Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

vPro issues with X1 Tablet 2nd Gen



Just got an X1 Tablet 2nd Gen (model 20JC) and am working on setting up vPro. No wired NIC so I'm finding this article useful:

The machine is primarily a desktop replacement and is connected to a Lenovo USB-C dock for power, Ethernet, and two external monitors. One of the monitors goes off the dock's native DisplayPort; the other external monitor goes through USB to an old Pluggable dock. AMT firmware and software are current--from MEWinINfo.exe:

BIOS Version                                 N1OET37W (1.22 )
MEBx Version                       
GbE Version                                  Unknown
Vendor ID                                    8086
PCH Version                                  21
FW Version                          LP
Security Version (SVN)                       3
LMS Version                        
MEI Driver Version                 
Wireless Hardware Version                    2.1.77
Wireless Driver Version            


I got Wi-Fi enabled for vPro using the WebUI (took me a while to figure out I had to do that from the host system, e.g. http://localhost:16992/). After that, I was able to connect from another machine on the LAN. Then, using Mesh Commander 0.5.8, I set up a certificate for the machine and enabled TLS. So far so good!

I have three issues:

1. Per the article linked above, AMT should work in S5 (power off). I can shut down remotely from Mesh, but once down, the machine is not on Wi-Fi. I confirmed in my router that it was offline.

2. If a user is logged in and I try to start a remote KVM session from Mesh, I just see some strange icons in Mesh (screenshot below) and the user does not get the dancing border. However, if the screen is locked (from a Windows perspective), Mesh can connect, the user sees the border, and I can log on remotely and work as normal in Mesh KVM. The second external monitor, connected through the USB hub, doesn't work, but that's not a big deal. What is a kinda big deal is that the KVM can't connect to an active session; here's what it looks like when I try that:


3. When the system boots, it is connected to the dock and thus to the wired LAN. (The dock has a non-vPro Realtek NIC.)  It seems that in this state, even though Wi-Fi is set to connect automatically, Windows 10 does not turn on Wi-Fi. This means vPro is not available unless the user manually connects to Wi-Fi.

Thanks for your help,

Mark Berry
MCB Systems

0 Kudos
3 Replies

Hey Mark,

Lets start with your wireless issues first and it will probably fix your s5 state issue as well. Wireless is tricky in that the OS actually owns the interface in contrast to the wired LAN port.

It could be an issue with the Wireless Driver and how it is handing off control back to the firmware. Try this please

  1.  X1 - go into the WebUI and verify that the reported wireless IP is the same as OS IP.
  2. Management System - Initiate a on terminating ping to the x1 AMT Wireless interface - ping <ipAddress> -t
    1. note the ttl
  3. x1 - From the OS go to Control Panel\Network and Internet\Network Connections
    1. Right Click the OS Wireless connection
    2. Select Disable
  4. X1 - If everything works correctly you will see a few lost packets as the OS hands control over to the AMT wireless interface and the TTL will change to something like 255
    1. If it doesn't immediately pickup wait 5 to 10 minutes
      1. Does it ever pickup?
        1. If no, then your Wireless Profile is not set up correctly, try changing the encryption mechanism
        2. If yes your wireless Profile is fine, you need to update your wireless driver

Let me know your results




0 Kudos


Thanks for your reply. You're right; the firmware never picks up the Wi-Fi when I disable Wi-Fi in the OS, even after five minutes.

My UniFi access point is configured to allow connection as "WPA Personal".

Windows sees this as "WPA2-Personal" with Encryption type "AES".

In the vPro WebUI, I chose WPA-PSK. There is no mention of AES encryption. I had it on TKIP, then changed to CCMP encryption. Neither one allowed the ping with the Wi-Fi disabled. Do I need to reboot after such a change?

I thought maybe I could see in the WebUI event log whether the Wi-Fi is connecting but I don't see any related messages. I do see this a couple times:

6:47 pm
Intel® AMT Authentication failed 10 times. The system may be under attack.

Mark Berry

0 Kudos


1. The tablet has been rebooted at least once. Tried the ping test again with Wi-Fi disabled. "Destination host unreachable".

Question:  I read somewhere that AMT over Wi-Fi only works when the system is plugged in. How does the host determine/define that? This tablet only has USB-C for power, no discreet power jack. I've tested with both USB-C power from the dock and directly from the power adapter.

2. I connected my main 1600x1200 display with a DisplayPort-to-VGA cable plugged directly into the tablet, not going through the dock. I still get the mostly-black screen when I use Mesh to Remote Desktop to a live session. Clicking on the 1/2/3 buttons lower right changes nothing.

0 Kudos