Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
99 Views

Help configuring ACM with own Certificate

Hi, 

I hope you guys can help me, I'm trying to configure my lab to test all the ATM technology and I;m having the following issue. 

So far I have been able to configure the CCM in the right way and have been able to access the machines and so far so good. 

now I have try to configure the ACM with my own certificate but I have not been able to do it. I created the certificate as explainend in the manual.  I have add my own certificate security thumbprint to the amt but when I try to change from CMM to ACM I get this error. 

 

RCSaddress=RCM.corp.contoso.com, RCSWMIUser=, UUID=3F759CFF-15F9-11E4-97E6-90D5B20AF0FF, FQDN=Host Name- LPNetser Domain Name- corp.contoso.com , ConfigMode=2, PID=, RCSProfileName=PRofile de prueba, AMTVersion=10.0.60.3000, IP=IPv4 Address- 10.189.159.118
Success.
(0) (retry set to = 0)
Success.
(0) (RCS not busy.)
Success.
(0) (RCS is currently handling = 0 threads)
A call to this function has failed -
(0xc000278b) (Failed while calling
WS-Management call
GetAmtVersion (CIM_SoftwareIdentity.Get). Intel(R) AMT connection error
0xc000521f: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable.
(0xc000521f). )
***** END ClientControlConfiguration ******

***** END ClientControlConfiguration ******


***********

Exit with code 74.
Details: Failed to complete the Setup operation on this Intel(R) AMT device.
The status of Intel(R) AMT on the system might have changed. Use the "Status" command to see the current system configuration.
Failed while calling
WS-Management call
GetAmtVersion (CIM_SoftwareIdentity.Get). Intel(R) AMT connection error
0xc000521f: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable.
Valid certificate for PKI configuration not found.


PS C:\temp>

 

then I try to run the following commands on the RCS server : 

RCSUtils.exe /Certificate Add C:\Users\amtconfig\Documents\certnet.pfx 1234 /RCSUser NetworkService /Log File AddCert.log

And the logs read succed  so i'm like  ok  lets test how this works so I ran the following command 

>RCSUtils.exe /Certificate View /RCSUser NetworkService /Log File ViewCert.log

and in the logs i'm able to see this error. 

6/25/2020 8:11:06 AM: Intel(R) SCS Utils log, running user: CORP\amtconfig
6/25/2020 8:11:06 AM: -------------------------------------------------------------------------------
6/25/2020 8:11:08 AM: Waiting for the task scheduler to run the requested task using the Network Service account (can take up to 60 seconds).
6/25/2020 8:11:10 AM: Waiting for the task scheduler to run the requested task using the Network Service account (can take up to 60 seconds).
6/25/2020 8:11:10 AM: -------------------------------------------------------------------------------
6/25/2020 8:11:10 AM: Exit status for the running user CORP\amtconfig:
6/25/2020 8:11:10 AM: Failed to impersonate to the user - Element not found. (Exception from HRESULT: 0x80070490).

when i look for info on this error  I found out that the user running the rcsservice on the server should be the same as the one running the command and it is the same.... 

any idea how to fix any of the 2 errors that I get... 

Waiting for your kindly replay. 

luis 

0 Kudos
4 Replies
Highlighted
Moderator
89 Views

Re:Help configuring ACM with own Certificate

Hello lalford,


Thank you for joining the Intel community


As you correctly state the certificate should be stored in the same account where the RCSserver service is running. Could you please attach the RCS log and the SystemDiscovery log. 


Will look forward to your updates.


Regards


Jose A.

Intel Customer Support


0 Kudos
Highlighted
Beginner
84 Views

Re: Re:Help configuring ACM with own Certificate

Hi, 

 

thanks for your replay I think I know what I was doing wrong.  I fix the command and now I get this error. 

.\ACUConfig.exe /output console /verbose configviarcsonly 10.189.159.121 testACM7 /adminpassword Admin.2020

now when I run this command I get the following error: 


Exit with code 75.
Details: Failed to complete remote configuration of this Intel(R) AMT device.
Failed to load data from data storage.

Any idea what seems to be the problem ??? 

 

Tags (1)
0 Kudos
Highlighted
Moderator
68 Views

Re:Help configuring ACM with own Certificate

Hello lalford,


Error 75 is related to certificate error. Looks like it cannot find your custom certificate thumbprint from the MEBx firmware. Do you think it could be possible it was not loaded correctly when you injected it?


Regards


Jose A.

Intel Customer Support


0 Kudos
Highlighted
Beginner
32 Views

Re: Re:Help configuring ACM with own Certificate

I will verify and let you know... thanks. 

Tags (1)
0 Kudos