I work with a company that uses Intel AMT and recently I've run into a weird problem that is causing major issues for us. When we first setup a computer we provision the computer with a USB stick that was created using the manageability flash drive tool. It sets the MEBX password for the computer.
Recently I've run into an issue where one day I can login to a computer's Intel AMT Web UI using user "admin" and the custom MEBX password...and then I come back to the computer again and I cannot login with those credentials...and yet they haven't been changed. This is a huge problem as I don't have physical access to the computer once we send it out to our customers and I lose the ability to manage computers using AMT when this happens. Can someone explain why I suddenly can't login even though the password was not changed.
I am in need of more answers before i can distinctly say why, so here are a few questions.
Looks to me like your connection should be solid and your connecting to the correct device. To me it sounds like the password has changed for some reason. As you performed configuration with a USB key, both the AMT and the MEBx password is the same.
So enter the MEBx with your known password, if that works.I would just do a full unconfigure and then activate the network interface. That will return it to a state similar to USB key configuration. Log out of the MEBx and try the remote connection again.
I'd just like to confirm that I got the same problem as described above yesterday. Everything on my AMT enabled system was configured correctly since weeks (remote access no problem via several ways, i.e. Web Interface, Intel Manageability Commander, Power Shell etc.). Then, after using a wake up script yesterday, it was suddenly not possible anymore to access the Web interface or to use my preconfigured tools. The admin/pwd combination was always beeing rejected.
I did not figure out what the reason of this issue was. I still could access the MEBx with the known password, but every other access was impossible. One week ago I wrote several scripts (PowerShell, DOS commandline), and everything worked as expected, so there could not be any fault on my side. Nor could it has been a network problem because local access was also beeing rejected. It seemed to me as if somebody had altered the AMT user account (admin/pwd), but this was absolutely impossible.
I resolved this issue by deactivating the MEBx completely. A full unprovisioning did not resolve the issue. Besides this I updated the UEFI which in turn also updated the MEBx (Asus Q170M-C mainboard, Intel CPU i7-6700).
It's is clear, that an issue like this is absolutely not acceptable for a business technology like AMT, and I hope that this will never happen again. By request I can provide you with more details (firmware versions etc.). I hope that this was an MEBx firmware issue that has been resolved.
My issue has changed a bit since my original post.
The issue I am facing right now is that my desktops will freeze occasionally for unknown reasons. I need the Intel WebUI to remotely reboot devices that freeze. However, when my devices freeze the AMT WebUI locks me out of the device. I can login to the WebUI when the device is powered ON and the OS running, but when a System Hang event occurs the AMT WebUI locks me out.
I've sent several of my known issue devices to Dell to have them look into the issue, but as of right now it's been quite a few months I've had this problem with no resolution in sight.
Dell had a bug a while back in the BIOS/FW and is similar to what you are describing, so my first recommendation would be to update the BIOS and Firmware and let me know your results.
Here is a link to a similar forum post
This is still an issue as of BIOS revision 1.5.7 I will try revision 1.5.9 and see if it helps. I know the Dell 1.5.9 BIOS Release notes have no mention of this latest version being a fix for my issue.
My understanding of a reliable remote administration subsystem is that it shall always work. I.e., it should not matter if there is a blue screen, or if the system freezes, or other things.
When I hear problems like this (cannot log into the web GUI when the system freezes) or experience them myself (locked user account) I think it would be better next time to buy a mainboard with a "real" remote control module (IPMI) instead of a BIOS based solution like Intel AMT.
Just an update. Dell BIOS Revision 1.5.9 completely locks me out of the Intel AMT UI regardless of system status.
Joseph I've sent your email to the Dell Engineers working with some of my units in case you could help them better understand where we've left things.