"Missing registry key for PKI provisioning" error

"Missing registry key for PKI provisioning" error

Hello,

We bought a VerisignSSL certificate to test the default hash in the AMT client for PKI provisioning. The cert was resquested and installed using IIS. I'm getting the following error: "Missing registry key for PKI provisioning, make sure at least one certificate is selected for PKI provisioning." Am I missing a registry key or is there a way to select? Here is the PKI provisioning attempt:

2007.08.09,15:11:39,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3152,SOURCE=.hellolistenerHELLOThread.cpp,LINE=177,
Incoming connection from 172.16.2.0:16994, version 3, count 6, UUID 9307FBE7458911DCBBDA7854BB2E001B.

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=18,
Enter provisioner worker, user LAB7721Administrator

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=526,
AMT Version: 3

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=537,
AMT SetAdminAcl: 0

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=546,
AMT Hello counts: 6

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=557,
AMT ip: 172.16.2.0

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=16,
Enter Maintenance worker, user LAB7721Administrator

2007.08.09,15:12:33,ERROR,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=203,
Missing registry key for PKI provisioning, make sure at least one certificate is selected for PKI provisioning.

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=112,
Maintenance worker pushes request for command_id=17 and uuid=

2007.08.09,15:12:33,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=1424,SOURCE=.WorkersMaintenanceWorker.cpp,LINE=112,
Maintenance worker pushes request for command_id=18 and uuid=

2007.08.09,15:12:33,E,SERVER=1,USER=LAB7721Administrator,THREAD=2952,SOURCE=.WorkersProvisionerWorker.cpp,LINE=157,
Cannot connect Intel AMT device to 172.16.2.0.

2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.c
pp,LINE=108,
to get request data: pop

2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop

2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3332,SOURCE=.WorkersCleanLog.cpp,LINE=15,
Enter Clean log worker, user LAB7721Administrator

2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop

2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3616,SOURCE=.WorkersCleanRequestsStatus.cpp,LINE=15,
Enter Clean status of requests worker, user LAB7721Administrator

2007.08.09,15:12:34,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=808,SOURCE=.WorkersProvisionExceptionWorker.cpp,LINE=11,
Provisioning exception worker, user LAB7721Administrator

2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3032,SOURCE=.ManagersQueueManager.cpp,LINE=108,
to get request data: pop

2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3732,SOURCE=.WorkersTaskDelayerWorker.cpp,LINE=11,
Delaying task, user LAB7721Administrator

2007.08.09,15:12:35,INFORMATIONAL,SERVER=1,USER=LAB7721Administrator,THREAD=3732,SOURCE=.WorkersTaskDelayerWorker.cpp,LINE=29,
Task 5 delayed

5 post / 0 nuovi
Ultimo contenuto
Per informazioni complete sulle ottimizzazioni del compilatore, consultare l'Avviso sull'ottimizzazione

Hello, and thanks for posting your question and providing your log information. We will be looking into this and will get back with you as soon as we can.

Follow me on Twitter: @GaelHof Facebook: https://www.facebook.com/GaelHof

Hi there,
The Verisign SSL certificate needs to be loaded to SCS by using the tool loadcert.exe. It is described in theInstallation Guideon page 61 'Selecting the Certificate Used by the SCS for ZTC'. Not doingthis is likely to be the cause ofyour problems here.

Please let us know if this helps.

Follow me on Twitter: @GaelHof Facebook: https://www.facebook.com/GaelHof

That worked! There were 3 certs to select from using loadcert.exe, must have chosen the wrong one the first time. So I have come to the conclusion that the cert used for PKI setup and configuration, the ones included by default, is most likely different from the one used for TLS communication. Is that true? I thought PKI used TLS? Is there any more reading material on this subject?

Thanks,

Darwin.

Hi - When you run loadcert, minimally you will have 2 certificates (root and server.) The server certificate is the one you need to load. You may have requested more than these two which would be why loadcert has more. Loadcert takes the list of the certificates from the local compter certificate store.

As part of the Remote Configuration, the Intel AMT device does send a self-signed certificate just before sending the first "hello" message. There is a checkbox that you select that will enable the SCS to accept self-signed certificates from Intel AMT devices.

I hope this helps.

Follow me on Twitter: @GaelHof Facebook: https://www.facebook.com/GaelHof

Lascia un commento

Eseguire l'accesso per aggiungere un commento. Non siete membri? Iscriviti oggi