Guys i need your help in this
i am new for using AMT technology, and i want to know if it's applicable or not
Is MEBx Password can be randomly as KVM "user consent"
IF the answer is NO
Am i able to change the multi Machines 100X remotely ?
i tried intel AMT profile Design and already created test profile but i don't know how to deploy it over those number of machines
I need to change the MEBx password many times in case its being knowing from colleagues
The MEBx password can only be changed in mass by deploying a delta profile from a SCS server. The profile will use a preconfigured password and not a random password.
Utilizing the SCS Server will require a Intel AMT provisioning certificate purchased from a third party.
I hope that helps
You must use the certificate
The MEBx password can only be changed in a secure manner, which means you need direct physical access or using SCS w/ certificates.
Without the certificate you would be using the Host Based Provisioning (HBP) model and the action of changing the MEBx password is not allowed.
When you state that you reboot and use the same password, it is my belief that you are using Ctrl+P or similar on the local machine to access the MEBx, as such this behavior is as expected. Let me address vPro passwords. There are three basic passwords and they are as follows.
- MEBx - This password can be thought of as the physical access password. It is only used when you are sitting at the system and accessing the MEBx during the Boot Process. This password is only changed during access via the MEBx, USB Configuration or when configuring with SCS with the provisioning certificate. This password has a requirement for up to 32 characters, upper/lower case, numbers and special characters.
- AMT Digest User- This password is the default "admin" password. This password is used for all remote connection to the AMT. During initial provisioning this password is the same as the MEBx. Note: The password may be the same as the MEBx password, however they are separate values stored in the firmware. This password has a requirement for up to 32 characters, upper/lower case, numbers and special characters.
- RFB5900 - This password is optional and can only be set via during configuration using SCS tools. This password is only used when electing to use a VNC client to make the KVM connection. This password has a requirement for 8 character, upper/lower/ numbers and special characters.
By using configamt switch with acuconfig.exe tool, you are not leveraging a SCS server(with provisioning certificate), you are merely doing a host based delta configuration that will only effect the AMT password.
thanks for your reply i appreciate so much
actually know these kind of password differences , but my question was yes i change the password with no error message and yes i use CTRL + P but the password still the same as i mentioned previously
i tried again the command and the password still not working HOWEVER its working from webUI
honestly i don't understand how it's working on webui without being accessed from the AMT itself " MEBx "
If the password is changing for the WebUI and not the MEBx, that is the expected behavior when updating the password with acuconfig configamt .... using this method only changes the digest Master password. The WebUI and remote control commands all use this password for management.
When AMT is configured using the following methods: SCS w/certificate, Manually thru Ctrl+P and via USB Key. The passwords for Digest Master Password and the MEBx password are the same, however they are distinct separate values within the firmware, hence the passwords can get out of synch do to technician interaction.
Mohamed, you have that situation:
(picture is for some old Intel AMT version, but sense is the same)
If you want to change MEBx-password without buying vPro-certificate you have to add your own certificate (hash) to Intel AMT CertStore and start provision process. You can do it with to example Manageablilty Director with option "Part Unprovision". But this means that you'll have to repeat this procedure with Manageablilty Director and any your previously initialized Intel AMT computers. Alternative and more certain variant is using USB flash for preconfigure Intel AMT, where you can set MEBx password, but it expects your manually doing on each AMT computer.