I have recently been setting up Intel SCS/AMT configuration with SCCM 2012 for a client of mine. It’s all going fairly smoothly but I noticed that when testing the Intel AMT: Configuration Task Sequence, it’s failing (across multiple test machines).
Checking the SMSTS.log file, I can see the following error message:
“Failed to parse the XML file. Possible reasons – the file does not exist or access to it is denied; the file contains incorrect parameters; incorrect or missing encryption password/parameter”
At the end of this error message, it references the .XML file that I have setup as part of the configuration requirements.
I checked the following
The next thing I tried to do was run the SCSEncryption.exe file manually to see whether it could decrypt the .xml file. This was successful:
So this confirms that decrypting the file isn’t the problem and that the password is in fact correct. Nevertheless, it’s still failing with the same error message. The last thing I tried was to copy the ACUConfig.exe, the associated DLL, the XML and the Configure.bat files to a local machine (Desktop) and then run the configure.bat file from there. This means that it will be referencing the file that I 100% know is there. When doing this, I still got the same error message:
To work around this and to get this up and running (which obviously was the priority here), I improvised and actually leveraged the decrypted version of the XML file. I ran the SCSEncryption.exe file against the XML file which then replaces it with the decrypted version. I edited the Configure.bat file to remove reference to decryption and the password.
.\acuconfig /output console /output file ConfigAMT.log /verbose ConfigAMT “.\XMLDocumentName.xml”
Taking the decryption completely out of the equation, I updated the Task Sequence, and then ran it again. This time it was successful!
I’m sure re-installing the add-on and re-creating all the files would have also worked, but that wasn’t an option in this case. Whilst the XML file is no longer encrypted, you can use NTFS permissions to ensure that only the service accounts can access and view this file. If you do this, it should be no different to if you left the XML file decrypted, except now it works!