Any tips on why my AD integration may be failing, or where to start looking / debugging?

Background:

RCS server deployed in database mode.

AD OU set up and permissioned.

Enterprise CA set up and template created and permissioned.

Profile created on the RCS

acuconfig.exe ConfigViaRCSOnly succeeds and provisions machine. Certificate is created by the CA, Computer object is created in the OU.

Logging on to https://127.0.01:16693/ https://127.0.01:16693/ works using Admin and the "Get configured Password" from the RCS

Logging on to https://127.0.01:16693/ https://127.0.01:16693/ fails for Domain accounts.

Am I missing something here? I assume this should work.

Provisioning command:

acuconfig.exe /Verbose /Output Console ConfigViaRCSOnly rcsserver.mydomain.com StandardLan /AbortOnFailure /ADOU OU=AMT,OU=Others,DC=mydomain,DC=com /RCSBusyRetryCount 5

Profile details (domain names changed for obvious reasons)

Profile Name: StandardLAN

Profile Type: Intel AMT

Network Settings

 

FQDN will be the same as the Primary DNS FQDN

 

IP will be taken from DHCP

Active Directory Integration

 

Active Directory OU:OU=AMT,OU=Others,DC=mydomain,DC=com

 

Access Control List (ACL)

 

User 1: mydomain.com\AMTAdministrators

 

User Type: Active Directory

 

User has both remote and local access to the realms listed below

 

Realms: Redirection, PT Administration, Hardware Asset, Remote Control, Storage, Event Manager, Storage Administration, Agent Presence Local, Agent Presence Remote, Circuit Breaker, Network Time, General Info, Firmware Update, EIT, Local User Notification, Endpoint Access Control, Endpoint Access Control Administrator, Event Log Reader, User Access Control

 

 

Transport Layer Security (TLS)

 

Server authentication used for remote interface

 

Server Authentication Certificate Properties:

 

Certificate Authority: ca-cert-001.mydomain.com\MYDOMAIN-ISSUING-CA-001

 

Certificate Template: AMTWebServerCertificate

 

Common Names (CNs) in certificate: DNS Host Name (FQDN), Host Name, SAM Account Name, User Principal Name, UUID

Network Configuration

 

WiFi

 

Do not enable synchronization of Intel® AMT with host platform WiFi profiles

System Settings

 

Enabled Management Interfaces:

 

Web UI

 

Serial Over LAN

 

IDE Redirection

 

KVM

 

RFB password not defined

Power Management Settings: Always On (S0-S5), Timeout if idle: 3 minutes

 

The Intel® AMT clock will be synchronized with the operating system clock

 

Intel® AMT will not respond to ping requests

 

Fast Call for Help (within the enterprise network) is Enabled