
Have I to specify the LANDESK SERVER NAME before the domain?
For example: AMTProvMgr2.exe -domainName LDMSCORE.vprodemo.com -country US
or i just have to specify the domanin only
For example: AMTProvMgr2.exe -domainName vprodemo.com -country US
What should i do in my DNS?
*About my "Provisioning Server"
The first one.
In DNS make a CNAME (alias) provisionserver set it to point to your core server.