Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2847 Discussions

AMT_AuditLog does not work. (500 error)

jic5760
New Contributor I
2,395 Views

AMT_AuditLog suddenly stops working, which also causes provisioning to fail. (Failed to add TLS certificate)

Is it because the AuditLog is full? Is there a way to forcefully clear AuditLog?

 

jic5760_1-1707889685570.png

<MeshCommander>

 

 

POST /wsman HTTP/1.1
Host: 127.0.0.1:26992
Content-Length: 794

<?xml version="1.0" encoding="utf-8"?><Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns="http://www.w3.org/2003/05/soap-envelope" ><Header><a:Action>http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action><a:To>/wsman</a:To><w:ResourceURI>http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AuditLog</w:ResourceURI><a:MessageID>303</a:MessageID><a:ReplyTo><a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address></a:ReplyTo><w:OperationTimeout>PT60S</w:OperationTimeout></Header><Body><Enumerate xmlns="http://schemas.xmlsoap.org/ws/2004/09/enumeration" /></Body></Envelope>

====================================================================================================

HTTP/1.1 200 OK
Date: Wed, 14 Feb 2024 05:45:50 GMT
Content-Length: 1085
Content-Type: text/xml; charset=utf-8

<?xml version="1.0" encoding="UTF-8"?><a:Envelope xmlns:a="http://www.w3.org/2003/05/soap-envelope" xmlns:b="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:c="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:d="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:e="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:f="http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd" xmlns:g="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><a:Header><b:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</b:To><b:RelatesTo>303</b:RelatesTo><b:Action a:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/EnumerateResponse</b:Action><b:MessageID>uuid:00000000-8086-8086-8086-00000000032C</b:MessageID><c:ResourceURI>http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AuditLog</c:ResourceURI></a:Header><a:Body><g:EnumerateResponse><g:EnumerationContext>DC000000-0000-0000-0000-000000000000</g:EnumerationContext></g:EnumerateResponse></a:Body></a:Envelope>

====================================================================================================

POST /wsman HTTP/1.1
Host: 127.0.0.1:26992
Content-Length: 866

<?xml version="1.0" encoding="utf-8"?><Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns="http://www.w3.org/2003/05/soap-envelope" ><Header><a:Action>http://schemas.xmlsoap.org/ws/2004/09/enumeration/Pull</a:Action><a:To>/wsman</a:To><w:ResourceURI>http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AuditLog</w:ResourceURI><a:MessageID>304</a:MessageID><a:ReplyTo><a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address></a:ReplyTo><w:OperationTimeout>PT60S</w:OperationTimeout></Header><Body><Pull xmlns="http://schemas.xmlsoap.org/ws/2004/09/enumeration"><EnumerationContext>DC000000-0000-0000-0000-000000000000</EnumerationContext></Pull></Body></Envelope>

====================================================================================================

HTTP/1.1 500 Internal Server Error
Date: Wed, 14 Feb 2024 05:45:50 GMT
Content-Length: 1231
Content-Type: text/xml; charset=utf-8

<?xml version="1.0" encoding="UTF-8"?><a:Envelope xmlns:g="http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd" xmlns:f="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:e="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:d="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:c="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:b="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" xmlns:h="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:i="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><a:Header><b:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</b:To><b:RelatesTo>304</b:RelatesTo><b:Action a:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/fault</b:Action><b:MessageID>uuid:00000000-8086-8086-8086-00000000032E</b:MessageID></a:Header><a:Body><a:Fault><a:Code><a:Value>a:Receiver</a:Value><a:Subcode><a:Value>c:InvalidEnumerationContext</a:Value></a:Subcode></a:Code><a:Reason><a:Text xml:lang="en-US">The supplied enumeration context is invalid.</a:Text></a:Reason><a:Detail></a:Detail></a:Fault></a:Body></a:Envelope>

 

0 Kudos
12 Replies
MIGUEL_C_Intel
Employee
2,354 Views

Hello, jic5760,


MeshCommander support has been discontinued; the provisioning and the remote accessing might suffer issues with some endpoints. Endpoints with Intel® Core processors 12 or higher might not work. I am sorry for the inconvenience.


The supported manageability software available is:


Intel® Endpoint Management Assistant (Intel® EMA)

https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html


I am adding useful links:

Intel® Endpoint Management Assistant (Intel® EMA) Server Installation and Maintenance Guide

https://www.intel.com/content/www/us/en/support/articles/000055629/software/manageability-products.html


Intel® Endpoint Management Assistant (Intel® EMA) Admin and Usage Guide

https://www.intel.com/content/www/us/en/support/articles/000055619/software/manageability-products.html


Video: Intel EMA Remote Management Quick-Start Guide | Intel Business

https://www.youtube.com/watch?v=HEArKvvszS8


I will gladly assist with the Intel® EMA implementation.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
jic5760
New Contributor I
2,344 Views
This is not a MeshCommander problem.
The AMT_AuditLog class is a feature that has been in AMT for a long time, and it worked fine until yesterday.

Perhaps some firmware bug occurred when NVRAM was full.

The ME version is 15.0.47, and the computer is Dell Latitude 4720.
Reinstalling the battery did not solve the problem.
0 Kudos
MIGUEL_C_Intel
Employee
2,321 Views

Hello, jic5760,


I understand your frustration; however, MeshCommander support has ended and the communication with Intel® AMT will start failing.  Compatible issues will be seen.


On behalf of Intel, I am sorry for the issue experienced.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
jic5760
New Contributor I
2,308 Views
Forget MeshCommander. The same thing happens if make a request with PostMan.
Error 500 appears and appears to be a firmware problem.
Whether it's EMA or OACT, it's all the same.
0 Kudos
MIGUEL_C_Intel
Employee
2,258 Views

Hello, jic5760,


On behalf of Intel, we apologize for the provisioning issue experienced.


Please provide me with the following information; I will gladly assist you.


Endpoint information:

System Manufacturer, model, BIOS version, Management Engine driver


Intel® EMA Configuration Tool (ECT) provides all the information.

https://www.intel.com/content/www/us/en/download/19805/30485/intel-endpoint-management-assistant-configuration-tool-intel-ema-configuration-tool.html


After downloading and installing.

a- Open a command prompt as administrator (alternatively, you can run the tool from Windows PowerShell*).

b- Navigate to the installation folder (default C:\Program Files (x86)\Intel\EMAConfigTool).

c- Run the command: EMAConfigTool.exe –verbose


-Current Intel® EMA version

-Control Mode (Admin or Client)

-Does the endpoint share the same EMA Server domain?

-If you are trying the Admin Control Mode, please let me know if you bought an Intel® AMT Certificate.


EMA only works with TLS 1.2 (HTTPS), port 16993.  The port 16992 is blocked by Intel® EMA software and it is blocked by the processor firmware in endpoints running Intel® Core 12 gen and higher.


Transport Layer Security

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/transportlayersecurity.htm


Intel AMT and Security Considerations

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/intelamtandsecurityconsiderations1.htm


I look forward to hearing back from you.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
jic5760
New Contributor I
2,211 Views

 

 

 

C:\Program Files (x86)\Intel\EMAConfigTool>EMAConfigTool.exe -v

Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 2024-02-16 오후 2:38:36

*** Host Computer Information ***
Computer Name: DESKTOP-BDGSND3Q
Manufacturer: Dell Inc.
Model: Latitude 7420
Processor: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz
Windows Version: Microsoft Windows 11 Pro
BIOS Version: 1.32.0
UUID: 4C4C4544-004E-3110-8030-C8C04F424333

*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 15.0.47.2521
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: True

*** ME Information ***
Version: 15.0.47.2521
SKU: Intel(R) Full AMT Manageability
State: Provisioned
Control Mode: Admin
Driver Installed: True
Driver Version: 2336.5.2.0
PKI DNS Suffix: amt-provisioning-domain.com
LMS State: Running
LMS Version: 2336.5.2.0
MicroLMS State: NotPresent
EHBC Enabled: False

*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: False
HW Crypto Enabled: True
Current Provisioning state: POST_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: False
IDER Enabled: False
FWUpdate Enabled: False
LinkIsUp state: False
KVM Enabled: False
RSE Enabled: True

*** Power Management Capabilities ***
Supported Power States:
   5: PowerCycle_Off_Soft
   8: Off_Soft
   2: On
   10: Master_Bus_Reset
   11: NMI
   7: Hibernate
   12: Off_Soft_Graceful
   14: MasterBusReset_Graceful
Power Change Capabilities:
   2: On
   3: SleepLight
   4: SleepDeep
   7: Hibernate
   8: Off_Soft

*** CIRA Information ***
CIRA Server: Not Found
CIRA Connection Status: NOT_CONNECTED
CIRA Connection Trigger: USER_INITIATED

*** ME Wired Network Information ***
ME Wired Interface Not Detected

*** ME Wireless Network Information ***
Wireless Interface Enabled: False
Link Status: Down
IP Address: 0.0.0.0
MAC Address: Information Unavailable
DHCP Enabled: True
DHCP Mode: Unknown

*** Last AMT Provisioning Attempt Details ***
Host Initiated: True
Provisioning TLS Mode: PKI
Provisioning Root Cert: 34:60:96:05:9D:23:57:55:86:1C:D3:F5:BB:22:13:9D:8B:04:2D:BE:4E:41:30:50:36:33:23:CB:68:CC:A0:24
Provisioning Cert Hash Type: SHA256
Provisioning Server FQDN: amt-provisioning-domain.com
Provisioning Server IP: Not Set
Secure DNS Mode: True
TLS Start Time: 2024-02-14 오후 4:08:24

*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: Our Self-Signed AMT CA, SHA256, 34:60:96:05:9D:23:57:55:86:1C:D3:F5:BB:22:13:9D:8B:04:2D:BE:4E:41:30:50:36:33:23:CB:68:CC:A0:24, Active, Not Default;
Root Cert 20: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 21: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 22: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

 

 

 

 

Audit Log packet

 

 

POST /wsman HTTP/1.1
Authorization: Digest username="admin",realm="Digest:54B7FAD83FD8CD92AA38AE118A971515",nonce="ZVsFAE4EAAAAAAAA8aQQrVRXNZBA09ON",uri="/wsman",qop="auth",response="47382a63c9047927177fcec45d7e2b0c",nc="199",cnonce="7iydnuq5mi"
Host: 127.0.0.1:16992
Content-Length: 794

<?xml version="1.0" encoding="utf-8"?><Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns="http://www.w3.org/2003/05/soap-envelope" ><Header><a:Action>http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action><a:To>/wsman</a:To><w:ResourceURI>http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AuditLog</w:ResourceURI><a:MessageID>197</a:MessageID><a:ReplyTo><a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address></a:ReplyTo><w:OperationTimeout>PT60S</w:OperationTimeout></Header><Body><Enumerate xmlns="http://schemas.xmlsoap.org/ws/2004/09/enumeration" /></Body></Envelope>
====================================================================================================
HTTP/1.1 200 OK
Date: Fri, 16 Feb 2024 14:41:16 GMT
Server: Intel(R) Active Management Technology 15.0.47.2521
X-Frame-Options: DENY
Content-Type: application/soap+xml;charset=UTF-8
Transfer-Encoding: chunked

<?xml version="1.0" encoding="UTF-8"?><a:Envelope xmlns:a="http://www.w3.org/2003/05/soap-envelope" xmlns:b="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:c="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:d="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:e="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:f="http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd" xmlns:g="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><a:Header><b:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</b:To><b:RelatesTo>197</b:RelatesTo><b:Action a:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/EnumerateResponse</b:Action><b:MessageID>uuid:00000000-8086-8086-8086-0000000000E5</b:MessageID><c:ResourceURI>http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AuditLog</c:ResourceURI></a:Header><a:Body><g:EnumerateResponse><g:EnumerationContext>30000000-0000-0000-0000-000000000000</g:EnumerationContext></g:EnumerateResponse></a:Body></a:Envelope>
====================================================================================================
POST /wsman HTTP/1.1
Authorization: Digest username="admin",realm="Digest:54B7FAD83FD8CD92AA38AE118A971515",nonce="ZVsFAE4EAAAAAAAA8aQQrVRXNZBA09ON",uri="/wsman",qop="auth",response="8a338386c25af9e5367fe60d6fe8d0a6",nc="200",cnonce="7iydnuq5mi"
Host: 127.0.0.1:16992
Content-Length: 866

<?xml version="1.0" encoding="utf-8"?><Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns="http://www.w3.org/2003/05/soap-envelope" ><Header><a:Action>http://schemas.xmlsoap.org/ws/2004/09/enumeration/Pull</a:Action><a:To>/wsman</a:To><w:ResourceURI>http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AuditLog</w:ResourceURI><a:MessageID>198</a:MessageID><a:ReplyTo><a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address></a:ReplyTo><w:OperationTimeout>PT60S</w:OperationTimeout></Header><Body><Pull xmlns="http://schemas.xmlsoap.org/ws/2004/09/enumeration"><EnumerationContext>30000000-0000-0000-0000-000000000000</EnumerationContext></Pull></Body></Envelope>
====================================================================================================
HTTP/1.1 500 Internal Server Error
Date: Fri, 16 Feb 2024 14:41:16 GMT
Server: Intel(R) Active Management Technology 15.0.47.2521
X-Frame-Options: DENY
Content-Type: application/soap+xml;charset=UTF-8
Transfer-Encoding: chunked

<?xml version="1.0" encoding="UTF-8"?><a:Envelope xmlns:g="http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd" xmlns:f="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:e="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:d="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:c="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:b="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" xmlns:h="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:i="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><a:Header><b:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</b:To><b:RelatesTo>198</b:RelatesTo><b:Action a:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/fault</b:Action><b:MessageID>uuid:00000000-8086-8086-8086-0000000000E7</b:MessageID></a:Header><a:Body><a:Fault><a:Code><a:Value>a:Receiver</a:Value><a:Subcode><a:Value>c:InvalidEnumerationContext</a:Value></a:Subcode></a:Code><a:Reason><a:Text xml:lang="en-US">The supplied enumeration context is invalid.</a:Text></a:Reason><a:Detail></a:Detail></a:Fault></a:Body></a:Envelope>

 

 

Also, “Monitor Access” in “Intel Management and Security Status” does not work.

 

jic5760_0-1708062280485.png

 

 

 

 

 

0 Kudos
MIGUEL_C_Intel
Employee
2,204 Views

Hello, jic5760,


I finished reviewing the information provided and noted the endpoint is talking through port 16992. Intel® AMT 15 and newer only talk on port 16993 (HTTPS). As well, Intel® EMA only talks through HTTPS.


PKI DNS suffix option was included in the MEBx BIOS, please tell me about the Certificate chain. Please validate that the 3 sections (Root, Intermediate, and Domain) are SHA256 in IIS or MMC.


In addition, please confirm which embedded network adapter you use (wired, wireless, or anything else). 


I look forward to hearing back from you.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
MIGUEL_C_Intel
Employee
2,119 Views

Hello, jic5760,


I am following up on the post. 


By any chance, have you been able to review the Certificate chain specifications? 


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
jic5760
New Contributor I
2,106 Views

Yes, I checked, but there is no problem with the certificate chain.
So SetupAdmin is successful and enters ACM mode.
However, after that, AMT_PublicKeyManagementService.AddTrustedRootCertificate is attempted to set up MPS, but an error occurs because the audit log cannot be written.

0 Kudos
MIGUEL_C_Intel
Employee
2,103 Views

Hello, jic5760,


I am sorry for the issue.


Please send the Certificate chain screenshot from IIS showing the 3 components (Root, Intermediate, and Domain) from the Certification Path tab; the 3 components should be SHA256. In addition, share a screenshot of how the Certificate chain looks in the EMA console settings tab (using the Tenant Account).


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Victor_G_Intel
Employee
2,004 Views

Hello jic5760,

 

We hope this message finds you well.

 

Do you have any updates for this thread?


Best regards,


Victor G.

Intel Technical Support Technician


0 Kudos
MIGUEL_C_Intel
Employee
1,944 Views

Hello, jic5760,


I just wanted to follow up on the post. If further assistance is necessary, do not hesitate to reply.


Regards,

Miguel C.

Intel Customer Support Technician



0 Kudos
Reply