Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2929 Discussions

AMT unprovisioning / factory reset

Christoph_Amann
Beginner
1,733 Views

Hi,

 

I'm trying to factory reset ("unprovision") AMT on laptops for which I do not have the MBEX password.

Is there any other option than removing the CMOS battery? The EMAConfig Tool requires a password and I have also tried intel-sa-00075_unprovisioningtool_1.0.0.0025 but this only reduces the following error:

9:49:55 am - INTEL-SA-00075 Unprovisioning Tool version 1.0.0.0025.
9:49:55 am -
9:49:55 am - Connecting to LMS....
9:49:55 am - Failed to read provisioning state: 401
9:49:55 am -
9:49:55 am - Done.

Many thanks in advance!

Christoph

 

 

 

0 Kudos
7 Replies
Victor_G_Intel
Employee
1,706 Views

Hello Christoph_Amann,

 

Thank you so much for contacting Intel customer support,

 

Please try with the following methods:


https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/unconfigureanintelamtdevice.htm


https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/cfgunprovision.htm


Note: Please have in mind that these two methods are used in scenarios where the local user does not have access to the admin password; however, these will only work if AMT is in Client Control mode.

 

Best regards,

 

Victor G.

Intel Technical Support Technician


0 Kudos
Christoph_Amann
Beginner
1,702 Views

Hi Victor,

 

Both of the links point to the Intel AMT SDK. Does Intel provide a tool to factory reset AMT? The ones I have tried do not seem to work (EMAConfig Tool / intel-sa-00075_unprovisioningtool_1.0.0.0025)

 

Regards

Christoph

 

0 Kudos
Victor_G_Intel
Employee
1,655 Views

Hello Christoph_Amann,

 

Thank you for your response.


If you provisioned these endpoints with EMA you should be able to use the script below to get their password.


PowerShell.exe -ExecutionPolicy Bypass -File Get-IntelEMAEndpointMEBXPassword.ps1 -emaServerURL <EMA FQDN> -hostname <CLIENT NAME>-Verbose


If the endpoints are in Admin Mode you can use the command below to unprovision them once you have their passwords; however, if they happen to be in Client Mode you will only need the command below and no password, just remember that these commands only work if the endpoints were originally provisioned with EMA.


Intel® EMA Configuration Tool


https://www.intel.com/content/www/us/en/download/19805/intel-endpoint-management-assistant-configuration-tool-intel-ema-configuration-tool.html


Commands:


1- Admin Mode: EMAConfigTool.exe --unconfigure --password <AMT admin password>


2- Client Mode: EMAConfigTool.exe --unconfigure


Additionally, in case you didn’t do the provisioning of these endpoints with EMA and only set up AMT on them the only option left will be to remove the CMOS on each laptop since we don't have a tool that can factory reset AMT.


Best regards, 

 

Victor G.

Intel Technical Support Technician


0 Kudos
Christoph_Amann
Beginner
1,610 Views

Hi Victor,

I have tried to retrieve the password using the Get-IntelEMAEndpointMEBXPassword.ps1 PS script (from https://www.intel.com/content/www/us/en/support/articles/000088984/software/manageability-products.html) but I'm getting the error below.

 

PowerShell.exe -ExecutionPolicy Bypass -File Get-IntelEMAEndpointMEBXPassword.ps1 -emaServerURL REMOVED -hostname REMOVED
 
Invoke-WebRequest : {"error":"unsupported_grant_type","error_description":"Standard OAuth authorization grant is disabled. Please use GET /accessTokens/getUsingWindowsCredentials URI
instead."}
At C:\ps\Get-IntelEMAEndpointMEBXPassword.ps1:156 char:24
+ ...  { $token = Invoke-WebRequest -Uri "$emaServerURL/api/token" -UseBasi ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
 
(EMA server is running Windows Server 2019)
 
Regards
Christoph
 
0 Kudos
Victor_G_Intel
Employee
1,585 Views

Hello Christoph_Amann,

 

Thank you for your response.


Based on the output you provided, one of two things might be happening. Did you add the -verbose part to the end of the command as well as the required spaces between the different parts of the command? The command should look something like the examples below:


PS> ./Get-IntelEMAEndpointMEBXPassword.ps1 -emaServerURL EMAServer.demo.com -hostname hostname -Verbose


C:\> PowerShell.exe -ExecutionPolicy Bypass -File Get-IntelEMAEndpointMEBXPassword.ps1 -emaServerURL EMAServer.demo.com -hostname hostname -Verbose


Also, please bear in mind that if these systems where previously provisioned by another EMA instance other than your current one, it doesn’t matter if the command’s syntax is perfect the output will always fail.


Best regards,

 

Victor G.

Intel Technical Support Technician


0 Kudos
Victor_G_Intel
Employee
1,492 Views

Hello Christoph_Amann,

 

Were you able to check the previous message we sent?  


Please let us know if you need further assistance.

 

Best regards,

 

Victor G.

Intel Technical Support Technician


0 Kudos
Victor_G_Intel
Employee
1,462 Views

Hello Christoph_Amann,


We have not heard back from you.


If you need any additional information, please submit a new question as this thread will no longer be

monitored.


Regards,


Victor G.

Intel Technical Support Technician


0 Kudos
Reply