Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

Configure Profile: Failed to read certificates from given files. Reason: File decryption failed.

dominique_c_
Beginner
725 Views

I am new to vPro and want to package something to remotely configure workstations at my work.

I have used SCS to create a .XML file that I have used successfully to configure a machine with the ACUCONFIG.exe tool. My goal is to allow the use of VNC plus to remotely control an enabled machine. VNC plus will connect to my machine with no encryption. I now want to make encryption work.

I downloaded the Intel AMT SDK and used AuditCertGen.bat to generate the certificate files I'd need. I then went back into SCS and the TLS section. Used the 'use certificate from a file' method and put in the path for the certificate and private key and generated a new XML file. I am using the newcert.pem and newkey.pem files that were generated. I am not sure if I need the newcert.der or newreq.pem files...I am not sure where to use these.

On my test machine I brought over the ACUCONFIG files, the new XML and certificate files and executed ACUCONFIG as before.

This time I get an error in the log file. I am not sure what to look at next regarding the file decryption failure. I have the XML file encrypted, but I am as before using the /decryptpassword command password used to encrypt the XML when I made it in SCS. So I assume the error message is describing something else?

Any suggestions?

2013-08-21 16:05:05:(INFO) : ACU Configurator , Category: HandleOutPut: Starting log 2013-08-21 16:05:05
2013-08-21 16:05:05:(INFO) : ACU Configurator , Category: VerifyFileSignature: The file "C:\Users\eg24177\Desktop\Configurator\ACU.dll" is signed and the signature was verified.
2013-08-21 16:05:10:(INFO) : ACU Configurator, Category: -ConfigAMT-: B3682KC01.prod.cgic.ca:Starting Unified configuration flow...
2013-08-21 16:05:17:(ERROR) : ACU.dll, Category: Configure Profile: Failed to read certificates from given files. Reason: File decryption failed.
2013-08-21 16:05:17:(ERROR) : B3682KC01.prod.cgic.ca, Category: Configure Profile: Configure Profile Failed: File decryption failed.  (0xc000028f).
2013-08-21 16:05:17:(ERROR) : ACU.dll, Category: Profile Configuration: File decryption failed.  (0xc000028f).
2013-08-21 16:05:17:(ERROR) : ACU Configurator, Category: Exit: ***********Exit with code 33. Details: Failed to configure this Intel(R) AMT device. File decryption failed.

0 Kudos
2 Replies
Gael_H_Intel
Moderator
725 Views

 You might want to check out the following blog regarding creating certs using powershell:  http://software.intel.com/en-us/blogs/2012/01/18/how-to-create-amt-certificates-using-the-amt-sdk-and-openssl

Also you could try the Open Manageability DTK for creating the certs as well: http://opentools.homeip.net/open-manageability

Also, check out Ylian Saint-Hillaire's blog about what you must know when enabling AMT using TLS:  http://software.intel.com/en-us/blogs/2013/01/08/rtfb-episode-7-with-ylian-saint-hilaire-what-software-developers-must-now-about

I hope some of this helps.

0 Kudos
Roberto_G_Intel
Employee
725 Views

Hi, what is the best documentation to decode the errors? I tried the SDK public documentation/help files and there are comprehensive tables for error codes but I don't see 33 as an option (I see 32 and then 34 - in a table for "Intel AMT Returned Numeric Values (PT_STATUS codes)" ).

0 Kudos
Reply