Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2949 Discussions

How to connect to Intel AMT via powershell https and mutual authentication.

GMaie4
Beginner
4,214 Views

I can't find any information how to intiate a powershell wsman connection for mutual tls. I configured both system with certificates and setup remote mutual tls connection in the amt device. Its possible to connect via meshcommander, but I can't find the configuration process to connect via powershell.

 

Help is appreciated!

 

 

$wsmanConnectionObject = new-object 'Intel.Management.Wsman.WsmanConnection'

$wsmanConnectionObject.Username = $user

$wsmanConnectionObject.Password = $password

$wsmanConnectionObject.AuthenticationScheme = "???????”;

$wsmanConnectionObject.Address = "https://" + $FQDNhostname + ":16993/wsman"

?????????

0 Kudos
6 Replies
JoseH_Intel
Moderator
4,157 Views

Hello GMaie4,

 

Thank you for joining the Intel community

 

I am not totally sure if this PowerShell connection method you are trying is supported by AMT or not. I am trying to look information related but cannot find any. Usually the remote connection software supported are Intel Manageability Commander, MeshCommander (open source), Microsoft SCCM, VNC+, Symantec Altiris and any other Frame Buffer protocol compatible software

 

I found this on the Intel SCS user guide but I am pretty sure it is not what you are talking about

 

Regards

 

Jose A.

Intel Customer Support

0 Kudos
JoseH_Intel
Moderator
4,157 Views

Hello GMaie4,

 

Do you have any further details, updates, questions or comments in regards to this issue?

 

Please do not hesitate to contact us back.

 

If you consider the issue to be completed please let us know so we can proceed to mark this thread as closed.

 

Regards

 

Jose A.

Intel Customer Support Technician

0 Kudos
GMaie4
Beginner
4,157 Views

Hello Jose

 

There is no information that intel Vpro powershell scripts support mutual authentication.

If I check the doku for the scripting libary I found a hint that it should be possible using the com object itself.

 

* * * * * * * * * * * * * * * * * * * * *

"Before WS-Management operations can be performed, a connection to a WS-Management endpoint must be established. Connections can be relatively simple requiring only a user name, password and address. However, depending on the state or configuration of the endpoint, connections may require more information such as digital certificates and proxy information.

 

using Intel.Management.Wsman;

// create a connection object

IWsmanConnection conn = newWsmanConnection();

// read the connection values from the project settings

conn.Username = "admin";

conn.Password = "P@ssw0rd";

conn.Address = "http://myAmtBox:16992/wsman";

conn.AuthenticationScheme = "Digest”; "

* * * * * * * * * * * * * * * * * * * * *

 

I can't find the dokumentation what parameters to use! Can you check your internal documentation please!

 

Regards from germany

 

Günter Maier

 

 

0 Kudos
JoseH_Intel
Moderator
4,157 Views

Hello GMaie4,

 

I will search for this info in our documentation. In the meantime you can check (if not done yet) in this URL. You can do a search using the search tab.

 

I will let you know as soon as I have updates.

 

Regards

 

Jose A.

Intel Customer Support Technician

0 Kudos
JoseH_Intel
Moderator
4,157 Views

Hello GMaie4,

 

I got the following from engineering:

 

"Yes, it’s possible to connect to AMT with the PowerShell module using mutual authentication. If you are already able to connect with MC, then you should be more than halfway there (you have created and issued the mutual auth cert).

 

The basic requirements for this to work are

• AMT configured with the domain root certificate (Mutual TLS)

• Management computer (PowerShell computer) issued mutual authentication certificate containing the remote mutual authentication OID: 2.16.840.1.113741.1.2.1

• Use the -TLS and -CertificateName switches when calling the PowerShell script

o PowerShell searches the computer store for a certificate matching the Subject Name field

 

Here’s an example

• Issued a certificate to the local computer

• Get-AMTPowerState -ComputerName <FQDN> -Username admin -Password <computer password> -TLS -CertificateName amt.vprodemo.com"

 

Let me know if this works for you

 

Regards

 

Jose A.

Intel Customer Support Technician

 

 

0 Kudos
JoseH_Intel
Moderator
4,149 Views

Hello GMaie4,


We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and create a new topic.


Jose A.

Intel Customer Support Technician


0 Kudos
Reply