Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 5 : Configuring SCCM 2012 R2

Posted: January 3, 2014 in Configuration Manager, System Center Configuration Manager 2012
Tags: , , ,

In this post we will do the configuration needed in Configuration Manager before we install the Intel SCS Add-on. We will go through the following steps;

  • Adding Hardware Inventory Classes
  • Adding the Enrollment Point and Out of Band Service Point
  • Configuring the Out of Band Management Component
  • Enabling Out of Band Management Controller Discovery
  • Giving Permissions for Management Controller Discovery
  • Configuring the Site to Send Power on Commands for Scheduled Wake-Up Activities

As you can see there are a lot of steps involved so this will be a long post, I’ll break it up in parts so it will be easier to follow.

Adding Hardware Inventory Classes

Before installing the Add-on, you must add some hardware inventory classes to Configuration Manager that are required by some of the Add-on components. These classes are imported from files supplied with the Add-on:

  • sms_def_AMT.mof – Adds classes with a prefix of Intel_AMT. You must import this file if you want to install the Intel AMT component.
  • sms_def_SCSDiscovery.mof – Adds a class named Intel_SCS_Discovery. You must import this file if you want install any of the other Add-on components.

These 2 files are found in the Intel SCS Add-on for Microsoft System Center Configuration Manager package mentioned in Part 1 of this series.

  1. Open the Configuration Manager Console.
  2. In the left pane, select Administration > Client Settings.
  3. In the right pane, right-click Default Client Settings and select Properties.1
  4. Select Hardware Inventory.2
  5. Click Set Classes. The Hardware Inventory Classes window opens.3
  6. Click Import.
  7. Navigate to the SCCMAddon folder, select the sms_def_AMT.mof file that was included with the Add-on, and click OK. The Import Summary window opens.4
  8. Click Import and then click OK two more times to close the open Windows.
  9. Repeat steps 6 through 8 to import the sms_def_SCSDiscovery.mof file.

Adding the Enrollment Point and Out of Band Service Point

  1. In the Configuration Manager console, click Administration.
  2. In the Administration workspace, expand Site Configuration, select Servers and Site System Roles, and then select the server that you want to use for AMT provisioning.
  3. On the Home tab, in the Server group, click Add Site System Roles.
  4. On the General page, specify the general settings for the site system, and then click Next.
  5. On the Proxy page, click Next.
  6. On the System Role Selection page, select Out of band service point and Enrollment point from the list of available roles, and then click Next.
  7. On the Out of band service point page, do not change the default settings for the scheduled power on commands unless you have to fine-tune these for your network infrastructure. Click Next.
  8. On the AMT Provisioning Certificate page, click Browse to select the AMT provisioning certificate that you created in Part 3 of this series. If you have multiple certificates to choose from and are unsure of which certificate to choose you can check this by doing the following;1 2 3
  9. Decide whether you must clear the Enable CRL checking for the AMT provisioning certificate check box, and then click Next.
  10. On the Enrollment Point Settings page, review the settings. Keep the default settings unless you need to change them for your environment. Click Next.
  11. Complete the wizard.

This guide can also be found on TechNet.

Configuring the Out of Band Management Component

  1. In the Configuration Manager console, click Administration.
  2. In the Administration workspace, expand Site Configuration and then click Sites.
  3. On the Home tab, in the Settings group, click Configure Site Components, and then click Out of Band Management.
  4. Select the enrollment point that you configured in the preceding procedure.
  5. Specify the OU and then the universal group that you configured in Part 2 of this series. (AMT Provisioned Computers)
  6. Specify the AMT web server certificate that you configured in Part 3 of this series. (ConfigMgr 2012 R2 AMT Provisioning)
  7. Click Set to specify a strong password for the account in the Management Engine BIOS extension (MEBx) that is used for the initial authenticated access to manage AMT-based computers. (In my example vu9ESes!)
  8. Your Out of Band Management Components Properties page should then be similar to this;1
  9. Click OK to close the Out of Band Management Component Properties dialog box.

Enabling Out of Band Management Controller Discovery

Configuration Manager has a built-in capability for discovering the status of an Intel AMT system. (This built-in capability is not the “Discovery” capabilities that are added when you install the Add-on.) The purpose of the Configuration Manager discovery is to get the status of Intel AMT on each system. The status is then shown in the Configuration Manager in the “AMT Status” column. (You can add this column to the list of devices by right-clicking the table header in Devices and selecting AMT Status, as shown in this example.)2

When you right-click a system, the Out of Band Management Console is only made available if the “AMT Status” of the system is “Provisioned”. This status is only updated by SCCM when the OOB Management Controller Discovery is run. This means that it is very important to make sure that this capability is configured and can run successfully.

To get the status, Configuration Manager connects to the system OOB via the Intel AMT ports. To connect successfully, Configuration Manager must use credentials of an admin user account configured in Intel AMT. This means that you must make sure that you configure an admin user account in Intel AMT that Configuration Manager can use.

  1. Open the Configuration Manager Console.
  2. In the left pane, select Administration > Overview > Site Configuration > Sites.
  3. In the right pane, right-click the site and select Configure Site Components > Out of Band Management. The Out of Band Management Component Properties window opens.
  4. Click . The AMT Provisioning and Discovery Account window opens.
  5. In the Name field, type “admin”. (This is the name of the default Digest admin user account.)
  6. In the Password fields, type the password we defined in the profile in Part 4 of this series. (In my example this is vu9ESes!)
  7. Click OK to close the open Windows.

3

Giving Permissions for Management Controller Discovery

Some of the task sequences installed by the Add-on will automatically try to run the Management Controller Discovery on the systems. For this to succeed, you must give certain permissions to the domain computers account.

  1. Open the Configuration Manager Console and select Administration > Security > Administrative Users.
  2. Right-click Administrative Users and select Add User or Group. The Add User or Group window opens.4
  3. Click Browse and select the Domain Computers account.
  4. Click Add and select the Operations Administrator role.
  5. Click OK. To close the Add User or Group window.

Configuring the Site to Send Power on Commands for Scheduled Wake-Up Activities

  1. In the Configuration Manager console, click Administration.
  2. In the Administration workspace, expand Site Configuration, click Sites, and select the primary site to configure.
  3. On the Home tab, click Properties, and then click the Wake On LAN tab.
  4. Select the Enable Wake On LAN for this site check box, and then select Use AMT power on commands only.5
  5. Click OK.

Configuration Manager 2012 R2 is now configured and in the next post in this series we’ll install the Intel SCS Add-on.

Previous Postings in this series:

Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 1 : Introduction
Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 2 : Active Directory
Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 3 : Certification Authority
Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 4 : Configuration Profiles for Intel AMT

Advertisements
Comments
  1. Evan Erwee says:

    Cant wait for the next post. We have tried but the SCS add-on fail to install on SCCM 2012 R2 CAS Server.

    Failure: Could not load file or assembly ‘AdminUI.WqlQueryEngine, Version=4.0.6000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.

    The Console is installed.

    • Evan Erwee says:

      Log a call with Intel. Answer: Add-on fail to find SCCM Console path. Copy the SCCM Console directory from x86 folder to x64 folder. It will then install.

  2. Tyson says:

    Any word on when the next part will be out?

  3. […] Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 1 : Introduction Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 2 : Active Directory Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 3 : Certification Authority Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 4 : Configuration Profiles for Intel AMT Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 5 : Configuring SCCM 2012 R2 […]

  4. […] Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 4 : Configuration Profiles for Intel AMT Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 5 : Configuring SCCM 2012 R2 Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 6 : Installing Intel SCS […]

  5. […] Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 4 : Configuration Profiles for Intel AMT Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 5 : Configuring SCCM 2012 R2 Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 6 : Installing Intel SCS […]

  6. MalteS says:

    Hi,
    Isn’t it a huge security risk to grant every domain computer the operations manager role for the whole SIte?

    Alternatively I have to manually discover the AMT status for every Device once?

    Malte

  7. An outstanding share! I have just forwarded this onto a friend who had been conducting
    a little research on this. And he actually bought me lunch because I stumbled upon it
    for him… lol. So let me reword this…. Thanks for the meal!!
    But yeah, thanx for spending the time to discuss this matter here on your blog.

  8. Ryan Croussore says:

    Hi I have been following this great guide. I have ran into an issue though. On the Out of Band Management Component properties, I can’t select the AMT web server certificate template. I pick correct CA server that I set up the cert on, but the AMT web server certificate template has nothing in the drop down when I click on it. I went back to part 3 and went step by step and everything appears to be in order. Anyone have any ideas on what I may have missed? Please reply or email me.

  9. Mike Zirbes says:

    I have a problem that maybe you can help with. I have been following your excellent article and am at the point of installing the Out of Band Management role on my Primary Site server. However , the role is not shown as an option for install, it’s just not there as if the role does not exist. Any ideas on how to find out what happened to the role?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s