- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The AMT power management functions do not work when someone is connected to the KVM-over-IP console.
Is there any way to override that behavior? E.g. by forcefully disconnecting the user?
I noticed IPS_KVMRedirectionSettingData and AMT_RedirectionService have a TerminateSession() function, but those only seem to work locally (Permitted realms: ADMIN_SECURITY_LOCAL_SYSTEM_REALM). Need something that works remotely.
I noticed IPS_KVMRedirectionSettingData and AMT_RedirectionService have a TerminateSession() function, but those only seem to work locally (Permitted realms: ADMIN_SECURITY_LOCAL_SYSTEM_REALM). Need something that works remotely.
1 Solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just ran a KVM session where I was able to send the power management commands from the Web UI (you can do this from your kvm session as well..) This work fine on my systems. Perhaps I do not understand your specific usage? What version of AMT are you running. Are you using the default KVM port or are you using the Redirection port? Have you looked at KVM_deinit, or KVM_Stop? What do you mean by KVM-over-IP console?
And then when I was inactive, the connection timed out on it's own.
Link Copied
4 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just ran a KVM session where I was able to send the power management commands from the Web UI (you can do this from your kvm session as well..) This work fine on my systems. Perhaps I do not understand your specific usage? What version of AMT are you running. Are you using the default KVM port or are you using the Redirection port? Have you looked at KVM_deinit, or KVM_Stop? What do you mean by KVM-over-IP console?
And then when I was inactive, the connection timed out on it's own.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perhaps I do not understand your specific usage?
Our use case: we make software for datacenters to manage and provision dedicated servers. In order to start the installation of the operating system, we need a way to force the server to perform a PXE network boot. With "real" server mainboards we tell the server to do so using IPMI commands. But some of our customers like to use use standard desktop grade mainboards to save cost, or because there is a problem with the availability of server hardware in their country, and that's where AMT technology comes into play as alternative.
In the case of an AMT mainboard, we tell the server to boot using the RemoteControl SOAP API, RemoteControlCommand: 0x13 = PowerCycleReset, Specialcommand: 0x01 = ForcePxeBoot.
That does work great in normal circumstances. But now we decided to add support for the VNC console to our system as well, so that the datacenter operator or their end-user customer can monitor the installation process. The client software connects to the redirection port 16994 for this purpose, using a VNC client that speaks the 3.8 RFB protocol and some modification so that it does the Intel redirect port authentication.
However we noticed that if the customer is already connected to the console first, and then wants to install an operating system on his server, the RemoteControl command that should force the PXE boot fails.
TO SERVER:
19 343 1
FROM SERVER:
16
Result code 16 seems to stand for PT_STATUS_NOT_PERMITTED, making me think this is by design. So I am looking for a way to override this behavior.
If the customer is using our own software to connect to the console, we may be able to modify our own software so that it disconnects from the console. That's also what the KVM_deinit and KVM_close functions you mention seem to do, they close YOUR OWN connection if you are using the redirection library to connect in the first place. But the customer could theoretically also be connected to the console using third party software (e.g. RealVNC) So we are actually more looking for a function that does not just closes your own connection on your own side, but takes more drastic measures and tells the AMT server to disconnect ANYONE connected. If there is such command.
Our use case: we make software for datacenters to manage and provision dedicated servers. In order to start the installation of the operating system, we need a way to force the server to perform a PXE network boot. With "real" server mainboards we tell the server to do so using IPMI commands. But some of our customers like to use use standard desktop grade mainboards to save cost, or because there is a problem with the availability of server hardware in their country, and that's where AMT technology comes into play as alternative.
In the case of an AMT mainboard, we tell the server to boot using the RemoteControl SOAP API, RemoteControlCommand: 0x13 = PowerCycleReset, Specialcommand: 0x01 = ForcePxeBoot.
That does work great in normal circumstances. But now we decided to add support for the VNC console to our system as well, so that the datacenter operator or their end-user customer can monitor the installation process. The client software connects to the redirection port 16994 for this purpose, using a VNC client that speaks the 3.8 RFB protocol and some modification so that it does the Intel redirect port authentication.
However we noticed that if the customer is already connected to the console first, and then wants to install an operating system on his server, the RemoteControl command that should force the PXE boot fails.
TO SERVER:
FROM SERVER:
Result code 16 seems to stand for PT_STATUS_NOT_PERMITTED, making me think this is by design. So I am looking for a way to override this behavior.
If the customer is using our own software to connect to the console, we may be able to modify our own software so that it disconnects from the console. That's also what the KVM_deinit and KVM_close functions you mention seem to do, they close YOUR OWN connection if you are using the redirection library to connect in the first place. But the customer could theoretically also be connected to the console using third party software (e.g. RealVNC) So we are actually more looking for a function that does not just closes your own connection on your own side, but takes more drastic measures and tells the AMT server to disconnect ANYONE connected. If there is such command.
My test mainboard is an Intel DQ67EP, which I believe is AMT 7.0. This may not be the boards our customers end up using, so commands that are supported in multiple AMT versions are preffered over those that do not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UPDATE: found a workaround
Thanks to your hint that it does work in the Web UI, I took a closer look at the power management options in the Web UI, and noticed the list of available options is different when the console is active.
Command0x13 = PowerCycleReset which I was using is indeed not available when the console is active, but0x10 = Reset is, and the ForcePXE suboption also seems to work fine with that.
Thanks to your hint that it does work in the Web UI, I took a closer look at the power management options in the Web UI, and noticed the list of available options is different when the console is active.
Command0x13 = PowerCycleReset which I was using is indeed not available when the console is active, but0x10 = Reset is, and the ForcePXE suboption also seems to work fine with that.
Problem solved!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm so glad it's working!!
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page