- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I'm a developer working for a company that sells a software/hardware combination. Some of the hardware SKUs are having an issue where something about the AMT configuration is changing in a way that when I run system discovery the report says that AMT is not enabled in the BIOS. This is a bit confusing because none of the developers or QA who are experiencing this issue have done anything in the BIOS or the MEBx. One thing that I think may be a clue to why this is happening is the fact that all of the affected machines are in Admin Control Mode, whereas the machines that are not experiencing this problem are in the Client Control Mode. All of these machines have the same BIOS version, the same SCS version, the same MEI version and the same LMS version. In addition, I have no option that even remotely resembles 'Enable AMT' in MEBx and the only AMT related option in the BIOS is also enabled.
Below is the Manageability info for one of the problematic machines:
<ManageabilityInfo>
<AMTSKU>Intel(R) Standard Manageability</AMTSKU>
<AMTversion>11.0.10</AMTversion>
<FWVersion>11.0.10.1002</FWVersion>
<PingConfigurationServer>False</PingConfigurationServer>
<Capabilities>
<IsAMTSupported>True</IsAMTSupported>
<IsCCMSupported>False</IsCCMSupported>
<IsHBPSupported>False</IsHBPSupported>
<IsKVMEnabledInBIOS>False</IsKVMEnabledInBIOS>
<IsAntiTheftSupported>False</IsAntiTheftSupported>
<IsKVMSupportedInBIOS>True</IsKVMSupportedInBIOS>
<IsSOLSupportedInBIOS>True</IsSOLSupportedInBIOS>
<IsIDERSupportedInBIOS>True</IsIDERSupportedInBIOS>
<IsAMTEnabledInBIOS>False</IsAMTEnabledInBIOS>
<IsSOLEnabledInBIOS>False</IsSOLEnabledInBIOS>
<IsIDEREnabledInBIOS>False</IsIDEREnabledInBIOS>
</Capabilities>
<ManagementSettings>
<AMTConfigurationMode>Enterprise Mode</AMTConfigurationMode>
<AMTState>Post Provisioning</AMTState>
<IsAMTConfigured>True</IsAMTConfigured>
<AMTConfigurationState>PKI</AMTConfigurationState>
<IsZTCEnabled>True</IsZTCEnabled>
<CertificateHashes>VeriSign Class 3 Primary CA-G1, e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e70, Enabled, Default; VeriSign Class 3 Primary CA-G3, eb04cf5eb1f39afa762f2bb120f296cba520c1b97db1589565b81cb9a17b7244, Enabled, Default; Go Daddy Class 2 CA, c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4, Enabled, Default; Comodo AAA CA, d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4, Enabled, Default; Starfield Class 2 CA, 1465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658, Enabled, Default; VeriSign Class 3 Primary CA-G2, 83ce3c1229688a593d485f81973c0f9195431eda37cc5e36430e79c7a888638b, Enabled, Default; VeriSign Class 3 Primary CA-G1.5, a4b6b3996fc2f306b3fd8681bd63413d8c5009cc4fa329c2ccf0e2fa1b140305, Enabled, Default; VeriSign Class 3 Primary CA-G5, 9acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df, Enabled, Default; GTE CyberTrust Global Root, a53125188d2110aa964b02c7b7c6da3203170894e5fb71fffb6667d5e6810a36, Enabled, Default; Baltimore CyberTrust Root, 16af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb, Enabled, Default; Cybertrust Global Root, 960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3, Enabled, Default; Verizon Global Root, 68ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f6603, Enabled, Default; Entrust.net CA (2048), 6dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177, Enabled, Default; Entrust Root CA, 73c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c, Enabled, Default; VeriSign Universal , 2399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c, Enabled, Default; Go Daddy Root CA - G2, 45140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda, Enabled, Default; Entrust Root CA - G2, 43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339, Enabled, Default; Starfield Root CA - G2, 2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5, Enabled, Default; </CertificateHashes>
<IsMoveToInProvisionPossible>True</IsMoveToInProvisionPossible>
<AMTControlMode>Admin Control Mode</AMTControlMode>
<IsTLSEnabled>False</IsTLSEnabled>
<IsHWCryptoEnabled>False</IsHWCryptoEnabled>
<IsNetworkInterfaceEnabled>True</IsNetworkInterfaceEnabled>
<IsAMTFWUpdateEnabled>False</IsAMTFWUpdateEnabled>
<IsAMTEACEnabled>False</IsAMTEACEnabled>
</ManagementSettings>
</ManageabilityInfo>
And below is the manageability info from a machine that is working:
<ManageabilityInfo>
<AMTSKU>Intel(R) Standard Manageability</AMTSKU>
<AMTversion>11.0.10</AMTversion>
<FWVersion>11.0.10.1002</FWVersion>
<PingConfigurationServer>False</PingConfigurationServer>
<Capabilities>
<IsAMTSupported>True</IsAMTSupported>
<IsCCMSupported>True</IsCCMSupported>
<IsHBPSupported>True</IsHBPSupported>
<IsKVMEnabledInBIOS>False</IsKVMEnabledInBIOS>
<IsAntiTheftSupported>False</IsAntiTheftSupported>
<IsKVMSupportedInBIOS>True</IsKVMSupportedInBIOS>
<IsSOLSupportedInBIOS>True</IsSOLSupportedInBIOS>
<IsIDERSupportedInBIOS>True</IsIDERSupportedInBIOS>
<IsAMTEnabledInBIOS>True</IsAMTEnabledInBIOS>
<IsSOLEnabledInBIOS>False</IsSOLEnabledInBIOS>
<IsIDEREnabledInBIOS>False</IsIDEREnabledInBIOS>
<CRLStoreSize>1424</CRLStoreSize>
<RootCertificatesMaxSize>2500</RootCertificatesMaxSize>
<RootCertificatesMaxInstances>4</RootCertificatesMaxInstances>
<FQDNSuffixMaxEntries>4</FQDNSuffixMaxEntries>
<FQDNSuffixMaxLength>63</FQDNSuffixMaxLength>
<CertificateChainMaxSize>4100</CertificateChainMaxSize>
<SupportedCertificatesKeyLengths>
<SupportedCertificateKeyLength>1024</SupportedCertificateKeyLength>
<SupportedCertificateKeyLength>1536</SupportedCertificateKeyLength>
<SupportedCertificateKeyLength>2048</SupportedCertificateKeyLength>
</SupportedCertificatesKeyLengths>
</Capabilities>
<ManagementSettings>
<AMTConfigurationMode>Enterprise Mode</AMTConfigurationMode>
<AMTState>Post Provisioning</AMTState>
<IsAMTConfigured>True</IsAMTConfigured>
<AMTConfigurationState>PKI</AMTConfigurationState>
<IsZTCEnabled>True</IsZTCEnabled>
<CertificateHashes>VeriSign Class 3 Primary CA-G1, e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e70, Enabled, Default; VeriSign Class 3 Primary CA-G3, eb04cf5eb1f39afa762f2bb120f296cba520c1b97db1589565b81cb9a17b7244, Enabled, Default; Go Daddy Class 2 CA, c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4, Enabled, Default; Comodo AAA CA, d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4, Enabled, Default; Starfield Class 2 CA, 1465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658, Enabled, Default; VeriSign Class 3 Primary CA-G2, 83ce3c1229688a593d485f81973c0f9195431eda37cc5e36430e79c7a888638b, Enabled, Default; VeriSign Class 3 Primary CA-G1.5, a4b6b3996fc2f306b3fd8681bd63413d8c5009cc4fa329c2ccf0e2fa1b140305, Enabled, Default; VeriSign Class 3 Primary CA-G5, 9acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df, Enabled, Default; GTE CyberTrust Global Root, a53125188d2110aa964b02c7b7c6da3203170894e5fb71fffb6667d5e6810a36, Enabled, Default; Baltimore CyberTrust Root, 16af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb, Enabled, Default; Cybertrust Global Root, 960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3, Enabled, Default; Verizon Global Root, 68ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f6603, Enabled, Default; Entrust.net CA (2048), 6dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177, Enabled, Default; Entrust Root CA, 73c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c, Enabled, Default; VeriSign Universal , 2399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c, Enabled, Default; Go Daddy Root CA - G2, 45140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda, Enabled, Default; Entrust Root CA - G2, 43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339, Enabled, Default; Starfield Root CA - G2, 2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5, Enabled, Default; </CertificateHashes>
<IsMoveToInProvisionPossible>True</IsMoveToInProvisionPossible>
<AMTControlMode>Client Control Mode</AMTControlMode>
<IsTLSEnabled>False</IsTLSEnabled>
<IsHWCryptoEnabled>False</IsHWCryptoEnabled>
<IsNetworkInterfaceEnabled>True</IsNetworkInterfaceEnabled>
<IsAMTFWUpdateEnabled>False</IsAMTFWUpdateEnabled>
<IsAMTEACEnabled>False</IsAMTEACEnabled>
<AMTDigestRealm>Digest:17D60000000000000000000000000000</AMTDigestRealm>
</ManagementSettings>
</ManageabilityInfo>
Beyond this information I'm at a loss as to what could be causing this to occur. Any help would be greatly appreciated!
Link Copied
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bumping this thread after a week and a half just to see if anyone has any ideas about how a computer could get into this state without going through the bios extension.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Reed,
Please send me the complete Discovery XML via Private Message
Admin Control Mode vs Client Control mode, should not be causing any issue with IsAMTEnabledInBIOS. The fact the your code shows IsAMTConfigured = True indicates AMT is fully enabled.
Is it just this field that is causing issues in your reports or is this part of a larger issue?
For more on control modes see the AMT Developers Guide
Joe
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page