AD Integration broken after KB5008102 - Page 2

SysArch · ‎11-16-2021

Hello

After the installation the security patch KB5008102 on our Domain Controllers, the AD integration is broken:

The security account manager blocked a non-administrator from creating or renaming a computer account using an invalid sAMAccountName. sAMAccountName on computer accounts must end with a single trailing $ sign.

Attempted sAMAccountName: xxxxxxxxx$iME
Recommended sAMAccountName: xxxxxxxxx$iME$

Link to the Microsoft KB: https://support.microsoft.com/en-gb/topic/kb5008102-active-directory-security-accounts-manager-hardening-changes-cve-2021-42278-5975b463-4c95-45e1-831a-d120004e258e

Unfortunately, uninstalling the security patch is not an option.

SergioS_Intel · ‎01-06-2022

Hello somersetchris,

We are following your case and would like to know if you need more assistance or we can close this thread.

Best regards,

Sergio S.

Intel Customer Support Technician

somersetchris · ‎01-07-2022

Hi Sergio,

Unfortunately there would appear to be some missing components from the release, specifically the Util's folder.

This contains the SCSEncryption.exe required to decrypt the profiles.xml file.

Encryption has changed in release 12, meaning a compatible version is needed to decrypt the new profile and manually edit the file to switch User Consent Off.

Thanks

Chris

Mr_vPro · ‎01-10-2022

Chris,

Intel SCSEncryption.exe tool was always part of Full SCS SW download package (one including RCS server installer) not part of SCS Wizard/Configurator package.

If you still have your Intel SCS 11.x full download package (80+ MB size) use version 11.x of SCSEncryption.exe tool from /Utils folder to decrypt your AMT Profile XML file (with password you used to save it) to clear text XML file and then open this file with Intel SCS 12.2.0.163 Configurator -ACUWizard tool to edit/modify it if needed and save into new XML file name. It will be encrypted with new algorithm and password of your choice.

If you do not have Intel SCS 11.x download package find SCSEncryption.exe tool version 12.2 zipped -attached.

rgds

Dariusz Wittek

Biz Client Technical Sales Specialist | Intel EMEA CCG Technical Sales

somersetchris · ‎01-10-2022

Hi Dariusz,

Thank you for the SCSEncryption tool.

That has successfully decrypted the v12 profile .xml file.

Many thanks for your help.

Chris

SergioS_Intel · ‎01-08-2022

Hello somersetchris,

We are sorry to read about this inconvenience, please allow us more time to research on your issue.

Best regards,

Sergio S.

Intel Customer Support Technician

SergioS_Intel · ‎01-10-2022

Hello somersetchris,

We are following your question and would like to know if you need more assistance or we can close this thread.

Best regards,

Sergio S.

Intel Customer Support Technician

SergioS_Intel · ‎01-13-2022

Hello somersetchris,

We are following your question and would like to know if you need more assistance or we can close this thread.

Best regards,

Sergio S.

Intel Customer Support Technician

SergioS_Intel · ‎01-17-2022

Hello somersetchris,

We are following up on this case that is still open with the issue about the AD Integration broken after KB5008102.

We know that this is important for you to be resolved, and it is also equally important for us to get you the right solution. Since we have not seen an update for several days, we will temporarily close this case within 2 business days.

You can still reopen the case by replying to this email. Please note that your response is made more than 15 days after closing, a new case will be created with reference to the original case.

Best regards,

Sergio S.

Intel Customer Support Technician

SergioS_Intel · ‎01-20-2022

Hello SysArch,

We would like to inform you that we are going to close this thread.

Best regards,

Sergio S.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit :https://intel.com/support/serverbios