This seems to be a common issue over the years but I have yet to find a solution that works for my environment. I am trying to perform a bare metal deployment of a Hyper-V host to a physical server. The physical server is a Supermicro MicroCloud node (SYS-5038MR-H8TRF) running the latest BIOS (3.2) and IPMI firmware (3.88). I've also reached out to Supermicro support but am expecting the finger pointing game to begin.
The problem: Find-SCComputer returns one GUID (seems to be the legitimate system GUID) but the NIC used for PXE booting returns another (0's+MAC address) causing the GUI deployment wizard to never complete a deep discovery. The problem is detailed in many blog posts and scattered throughout the forums, but I haven't been able to find anything that works enough to successfully get a host provisioned.
The PowerShell commands I'm using to fire off the deep discovery using the GUID returned from the NIC during PXE boot are basically this:
$BMCRAA = Get-SCRunAsAccount -Name "My BMC Admin" Find-SCComputer -DeepDiscovery -BMCAddress "10.XX.XX.XX" -BMCRunAsAccount $BMCRAA -BMCProtocol "IPMI" -SMBIOSGUID "00000000-0000-0000-0000-XXXXXXXXXXXX"
I have the SCVMM/WDS/DHCP/PXE environment setup and working enough that if I manually run the deep discovery using PowerShell to kick it off. I get it to launch the System Center Virtual Machine Manager WinPE image. It then throws an error "Error: 803d000a, Security verification was not successful for the received data." and tells me to look at the log.
The log contains 1886 lines, most of which seem to be DeepDiscoveryDataReader, but once that finishes, the last lines are:
--------------------
06AC.0708::06/22-19:35:07.259#00:RegUtils.cpp(272): RegGetVariantValue [Software\Microsoft\Microsoft System Center Virtual Machine Manager Agent\Settings]\[BareMetalRegistrationService]
06AC.0708::06/22-19:35:07.259#00:NativeWSChannel.cpp(20): ==>WSUtility::NativeWebServiceChannel::NativeWebServiceChannel
06AC.0708::06/22-19:35:07.259#00:NativeWSChannel.cpp(20): <--WSUtility::NativeWebServiceChannel::NativeWebServiceChannel
06AC.0708::06/22-19:35:07.259#00:NativeWSChannel.cpp(133): ==>WSUtility::NativeWebServiceChannel::RegisterClient
06AC.0708::06/22-19:35:07.259#00:NativeWSChannel.cpp(376): ==>WSUtility::NativeWebServiceChannel::CreateCertTokenMessageSecurityBinding
06AC.0708::06/22-19:35:07.301#00:NativeWSChannel.cpp(376): <--WSUtility::NativeWebServiceChannel::CreateCertTokenMessageSecurityBinding
06AC.0708::06/22-19:35:07.301#00:NativeWSChannel.cpp(543): ==>WSUtility::NativeWebServiceChannel::CreateSSLTransportSecurityBinding
06AC.0708::06/22-19:35:07.301#00:NativeWSChannel.cpp(543): <--WSUtility::NativeWebServiceChannel::CreateSSLTransportSecurityBinding
06AC.0708::06/22-19:35:08.083#00:NativeWSChannel.cpp(207)[00000046378BEF: ThrowOnFailure : 803d000a. Operation attempted WSHttpBinding_IPhysicalMachineRegistrationService_RegisterPhysicalMachine( get(m_wsProxy), identifier, data, get(m_wsHeap), 0, 0, 0,
get(m_wsError))
06AC.0708::06/22-19:35:08.083#00:exceptions.cpp(97)[00000046378BEF: CarmineException::CarmineException: CarmineError: 1051488, hr: 0x803d000a
06AC.0708::06/22-19:35:08.083#00:NativeWSChannel.cpp(580): Failure: errorCode=0x803d000a
06AC.0708::06/22-19:35:08.083#00:NativeWSChannel.cpp(601): An unsecured fault was received on a secure channel.
06AC.0708::06/22-19:35:08.083#00:NativeWSChannel.cpp(601): A security header with local name 'Security' and namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was required, but was not present in the message.
The sender may not have been configured with message security.
06AC.0708::06/22-19:35:08.083#00:NativeWSChannel.cpp(133): <--WSUtility::NativeWebServiceChannel::RegisterClient
06AC.06B0::06/22-19:37:24.977#00:processUtils.cpp(49): ==> Running <cmd.exe> ...
--------------------
Let me know if you need further information.
Some other more in depth articles I have referenced that got me to this point are:
https://techcommunity.microsoft.com/t5/system-center-blog/troubleshooting-os-deployment-of-hyper-v-through-sc-vmm-2012/ba-p/342914 (with this, I wish I could see an updated flow chart or at least read the one they included)
https://www.bouvet.no/bouvet-deler/utbrudd/virtual-machine-manager-bare-metal-host-deployment-woes