Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
公告
FPGA community forums and blogs on community.intel.com are migrating to the new Altera Community and are read-only. For urgent support needs during this transition, please visit the FPGA Design Resources page or contact an Altera Authorized Distributor.
3049 讨论

Error "The SSL handshake failed because the certificate received is signed by an unknown CA" while doing remote configuration of Intel AMT

AGK00
初学者
3,574 次查看

Hi,

 

I am trying to setup Intel AMT in our corporate environment and right now testing. Tried to remotely configure IntelAMT in one of the machine and is getting error "The SSL handshake failed because the certificate received is signed by an unknown CA". The exact error line in RCSLog.log file is;

 

2019-06-05 01:32:52: Thread:4844(ERROR) : ADNIMLT1028, Category: AMT Interface error Source: c:\workst\ef650392dcc46f7c\products\scs\modules\vproconfiguration\vproconfigurationinternal.cpp : vProConfigurationNamespace::vProConfigurationInternal::TestConnection Line: 1266: Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). Intel(R) AMT connection error 0xc0005228: The SSL handshake failed because the certificate received is signed by an unknown CA. : The system cannot find the file specified., error in discover 0xc0005228

 

Here are the brief of setup;

  • Installed RCS in a Win2012R2 server and is running using a domain service account.
  • Using internal Enterprise CA running on Win2012R2. Created 2 certificate templates, one for remote configuration and one for TLS in AMT profiles.
  • Created a profile with everything following as per Intel SCS User Guide. (AD, ACL, TLS, etc. configurations)
  • Intel SCS addon for SCCM is installed. RCS is configured with permission for 'Domain Computers'
  • Addon correctly identified the test PC to require maintenance on AMT and while doing maintenance, above error pops up.
  • There exist no firewall between clients and RCS server

 

Did I miss anything here? I did go through user guide again and again, but not able to see anything specific I missed.

 

For the sake of testing, I ran the command locally with an Admin user account (with all permissions given for the user in RCS server). Below is the command used.

acuconfig /output console /output file "%UserProfile%\Desktop\RemoteConfigure.log" /verbose ConfigViaRCSOnly "AJBWVAP054.example.com" "EX01_IntelAMT_Profile" /RCSBusyRetryCount 3

Attaching the generated RemoveConfigure.log file as well as RCSLog.log file.

 

Thanks.

0 项奖励
1 解答
SergioS_Intel
主持人
3,178 次查看
Hello AGK00, If you need more assistance please contact us back. Best regards, Sergio S. Intel Customer Support Technician Under Contract to Intel Corporation

在原帖中查看解决方案

0 项奖励
4 回复数
SergioS_Intel
主持人
3,178 次查看

Hello AGK00,

 

Can you please let us know where did you purchase the certificate that you are using?

 

Best regards,

Sergio S.

Intel Customer Support Technician

Under Contract to Intel Corporation

0 项奖励
SergioS_Intel
主持人
3,178 次查看

Hello AGK00,

 

I am following your case and would like to know if you need more help.

 

Best regards,

Sergio S.

Intel Customer Support Technician

Under Contract to Intel Corporation

 

0 项奖励
SergioS_Intel
主持人
3,179 次查看
Hello AGK00, If you need more assistance please contact us back. Best regards, Sergio S. Intel Customer Support Technician Under Contract to Intel Corporation
0 项奖励
sumedhabiswas
初学者
1,428 次查看

First, extract the root CA certificate from the server's certificate chain or get it from the CA's website. Then, log into the Intel AMT web interface, navigate to the Security settings, find the trusted certificates section, and import the root CA certificate. Make sure the firmware is updated and the configuration profiles are correct.

For a detailed guide, check out: fix SSL handshake failed error code

 

0 项奖励
回复