Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2920 Discussions

Hello, I try to deploy intel scs to manage arround 300 new computer half fix from dell and other half laptop from hp. I try to install scs on w16 using network service but not working. on w10 ok.

TLege2
Beginner
2,676 Views

When scs is deployed with db on w10, I can deploy successfully setting but with a warning that remote access won't work.

0 Kudos
15 Replies
JoseH_Intel
Moderator
2,472 Views

Hello TLege2 ,

 

Thank you for joining the community

 

Can you tell what software application are you not able to install in Win16? Take into consideration that the Configurator is not supported in Win16 but it is in Win10. On the other side RCS and Console are no supported in Win10 but are supported in Win16. You can check this in the Release Notes following the link

 

Hope if helps

 

Jose A.

0 Kudos
TLege2
Beginner
2,472 Views

Hi Jose, thanks for your answer.

I try to install the SCS with db for mass deployment and centralized management. On w16, when I try to install SCS using network service it's fail when with w10 it's work. So yesterday, I found a way to install with no error the SCS on w16 using a user account having correct permission and to connect to database using sql account not AD in my home lab, but it should be better for securtiy reason to be able to use network service.

So I will try today to install it on my work environment.

Now there is another point where I get stuck. I want to manage for certificate part my CA root server without having to use 1 of the listed certificate provider like go daddy as we already have a wildcard certificate provided by tbs. I have read on different how to that it was possible to use such certificate but it's look like or there is missing part on how to set such certificate or it's not possible.

We choose to change all our PC (Laptop from HP and Fix from Dell) and having VPRO cpu to allow us to be able to take control on all pc same if there is no os boot.

0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2 ,

 

I will wait for your updates from your work environment

 

About using a different CA other than the 5 listed ones it is possible. You could even use your own certificate server. What you will need to do is to generate or gather the certificate hash (signing chain) and then insert it on all the computers MEBx firmware so it will be recognized when requested by the RCS server. For more info go here.

 

Regards

 

Jose A.

0 Kudos
TLege2
Beginner
2,472 Views

Hi Jose,

Thanks for your answer. The part of the certificate to provide in the mex of all computer, did I have to install it in the pki hash or I have to go in the list of all certificate autority provider and add a new ref. If yes for to add a new ref in the list of certificate provider, where can I found the hash as it's look longer than the thumbprint of my certificate?

Second question, is there a way to install it or remotely or via usb key?

Thanks for your time.

0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2 ,

 

The following are the instructions detailed in the Intel SCS user guide

 

Entering a Root Certificate Hash Manually in the Intel AMT

Firmware

 

Normally the certificate hashes are programmed in the Intel AMT system firmware by the manufacturer.

 

Alternatively, there is an option to enter the root certificate’s hash manually via the Intel MEBX. (The names and locations of menu options might vary slightly in different Intel AMT versions.)

 

To enter the certificate hash via the Intel MEBX:

1. Open the Root certificate and tab to Details. Keep the Root certificate thumbprint from the thumbprint field

for use in step 7.

2. Power on the Intel AMT system and press <Ctrl-P> during boot.

3. When the Intel MEBX menu is displayed, do a full unconfiguration (unprovision).

4. From the Intel MEBX menu, select Setup and Configuration > TLS PKI.

5. Select Manage Certificate Hashes.

6. Press <Insert> and enter a name for the hash.

7. Enter the Root certificate thumbprint from step 1.

8. Answer Yes to the question about activating the hash.

9. Exit the Intel MEBX and reboot the Intel AMT system.

 

Hope it helps

 

Jose A.

0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2 ,

 

I am just following up to double check if you found the provided information useful. If you have further questions please don't hesitate to ask. If you consider the issue to be completed please let us know so we can proceed to mark this ticket as resolved. This support interaction will be marked as resolved automatically in the next 72 hours if no activity is received.

 

Regards

 

Jose A.

0 Kudos
TLege2
Beginner
2,472 Views

Hi Jose,

 

Thanks for your feedback on this topic. Sorry if I don't back yet but last week I wasn't able to found bw to have a look. I have to plan time for this this week as we will soon start to prepare our PC for image deployment.

I will keep you updated asap

Kind regards

0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2 ,

 

We will look forward for your updates

 

Jose A.

0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2 ,

 

I am just following up to ask you about the process of image deployment you were planning for this week.

 

I will wait for your updates.

 

Regards

 

Jose A.

0 Kudos
TLege2
Beginner
2,472 Views

Hi Jose,

I have been able to test last friday but with no luck. When I install the certificate on my RCS server using the rcsutil, I got a warning that the certificate is not compatible for remote access. When I deploy the profil setting on a pc, I got a succes installation with a warning saying that my certificate is not compatible for remote access.

Kind Regards

0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2 ,

 

Thanks for the updates. Looks like your current certificate is not compatible with AMT. Could you please attach the RCS.log so we can check for these errors? Also please run and attach the system discovery tool included in the SCS software package. We would like to take a look at both logs.

 

Will look forward for your updates.

 

Jose A.

0 Kudos
TLege2
Beginner
2,472 Views
Hi Jose, Found in attach log from the server and scsdiscovery. I think also it's certificate issue. Thanks for the support. Kind Regards Thibaut
0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2,

 

I was not able to find any of the attached files on the thread. I think there is a way to send me a private/direct message. You can try that way. Or you can upload it to any cloud service send me the download link.

 

I will look forward for your updates

 

Jose A.

0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2,

 

I am still missing the requested logs. For some reason those did not attach to the thread. Please let know when you reattach them or if you need more time.

 

Regards

 

Jose A.

0 Kudos
JoseH_Intel
Moderator
2,472 Views

Hello TLege2,

 

We will proceed to mark this thread as closed. If you have further issues or questions just go ahead and create a new topic.

 

Regards

 

Jose A.

0 Kudos
Reply