Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

Forcefully disconnecting console users

Max
Beginner
584 Views
The AMT power management functions do not work when someone is connected to the KVM-over-IP console. Is there any way to override that behavior? E.g. by forcefully disconnecting the user?

I noticed IPS_KVMRedirectionSettingData and AMT_RedirectionService have a TerminateSession() function, but those only seem to work locally (Permitted realms: ADMIN_SECURITY_LOCAL_SYSTEM_REALM). Need something that works remotely.

0 Kudos
1 Solution
Gael_H_Intel
Moderator
584 Views
I just ran a KVM session where I was able to send the power management commands from the Web UI (you can do this from your kvm session as well..) This work fine on my systems. Perhaps I do not understand your specific usage? What version of AMT are you running. Are you using the default KVM port or are you using the Redirection port? Have you looked at KVM_deinit, or KVM_Stop? What do you mean by KVM-over-IP console?
And then when I was inactive, the connection timed out on it's own.

View solution in original post

0 Kudos
4 Replies
Gael_H_Intel
Moderator
585 Views
I just ran a KVM session where I was able to send the power management commands from the Web UI (you can do this from your kvm session as well..) This work fine on my systems. Perhaps I do not understand your specific usage? What version of AMT are you running. Are you using the default KVM port or are you using the Redirection port? Have you looked at KVM_deinit, or KVM_Stop? What do you mean by KVM-over-IP console?
And then when I was inactive, the connection timed out on it's own.
0 Kudos
Max
Beginner
584 Views
Perhaps I do not understand your specific usage?

Our use case: we make software for datacenters to manage and provision dedicated servers. In order to start the installation of the operating system, we need a way to force the server to perform a PXE network boot. With "real" server mainboards we tell the server to do so using IPMI commands. But some of our customers like to use use standard desktop grade mainboards to save cost, or because there is a problem with the availability of server hardware in their country, and that's where AMT technology comes into play as alternative.

In the case of an AMT mainboard, we tell the server to boot using the RemoteControl SOAP API, RemoteControlCommand: 0x13 = PowerCycleReset, Specialcommand: 0x01 = ForcePxeBoot.

That does work great in normal circumstances. But now we decided to add support for the VNC console to our system as well, so that the datacenter operator or their end-user customer can monitor the installation process. The client software connects to the redirection port 16994 for this purpose, using a VNC client that speaks the 3.8 RFB protocol and some modification so that it does the Intel redirect port authentication.
However we noticed that if the customer is already connected to the console first, and then wants to install an operating system on his server, the RemoteControl command that should force the PXE boot fails.

TO SERVER:

193431

FROM SERVER:

16




Result code 16 seems to stand for PT_STATUS_NOT_PERMITTED, making me think this is by design. So I am looking for a way to override this behavior.

If the customer is using our own software to connect to the console, we may be able to modify our own software so that it disconnects from the console. That's also what the KVM_deinit and KVM_close functions you mention seem to do, they close YOUR OWN connection if you are using the redirection library to connect in the first place. But the customer could theoretically also be connected to the console using third party software (e.g. RealVNC) So we are actually more looking for a function that does not just closes your own connection on your own side, but takes more drastic measures and tells the AMT server to disconnect ANYONE connected. If there is such command.

My test mainboard is an Intel DQ67EP, which I believe is AMT 7.0. This may not be the boards our customers end up using, so commands that are supported in multiple AMT versions are preffered over those that do not.

0 Kudos
Max
Beginner
584 Views
UPDATE: found a workaround

Thanks to your hint that it does work in the Web UI, I took a closer look at the power management options in the Web UI, and noticed the list of available options is different when the console is active.
Command0x13 = PowerCycleReset which I was using is indeed not available when the console is active, but0x10 = Reset is, and the ForcePXE suboption also seems to work fine with that.

Problem solved!
0 Kudos
Gael_H_Intel
Moderator
584 Views
I'm so glad it's working!!
0 Kudos
Reply