Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

Getting IDE-R to work..

whgibbo
Beginner
658 Views
Hi all,
I've been using AMT Commander to understand how the IDE-R works. Have managed to get it on a DELL Optiplex 755, but only with the CD-ROM (both phyiscal and image). But can't get it to work with the floppy drive, but that's another problem..

I'm slowly learning the SDK, so please bear with me.
I tried looking at the the AMTRedirection sample (VC++), but can't get it work. I executed it as follows:

AMTRedirection 192.168.1.154 admin password TLS

It keeps coming back with 'Failed to establish TLS Connection'.

So I looked at the source code for AMTCommander trying to see any difference.. One difference I notice was the call to IMR_SetCertificateInfo. The difference was that AMTCommander was passing 'Trusted Root Certificates.pem', so I changed the code but this made no difference.

Any ideas?

thanks

Gibbo


0 Kudos
7 Replies
john_prothro
Beginner
658 Views
it requires a .pem format here... the redirection lib cannot/does not go to the cert store... you will have to tell it the file name and it takes a .pem format. you don't actually work for dell, do you? ;)
0 Kudos
whgibbo
Beginner
658 Views
Hi,
thanks for replying..

I did pass the .pem file but this didn't seem to make any difference. I used the .pem file that AMTCommander generated.

Here is the function that I have written in C++:
//--------------------------------------------------------------
ULONG
init_redirect_library(const char *ip,
const char *certName,
const char *username,
const char *password,
bool use_tls,
const char *floppy_imagename,
const char *cdrom_imagename,
ClientID &client_id){
IMRVersion version;
memset(&version, 0, sizeof(version));
ULONG status = IMR_Init(&version, NULL);
if(status == 0) {
// Now need to add a client to the AMT Device
ClientID client_id;
ClientType client_type = CLI_TCP;
if(use_tls) {
client_type = CLI_TLS;
}

IMR_SetCertificateInfo("C:DiskImagesTrusted Root Certificates.pem", NULL, NULL);

IMR_RemoveAllClients();
status = IMR_AddClient(client_type, (char*)ip, NULL, &client_id);
if(status == 0){
printf("Client added ");

TCPSessionParams params;
strcpy(params.user_name, username);
strcpy(params.user_pswd, password);
status = IMR_IDEROpenTCPSession(client_id, &params, NULL, (char*)floppy_imagename, (char*)cdrom_imagename);
if(status == IMR_RES_OK) {
printf("TCPSession Opened ");
IDERDeviceResult result;
IDERDeviceCmd cmd;
cmd.pri_op = IDER_ENABLE;
cmd.pri_timing = IDER_SET_IMMEDIATELY;
  ; cmd.sec_op = IDER_NOP;
cmd.sec_timing = IDER_SET_ONRESET;
status = IMR_IDERSetDeviceState(client_id, &cmd, &result);
if(status == IMR_RES_OK) {
status = 0;
}
else {
printf("IMR_IDERSetDeviceState failed: %x ", status);
}
}
else {
switch(status) {
case IMR_RES_SESSION_ALREADY_OPEN:
printf("TCPSession failed: IMR_RES_SESSION_ALREADY_OPEN ");
break;

case IMR_RES_CLIENT_BUSY:
printf("TCPSession failed: IMR_RES_SESSION_ALREADY_OPEN ");
break;

default:
printf("OpenTCPSession failed, %x ", status);
break;
}
}
}
else {
printf("IMR_AddClient Failed, %x", status);
}

}
else {
printf("IMR_Init failed, %x ", status);
}

return( status );
}
//--------------------------------------------------------------

It fails with the IMR_IDEROpenTCPSession..

Any ideas what I'm doing wrong??

Thanks

Gibbo

0 Kudos
john_prothro
Beginner
658 Views

I wanted to ask you this yesterday... does your code work ok without all of the cert stuff? I have not read your code fragment but wanted to know if you have a non ssl/tls working example. If you do, then we sort of know where not to look... if you do not have a non ssl/tls working example, can you start over... reprovision unsecurely, etc... and try to get that to work first?

I do recall the sdk redirection sample worked ok for me. You should be able to get it to work okwith a non securely provisioned machine... can you try it and let us know if that works? I think knowing if that works or not would be a good thing.

0 Kudos
Ajith_I_Intel
Employee
658 Views

Hi Gibbo,

Did you configure AMT with TLS server authentication or TLS mutual authentication? Can you connect to the AMT device through webUI or AMT commander? What is the status code when the connection fails through your application? Please make sure the certificates are setup correctly. Try the webUI first and if that works we can debug what is happening with the IDE-R application.

Thanks.

0 Kudos
whgibbo
Beginner
658 Views
Hi akillendula,
The machine was setup with TLS Security, using AMT Director. So not mutual.
I can connect through the WebUI and AMT Commander. With AMT Commander I can do the redirection, it works like a dream..

As far as I can see the certificates have been setup correctly.

Can't see anything in the WebUI to setup the IDE-R??

I'm using the AMTRedirection sample that is included in the sdk samples and running as follows:

AMTRedirection 192.168.1.154 admin password TLS

Then selected option 'c', open IDER Session. Assigning Floppy to A: and CDROM to V:. Then get the following messages:

IMR result is: Failed to Establish TLS Connection.
Error: failed to Open IDER Session
PT_STATUS_INTERNAL_ERROR: An internal error in the Intel AMT device had occurred.

As I mentioned in a previous post, I did use the .pem file generated by AMT Commander. But this made no difference.

Any ideas?



0 Kudos
Ajith_I_Intel
Employee
658 Views

Hi Gibbo,

Thanks for the information. Are you passing the trusted root certificate to the redirection sample or the AMT's server certificate?

0 Kudos
whgibbo
Beginner
658 Views
Hi,
I'm not sure, will have to check and get back to you.
As far as I was await the .PEM that was created by AMT Commander was exporting all the certificates.

But I will check and let you know..

Many thanks

Gibbo

0 Kudos
Reply