We have a number of systems out in the field, many of which utilize AMT. We give users a button to locally configure/unconfigure these in Client Control Mode.
Somehow we are running into a reoccurring issue where these systems are ending up in Admin Control Mode despite none of our internal systems setup to configure it that way. This has been seen on a couple various motherboards (various manufacturers) so I suspect it has something to do with how we are configuring/unconfiguring them, but I am unable to identify what. Overall it works as intended 90% of the time, but something seems to be triggering this change over.
Is the Control Mode "randomly" changing a known issue or are we doing something wrong? I can provide more details as needed.
In addition to this. Short of entering the ME BIOS and doing a full unprovision, is there a way to locally unconfigure an Admin Control Mode system where we aren't certain how it was configured?
Thank you for joining the Intel community
You say you have provided your end users with a "button". Is this "button" any kind of batch file or scrip that provision or unprovision their systems in a automatic way? If yes is this scrip based on the ACUWizard software provided by Intel SCS?
If you provision the system using the USB method or by accessing the MEBx they will automatically be provisioned in admin control mode. If you use the ACUwizard then they are supposed to be provisioned in Client Control Mode and there is no way to be in ACM from this method.
If you use the ACUwizard it will allow you to unconfigure the system if it is already provisioned.
The ACUWizard tool is part of the SCS package and can be downloaded from here: https://downloadcenter.intel.com/download/26505/Intel-Setup-and-Configuration-Software-Intel-SCS-?wa...
Intel Customer Support
It sounds like you may have Embedded Host Based Configuration (EHBC) enabled in those systems going directly to ACM mode. EHBC is enabled only by system manufacturer during the manufacturing process on request by customer.
You can find out if EHBC is enabled on those systems by running 'ACUConfig.exe SystemDiscovery' and look for the <EmbeddedHBCEnabled></EmbeddedHBCEnabled> tags in the XML file generated for its status.
EHBC can be disabled using ACUConfig.exe with the parameter DisableEmbeddedHBC. However, this is a irreversible permanent change. Please be certain that it is what you want to do before executing the command.
Thanks for the assistance. Unfortunately I am not seeing that as one of the XML tags. I do see "IsHBPSupported" which is True. I'm struggling to find documentation on the purpose of that however.
For some additional context we do have a script built into our software that does utilize the ACUConfig tool to configure the machine in Client Control Mode. It seems to work fine most of the time, we mostly don't understand why it seems to randomly swap over. It seems to happen to about every 5-10 out of 100 of our systems given enough time.
I'm sure something is triggering it, but if there was a way to forcibly unconfigure that would at least get us by. Using Ctrl + P and unprovisioning via the ME Bios does correct the issue, but seems requires a BIOS reset on one of the boards which isn't ideal.
Quick Edit, I found the documentation for the XML tags. Doesn't look like HBP is exactly what I'm looking for.
Could you share the XML file of a system you are having issues with, and also the AMT activation scrip/command you run behind the button your users click?
To configure AMT we are running:
ACUConfig.exe /verbose configAMT config.xml
Config.xml being an automatically generated file for which I generated an example. Additionally the attached SystemDiscovery file is from a Client Control Mode configured system, that was previously 'stuck' in Admin Control Mode.
Unfortunately I cannot reliably reproduce that transition from CCM to ACM, but I can reach out to one of our customers with an affected system to get an ACM SystemDiscovery xml.
AMT Capabilities file from one of our customers. This one is maybe a bit more strange. It doesn't appear to be configured, however it is in a state where our AMTConfigure script is not working.