Intel vPro® Platform
Intel Manageability Forum (Intel® EMA, AMT, SCS & Manageability Commander)
This community is designed for sharing of public information. Please do not share Intel or third-party confidential information here.
2616 Discussions

AMT Web UI - SCCM Provisioned


Hi all!

I am having difficulty obtaining access to the Web UI on an SCCM provisioned device. I can successfully reach the Web UI at https://FQDN:16993

When i try to login however, the AMT Accounts i specified in SCCM are not working. I found a post by Trevor at outlining a similar situation. I have tried logging into the web ui from the SCCM server without success. I have tried inputing the registry key required by the KB article but that did not work as well. I have confirmed that the Kerberos ticket IS issued however the ticket is issued to an SPN of HTTP/FQDN and not HTTP/FQDN:PORT. Is this correct?


HTTP/ instead of HTTP/

I have verified that the SPN's for the OOB object in AD (created during the provision process) contains SPN's for 16992,16993,16994,16995

I have included a network sniff below showing what is going on. Anybody experience this at all?

Kerberos TGS-REP


Record Mark: 1460 bytes


0... .... .... .... .... .... .... .... = Reserved: Not Set


.000 0000 0000 0000 0000 0101 1011 0100 = Record Length: 1460


Pvno: 5


MSG Type: TGS-REP (13)


Client Realm: DOMAIN.COM


Client Name (Principal): amtadmin


Name-type: Principal (1)


Name: amtadmin




Tkt-vno: 5




Server Name (Service and Instance): HTTP/


Name-type: Service and Instance (2)


Name: HTTP




enc-part rc4-hmac


enc-part rc4-hmac
3 Replies
202 Views This scarcely documented registry key IS REQUIRED however when i had input the key previously, i incorrectly setup a DWORD of iexplore instead of the correct value of iexplore.exe.

BTW im on a Windows 2008 server with Internet Explorer 7. You would think M$ would have adressed this issue by now

Community Manager

Yeah, it's required for all versions of Internet Explorer, including IE8 on Windows 7.


Trevor Sullivan

Community Manager


I am having the exact same issue... I have imported that reg key from the hotfix but it's made no difference (only using server 2008 / Win7 machines)

I can use the OOBConsole and power commands from the SCCM console without issue, but i cannot connect to the WebUI.

I tried the troubleshooting steps here (/thread/3037 but when I got to the packet capture stuff, I didn't know what to look for.

It's almost as if the user account I'm trying to log in with has not been configured on the AMT device....I have added users directly, not AD groups, to the "AMT User Accounts" section in the "AMT Settings" tab of the OOBManagement component in SCCM

Question: Are the user accounts you configure in the SCCM console for the OOBConsole access also used for WebUI access?

Thanks for your help,