09 September 2016

Intel SCS/SCCM | Intel AMT: Configuration Task Sequence | Failed to parse the XML file

I have recently been setting up Intel SCS/AMT configuration with SCCM 2012 for a client of mine. It's all going fairly smoothly but I noticed that when testing the Intel AMT: Configuration Task Sequence, it's failing (across multiple test machines).

Checking the SMSTS.log file, I can see the following error message:

"Failed to parse the XML file. Possible reasons - the file does not exist or access to it is denied; the file contains incorrect parameters; incorrect or missing encryption password/parameter"

At the end of this error message, it references the .XML file that I have setup as part of the configuration requirements.  

I checked the following

  • Location
    • Confirmed the .XML file is in the same location as the ACUConfig.exe file.  If it can read the one, it's reasonable to assume it can read the other.
    • Ensured that this had been packaged correctly and the distribution points had been updated.
  • Permissions
    • Ensured that permissions on the files and the folders allow the service account to access these files.
  • Password
    • Confirmed the password was correctly added into the configuration.bat file.
  • Decryption
    • Confirmed that I could access this .XML file using the password that had been added to the configuration.bat file.
I then decided to go through the ACU Wizard again to create a completely brand new .XML file.  This was just to humour the issue to see whether it had something to do with the file itself.  Needless to say, we got the same issue.

The next thing I tried to do was run the SCSEncryption.exe file manually to see whether it could decrypt the .xml file. This was successful:

So this confirms that decrypting the file isn't the problem and that the password is in fact correct. Nevertheless, it's still failing with the same error message.  The last thing I tried was to copy the ACUConfig.exe, the associated DLL, the XML and the Configure.bat files to a local machine (Desktop) and then run the configure.bat file from there.  This means that it will be referencing the file that I 100% know is there.  When doing this, I still got the same error message:

To work around this and to get this up and running (which obviously was the priority here), I improvised and actually leveraged the decrypted version of the XML file.  I ran the SCSEncryption.exe file against the XML file which then replaces it with the decrypted version.  I edited the Configure.bat file to remove reference to decryption and the password.

.\acuconfig /output console /output file ConfigAMT.log /verbose ConfigAMT ".\XMLDocumentName.xml" 

Taking the decryption completely out of the equation, I updated the Task Sequence, and then ran it again.  This time it was successful!  

I'm sure re-installing the add-on and re-creating all the files would have also worked, but that wasn't an option in this case.  Whilst the XML file is no longer encrypted, you can use NTFS permissions to ensure that only the service accounts can access and view this file.  If you do this, it should be no different to if you left the XML file decrypted, except now it works! 

1 comment: