Hi All, I have a SCCM 07 SP2 R2 Environment sitting on Server 2003. Our Primary Site Server is also the oob point. About 2 weeks ago the wake up and power on commands using Vpro stopped working. I can browse to the WebUI of provisioned machines and issue power commands from that, but right-clicking a computer and selecting Power On does not work. This lead me to believe it was a TLS Authentication issue. From what I understand the WebUI uses Kerberos and the console uses our own internal Cert to authenticate. I have checked our CA Server and all the clients have current certificates issued to their fqdn. AD permissions are all correct. I recreated the AMT web certificate template using the Step by Step instructions from Microsoft and still no dice. Looking for any help or assistance on what would cause this to just randomly stop functioning. We had a few IIS issues about a month ago where 1 of the app pools was set to a different .net version (My guess is 1 of our admins was messing with it) but that is fixed. Is there anything else that would cause the Power on commands to just stop working? Thanks and really appreciate it!-Craig

Hi, Have you checked OOBConsole.log under <ConfigMgrInstallationPath>\AdminUI\AdminUILog? If this is the certificate issue, you can take the following blogs as references: SCCM Out of Band Management Troubleshooting (Part1) SCCM Out of Band Management Troubleshooting (Part2) Hope this will help. Thanks

Hey Quan, So here is the weird thing. I can connect to the OOBConsole from my workstation but not from my SCCM Server. I still can't issue power on commands by right-clicking on either system. I checked out both those articles and insured that my Kerberos ticket was within the limits and I made sure our root cert chain was installed. Here is a snippet from the oobconsole log from my site server. I don't understand how the console could just stop working on my site server? [6][5/30/2012 8:25:24 AM] :status message Type:Audit, ID:0x000000004000765C, User:PCC\GriffinC, Machine:MKA154, Target:MK18111.pcc.int add to queue, waiting for report. [6][5/30/2012 8:25:24 AM] :Resouceid(5840).get AMT machine: name:MK18111;ip:MK18111.pcc.int;user:PCC\GriffinC [6][5/30/2012 8:25:24 AM] :Executing static method SMS_SiteControlFile.RefreshScf() [6][5/30/2012 8:25:24 AM] :Refresh of SCF successful [6][5/30/2012 8:25:24 AM] :Found Site code 'MK1' for RefreshScf [6][5/30/2012 8:25:24 AM] :Executing static method SMS_SiteControlFile.RefreshScf() [6][5/30/2012 8:25:25 AM] :Refresh of SCF successful [6][5/30/2012 8:25:25 AM] :Adding key 'Default Floppy Path' [6][5/30/2012 8:25:25 AM] :Adding key 'Default CD Path' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable WebUI' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable SOL' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable IDER' [6][5/30/2012 8:25:25 AM] :Adding key 'Admin User Name' [6][5/30/2012 8:25:25 AM] :Adding key 'Use Random Password' [6][5/30/2012 8:25:25 AM] :Adding key 'VLan Mode' [6][5/30/2012 8:25:25 AM] :Adding key 'Kerberos Max Clock Tolerance' [6][5/30/2012 8:25:25 AM] :Adding key 'VLan Tag' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Ping' [6][5/30/2012 8:25:25 AM] :Adding key 'Max Partner Storage Size' [6][5/30/2012 8:25:25 AM] :Adding key 'Max Non Partner Storage Size' [6][5/30/2012 8:25:25 AM] :Adding key 'Bios10 Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Tls Encryption' [6][5/30/2012 8:25:25 AM] :Adding key 'Nac Enabled' [6][5/30/2012 8:25:25 AM] :Adding key 'Nac Cert' [6][5/30/2012 8:25:25 AM] :Adding key 'New MEBx Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Kerberos' [6][5/30/2012 8:25:25 AM] :Adding key 'Provisioning Account' [6][5/30/2012 8:25:25 AM] :Adding key 'Provisioning Account PWD' [6][5/30/2012 8:25:25 AM] :Adding key 'TCP Provisioning Port' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Hello Listener' [6][5/30/2012 8:25:25 AM] :Adding key 'CA FQDN' [6][5/30/2012 8:25:25 AM] :Adding key 'CS Name' [6][5/30/2012 8:25:25 AM] :Adding key 'CS Type' [6][5/30/2012 8:25:25 AM] :Adding key 'Cert Template' [6][5/30/2012 8:25:25 AM] :Adding key 'Console Cert Template' [6][5/30/2012 8:25:25 AM] :Adding key 'Bypass BIOS Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Register Provisioning Server' [6][5/30/2012 8:25:25 AM] :Adding key 'Active Directory Container' [6][5/30/2012 8:25:25 AM] :Adding key 'Translators' [6][5/30/2012 8:25:25 AM] :Adding key 'Maintenance Schedule' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable CRL Checking' [6][5/30/2012 8:25:25 AM] :Adding key 'Use Proxy' [6][5/30/2012 8:25:25 AM] :Adding key 'Proxy Server Address' [6][5/30/2012 8:25:25 AM] :Adding key 'Proxy Port' [6][5/30/2012 8:25:25 AM] :Adding key 'Active Power Scheme Instance ID' [6][5/30/2012 8:25:25 AM] :Adding key 'AD Security Group' [6][5/30/2012 8:25:25 AM] :Adding key 'Wired Profile' [6][5/30/2012 8:25:25 AM] :Adding key 'Default Floppy Path' [6][5/30/2012 8:25:25 AM] :Adding key 'Default CD Path' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable WebUI' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable SOL' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable IDER' [6][5/30/2012 8:25:25 AM] :Adding key 'Admin User Name' [6][5/30/2012 8:25:25 AM] :Adding key 'Use Random Password' [6][5/30/2012 8:25:25 AM] :Adding key 'VLan Mode' [6][5/30/2012 8:25:25 AM] :Adding key 'Kerberos Max Clock Tolerance' [6][5/30/2012 8:25:25 AM] :Adding key 'VLan Tag' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Ping' [6][5/30/2012 8:25:25 AM] :Adding key 'Max Partner Storage Size' [6][5/30/2012 8:25:25 AM] :Adding key 'Max Non Partner Storage Size' [6][5/30/2012 8:25:25 AM] :Adding key 'Bios10 Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Tls Encryption' [6][5/30/2012 8:25:25 AM] :Adding key 'Nac Enabled' [6][5/30/2012 8:25:25 AM] :Adding key 'Nac Cert' [6][5/30/2012 8:25:25 AM] :Adding key 'New MEBx Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Kerberos' [6][5/30/2012 8:25:25 AM] :Adding key 'Provisioning Account' [6][5/30/2012 8:25:25 AM] :Adding key 'Provisioning Account PWD' [6][5/30/2012 8:25:25 AM] :Adding key 'TCP Provisioning Port' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Hello Listener' [6][5/30/2012 8:25:25 AM] :Adding key 'CA FQDN' [6][5/30/2012 8:25:25 AM] :Adding key 'CS Name' [6][5/30/2012 8:25:25 AM] :Adding key 'CS Type' [6][5/30/2012 8:25:25 AM] :Adding key 'Cert Template' [6][5/30/2012 8:25:25 AM] :Adding key 'Console Cert Template' [6][5/30/2012 8:25:25 AM] :Adding key 'Bypass BIOS Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Register Provisioning Server' [6][5/30/2012 8:25:25 AM] :Adding key 'Active Directory Container' [6][5/30/2012 8:25:25 AM] :Adding key 'Translators' [6][5/30/2012 8:25:25 AM] :Adding key 'Maintenance Schedule' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable CRL Checking' [6][5/30/2012 8:25:25 AM] :Adding key 'Use Proxy' [6][5/30/2012 8:25:25 AM] :Adding key 'Proxy Server Address' [6][5/30/2012 8:25:25 AM] :Adding key 'Proxy Port' [6][5/30/2012 8:25:25 AM] :Adding key 'Active Power Scheme Instance ID' [6][5/30/2012 8:25:25 AM] :Adding key 'AD Security Group' [6][5/30/2012 8:25:25 AM] :Adding key 'Wired Profile' [6][5/30/2012 8:25:25 AM] :Executing WQL: 'Select * From SMS_SCI_SysResUse Where SiteCode="MK1" And FileType=2 And ItemType="System Resource Usage" And RoleName="SMS AMT Service Point"' [6][5/30/2012 8:25:25 AM] :Executing static method SMS_SiteControlFile.RefreshScf() [6][5/30/2012 8:25:25 AM] :Refresh of SCF successful [6][5/30/2012 8:25:25 AM] :ResultObject: '4a8a843d-d692-4948-85b7-eb9fc82085a9' [6][5/30/2012 8:25:25 AM] :Executing static method SMS_SiteControlFile.RefreshScf() [6][5/30/2012 8:25:25 AM] :Refresh of SCF successful [6][5/30/2012 8:25:25 AM] :System.Management.ManagementException\r\nInvalid parameter \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) at System.Management.ManagementPath.SetWbemPath(IWbemPath wbemPath, String path) at System.Management.ManagementPath.CreateWbemPath(String path) at System.Management.ManagementPath..ctor(String path) at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.GetInstance(String objectPath)\r\nManagementException details: [6][5/30/2012 8:25:25 AM] :Can't get the Translator FQDN in SMS_SCI_SysResUse[Server Remote Name], try to get Translator FQDN with NetworkOSPath. [6][5/30/2012 8:25:25 AM] :Executing static method SMS_SiteControlFile.RefreshScf() [6][5/30/2012 8:25:25 AM] :Refresh of SCF successful [6][5/30/2012 8:25:25 AM] :Found Site code 'MK1' for RefreshScf [6][5/30/2012 8:25:25 AM] :Executing static method SMS_SiteControlFile.RefreshScf() [6][5/30/2012 8:25:25 AM] :Refresh of SCF successful [6][5/30/2012 8:25:25 AM] :Adding key 'Default Floppy Path' [6][5/30/2012 8:25:25 AM] :Adding key 'Default CD Path' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable WebUI' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable SOL' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable IDER' [6][5/30/2012 8:25:25 AM] :Adding key 'Admin User Name' [6][5/30/2012 8:25:25 AM] :Adding key 'Use Random Password' [6][5/30/2012 8:25:25 AM] :Adding key 'VLan Mode' [6][5/30/2012 8:25:25 AM] :Adding key 'Kerberos Max Clock Tolerance' [6][5/30/2012 8:25:25 AM] :Adding key 'VLan Tag' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Ping' [6][5/30/2012 8:25:25 AM] :Adding key 'Max Partner Storage Size' [6][5/30/2012 8:25:25 AM] :Adding key 'Max Non Partner Storage Size' [6][5/30/2012 8:25:25 AM] :Adding key 'Bios10 Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Tls Encryption' [6][5/30/2012 8:25:25 AM] :Adding key 'Nac Enabled' [6][5/30/2012 8:25:25 AM] :Adding key 'Nac Cert' [6][5/30/2012 8:25:25 AM] :Adding key 'New MEBx Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Kerberos' [6][5/30/2012 8:25:25 AM] :Adding key 'Provisioning Account' [6][5/30/2012 8:25:25 AM] :Adding key 'Provisioning Account PWD' [6][5/30/2012 8:25:25 AM] :Adding key 'TCP Provisioning Port' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Hello Listener' [6][5/30/2012 8:25:25 AM] :Adding key 'CA FQDN' [6][5/30/2012 8:25:25 AM] :Adding key 'CS Name' [6][5/30/2012 8:25:25 AM] :Adding key 'CS Type' [6][5/30/2012 8:25:25 AM] :Adding key 'Cert Template' [6][5/30/2012 8:25:25 AM] :Adding key 'Console Cert Template' [6][5/30/2012 8:25:25 AM] :Adding key 'Bypass BIOS Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Register Provisioning Server' [6][5/30/2012 8:25:25 AM] :Adding key 'Active Directory Container' [6][5/30/2012 8:25:25 AM] :Adding key 'Translators' [6][5/30/2012 8:25:25 AM] :Adding key 'Maintenance Schedule' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable CRL Checking' [6][5/30/2012 8:25:25 AM] :Adding key 'Use Proxy' [6][5/30/2012 8:25:25 AM] :Adding key 'Proxy Server Address' [6][5/30/2012 8:25:25 AM] :Adding key 'Proxy Port' [6][5/30/2012 8:25:25 AM] :Adding key 'Active Power Scheme Instance ID' [6][5/30/2012 8:25:25 AM] :Adding key 'AD Security Group' [6][5/30/2012 8:25:25 AM] :Adding key 'Wired Profile' [6][5/30/2012 8:25:25 AM] :Adding key 'Default Floppy Path' [6][5/30/2012 8:25:25 AM] :Adding key 'Default CD Path' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable WebUI' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable SOL' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable IDER' [6][5/30/2012 8:25:25 AM] :Adding key 'Admin User Name' [6][5/30/2012 8:25:25 AM] :Adding key 'Use Random Password' [6][5/30/2012 8:25:25 AM] :Adding key 'VLan Mode' [6][5/30/2012 8:25:25 AM] :Adding key 'Kerberos Max Clock Tolerance' [6][5/30/2012 8:25:25 AM] :Adding key 'VLan Tag' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Ping' [6][5/30/2012 8:25:25 AM] :Adding key 'Max Partner Storage Size' [6][5/30/2012 8:25:25 AM] :Adding key 'Max Non Partner Storage Size' [6][5/30/2012 8:25:25 AM] :Adding key 'Bios10 Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Tls Encryption' [6][5/30/2012 8:25:25 AM] :Adding key 'Nac Enabled' [6][5/30/2012 8:25:25 AM] :Adding key 'Nac Cert' [6][5/30/2012 8:25:25 AM] :Adding key 'New MEBx Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Kerberos' [6][5/30/2012 8:25:25 AM] :Adding key 'Provisioning Account' [6][5/30/2012 8:25:25 AM] :Adding key 'Provisioning Account PWD' [6][5/30/2012 8:25:25 AM] :Adding key 'TCP Provisioning Port' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable Hello Listener' [6][5/30/2012 8:25:25 AM] :Adding key 'CA FQDN' [6][5/30/2012 8:25:25 AM] :Adding key 'CS Name' [6][5/30/2012 8:25:25 AM] :Adding key 'CS Type' [6][5/30/2012 8:25:25 AM] :Adding key 'Cert Template' [6][5/30/2012 8:25:25 AM] :Adding key 'Console Cert Template' [6][5/30/2012 8:25:25 AM] :Adding key 'Bypass BIOS Password' [6][5/30/2012 8:25:25 AM] :Adding key 'Register Provisioning Server' [6][5/30/2012 8:25:25 AM] :Adding key 'Active Directory Container' [6][5/30/2012 8:25:25 AM] :Adding key 'Translators' [6][5/30/2012 8:25:25 AM] :Adding key 'Maintenance Schedule' [6][5/30/2012 8:25:25 AM] :Adding key 'Enable CRL Checking' [6][5/30/2012 8:25:25 AM] :Adding key 'Use Proxy' [6][5/30/2012 8:25:25 AM] :Adding key 'Proxy Server Address' [6][5/30/2012 8:25:25 AM] :Adding key 'Proxy Port' [6][5/30/2012 8:25:25 AM] :Adding key 'Active Power Scheme Instance ID' [6][5/30/2012 8:25:25 AM] :Adding key 'AD Security Group' [6][5/30/2012 8:25:25 AM] :Adding key 'Wired Profile' [6][5/30/2012 8:25:25 AM] :Add translator: *, /wstrans/<PROVISIONSTATE>/eoi20/<TARGETMACHINE>/wsman">https://<TRANSLATORFQDN>/wstrans/<PROVISIONSTATE>/eoi20/<TARGETMACHINE>/wsman . [6][5/30/2012 8:25:25 AM] :Add translator: 2.1.0, /wstrans/<PROVISIONSTATE>/eoi20/<TARGETMACHINE>/wsman">https://<TRANSLATORFQDN>/wstrans/<PROVISIONSTATE>/eoi20/<TARGETMACHINE>/wsman . [6][5/30/2012 8:25:25 AM] :Add translator: 2.5.0, /wstrans/<PROVISIONSTATE>/eoi25/<TARGETMACHINE>/wsman">https://<TRANSLATORFQDN>/wstrans/<PROVISIONSTATE>/eoi25/<TARGETMACHINE>/wsman . [6][5/30/2012 8:25:25 AM] :Add translator: 3.0.0, <a href="https:///wstrans/<PROVISIONSTATE>/eoi30/<TARGETMACHINE>/wsman">https://<TRANSLATORFQDN>/wstrans/<PROVISIONSTATE>/eoi30/<TARGETMACHINE>/wsman . [6][5/30/2012 8:25:25 AM] :IMR_Init with C:\Documents and Settings\GriffinC\Local Settings\Application Data\Microsoft\ConfigMgr\AdminUI\OOBConsole\imrsdk.ini success with Microsoft.ConfigurationManagement.AdminConsole.OobConsole.Utilities.IMRVersion. [6][5/30/2012 8:25:25 AM] :Executing static method SMS_SiteControlFile.ReleaseSessionHandle() [6][5/30/2012 8:25:25 AM] :SCF session handle {b4ed2ae6-2f47-4af4-b7cd-c3f6bfaeb28a} has successfully released [1][5/30/2012 8:25:25 AM] :WSMan Open Session success. [1][5/30/2012 8:25:25 AM] :IMR_AddClient with ip=MK18111.pcc.int and useTLS = True success with 0. [1][5/30/2012 8:25:25 AM] :status message Type:Audit, ID:0x0000000040007665, User:PCC\GriffinC, Machine:MKA154, Target:MK18111.pcc.int add to queue, waiting for report. [6][5/30/2012 8:25:25 AM] :GetAMTPowerState fail with result:0x8033810F [6][5/30/2012 8:25:35 AM] :GetAMTPowerState fail with result:0x8033810F [6][5/30/2012 8:25:45 AM] :GetAMTPowerState fail with result:0x8033810F [6][5/30/2012 8:25:55 AM] :GetAMTPowerState fail with result:0x8033810F [6][5/30/2012 8:26:05 AM] :GetAMTPowerState fail with result:0x8033810F [1][5/30/2012 8:26:15 AM] :User disconnect [1][5/30/2012 8:26:15 AM] :Closing SOL terminal... [1][5/30/2012 8:26:15 AM] :SOL terminal closed-Craig

So it turned out one of our admins hard set the winhttp proxy on the server which caused the WinRM packets to get blocked. Once the proxy setting was removed everything turned back to normal.-Craig