I've provisioned an AMT machine in Enterprise mode with TLS security and it's working fine, but when I change to "Use TLS Security + XXX" following required steps the machine is not seen by AMT Director and then provision is not finished, requiring I manually reset the AMT system and swithing to "Use TLS Security".
Which version of AMT are you using? How did you unprovision the system before switching to "use TLS + XXX"? Was it through the Director? If so, did you go for partial or full unprovisioning?
I've continue trying different approaches and now It's working with TLS+console authentication. The thing is that I used to click on "toggle trust" on the certificate that I selected for the Profile and what I tried now it was creating a certificate, not toggle trusting it and then selecting it for the Security Profile.
Please verify me is is this the working flow:
-The AMT machine authenticates the server using a certificate issued by the Root certificate.
-The server authenticates the AMT machine 'cause machine is using a certificate in which one the server trust.
And please verify me if when it says console configuration is talking about any application trying to connect to the AMT machine? or it's talking specifically about Director and when it talks about agent is referring to any application using the "agent presence" feature on the AMT machine.
The mutual authentication process of Remote Configuration is as follows:
Regarding the question on console - I assume you are asking whether a Management Console is any application that can manage an AMT system, not just the Director; and that is correct.
A software agent is any application like Antivirus or Firewall running on the AMT system. More details on this can be seen at Agent Presence Checking Use caseand System Defence and Agent Presence Guide