- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've setup my new dell optiplex 755 with WinXP according to the setup manuals with static IP.
The AMT status service shows AMT is enabled. All drivers appear as required, but when starting Outpost from the DTK I get a failure message (like a previous post complained).
Also when browsing over to http://
How do I go forward? How can I validate my AMT settings - is there some lower level options?
Thanks in advance, Robi
Link Copied
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Various thoughts:
1) It is "netstat -a" NOT "nestat - all"
2) You mention how to check LMS service, but NOT how to check HECI driver version???
3) How do we check if we have TLS with mutual authentication turned on? On my Dell 780, it shows listening on 16993, but not 16992. Shouldn't it be listening on 16992?
4) I cannot get to it via browser from a remote machine http://testbox:16992 or 16993 - both fail.
5) I can ping it just fine from a remote machine, so the AMT ip address is pingable.
6) I am *VERY* confused why you tell us to configure AMT with the SAME HOST NAME AS THE HOST COMPUTER, but different IP address - that means I have a static IP and dynamic IP - both with SAME name!
7) My AMT status via the Intel app shows "Unconfigured, Awaiting Configuration"
Thank you for any insights and answers/tips!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Communication error between application and Intel ME module (FW Update Client)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As for the version of AMT, it is 5.2.40.1037
I prefer DHCP as well (for the AMT portion), but my point was, with the recommendations of various experts, they all seem to be saying:
1) Host Name (i.e., name of computer) = MyComputer.abc.com (static ip 10.1.2.19, for example)
2) AMT Name = MyComputer.abc.com (dchp - random ip)
In that scenario, we will have TWO instances of an identicalDNS name pointing to two separate IPs - how does that work?
So, if I ping MyComputer.abc.com - WHICH one would it ping? Wouldn't that be some sort of conflict?
Upon reading some more docs, I think on Intel's site, it mentions to give the same name to the AMT host as to the machine itself; and something about "the software or firmware may change the name(?)"
So, does that make sense? It's just very confusing to have a recommendation that TWO ip addresses should point to the same DNS name, without any further explanation as to WHY that is not a bad idea.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It would be impossible to offer this type of thing 'without' static as an option, due to military, security-centric places; etc. Some folks (us included) just do NOT use DHCP - not for our hosts anyway.
Still supported are:
1) Host=Static, while AMT=DHCP.
2) Host=Static, while AMT [also] = static.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Another question - I am on 2008 Server R2, but in all examples for requesting a cert, I see they say, "Choose Windows 2003 Enterprise." First off, I don't have "Enterprise" version of o/s - not for these servers.
Secondly, does it have to be choosen and Windows 2003, or can I go ahead and choose Windows 2008 as the "type of cert?"
Thanks again!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks again for the continued invaluable information.
We defininitely want to use DHCP for the AMT side. We use static for our Hosts - so, we don't really have a choice on that.
I definitely am using Windows certs (currently) - have used some OpenSSL in the past. I have my CA setup, already submitted one request and generated the cert, installed it, etc.
BUT, in the typical examples, it shows the Intel-AMT cert as having 2 'purposes' listed - one for 'Ensures the identity of a remote computer' and one for 'Proves your identity to aremote computer'; but when I generate one from my Internal CA, it has only 'one purpose' listed - 'Ensures the identity of a remote computer'
Thoughts? Has anyone used their own certs successfully for the provisioning part? I don't mind entering the thumbprint into BIOS as needed but I just want to make sure I generate/create the cert requests and certs properly. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But I swear I saw someone who said they were able to do it with 2003 Standard.
We really have 2008 R2 Standard, but it still applies. Here's the article about needing 'Enterprise' version:
(steps 19 & 20 , and the related 'yellow note.')
http://technet.microsoft.com/en-us/library/cc161804.aspx#BKMK_AMTprovisioning2
Also,I don't recall any specs mentioning if the Cert has to be V1, V2 or V3, which also makes a difference, apparently.
And a note on another article that says now Godaddy supports the AMT provisioning certs via its 'Standard' certs, so you don't have to shell out the extra bucks for the "Premium SSL Cert."
Also: http://technet.microsoft.com/en-us/library/cc700804.aspx
It mentions the "must-have" Enterprise version of o/s. Ugh!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
http://scug.be/blogs/sccm/archive/2010/05/06/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-4.aspx
If someone can screen-shot or verify it does NOT need to have the 2 purposes, and so forth, and that they got it working with 2003/2008 NON-Enterprise (i.e., Standard - LOL) version, that would be good.
I don't think we have any more 2003 Enterpriseservers left around - even if we did, I would need to move my CA to that server, and I'm not doing that. We do have some 2008 versions, but I'm not moving my CA just to get 'one or two' minor features that, imo, already should be allowed in 2008 R2 Standard!
Again: UGH!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think that's the difference that I was remembering.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- « Previous
-
- 1
- 2
- Next »