none
¿Es posible aprovisionar equipos con SCCM SP1 en un bosque y la CA en otro bosque diferente? RRS feed

  • Pregunta

  • Buenas, voy a contar mi caso para ver si alguien me puede ayudar. Tengo un dominio bastante antiguo (por ejemplo, Contoso) con nivel funcional Windows 2003,en el tengo todos los servidores y las computadoras. Queremos añadir la funcionalidad de vPro, hemos intalado SCCM 2007 SP1 para ello.
    Se crea otro dominio adicional en un bosque (por ejemplo, corporate.com) y en el se implementa una CA en Windows Server 2008 R2.
    Se añade una relación de confianza bilateral entre los dos bosques. Después de varios ajustes, las plantillas de certificado (AMT AMT de aprovisionamiento y el servidor Web) son vistos por SCCM. El certificado de aprovisionamiento es creado por mí y he añadido la Hash en la BIOS de los ordenadores. Comienzo a hacer el descubrimiento y en el log de SCCM /amtopmgr.log puedo ver que el equipo, intento el aprovisionamiento manual mediante el UUID. SCCM comienza a aprovisionarlo y lo marca como "Detectado", y después de unos minutos aparece como "No provisioned" y, aunque ha añadido el equipo en la OU creada para aprovisonar en el DA, el equipo no termina de aprovisionarse. En el log veo lo siguiente:

    UUID   : 4C4C4544-0038-4E10-8050-B4C04F38344A SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2484 (0x09B4)
    Found matched hash from hello message with current provision certificate. (Hash: 047D872D50E8F7ECA3BF35B434F392DB847AE4C6) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2484 (0x09B4)
    Generate bare metal provision task for AMT device 4C4C4544-0038-4E10-8050-B4C04F38344A. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2484 (0x09B4)
    Waiting for incoming hello message from AMT devices... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2484 (0x09B4)
    AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    Incoming instruction file D:\Microsoft Configuration Manager\inboxes\amtopmgr.box\prov\{72822B84-BB02-41DC-9744-9B3FC259E5F7}.PRV to Provision Worker. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    Found one 'Bare-Metal Provision' task with type 'Machine Resource' and target ID '45' and IP address '3232236065'. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    Target machine 45 is a AMT capable machine. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    Succeed to add new task to pending list. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    AMT Provision Worker: Parsed 1 instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    AMT Provision Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    AMT Provision Worker: Send task carlos22.contoso to completion port SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    Auto-worker Thread Pool: Current size of the thread pool is 2 SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    AMT Provision Worker: 1 task(s) are sent to the task pool successfully. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    Auto-worker Thread Pool: Work thread 3812 started SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    >>>>>>>>>>>>>>>Provision task begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    Provision target is indicated with SMS resource id. (MachineId = 45 192.168.2.33) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    STATMSG: ID=7203 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=FSCCM01 SITE=F00 PID=3164 TID=2264 GMTDATE=jue ene 28 16:49:32.761 2010 ISTR0="1" ISTR1="0" ISTR2="0" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 2264 (0x08D8)
    Start to send a basic machine property creation request to FDM. (MachineId = 45) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Fill Machine Property' SID=1 MUF=0 PCNT=5, P1='carlos22' P2='891300000D71B2B67AD85767A3F0CB9209BD9DD9EC31BE303A16FFF3C0F8728C01C54A449A051758CB080860140000004200000048000000036600000000000038C068D70BAB45CEC58931AAA4FB70E6D9E82AA9F1CB269C403B3430032B1E1179D5C4379D20A0662665AC3288C94B253A98DBC7EEF16B850E0301100FCD4576399B14BB9D10B5020043' P3='carlos22.contoso' P4='admin' P5='047D872D50E8F7ECA3BF35B434F392DB847AE4C6' SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    CStateMsgReporter::DeliverMessages - Created state message file: D:\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\xzcwj6k1.SMX SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    The provision mode for device 192.168.2.33 is 1. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    Found matched certificate hash in current memory of provisioning certificate SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    Create provisionHelper with (Hash: 11E83BCCB1937EB38D8F29A78D5110F16D2C1133) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    Try to use provisioning account to connect target machine 192.168.2.33... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:32 3812 (0x0EE4)
    Succeed to connect target machine 192.168.2.33 and core version with 5.0.3 using provisioning account #0. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:36 3812 (0x0EE4)
    GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    Get device provisioning state is In Provisioning SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    Machine 192.168.2.33 will be added and published to AD and OU is LDAP://OU=Out of Band Management Controllers,DC=contoso. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    Send request to AMT proxy component to add machine 192.168.2.33 to AD. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    Successfully created instruction file for AMT proxy task: D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    Processing provision on AMT device 192.168.2.33... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    Send request to AMT proxy component to generate client certificate. (MachineId = 45) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    Successfully created instruction file for AMT proxy task: D:\Microsoft Configuration Manager\inboxes\amtproxymgr.box SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    Wait 20 seconds to find client certificate for AMT device 192.168.2.33 being generated again... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:39 3812 (0x0EE4)
    AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:40 3156 (0x0C54)
    AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:40 3156 (0x0C54)
    CAMTDiscoveryWSMan::DoConnectToAMTDevice: Failed to establish tcp session to 192.168.2.33:16992. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:41 2072 (0x0818)
    GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientError = 0. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:48 2072 (0x0818)
    CSMSAMTDiscoveryTask::Execute - DDR written to D:\Microsoft Configuration Manager\inboxes\auth\ddm.box SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:48 2072 (0x0818)
    Auto-worker Thread Pool: Succeed to run the task . Remove it from task list. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:48 2072 (0x0818)
    AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:52 2264 (0x08D8)
    AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:52 2264 (0x08D8)
    RETRY(1) - Validate client certificate for AMT device 192.168.2.33 being generated. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:59 3812 (0x0EE4)
    Wait 20 seconds to find client certificate for AMT device 192.168.2.33 being generated again... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:49:59 3812 (0x0EE4)
    AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:00 3156 (0x0C54)
    AMT Discovery Worker: Wait 3600 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:00 3156 (0x0C54)
    AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:12 2264 (0x08D8)
    AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:12 2264 (0x08D8)
    RETRY(2) - Validate client certificate for AMT device 192.168.2.33 being generated. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:19 3812 (0x0EE4)
    Wait 20 seconds to find client certificate for AMT device 192.168.2.33 being generated again... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:19 3812 (0x0EE4)
    AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:32 2264 (0x08D8)
    AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:32 2264 (0x08D8)
    RETRY(3) - Validate client certificate for AMT device 192.168.2.33 being generated. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:39 3812 (0x0EE4)
    Wait 20 seconds to find client certificate for AMT device 192.168.2.33 being generated again... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:39 3812 (0x0EE4)
    AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:52 2264 (0x08D8)
    AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:52 2264 (0x08D8)
    RETRY(4) - Validate client certificate for AMT device 192.168.2.33 being generated. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:59 3812 (0x0EE4)
    Wait 20 seconds to find client certificate for AMT device 192.168.2.33 being generated again... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:50:59 3812 (0x0EE4)
    AMT Provision Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 28/01/2010 17:51:12 2264 (0x08D8)
    AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 28/01/2010 17:51:12 2264 (0x08D8)
    RETRY(5) - Validate client certificate for AMT device 192.168.2.33 being generated. SMS_AMT_OPERATION_MANAGER 28/01/2010 17:51:19 3812 (0x0EE4)
    Error: Missed device certificate. To provision device with TLS server or Mutual authentication mode, device certficate is required. (MachineId = 45) SMS_AMT_OPERATION_MANAGER 28/01/2010 17:51:19 3812 (0x0EE4)
    Error: Can't finish provision on AMT device 192.168.2.33 with configuration code (0)! SMS_AMT_OPERATION_MANAGER 28/01/2010 17:51:19 3812 (0x0EE4)
    >>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 28/01/2010 17:51:19 3812 (0x0EE4)

    Porque no termina de provisionar el equipo??, alguna idea??

    Un saludo
    lunes, 1 de febrero de 2010 9:34

Respuestas

  • Para poder darte mas detalles tendre que ver a nivel de Herarquia como tienes el diseño de SCCM no importa lo de los dominios si no la seguridad entre estos 2 equipos.

    Saludos,
    Santos
    Santos Martinez, MCSE, MCDBA, MCTS, MCITP MVP - SCCM http://www.mvplatino.ms/blogs/smartinezpr santosmvp@live.com
    miércoles, 3 de marzo de 2010 15:40