Hi Gael,

Thanks for your reply. The screen shot is from the web UI (http://machine:16992). I see similar errors when I view the event log from the vPro Platform Solution Manager.

Mark Berry

According to that article, it is operating correctly, but it seems odd to me that we would want that error to be happening constantly (otherwise when do you know to take it serioulsly?)

Did you change the password from the Web UI to be something other than what you set it to on the ME?  We have AMT users (admins) and we have the ME.  When you change the password in the MEBx menus, you are changing the ME password and it sync's to the AMT Admin account.  BUT if you go into the Web UI and change the password to something else, you are changing your AMT Admin password only and they are no longer synced.  I will see if I can find out more information on this issue.

I'm 99% sure I didn't change the password after first setting it up in MEBx. The only user is "admin".

Looks like it's logging 16,000+ attacks per day. I wonder if that isn't using some processing power.

Would be nice if there was more info:  where do the attacks originate, what exactly is incorrect.

This machine was created a bit oddly:  I restored a Windows Image backup from the machine it replaced, which was an older Dell Optiplex 755. That had an older version of Intel AMT software on it, and I then over-installed the Lenovo versions. I don't really understand what the AMT software does, nor do I know if I need it, since all I care about is out-of-band access when the desktop is otherwise unreachable. But I wonder if the Windows software could cause this?

First:  If you want out of band access, then you need AMT to be enabled and configured correctly (along with a management console.)

Now that I know that you restored an AMT 9 system from an image off an older device, that may explain a lot.

Here is what I would do: Take a look at the "Start Here Guide:" http://software.intel.com/en-us/articles/intel-active-management-technology-start-here-guide-intel-amt-9

Look at section 6 - Intel AMT Drivers and Services. In order for AMT to function correctly, it requires some drivers/services.  Specifically, the MEI driver (Interface between the OS and the ME)  and the LMS service (Local Messaging Service). If you clobbered the MEI 9 driver with a driver that was written for an earlier version of AMT, I would bet that you would run into issues.  You will need to find the correct versions of your AMT/ME drivers/software and install them.  Your system should have come with a disk that has them or they should be downloadable from the support site for your OEM (they are generally OEM specific.)

Please let me know if installing the correct version of the drivers/software solves this problem.

Before AMT 9, the only out-of-band thing I have ever done is turn on the machine from the web interface. That did not seem to require Windows software? Now, with AMT 9, I'd like to have remote access to the BIOS thru KVM, as we have been discussing in another thread.

As I mentioned, I overinstalled the latest Lenovo drivers after restoring the image. However, as I look at the Add/Remove Programs, it looks like that may not have uninstalled the previous versions. There are two versions in there with no version number but dated 2010 (see screen shot). I'll uninstall those and see what happens.

Yup, that seemed to have fixed it! I uninstalled those 2010 versions about 4pm PST yesterday. The last "Authentication failed" message was 9:40pm GMT or 1:40pm PST.

I think we can call this closed. Thanks for your help!

Mark Berry

Great!  Did this help resolve your other issue with being able to connect to the DTK?

No, DTK v0.1.26 still can't connect. When I start it, it tells me that 0.1.27 is available, but when I click on the Update button, nothing happens. The latest version at the site http://opentools.homeip.net/open-manageability is 1.26.

This was a great question, so thank you, Mark, for posting and sticking with it.  I think we may see this come up with other AMT users so I put it into a blog:  http://software.intel.com/en-us/blogs/2013/11/19/intelr-amt-event-log-authentication-failed-x-times-the-system-may-be-under-attack

Good idea--that will probably help others

Mark Berry