I am also working on AMT setup and configuration but I am not using Intel SCS since the system requirements are too high. I am implementing my own using Intel AMT SDK. Based onthe description of the problem, it seems that your configuration server cannot establish a connection with your AMT device. The configuration server was able to receive the "Hello" message (The last 2 lines keep repeating every 2 minutes) but cannot start the configuration process. There arethree possible reasons why this happened. First, a firewall might be running on your server which prevents the SCS to send the configuration data on the specified port (make sure that the port on your server is open). Second, if you don't have a DHCP server the IP address of your AMT device (in this case: 192.168.0.61)might be the same with the IP address of the host PC, which should not be. Third, the preprovioning parameters set on the AMT device might be incorrect or incomplete which prevents the configuration server to establish the TCP/IP connection.
I suggest you install a packet sniffer on your configuration server and make sure that the TCP/IP handshaking is correct. You can download and install Ethereal (http://www.ethereal.com) for free.
You mentioned above that:
SCS machine is NOT set to "provisionServer" in my DNS but the SCS IP address is set at the MEBx.
Page 52 of the "Intel AMT SCS Installation and User Manual" states the following:
The DNS must have information for two entities:The SCS Server must be registered in the DNS.A configured, operational Intel AMT device must be registered within DNS.
Any platform running the SCS Service (the Main Service) must be registered in the DNS as ProvisionServer. This must be done in each DNS Domain. When it sends its Hello message, the Intel AMT device first uses the domain name received from the DHCP server. If there is more than one SCS in the domain, the DNS will alternate between the servers. If there multiple SCS instances or the server platform has a different name, then CNAME records need to be added to the DNS.
Intel AMT Devices
Ensure that the DNS is configured with the Fully Qualified Domain Names (FQDN) of the Intel AMT-enabled machines that are being configured.
Intel AMT devices must be configured to have the same FQDN as the host OS. This stems from the fact the Intel AMT device is not a secure DNS client and it relies on the host OS to maintain the DNS record. For this reason, the Intel AMT device snoops the DHCP requests and responses issued by the host OS. The Intel AMT device then uses the IP provided by the DHCP to the host OS as its own.
This may be a simple test, but can you verify that you can ping the device? Try to reboot the client AMT system and let it enter windows. I have noticed that sometimes the Manageament engine is by default configured to be off when the client is off. This means that the AMT firmware is not "alive" when the system is off, usually this setting is updated when the system is provisioned.
Can you maybe specify what model your AMT client is and are you sure that the firmware is the latest available version, it is always worth looking into that as i have found that many "bugs" dissapear on my clients once i update the firmware.
If this is the version of your firmware:
My MEBx panel is integrated with the general BIOS access.
My current firmware version is: 2.0.5-build 1124
Your BIOS Version would then be 5434, dated October 16, 2006. Since then there have been 12 updates.
The current version is: BIOS version 5882, ME firmware build: 220.127.116.111 production signed, dated April 13, 2007
You might want to keep an eye on the following link:
I don't know if the trouble you are having with Provisioning has anything to do with the age of your firmware, but I think it is time you updated your system (there have been a lot of problems fixed in the last 12 releases)
When you go out to that link to get the most current firmware, there will be directions on how to do it. It is actually very easy.Make sure you look through the Readme and Release files as well.
One thing that I have run into lately is that when I try to do the upgrade it gives me an error concerning privileges - there is actually a command documented where you run the upgrade program from a cmd window and you enter the ME username and password. Let us know if you run into this problem. I'm guessing that if the system is in an unprovisioned/factory state with the default password you may not have to do this.
CO96510J.86A.xxxx.EB.EXE -s -a force user admin pass password -s
- xxxx = BIOS revision number
- admin = Intel ME login name
- password = Intel ME password
I have used that command and it does work great. The only reasons why I would think that it might not work are as follows:
1. Are you logged on as "Administrator" or at least as a user with administrator privileges?
2. Your current board revision cannot be flashed with AMT 2.1 firmware. It looked to me like you were still running AMT 2.0. Does your system have at the minimum a C0 processor? If you are still on a B-stepping you will need an upgraded board in order to get to AMT 2.1 functionality.
If your problem is "2", then find the latestFirmware Buildin the archives link that is still 2.0.x - anyFirmware revision that has 2.1.x will apply to AMT 2.1.
Here is some more reasons for the "cannot connect back to AMT" error:
I hope this helps!
Hi Gael, thanks for all your tips.
Finally I found out the problem was due to the security program running at the AMT machine. Since running the Express Update from the command line does not shows the wizard, the update is run immediately and my program was locking the execution.
I was able to update, I did it first with an update prior to AMT 2.1 just in case to be able to go back since I was having some trouble with this process (I didn't know it was just the security program....)
Now I am going to update to the last version since I know that this is a very simple process.
That's good to know Maria!
I have not experienced that since my systems are not on any external networks and therefore the first thing I do is disable the virus protection programs and the Firewall!
Thanks for sharing!
Maybe there is a misunderstanding.
I had a problem with provisioning using SCS, while looking to my case Gael
suggested to update my firmware since I had a very old version and I had some
trouble updating the firmware due to the security program that was locking the
BIOS Express Update when it was run using the command line including AMT credentials.
Once the security program was uninstalled I was able to update my firmware using Express Update to version 5595. I was not able to update to a higher version through Express Update so I used the "ISO Image BIOS Update" method to update to version 5882.
After updating the firmware I have not tested the enterprise provisioning using SCS again.
So the security program was just locking the Expres Update command.