Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2878 Discussions

AMT provisioned machines becoming unauthorized



I not sure if this is something that I should be asking here or on the HP support site. We have 48 HP EliteDesk 800 G2 DM 65W mini desktop machines. I provisioned them all with a very basic profile and they have been working and responding correctly to AMT commands. However after a time some of the machines became unauthorized and the only way to fix this was to reset the AMT in the BIOS to un-provisioned and then provision them again.

Does anybody have any idea why the machines are becoming unauthorized?


8 Replies

Your AMT management SW can't access Intel AMT - can't authorize due to :

  • AMT user password and/or user name is not valid or was changed via other means (by other person over ex AMT Legacy Web Ui, or too simple and hacked by brute force).
  • if AD integration was used - Kerberos AMT objects (with $iME suffix) may be manually modified, removed (by AD cleaning sctript/tool), moved to different OU, Kerberos password for this object expired, AMT internal time and AD time differ by more than 5min 00 sec. AMT FQDN does not match OS FQDN anymore - OS FQDN may be changed without reconfiguring AMT.


    If other management console is used required Registry keys for Kerberos over non standard port are not installed for Legacy WebUi use with MS Internet Explorer.
  • if TLS is used - AMT TLS cert expired or AMT FQDN does not match OS FQDN anymore - OS FQDN may be changed without reconfiguring AMT- so connection to OS FQDN is trying to use AMT FQDN (differnet) TLS cert that is not trused for this connection name.

Try to use system actual IP addres in the IE (not Edge) with Integrated AD authnetication beeing disabled - use defined AMT Digest Adminstrator (admin) password to connect.


If you will see certificate error - accept it and check cert CN vs AMT FQDN in AMT Legacy WebUi vs OS FQDN - get them in synch by reconfiguring AMT again.


Dariusz Wittek


Intel EMEA Biz Client Solution Architect
0 Kudos


I've written a little powershell script to subscribe to events from the AMT. If someone changes an AMT user or password then an event should be generated and passed on. Is this correct?

Some of this hardware/firmware is flaky! I was trying to reinstall the drivers and the error platform not supported was being shown. The resolution was to remove the power supply and plug it in again. However most of the machines just become unauthorized and so far I've not seen any Security Alert messages.

The script is

[CmdletBinding()] param([Parameter(Mandatory=$True,Position=1)][string]$hostname) # write-host "host name is $hostname" $username="admin" $password="password" $lstn = "http://myhost:999" Add-Type -Path 'C:\Program Files\Intel Corporation\Intel(R) vPro(tm) Platform Solution Manager\Bin\HLAPI.dll' Add-Type -Path 'C:\Program Files\Intel Corporation\Intel(R) vPro(tm) Platform Solution Manager\Bin\IWSManClient.dll' $auth = [Intel.Manageability.ConnectionInfoEX+AuthMethod]::Digest $cs = New-Object Intel.Manageability.ConnectionInfoEX($hostname,$username,$password,$False,"",$auth,$null,$null,$null) Try { $amt = [Intel.Manageability.AMTInstanceFactory]::CreateEX($cs) } Catch { write-host "Cannot connect to $hostname : $_.Exception.Message" -ForegroundColor Red Break } $wsfilter = [Intel.Manageability.Events.FilterName]::All $sidtype = [Intel.Manageability.Events.SenderIDType]::FQDN # $sidtype = [Intel.Manageability.Events.SenderIDType]::CurrentAddress $sip = [Intel.Manageability.Events.SenderIDPlacing]::HTTPHeader $sub = New-Object Intel.Manageability.Events.Subscription($lstn,$wsfilter,$sidtype) $sub.SenderIDPlacing = $sip $subs = $amt.Events.WSEvents.EnumerateSubscriptions() If (@($subs).length -gt 1) { write-host "$hostname subscribed to" @($subs).length subscriptions -ForegroundColor Yellow $amt.Events.WSEvents.UnSubscribeAll() $subs = $amt.Events.WSEvents.EnumerateSubscriptions() } If (@($subs).length -eq 1) { write-host "$hostname already subscribed to"$subs[0].ListenerAddress -ForegroundColor Yellow } ElseIf (@($subs).length -lt 1) { write-host "$hostname subscribed to $lstn" -ForegroundColor Green $amt.Events.WSEvents.Subscribe($sub) }

The listening script is:

Add-Type -Path 'C:\Program Files\Intel Corporation\Intel(R) vPro(tm) Platform Solution Manager\Bin\HLAPI.dll' Add-Type -Path 'C:\Program Files\Intel Corporation\Intel(R) vPro(tm) Platform Solution Manager\Bin\IWSManClient.dll' $listener = New-Object HLAPI.Services.WSEventListener([IPAddress]::Any,'999') Register-ObjectEvent $listener OnNewEventArrived -SourceIdentifier $listener.OnNewEventArrived -Action { $Result = "" + $Event.SourceEventArgs.Sender + "; " ` + $Event.SourceEventArgs.EventData.AlertType + "; " ` + $Event.SourceEventArgs.EventData.IndicationFilterName + "; " ` + $Event.SourceEventArgs.EventData.IndicationTime.ToString("yyyy-MM-dd HH:mm:ss") + "; " ` + $Event.SourceEventArgs.EventData.MessageDescription write-host $Result $Result | Out-File .\messages.log -Append } $listener.StartListening()

The scripts seem to work.

0 Kudos


if disconnecting power helps at least partially it may mean you have pretty old version of ME FW - there may be some bugs that are already fixed.

Please check OEM support download site for ME FW update packages.

0 Kudos

Hi Dariusz,

How old is pretty old?

HPs latest BIOS is 02.20 but cannot be downgraded, but I believe is the latest ME firmware.

I don't think that AMT is sending a SecurityAlerts when the admin password is changed - reckon it should be.


chzrhpmd001 N21 Ver. 02.19 06/01/2016

chzrhpmd002 N21 Ver. 02.19 06/01/2016

chzrhpmd003 N21 Ver. 02.19 06/01/2016

chzrhpmd004 N21 Ver. 02.19 06/01/2016

chzrhpmd005 N21 Ver. 02.19 06/01/2016

chzrhpmd006 N21 Ver. 02.19 06/01/2016

chzrhpmd007 N21 Ver. 02.19 06/01/2016

chzrhpmd008 N21 Ver. 02.19 06/01/2016

chzrhpmd009 N21 Ver. 02.19 06/01/2016

chzrhpmd010 N21 Ver. 02.19 06/01/2016

chzrhpmd011 no ping response

chzrhpmd012 N21 Ver. 02.19 06/01/2016

chzrhpmd013 N21 Ver. 02.19 06/01/2016

chzrhpmd014 N21 Ver. 02.19 06/01/2016

chzrhpmd015 N21 Ver. 02.19 06/01/2016

chzrhpmd016 N21 Ver. 02.19 06/01/2016

chzrhpmd017 N21 Ver. 02.19 06/01/2016

chzrhpmd018 N21 Ver. 02.19 06/01/2016

chzrhpmd019 N21 Ver. 02.19 06/01/2016

chzrhpmd020 N21 Ver. 02.19 06/01/2016

chzrhpmd021 N21 Ver. 02.19 06/01/2016

chzrhpmd022 N21 Ver. 02.19 06/01/2016

chzrhpmd023 no ip address

chzrhpmd024 N21 Ver. 02.19 06/01/2016

chzrhpmd025 N21 Ver. 02.19 06/01/2016

chzrhpmd026 N21 Ver. 02.19 06/01/2016

chzrhpmd027 N21 Ver. 02.19 06/01/2016

chzrhpmd028 N21 Ver. 02.19 06/01/2016

chzrhpmd029 N21 Ver. 02.19 06/01/2016

chzrhpmd030 N21 Ver. 02.19 06/01/2016

chzrhpmd031 N21 Ver. 02.19 06/01/2016

chzrhpmd032 N21 Ver. 02.19 06/01/2016

chzrhpmd033 N21 Ver. 02.19 06/01/2016

chzrhpmd034 N21 Ver. 02.19 06/01/2016

chzrhpmd035 N21 Ver. 02.19 06/01/2016

chzrhpmd036 N21 Ver. 02.19 06/01/2016

chzrhpmd037 N21 Ver. 02.19 06/01/2016

chzrhpmd038 N21 Ver. 02.19 06/01/2016

chzrhpmd039 N21 Ver. 02.19 06/01/2016

chzrhpmd040 N21 Ver. 02.19 06/01/2016

chzrhpmd041 N21 Ver. 02.19 06/01/2016

Kind regards


0 Kudos

Hi Dariusz,

The profile is really basic, no TLS and no AD integration, just user name and password over http. We have the 48 mini desktops in a secure room about 3m from the ground. People connect to these machines using thin clients and Citrix. It is possible that someone is messing around changing the passwords but I don't think so. These machines have been doing this from the start of configuring them and even before they have been deployed to the server room.

Other workstation models don't seem to be having the same problem but it is difficult to confirm as you only find out when needing to access them. I have written a script to check the 40+ machines in the secure room that we can still connect but not for other machines.

Is there anything else I can try like add a second admin user to see if it is just admin that is becoming de-authorized?

Thanks and kind regards


0 Kudos


Some more information.

I created an additional administrator on the AMT for the first set of machine. Today 18 machines changed state to unauthorized and this also affected the second administrator. I really don't believe that a person was logging into the AMT of 18 machines and changing the password of the admin account and deleting the second administrator.

I'm wondering two things:

1) How to automate adding a second user with the HLAPI (there seem to be very few examples of using the HLAPI and the reference documentation does not help)

2) Are there any events that are sent when someone logs onto or fails to log onto the AMT interface.

I'm seeing a few messages like:

CommunicationsAlert; Intel(r) AMT:AllEvents; The LAN has been connected.

and am wondering what is causing these (the machines are not being powered off or rebooted).

When a machine is rebooted I'm seeing a couple of messages like:

SecurityAlert; Intel(r) AMT:AllEvents; The computer system Managed System has detected a pre-boot user password violation.

A few seconds before the LAN connected message.

Any ideas?

Thanks and regards,


0 Kudos


I have same problem. 8 of 9 provisioned machines become Unauthorized. I can manage only one.

All this PC in another city.

Motherboard: Gigabyte Q170-DH3

Processor: Intel® Core™ i5-6500 Processor (6M Cache, up to 3.60 GHz) Specifications

Help me!

0 Kudos


we have the same issue. HP 800 G2 Computers become Unauthorized which is really bad because we do a lot of remote Administration...

Any Ideas?

0 Kudos