Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Novice
497 Views

Help configuring ACM with own Certificate

Hi, 

I hope you guys can help me, I'm trying to configure my lab to test all the ATM technology and I;m having the following issue. 

So far I have been able to configure the CCM in the right way and have been able to access the machines and so far so good. 

now I have try to configure the ACM with my own certificate but I have not been able to do it. I created the certificate as explainend in the manual.  I have add my own certificate security thumbprint to the amt but when I try to change from CMM to ACM I get this error. 

 

RCSaddress=RCM.corp.contoso.com, RCSWMIUser=, UUID=3F759CFF-15F9-11E4-97E6-90D5B20AF0FF, FQDN=Host Name- LPNetser Domain Name- corp.contoso.com , ConfigMode=2, PID=, RCSProfileName=PRofile de prueba, AMTVersion=10.0.60.3000, IP=IPv4 Address- 10.189.159.118
Success.
(0) (retry set to = 0)
Success.
(0) (RCS not busy.)
Success.
(0) (RCS is currently handling = 0 threads)
A call to this function has failed -
(0xc000278b) (Failed while calling
WS-Management call
GetAmtVersion (CIM_SoftwareIdentity.Get). Intel(R) AMT connection error
0xc000521f: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable.
(0xc000521f). )
***** END ClientControlConfiguration ******

***** END ClientControlConfiguration ******


***********

Exit with code 74.
Details: Failed to complete the Setup operation on this Intel(R) AMT device.
The status of Intel(R) AMT on the system might have changed. Use the "Status" command to see the current system configuration.
Failed while calling
WS-Management call
GetAmtVersion (CIM_SoftwareIdentity.Get). Intel(R) AMT connection error
0xc000521f: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable.
Valid certificate for PKI configuration not found.


PS C:\temp>

 

then I try to run the following commands on the RCS server : 

RCSUtils.exe /Certificate Add C:\Users\amtconfig\Documents\certnet.pfx 1234 /RCSUser NetworkService /Log File AddCert.log

And the logs read succed  so i'm like  ok  lets test how this works so I ran the following command 

>RCSUtils.exe /Certificate View /RCSUser NetworkService /Log File ViewCert.log

and in the logs i'm able to see this error. 

6/25/2020 8:11:06 AM: Intel(R) SCS Utils log, running user: CORP\amtconfig
6/25/2020 8:11:06 AM: -------------------------------------------------------------------------------
6/25/2020 8:11:08 AM: Waiting for the task scheduler to run the requested task using the Network Service account (can take up to 60 seconds).
6/25/2020 8:11:10 AM: Waiting for the task scheduler to run the requested task using the Network Service account (can take up to 60 seconds).
6/25/2020 8:11:10 AM: -------------------------------------------------------------------------------
6/25/2020 8:11:10 AM: Exit status for the running user CORP\amtconfig:
6/25/2020 8:11:10 AM: Failed to impersonate to the user - Element not found. (Exception from HRESULT: 0x80070490).

when i look for info on this error  I found out that the user running the rcsservice on the server should be the same as the one running the command and it is the same.... 

any idea how to fix any of the 2 errors that I get... 

Waiting for your kindly replay. 

luis 

0 Kudos
9 Replies
Highlighted
Moderator
487 Views

Hello lalford,


Thank you for joining the Intel community


As you correctly state the certificate should be stored in the same account where the RCSserver service is running. Could you please attach the RCS log and the SystemDiscovery log. 


Will look forward to your updates.


Regards


Jose A.

Intel Customer Support


0 Kudos
Highlighted
Novice
482 Views

Hi, 

 

thanks for your replay I think I know what I was doing wrong.  I fix the command and now I get this error. 

.\ACUConfig.exe /output console /verbose configviarcsonly 10.189.159.121 testACM7 /adminpassword Admin.2020

now when I run this command I get the following error: 


Exit with code 75.
Details: Failed to complete remote configuration of this Intel(R) AMT device.
Failed to load data from data storage.

Any idea what seems to be the problem ??? 

 

Tags (1)
0 Kudos
Highlighted
Moderator
466 Views

Hello lalford,


Error 75 is related to certificate error. Looks like it cannot find your custom certificate thumbprint from the MEBx firmware. Do you think it could be possible it was not loaded correctly when you injected it?


Regards


Jose A.

Intel Customer Support


0 Kudos
Highlighted
Novice
430 Views

I will verify and let you know... thanks. 

Tags (1)
0 Kudos
Highlighted
Moderator
309 Views

Hello lalford,


I am just following up to double-check if you were able to gather the requested information. Otherwise let us know if you require more time to accomplish this. I will follow up with you again this coming up Thursday July 9th.


Regards


Jose A.

Intel Customer Support Technician




0 Kudos
Highlighted
Novice
276 Views

I had to rebuild my whole lab enviroment. lucky today I will be able to do this. 

0 Kudos
Highlighted
Moderator
263 Views

Hello lalford,


After reviewing your case with our senior techs, they suggested your issue might get resolved by unprovisioning and reprovisioning your system back again. If you are still working on your test environment you could try this.


Will look forward for your updates.

I will follow up with you next Monday 13th in case of not hearing back from you.


Jose A.

Intel Customer Support


0 Kudos
Highlighted
Community Manager
227 Views

Hello lalford,


I am just following up to double-check if you found the provided information useful. If you have further questions please don't hesitate to ask. If you consider the issue to be completed please let us know so we can proceed to mark this thread as resolved. This support interaction will be marked as closed automatically in the next 3 business days if no activity is received.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
Highlighted
Moderator
206 Views

Hello lalford,


We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and submit a new topic.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos