Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2858 Discussions

HP CAE and v-pro, using PKI mode


I have a question regarding HPCAE OOBM and v-pro devices implementation with TLS-PKI mode.

what we have tested:

  1. Server side: hp dc7800 mini tower workstation, Windows 2003 R2 32bit , HPCAE 7.9, SQL 2005, MS Certificate Services Enterprise CA, SCS 5.3 (within HPCAE 7.9 image), domain Controller, DNS, DHCP server, IIS 6


  2. Client: hp dc7800 mini tower workstation, Windows 7, OOBM agent, AMT ME 3.2.20 (upgrade from 3.0/1?), HPCAE agent,


  3. security settings:


  • secured Connection to IIS Using SSL for SCS server (Install a Certificate on IIS)


  • Secure Access between OOBM and SCS, (root certificate to Java key store)


  • on client ME: enterprise RootCA , TLS-PKI mode


what we reached:

  1. v-pro device provisioned in SCS (please view picture 001.jpg)


  2. v-pro device detected in HPCAE oobm (see 002.jpg)


  3. HPCAE OOBM remote power on/off remote v-pro devices with non-TLS mode (or saying TLS-PSK mode)


the problem we are facing:

I. HPCAE OOBM failed to connect to remote device with TLS-PKI mode and secured OOBM settings.

II. error see picture err01-2.jpg

III. in log file: something like this, which prevent us moving further.

Caused by: Connection reset

at Source)

at Source)

at Source)


  1. did anybody has idea on this problem?


0 Kudos
2 Replies

Hi Edward,

Thank you for your post. We are currently experiencing a similar issue with HPCA and are working with HP to resolve the issue.

Just to confirm, all servers are Windows 2003 R2 version, correct?

Thank you,


0 Kudos




first of all, yes, Windows 2003 R2 is our server platform. (we certainly hope we are using win2008 and we did while similar problem, since the intel/hp manual mentioned to use win2003R2, then we use it. meanwhile, SQL2008 failed to work - stop at the scs installation phase then we use sql 2005)



meanwhile, upon my previous post, we enabled mutual authentication and the latest error is when we click the device in hpcae OOBM, we encounter error


" Received fatal alert: unknown_ca"



so we are looking at the certificate Authority documents... vpro device -> scs -> hpcae server -> console.



if someone has good knowledge/document/idea to share in the certificate Authority fields, we do appreciate it saying, in an Enterprise CA environment,



1. in vpro- firmware, except root CA need to pre-input any other cerificate needed?


2. in vpro devices client OS like Windows 7, if the certificate needed?


3. SCS IIS server, server certificate?


4. HPCAE Tomcat server, root ca, and client ca?


5. HPCAE need to enable SSL in the configuration interface?


6. HPCAE console?




what if we only use one sever to play the role SCS/hpcae/console...
0 Kudos