cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Deep Command Installation Guide - Step 4

Configure Intel AMT Clients and Deploy McAfee Deep Command

With the server components installed and configured, client-side AMT configuration and Deep Command installation can now be done.  If Intel AMT is not already configured, this section will first show how to manually configure AMT on a client and how to do this in an automated fashion. Once that is complete, the ePO server will start deploying Deep Command because of the deployment task that was created in step 3 of this document.

Task: Manually Configure an Intel AMT Client

This task will illustrate the process for configuring AMT clients and will also validate that the server-side components were correctly installed and configured. Intel AMT is configured by applying the settings in the configuration file to the firmware on the AMT client. The ACUConfig program is run on the client. It communicates with the Intel RCS service on the server and applies the configuration settings to the firmware on the AMT client. This program can be run manually, scripted, or wrapped in a package for automated deployments.

For the purposes of this document, the AMT configuration package to be executed on the client includes three files as shown below. The EXE and DLL files are provided via the Intel SCS software in the ACU_Configurator directory.

step5a01a.png

To manually configure Intel AMT on a client, copy the ACU_configurator folder with the three files as shown above to the client.  

Open a command prompt on the client.   If Windows 7 or Vista, be sure to “Run as Administrator" as shown in the example below.

step5a02.png

The configuration command syntax is:

  • ACUconfig.exe ConfigViaRCSOnly <RCS_IPaddress> <RCSProfileName> /WMIuser <domain\userid of service account> /WMIuserpassword <domain account password>

Using the command syntax, the command shown in the example below according to the previous steps of this document is:

  • ACUconfig.exe ConfigViaRCSOnly 192.168.0.2 AMTconfigProfile /WMIuser vprodemo\AMTConfigService /WMIuserpassword McAfee123!

If the configuration completes successfully, then Intel Management and Security Status will generate a popup indicating Intel® ME is Configured

Step5a03a.png

Tip: While testing, view the ACU log file to ensure that the last line of the log file displays an exit code of 0, that means success.

McAfee ePO will now recognize the system as “Fully Provisioned.” You can validate this status in any of the following ways once the Intel AMT Discovery and Reporting has been updated.

  • In the System Tree, look for the system to have the AMT tag.
  • In the dashboard, look in the Intel AMT Fully Provisioned monitor. A status of Yes indicates success.
  • In the System Details screen, select the Intel AMT tab and look in the Intel AMT Fully Provisioned field.

Note: You can also validate AMT configuration outside of McAfee ePO. Simply launch a web browser and go to https://hostname:16993. This connects your browser to the web service running on the AMT client. Click the Log On button and attempt to authenticate using the credentials that were established in the AMT configuration profile. If you can authenticate and execute the tasks available in the web console, then AMT configuration was successful.

Task: Set WMI Permissions for Automated Intel AMT Configuration

The manual Intel AMT configuration approach used in the previous task required a domain account login. The configuration process required authentication to the Intel Remote Configuration Service (RCS) that was installed and configured previously. A packaged delivery of the files and command can be executed using the local system account of the computer.   This will require appropriate WMI permissions for Domain Computers, as shown accordingly.

Via the Server Manager where Intel RCS was installed, expand Configuration, right click on WMI Control, and select Properties. Select the Security tab. Expand the Root tree to see the WMI namespaces. Select Intel_RCS and click the Security button. Add Domain Computers to the list of Group or User Names. Grant Domain Computers Execute Methods, Full Write, and Remote Enable. Save the settings and close the properties screens.

Step4a16a.png

The previous command syntax, if executed via the Local System account, is now:

  • ACUconfig.exe ConfigViaRCSOnly <RCS_IPaddress> <RCSProfileName>

The references to WMIuser are no longer required if the command is executed under the user context of the Local System Account.    

Task: Identify and Tag Systems Ready for Intel AMT Configuration

The data collected by the Deep Command Discovery and Reporting software can be used to create a custom query that identifies systems ready for AMT configuration. The query simply looks for systems that are AMT capable, are not missing the MEI driver and are also not already fully AMT provisioned. The results of this query will then be used to apply a tag to identify systems that are ready for AMT configuration.

In McAfee ePO go to Menu > Reporting > Queries and Reports. Then select ePO Deep Command Reporting and choose New.

Win 2K8R2 ePO46 Dev-2011-12-15-11-22-22.png

In the Feature Group, select Systems Management. In the Results Type choose Managed Systems and click Next to proceed.

Win 2K8R2 ePO46 Dev-2011-12-15-11-23-02.png

In the Query Builder, choose to display results as a Table. Keep the other default values and click Next to proceed. In the columns screen, display only the System Name column. Then click next to proceed.

Win 2K8R2 ePO46 Dev-2011-12-15-11-24-30.png

In the Filter screen, scroll down to the Intel AMT properties and select Intel AMT Fully Provisioned and set it to equals no. Select Intel AMT Supported and set it to equals yes. Then select Intel MEI Enabled and set it to equals yes. Then click Save to proceed.

Win 2K8R2 ePO46 Dev-2011-12-15-11-28-30.png

In the Save Query screen, give the query a name and description. Save the query in the existing group entitled ePO Deep Command Reporting. Then click Save to complete this process.

Win 2K8R2 ePO46 Dev-2011-12-15-11-30-09.png

This query can now be used to identify systems ready for AMT configuration. The next step is to create a tag that will be applied to those systems. Go to Menu > Systems > Tag Catalog then choose Tag > Actions > New Tag. In the Description screen, name the tag AMT_Ready. Click Next to proceed. Do not specify any criteria in the criteria screen and click Next to proceed. Accept the default values in the Evaluation screen and then click Next to proceed. Accept the default values in the Preview screen and click Save to complete this process.

Win 2K8R2 ePO46 Dev-2011-12-15-11-33-00.png

This tag needs to be manually applied to systems. This is done by running a server task that applies the tag to all systems returned by the AMT Ready Systems query. Go to Menu > Automation > Server tasks and choose New Task.  Name the task and give it a description. Click Next to proceed.

Win 2K8R2 ePO46 Dev-2011-12-15-11-37-08.png

In the Actions screen set it to run the AMT Ready Systems Query and set the Sub-Action to apply the AMT_Ready tag. Click Next to proceed.

Win 2K8R2 ePO46 Dev-2011-12-15-11-38-50.png

In the Schedule screen, set the task to run on a schedule. In this example the task will be set to run hourly. Then click Next to proceed.

Win 2K8R2 ePO46 Dev-2011-12-15-11-39-48.png

Tip: For lab environments and first-time installs, use Run Immediately for the Schedule type. This will make it run the next time the McAfee Agent synchronizes.

Review the settings in the Summary screen and then click Save to complete this process.

Task: Create AMT Configuration Package

The AMT configuration package must contain the three Intel files listed above (ACU.dll, ACUConfig.exe and xerces-c_2_8.dll) and a batch file that will execute ACUConfig with the necessary parameters. This batch file is generic and the parameters that are specific to your environment (server IP address and AMT configuratio profile name) can be entered in the client deployment task in ePO. For simplicity, we have provided a generic package that will work in any ePO 4.6 patch 1 environment and attached it to this post (ACUCONFG7150.zip). For instructions on how to build your own custom packages please visit the McAfee ePO Tools Exchange site and look for the ePO Enterprise Deployment Kit (EEDK).

Example batch file

ACU Config bat.PNG

Task: Create Deployment Task for AMT Configuration Package

To deploy the AMT configuration package from ePO, the package must be checked in to the master repository and a client task must be created. This client task will be setup as a tag-based deployment so that only systems that are not already AMT configured will receive the package.

In ePO to go Menu > Software > Master Repository and check in the AMT configuration package.

Then go to Menu > Policy > Client Task Catalog. Select Product Deployment and then click New Task. Choose Product Deployment and click OK to proceed. Then name the task and give it a description. Set the target platform to Windows and select the AMT configuration package from the Products and components drop-down menu. Then enter the ACUconfig parameters in the Command line field. Click Save to proceed.

Deploy AMT config package.png

Note: The command line field must contain the following string: "/output file c:\Windows\Temp\ACUConfig.log" ConfigViaRCSonly <ipaddress> <AMTconfigprofilename>

Note: Replace <ipaddress> with the IP address of the server that is running the RCS service. Replace <AMTconfigprofilename> with the name of your AMT configuration profile (AMTConfigProfile.xml is used in this guide).

You will now see the Deploy AMT Config Package in your Client Task Catalog. Highlight the task and click Assign. Select My Organization and click OK to proceed.  Then select McAfee Agent > Product Deployment > Deploy AMT Config Package. In the tags section, set it to go to any system that has the AMT_Ready tag but not to systems that have the AMT tag. This will ensure that the task goes to any system is ready for AMT configuration but is not already fully AMT configured. Then click Next to proceed.

AMT config package client task 01.png

Set the schedule for the task. McAfee recommends running this daily. The task will only work if the system is connected to your LAN with a wired network connection. If a system is remote, there is no sense in repeatedly running this task. Instead, it is designed to simply run once per day. Click Save to complete this process.

AMT config package client task 02.png

Tip: For lab environments and first-time installs, use Run Immediately for the Schedule type. This will make it run the next time the McAfee Agent synchronizes.

Task: Track AMT Configuration and Deep Command Installation Progress

Based on the tasks completed in steps 3 and 4 of this guide, a fully automated Deep Command installation process is in place. McAfee ePO runs a query that searches for systems that are not AMT configured but are ready to start the AMT configuration process. It then tags these systems with the AMT_Ready tag. McAfee ePO will then push the custom AMT configuration package to those systems. When AMT configuration is complete, the systems will automatically be tagged with the AMT tag. Another deployment task in ePO will then push Deep Command only to those systems. Progress of AMT configuration can be tracked in ePO by watching the Intel AMT Fully Provisioned monitor of the Intel AMT Summary dashboard. Tracking the progress of the Deep Command deployment can be done with a custom query. This query looks looks at the properties for all managed systems and checks to see if they have any version of Deep Command installed. An example query is attached to this post and can be imported into any ePO 4.6 server.

More resources for installing McAfee Deep Command


Step 1: Step 2: Step 3:

Step 4:

Appendix A:

Appendix B:

Appendix C:


Labels (1)
Attachments
Comments

Re: While testing, view the ACU log file to ensure that the last line of the log file displays an exit code of 0, that means success.

Where is this log file?

Thanks

No need to view a log file, just use /Output Console switch

Right, now I think I’ve got a cert issue (I thought I would do)  – does anybody know what cert needs to be where for this to work?

I’ve got an ePO server/DC/DNS/DHCP where I’ve installed the GoDaddy cert into both the Current User (vprodemo/administrator) and Local Computer Personal certificate store…

AMT certs.png

I’m logged into a client using another account DemoUser (where I’ve not installed any cert), I'm running the cmd prompt as administrator and and I’m using another account (AMTServiceConfig) to run the ACUConfig setup...

C:\ACU_Configurator>ACUConfig.exe /Output Console Status

Starting log 2011-12-22 15:18:29

The file "C:\ACU_Configurator\ACU.dll" is signed and the signature was verified.

vpro01.vprodemo.com: Retrieving machine status...

Host information- vpro01.vprodemo.com

        UUID- C5365F01-507D-11CB-BDA1-9435EF2EF903

        Intel(R) AMT version- 7.1.10

        The system is unconfigured.

        The system TLS setup is using PKI.

        The system supports host-based configuration.

        AMT state- In-Provision(1)

***********

Exit with code 0 - The requested operation completed successfully.

C:\ACU_Configurator>ACUConfig.exe /Output Console ConfigViaRCSOnly 192.168.0.20

AMTConfigProfile /WMIuser AMTConfigService /WMIuserpassword AMT

Starting log 2011-12-22 15:20:18

The file "C:\ACU_Configurator\ACU.dll" is signed and the signature was verified.

vpro01.vprodemo.com:Starting Remote configuration...

Activate Intel(R) AMT configuration (0xc0000050)

Success (0xc0000051)

Remote Profile Configuration failed: Initial connection to the Intel(R) AMT devi

ce failed. - 0xc00007d2. (Intel(R) AMT Configuration failed. Initial connection

to the Intel(R) AMT device failed.  A valid PKI certificate was not found in Cer

tificate Store of the user running the Remote Configuration Service. )

***********

To your first question - by default the ACUconfig log file is created in the same directory where ACUconfig was executed.   Using the /output switch, you can direct the log file to a different location... as long as the user executing ACUconfig has access to that directory\location.

To your second item - it appears the Remote Configuration certificate is either not valid or not correctly placed.   Review the steps in

Thanks Terry - looking through step 2 it looks like I need to add the GoDaddy cert to the AMTConfigService account.

The guide suggests using

  • runas /user:vprodemo\AMTConfigService mmc.exe

When I attempt to run this (logged in as domain admin) and running Command prompt as administrator

C:\Users\Administrator>runas /user:vprodemo\AMTConfigService mmc.exe
Enter the password for vprodemo\AMTConfigService:
Attempting to start mmc.exe as user "vprodemo\AMTConfigService" ...
RUNAS ERROR: Unable to run - mmc.exe
740: The requested operation requires elevation.

C:\Users\Administrator>

Any ideas?

Sounds like a Microsoft operating system security feature.   If running from command prompt, open using "Run as Administrator".    The other option is to check and lower your UAC (User Account Control).  

Yes - checked the above and no joy.

I guess there would be no issue with logging on as the AMTConfigService account, and launching mmc locally? Yes, this resolved it!

Thanks for the pointers Terry.

Is your domain called "vprodemo"?

You should not copy/paste the example command because the username and domain in your environment may be different. Think of it like this ... runas /user:YOUR-DOMAIN-HERE\YOUR-USER-NAME-HERE mmc.exe

Yes my domain is vprodemo

- the problem I think is that I hadn't rebooted so UAC was still active. Haven't yet confirmed but will do.

Trying to provision another system (Lenovo T420s)

ePO shows the followng for the system

Intel vPro System  Yes 
Intel Anti-Theft Supported  Yes 
Intel AMT Supported  Yes 
Intel AMT Version  7.1.10 
Firmware Version  7.1.10.1065 
Intel MEI Version  
Intel MEI Enabled  No 

From this I assume the MEI driver is not installed (which seems common)?

This article http://support.lenovo.com/en_US/downloads/detail.page?&LegacyDocID=MIGR-77015 suggests checking using this...

Windows 7/Vista

  1. Click Start.
  2. Right-click Computer, and then click Properties.
  3. At the left pane, click Device Manager.
  4. Double-click the System devices category.
  5. Double-click Intel(R) Management Engine Interface.
  6. Click the Driver tab.
  7. Check Driver Version.

Intel(R) Management Engine Interface isn't listed, so I've downloaded the driver Intel AMT 7.1 - Management Engine Interface and Serial Over LAN (SOL) Driver run the install, which completed successfully, rebooted, and still nothing.

When I run acuconfig I get...

C:\ACU_Configurator>ACUconfig.exe /Output Console /verbose ConfigViaRCSOnly 192.
168.0.20 configProfile /WMIuser AMTConfigService /WMIuserpassword AMT
Starting log 2012-01-04 16:01:22
Verifying the digital signature of ACU.dll, this operation might take up to 3 mi
nutes...
The file "C:\ACU_Configurator\ACU.dll" is signed and the signature was verified.

***** Start CheckAMT ******

Intel(R) Management Engine Interface error- Cannot find the Intel(R) Management
Engine Interface driver.
The Intel(R) Management Engine Interface driver is not installed or cannot be ac
cessed. (0xc000001f)
***** END CheckAMT ******

GetHostAndMEInfo output data:
        IsAMT:False,
        isAmtCapable:False,
        isEnterpriseMode:False,
        configurationMode:0,
        isRemoteConfigEnabled:False,
        AMTversion:,
        isMobile:False,
        provisioningTlsMode:0,
        suuid:0E5ED101-50C7-11CB-874E-FCD8776A912D,
        isClientConfigEnabled:False,
        hostBasedSupport:False,
        configurationState:4294967293,
        FQDN:VPRO01.vprodemo.com.

***********

Exit with code 83 - The Intel(R) Management Engine Interface driver is not insta
lled or cannot be accessed.

C:\ACU_Configurator>

Any suggestions?

Thanks

The MEI driver is required.   If the driver is not installing, a few items to check:

Thanks Terry,

ACUcomfig.exe systemdiscovery gives me...

2012-01-04 23:43:54:(INFO) : ACU Configurator , Category: HandleOutPut: Starting log 2012-01-04 23:43:54

2012-01-04 23:43:54:(INFO) : ACU Configurator , Category: VerifyFileSignature: The file "C:\ACU_Configurator\ACU.dll" is signed and the signature was verified.

2012-01-04 23:43:54:(INFO) : ACU Configurator, Category: -SystemDiscovery-: VPRO01.vprodemo.com: Discovering the System information...

2012-01-04 23:43:54:(ERROR) : ACU Configurator , Category: Error message: The Intel(R) Management Engine Interface driver is not installed or cannot be accessed. (0xc000001f)

2012-01-04 23:43:58:(WARN) : ACU.dll, Category: System Discovery: System Discovery finished with warnings: System Discovery failed to get data from some of the interfaces on this system. . ( Failed to get data from the %1 interface (%2). Failed to get data from the %1 interface (%2). )

2012-01-04 23:43:58:(WARN) : ACU Configurator, Category: Exit: ***********Exit with code 32 - The requested operation completed, but with warnings. Details: System Discovery finished with warnings: System Discovery failed to get data from some of the interfaces on this system. . ( Failed to get data from the %1 interface (%2). Failed to get data from the %1 interface (%2). )

The BIOS showed AMT was enabled. For good measure I disabled it, rebooted, renamed it and rebooted.

Device manager does not show the Intel Management Engine Interface,

system devices.PNG

Although I do get

unknown device.PNG

Finally, Programs and Features shows Intel Management Engine Interface is installed.

add remove programs.PNG

But it doesn;t seem to be working..

Intel Mgmt Sec Status.png

I'm going to try an uninstall and reinstall.

Thanks,

Jason

Right, well I'm npw a little more confused

Programs and Features shows

add remove programs highlighted.png

I uninstall Intel Management  Engine Interface, and reboot. I then run the following installer

Intel AMT 7.1 - Management Engine Interface and Serial Over LAN (SOL) Driver  Lenono T420s 83ra28ww.exe obtained from here.

http://support.lenovo.com/en_US/downloads/detail.page?&LegacyDocID=MIGR-77015

This all seems to go okay, and says its going to install version 7.1.2.1041. The install runs through okay, and completes, triggers the install for the anti-theft technology which I cancel (since it complains about this as its already installed.

Now Programs and Features does not show Intel Management Engine Interface anymore.

Alos, digging a little deeper, I see the Intel Mgmt & Security statsu shows the Intel MEI driver is not installed.

MEI driver not installed.PNG

Is the Management Engine Interface not the MEI driver?

Does anybody know which of the componenst highlighted above are required, and what I need to do to remove all traces of AMT / MEI  and what is required to install just the bits I need.

Thanks,

Jason

All sorted - the fix was to remove everything mentioning Intel Management Engine * and AMT, then installing the driver,

Intel AMT 7.1 - Management Engine Interface and Serial Over LAN (SOL) Driver Lenono T420s 83ra28ww.exe.

The details:

So, after I uninstalled all the above and rebooted, Windows Update kindly installed Intel Management Engine Interface.

Then I ran...

C:\ACU_Configurator>ACUConfig.exe /output console status
Starting log 2012-01-05 15:43:02
The file "C:\ACU_Configurator\ACU.dll" is signed and the signature was verified.

Error: Host-based configuration is not currently available because the Local Man
ageability Service (LMS.exe) is not running on the system.
VPRO01.vprodemo.com: Retrieving machine status...
Host information- VPRO01.vprodemo.com
        UUID- 0E5ED101-50C7-11CB-874E-FCD8776A912D
        Intel(R) AMT version- 7.1.10
        The system is unconfigured.
        The system TLS setup is using PKI.
        Host-based configuration is not currently available because the Local Ma
nageability Service (LMS.exe) is not running on the system.
        AMT state- Pre-Provision(0)

***********

Exit with code 0 - The requested operation completed successfully.

I also notice the correct driver had been installed in Device Manager (version 7.x so genuine)

Then I installed the above driver, and reran the above command...

C:\ACU_Configurator>ACUConfig.exe /output console status
Starting log 2012-01-05 15:48:41
The file "C:\ACU_Configurator\ACU.dll" is signed and the signature was verified.

VPRO01.vprodemo.com: Retrieving machine status...
Host information- VPRO01.vprodemo.com
        UUID- 0E5ED101-50C7-11CB-874E-FCD8776A912D
        Intel(R) AMT version- 7.1.10
        The system is unconfigured.
        The system TLS setup is using PKI.
        The system supports host-based configuration.
        AMT state- Pre-Provision(0)

***********

Exit with code 0 - The requested operation completed successfully.

Next I ran the acuconfig

C:\ACU_Configurator>ACUconfig.exe /Output Console /verbose ConfigViaRCSOnly 192.

168.0.20 AMTConfigProfile /WMIuser AMTConfigService /WMIuserpassword AMT

and all looks ok - ePO and acuconfig now agree its post-provisisoned.

Just one question (there's alwasy just one more question)...

The output of the ACUconfig.exe /Output Console /verbose ConfigViaRCSOnly 192.

168.0.20 AMTConfigProfile /WMIuser AMTConfigService /WMIuserpassword AMT command is shown below.

I notice a line Get AMT IPv4:Failed to get the FQDN.

Is this somehting to be concerned about?

The laptop at the time had two active connections (lan and wifi) with two different connection-specific dns suffixes.

Thanks,

Jason

Full output....

C:\ACU_Configurator>ACUconfig.exe /Output Console /verbose ConfigViaRCSOnly 192.
168.0.20 AMTConfigProfile /WMIuser AMTConfigService /WMIuserpassword AMT
Starting log 2012-01-05 15:49:41
Verifying the digital signature of ACU.dll, this operation might take up to 3 mi
nutes...
The file "C:\ACU_Configurator\ACU.dll" is signed and the signature was verified.

***** Start CheckAMT ******

Connected to the Intel(R) Management Engine Interface driver, version 7.0.0.1144

Intel(R) AMT  in PROVISIONING_MODE_ENTERPRISE
***** Start FWUpdateData ******

***** END FWUpdateData ******

***** END CheckAMT ******

***** Start GetAmtFQDN ******

***** END GetAmtFQDN ******

Calling function Discovery...
Calling function GetLocalSystemAccount over MEI...
Connected to the Intel(R) Management Engine Interface driver, version 7.0.0.1144

Function GetLocalSystemAccount over MEI ended successfully
Host Based Setup is supported
Current Control Mode: 0 (Not provisioned)
Allowed Control Modes: 2 (Admin) and  1 (Client)
Function Discovery ended successfully
GetHostAndMEInfo output data:
        IsAMT:True,
        isAmtCapable:False,
        isEnterpriseMode:True,
        configurationMode:0,
        isRemoteConfigEnabled:True,
        AMTversion:7.1.10,
        isMobile:True,
        provisioningTlsMode:2,
        suuid:0E5ED101-50C7-11CB-874E-FCD8776A912D,
        isClientConfigEnabled:True,
        hostBasedSupport:True,
        configurationState:0,
        FQDN:VPRO01.vprodemo.com.
VPRO01.vprodemo.com:Starting Remote configuration...
***** Start RemoteConfiguration ******

***** Start TcpIpDiscovery ******

***** END TcpIpDiscovery ******

Get AMT IPv4:Failed to get the FQDN.
***** Start GetAmtFQDN ******

***** END GetAmtFQDN ******

***** Start StartConfiguration ******


Connected to the Intel(R) Management Engine Interface driver, version 7.0.0.1144

Activate Intel(R) AMT configuration (0xc0000050)
Success (0xc0000051)
Waiting for FW to move to In-Provision state(0)...
The Start configuration operation completed successfully.
***** END StartConfiguration ******

RCSaddress=192.168.0.20, RCSMIUser=AMTConfigService, RCSProfileName=AMTConfigPro
file
Success (0) ((ExecMethod GetNetworkSettings) )
VPRO01.vprodemo.com
RCSaddress=192.168.0.20, RCSMIUser=AMTConfigService, UUID=0E5ED101-50C7-11CB-874
E-FCD8776A912D, ConfigMode=2, PID=, RCSProfileName=AMTConfigProfile, AMTVersion=
7.1.10, OldADOU=, Configure AMT Name= True. Configure AMT IPv4= True. Source For
AMT Name= Host Name- VPRO01 Domain Name- vprodemo.com . Default OS Name= Host N
ame- VPRO01 Domain Name- vprodemo.com . Host IPv4= IPv4 Address- 192.168.0.26 IP
v4 SubNet- 255.255.255.0 IPv4 Primary DNS- 192.168.0.20 IPv4 Secondary DNS- 192.
168.0.1 . Configure AMT IPv4 to DHCP mode= True.
Success (0) ((ExecMethod ConfigAMT) )
The remote configuration operation succeeded. (0xc00027df)
***** END RemoteConfiguration ******


***********

Exit with code 0 - The requested operation completed successfully.

C:\ACU_Configurator>

Shouldn't the task for adding the AMT_READY tag to un-provisioned Intel vPro systems also exclude the AMT tag. Systems cannot be in a provisioned and un-provisioned state at the same time. If for any reason a system goes from a provisioned state back to an un-provisioned state, it will end up with both AMT_READY and AMT tags which means (according to the deployment logic shown) the ACUConfig deployment task will not get run again to re-provision that system (unless I missed something)

The server task that comes with Deep Command to add an AMT tag to provisioned Intel vPro systems does not seem to remove the AMT tag when it comes across an un-provisioned Intel vPro system. Not sure if this was by design, but it would seem like something needs to have the capability of automatically removing that AMT tag if other tasks are key'ing off it and you do not want to manually remove the tag

Simple add to the instructions.

When defining the AMT_Ready tag option via Server Task, add second item to Clear Tag... specifically AMT.

Version history
Revision #:
1 of 1
Last update:
‎12-15-2011 08:26 AM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community