- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm getting an error message saying "Serial-over-LAN error: IMR_RES_TLS_CONNECTION_FAILED" from the Intel AMT DTK Commander tool.
Here is a screenshot of the message:
http://screencast.com/t/YakBboR62Nz
I know there was a long thread about this, but it was closed by Gael. Here is the link:
http://software.intel.com/en-us/forums/showthread.php?t=61561page/2/
No one ever posted what the resolution to the problem was. My certificate configuration seems to be working fine.
I can access SoL using the Microsoft Configuration Manager OOBconsole.
Thanks,
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Here is a screenshot of the message:
http://screencast.com/t/YakBboR62Nz
I know there was a long thread about this, but it was closed by Gael. Here is the link:
http://software.intel.com/en-us/forums/showthread.php?t=61561page/2/
No one ever posted what the resolution to the problem was. My certificate configuration seems to be working fine.
I can access SoL using the Microsoft Configuration Manager OOBconsole.
Thanks,
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Link Copied
- « Previous
-
- 1
- 2
- Next »
34 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alright, well the IMR_SOLOpenTCPSession method is defined in the unmanaged imrsdk.dll library. Unfortunately I don't believe I have visibility into this source code, so my troubleshooting will probably end here.
[DllImport("imrsdk.dll")]
static extern IMRResult IMR_SOLOpenTCPSession(uint clientId, byte[] loginparams, IntPtr touts, IntPtr loopback);
----
Hmmmm, I see that there is a n imrsdk.ini file in the same folder as imrsdk.dll. Looking inside this file, there is a parameter called Debug_Level. Can I set this to a non-zero value to enable logging? What values would be valid?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
[DllImport("imrsdk.dll")]
static extern IMRResult IMR_SOLOpenTCPSession(uint clientId, byte[] loginparams, IntPtr touts, IntPtr loopback);
----
Hmmmm, I see that there is a n imrsdk.ini file in the same folder as imrsdk.dll. Looking inside this file, there is a parameter called Debug_Level. Can I set this to a non-zero value to enable logging? What values would be valid?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Now this is interesting ... so, because the ConfigMgr OOB console works, and the DTK Commander doesn't, and also because I have isolated the problem to a call into imrsdk.dll, I had a suspicion that the there was possibly a difference between the version of imrsdk.dll included with ConfigMgr versus the one included in the AMT DTK tools & source.
I just cross-checked the versions of imrsdk.dll in the ConfigMgr console i386 subfolder, and the version included with the DTK source, and here is what I found:
ConfigMgr (imrsdk.dll)
------------------------------
File Version: 1.0.1.54
Product Version: 1.0.1
Date Modified: 4/8/2008 6:27 PM
Copyright: Copyright (c) 2000-2006 Intel Corporation
AMT DTK (imrsdk.dll)
----------------------------
File Version: 1.1.2.0
Product Version: 1.1.2
Date Modified: 2/19/2009 2:43 PM
Copyright: Copyright (c) 2004-2008 Intel Corporation, All rights reserved
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
I just cross-checked the versions of imrsdk.dll in the ConfigMgr console i386 subfolder, and the version included with the DTK source, and here is what I found:
ConfigMgr (imrsdk.dll)
------------------------------
File Version: 1.0.1.54
Product Version: 1.0.1
Date Modified: 4/8/2008 6:27 PM
Copyright: Copyright (c) 2000-2006 Intel Corporation
AMT DTK (imrsdk.dll)
----------------------------
File Version: 1.1.2.0
Product Version: 1.1.2
Date Modified: 2/19/2009 2:43 PM
Copyright: Copyright (c) 2004-2008 Intel Corporation, All rights reserved
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alright, so I replaced imrsdk.dll in the DTK with imrsdk.dll from the ConfigMgr console, and it still exhibits the same exact error. :-(
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Trevor,
I really appreciate your tenacity & patience here. Please ignore the last email for more detail ;) I'll get in the lab by by noon tomorrow (my afternoon is shot today) and attempt to replicate. Building the SCCM wasn't easy.
Tim
I really appreciate your tenacity & patience here. Please ignore the last email for more detail ;) I'll get in the lab by by noon tomorrow (my afternoon is shot today) and attempt to replicate. Building the SCCM wasn't easy.
Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tim,
No, I completely agree .... building an SCCM environment isn't exactly a simple task. Thank you for taking the time to try replicating my issue though.
I would also like to extend the offer to you, to set up a Live Meeting session so that you can see (and/or debug) the issue on my system(s). I have a couple different machines we could work with, one running Vista and one running XP, and you could easily see the issue we're having.
If you would like to do this, let me know what times would work well for you, and I will set up a session through our conference provider.
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Quoting - Tim Tool Guy Duncan (Intel)
No, I completely agree .... building an SCCM environment isn't exactly a simple task. Thank you for taking the time to try replicating my issue though.
I would also like to extend the offer to you, to set up a Live Meeting session so that you can see (and/or debug) the issue on my system(s). I have a couple different machines we could work with, one running Vista and one running XP, and you could easily see the issue we're having.
If you would like to do this, let me know what times would work well for you, and I will set up a session through our conference provider.
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Quoting - Tim Tool Guy Duncan (Intel)
Hi Trevor,
I really appreciate your tenacity & patience here. Please ignore the last email for more detail ;) I'll get in the lab by by noon tomorrow (my afternoon is shot today) and attempt to replicate. Building the SCCM wasn't easy.
Tim
I really appreciate your tenacity & patience here. Please ignore the last email for more detail ;) I'll get in the lab by by noon tomorrow (my afternoon is shot today) and attempt to replicate. Building the SCCM wasn't easy.
Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Trevor,
Wow, you're facing some of the same problems I got =)
Maybe there are a couple of things you can try:
-Why don't you disable TLS certificates and try again? it'sjust to isolate the problem.
-Is theDTK installed in a Windows Vista machine? It'd be nice if you install in a WinXP just to try.
Good luck
Wow, you're facing some of the same problems I got =)
Maybe there are a couple of things you can try:
-Why don't you disable TLS certificates and try again? it'sjust to isolate the problem.
-Is theDTK installed in a Windows Vista machine? It'd be nice if you install in a WinXP just to try.
Good luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Javier,
I have tried Windows XP, Windows Server 2003, and Windows Vista. All of them exhibit the same behavior. Thank you for the suggestion though.
Can you expand on the idea of disabling TLS certificates? How do I do this on an AMT device that has already been provisioned with Configuration Manager?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Quoting - javierandrescaceres
I have tried Windows XP, Windows Server 2003, and Windows Vista. All of them exhibit the same behavior. Thank you for the suggestion though.
Can you expand on the idea of disabling TLS certificates? How do I do this on an AMT device that has already been provisioned with Configuration Manager?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Quoting - javierandrescaceres
Hello Trevor,
Wow, you're facing some of the same problems I got =)
Maybe there are a couple of things you can try:
-Why don't you disable TLS certificates and try again? it'sjust to isolate the problem.
-Is theDTK installed in a Windows Vista machine? It'd be nice if you install in a WinXP just to try.
Good luck
Wow, you're facing some of the same problems I got =)
Maybe there are a couple of things you can try:
-Why don't you disable TLS certificates and try again? it'sjust to isolate the problem.
-Is theDTK installed in a Windows Vista machine? It'd be nice if you install in a WinXP just to try.
Good luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Trevor,
I understand that you have Microsoft System Center Configuration Manager and I don't know it.
I suppose that you provisioned the AMT machine by using it, so I don't know if this product offers a way to unprovision the system (and then provisioning without security certificates).
The goal of disabling security certificates it's to verify if this is the problem.
But again, I don't know how to do it with this tool
=(
I understand that you have Microsoft System Center Configuration Manager and I don't know it.
I suppose that you provisioned the AMT machine by using it, so I don't know if this product offers a way to unprovision the system (and then provisioning without security certificates).
The goal of disabling security certificates it's to verify if this is the problem.
But again, I don't know how to do it with this tool
=(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Tim,
Got anything new for me, or do you need any more information about this issue?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Got anything new for me, or do you need any more information about this issue?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Trevor - are you and Tim working off-line on this issue?Just wondering since there haven't been any updates.
--Gael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - Gael Holmes (Intel)
Hi Trevor - are you and Tim working off-line on this issue?Just wondering since there haven't been any updates.
--Gael
Gael,
I appreciate you following up. I e-mailed him for a status update on March 10th, but haven't heard anything back yet. Can you see where he's at with this?
Also, he called me up a couple weeks ago and gave me his phone number, but I don't think I wrote it down. Would you mind e-mailing that to me offline? FirstLast@OfficeMax.com
A tidbit of information that might be helpful .... I was able to get the utility to work on Windows 2003, but not XP or Vista.
Thanks,
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - Trevor Sullivan
Hello Trevor,
Have you ever read my post about this error message?
Maybe this hels you:
http://software.intel.com/en-us/blogs/2009/03/19/troubleshooting-the-imr_res_tls_connection_failed-error-in-mutual-tls/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Javier,
Thanks for the posting. I've configured the debug_level property to 2 in the imrsdk.ini file, per the directions in your article. Here is the contents of the log.txt file, after attempting to use Serial-over-LAN with this debug level:
LOG STARTED Sun Mar 22 12:10:22 2009
NETMGR: Signal socket created: 1716
SSLSocket::connect: func SSL3_GET_SERVER_CERTIFICATE, reason certificate verify failed
Do you know what this means, and how to resolve it?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Quoting - javierandrescaceres
Thanks for the posting. I've configured the debug_level property to 2 in the imrsdk.ini file, per the directions in your article. Here is the contents of the log.txt file, after attempting to use Serial-over-LAN with this debug level:
LOG STARTED Sun Mar 22 12:10:22 2009
NETMGR: Signal socket created: 1716
SSLSocket::connect: func SSL3_GET_SERVER_CERTIFICATE, reason certificate verify failed
Do you know what this means, and how to resolve it?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Quoting - javierandrescaceres
Hello Trevor,
Have you ever read my post about this error message?
Maybe this hels you:
http://software.intel.com/en-us/blogs/2009/03/19/troubleshooting-the-imr_res_tls_connection_failed-error-in-mutual-tls/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - Trevor Sullivan
Hello Trevor,
This tells us that is something about certificates. I have not seen this error message before but here Igive you some steps you can perform:
-Verify the expiration dates of the client/server certificate.
-Verify that the machine where your management console is installed owns a client certificate that AMT machine can accept (no matter if it's the server, anyway it's required a client certificate for the server too).
-Navigate to the client certificate (by using its WebUI) and look at the issuer certificate's serial number to verify that matches your server root serial number.
-Navigate to the server certificateand verify if ti holds a "Server Authentication" enhanced key usage.
If you can verify all these steps and theyare ok, I think it's a good time to contact the Intel support guys to ask them under what circumnstances does this error apper?
I hope this helps you
=)
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- « Previous
-
- 1
- 2
- Next »