- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All,
I'm trying to do some testing with AMT and Kerberos through Active Directory and I'm running into some issues with IE. I've got Kerberos working with DTK Commander and with the command line tools from the SDK, but I've been unable to get IE to connect to the WebUI on any of my test systems. I've tried XP, Vista, and Win7; and I've tried IE6, IE7, and IE8 - all to no avail. I know the docs talk about a KB fix for IE6, but I figured that IE7 or IE8 would work, but I haven't been able to get any of them to successfully authenticate to the ME. Any suggestions?
Thanks,
Roger
I'm trying to do some testing with AMT and Kerberos through Active Directory and I'm running into some issues with IE. I've got Kerberos working with DTK Commander and with the command line tools from the SDK, but I've been unable to get IE to connect to the WebUI on any of my test systems. I've tried XP, Vista, and Win7; and I've tried IE6, IE7, and IE8 - all to no avail. I know the docs talk about a KB fix for IE6, but I figured that IE7 or IE8 would work, but I haven't been able to get any of them to successfully authenticate to the ME. Any suggestions?
Thanks,
Roger
Link Copied
6 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - rogerb
Hello All,
I'm trying to do some testing with AMT and Kerberos through Active Directory and I'm running into some issues with IE. I've got Kerberos working with DTK Commander and with the command line tools from the SDK, but I've been unable to get IE to connect to the WebUI on any of my test systems. I've tried XP, Vista, and Win7; and I've tried IE6, IE7, and IE8 - all to no avail. I know the docs talk about a KB fix for IE6, but I figured that IE7 or IE8 would work, but I haven't been able to get any of them to successfully authenticate to the ME. Any suggestions?
Thanks,
Roger
I'm trying to do some testing with AMT and Kerberos through Active Directory and I'm running into some issues with IE. I've got Kerberos working with DTK Commander and with the command line tools from the SDK, but I've been unable to get IE to connect to the WebUI on any of my test systems. I've tried XP, Vista, and Win7; and I've tried IE6, IE7, and IE8 - all to no avail. I know the docs talk about a KB fix for IE6, but I figured that IE7 or IE8 would work, but I haven't been able to get any of them to successfully authenticate to the ME. Any suggestions?
Thanks,
Roger
Hi Roger-
Are you receiving a specific error? If so, what is it? Also, is it the same errorwithall versions of IE?
Finally, per the "Intel AMT Integration with Active Directory" document provided with the SDK,have you added the domain(s) containing the Intel AMT systems to IE's list of trusted sites?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm logged into the system as a domain admin, and I've got IE setup to use windows authentication, but I still can't get the system to authenticate with the AMT client. When I hit the Login button in the WebUI, I get a dialog box for entering my User id and password, I enter the domain userid and password, and it just returns without authenticating. Each time I reenter the password, it just comes back with a no authentication. I also setup the DNS domain to be a trusted site, and that didn't seem to make a difference. I thought that kerberos would allow me to not have to be prompted to enter a username and password, that it would just use the SID from my login to Windows to authenticate me to the AMT client through the Kerberos server. Why is it asking me for a username and password?
Thanks,
Roger
Thanks,
Roger
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Roger-
I believe I have duplicated your situation; let me look into the issues.
I believe I have duplicated your situation; let me look into the issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Roger-
Sorry for the delayed response. It appears the IE6Hotfix documented in the "Intel AMT Integration with Active Directory" .pdf (KB908209) is still necessary for Kerberos to work with IE7 and IE8. With thisHotfix in place I was able to provision an AMT 5.x system with the SDK's ConfigurationServer example (Kerberos enabled indefault.conf.xml) and then access the system via the WebUI without re-entering User Name & Password.
Sorry for the delayed response. It appears the IE6Hotfix documented in the "Intel AMT Integration with Active Directory" .pdf (KB908209) is still necessary for Kerberos to work with IE7 and IE8. With thisHotfix in place I was able to provision an AMT 5.x system with the SDK's ConfigurationServer example (Kerberos enabled indefault.conf.xml) and then access the system via the WebUI without re-entering User Name & Password.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - rogerb
Hello All,
I'm trying to do some testing with AMT and Kerberos through Active Directory and I'm running into some issues with IE. I've got Kerberos working with DTK Commander and with the command line tools from the SDK, but I've been unable to get IE to connect to the WebUI on any of my test systems. I've tried XP, Vista, and Win7; and I've tried IE6, IE7, and IE8 - all to no avail. I know the docs talk about a KB fix for IE6, but I figured that IE7 or IE8 would work, but I haven't been able to get any of them to successfully authenticate to the ME. Any suggestions?
Thanks,
Roger
I'm trying to do some testing with AMT and Kerberos through Active Directory and I'm running into some issues with IE. I've got Kerberos working with DTK Commander and with the command line tools from the SDK, but I've been unable to get IE to connect to the WebUI on any of my test systems. I've tried XP, Vista, and Win7; and I've tried IE6, IE7, and IE8 - all to no avail. I know the docs talk about a KB fix for IE6, but I figured that IE7 or IE8 would work, but I haven't been able to get any of them to successfully authenticate to the ME. Any suggestions?
Thanks,
Roger
Roger,
Even though the hotfix itself is not applicable to IE7 and IE8, you still must apply the registry fix that is referenced in the KB article.
32-bit Platform
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerMainFeature ControlFEATURE_INCLUDE_PORT_IN_SPN_KB908209
64-bit Platform
HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftInternet ExplorerMainFeature ControlFEATURE_INCLUDE_PORT_IN_SPN_KB908209
Data Type: REG_DWORD
Value Name: iexplore.exe
Value: 01
Trevor Sullivan
Systems Engineer
OfficeMax Corporation

Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page