Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
Announcements
The Intel sign-in experience has changed to support enhanced security controls. If you sign in, click here for more information.
2706 Discussions

Event viewer error with RCS remote configuration

ZShav
Beginner
1,250 Views

So I've made an RCS/SCS server, set up the database and CA, set up the DNS, etc but still running into issues when the server-script .bat/.vbs script is called by the scs software.

WMI works to the remote system, I can query for domain name and see the results in the log file.

it's the part of the script which calls ConfigAMT which fails.

retVal = objWMIService.ConfigAMT(uuid, fqdn, ConfMethod, profileName, pid, "", "", "", "", strComputer, "", "", "", "", "", "", "", errorStr)

fqdn, uuid, strComputer, all reflect the test PC's fqdn, uuid, and IP address respectively. That was obviously the intent of the sample scripts. ConfMethod is 2 (PKI), profile name is "CSIT_Managed" which matches a profile I defined in scs. errorStr is always returned empty.

All the variables and their values appear to be correct, but I get an erroneous return value of -1073741718 and in the windows event viewer I see this message:

The following information was included with the event:

Method call ConfigAMT is denied because computer SERVERNAME$ made the call for PCNAME.DOMAIN.CA instead of for itself.

I do not understand where the error is coming from, the error makes no sense.... isn't the whole point for RCS is that the SERVERNAME$ can make a call to provision PCNAME.DOMAIN.CA?

0 Kudos
1 Reply
idata
Employee
283 Views

Hello,

 

 

RCS has a relatively new code that locks configurations by default from a computer account from a different computer. In this case you'd only be able to configure your computer. If on Computer 1, then computer 1 can configure but Computer 2 cannot. There is an option to change this behavior. ConfigAMT is

 

 

 

HKLM/Software/WOW64(32)node/Intel/Intel Setup and Configuration Software/11.2/RCS/General Settings

 

 

Key: EnhancedSecurityEnabled

 

 

Value: 01 (default) so, change to 00.

 

 

The other workaround (assuming you are using an account that is a local account) to use an account that has local admin rights to the AMT computer and appropriate rights to Intel_RCS NameSpace.

 

 

Regards,

 

Michael
Reply