- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can't find any information how to intiate a powershell wsman connection for mutual tls. I configured both system with certificates and setup remote mutual tls connection in the amt device. Its possible to connect via meshcommander, but I can't find the configuration process to connect via powershell.
Help is appreciated!
$wsmanConnectionObject = new-object 'Intel.Management.Wsman.WsmanConnection'
$wsmanConnectionObject.Username = $user
$wsmanConnectionObject.Password = $password
$wsmanConnectionObject.AuthenticationScheme = "???????”;
$wsmanConnectionObject.Address = "https://" + $FQDNhostname + ":16993/wsman"
?????????
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello GMaie4,
Thank you for joining the Intel community
I am not totally sure if this PowerShell connection method you are trying is supported by AMT or not. I am trying to look information related but cannot find any. Usually the remote connection software supported are Intel Manageability Commander, MeshCommander (open source), Microsoft SCCM, VNC+, Symantec Altiris and any other Frame Buffer protocol compatible software
I found this on the Intel SCS user guide but I am pretty sure it is not what you are talking about
Regards
Jose A.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello GMaie4,
Do you have any further details, updates, questions or comments in regards to this issue?
Please do not hesitate to contact us back.
If you consider the issue to be completed please let us know so we can proceed to mark this thread as closed.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jose
There is no information that intel Vpro powershell scripts support mutual authentication.
If I check the doku for the scripting libary I found a hint that it should be possible using the com object itself.
* * * * * * * * * * * * * * * * * * * * *
"Before WS-Management operations can be performed, a connection to a WS-Management endpoint must be established. Connections can be relatively simple requiring only a user name, password and address. However, depending on the state or configuration of the endpoint, connections may require more information such as digital certificates and proxy information.
using Intel.Management.Wsman;
// create a connection object
IWsmanConnection conn = newWsmanConnection();
// read the connection values from the project settings
conn.Username = "admin";
conn.Password = "P@ssw0rd";
conn.Address = "http://myAmtBox:16992/wsman";
conn.AuthenticationScheme = "Digest”; "
* * * * * * * * * * * * * * * * * * * * *
I can't find the dokumentation what parameters to use! Can you check your internal documentation please!
Regards from germany
Günter Maier
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello GMaie4,
I will search for this info in our documentation. In the meantime you can check (if not done yet) in this URL. You can do a search using the search tab.
I will let you know as soon as I have updates.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello GMaie4,
I got the following from engineering:
"Yes, it’s possible to connect to AMT with the PowerShell module using mutual authentication. If you are already able to connect with MC, then you should be more than halfway there (you have created and issued the mutual auth cert).
The basic requirements for this to work are
• AMT configured with the domain root certificate (Mutual TLS)
• Management computer (PowerShell computer) issued mutual authentication certificate containing the remote mutual authentication OID: 2.16.840.1.113741.1.2.1
• Use the -TLS and -CertificateName switches when calling the PowerShell script
o PowerShell searches the computer store for a certificate matching the Subject Name field
Here’s an example
• Issued a certificate to the local computer
• Get-AMTPowerState -ComputerName <FQDN> -Username admin -Password <computer password> -TLS -CertificateName amt.vprodemo.com"
Let me know if this works for you
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello GMaie4,
We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and create a new topic.
Jose A.
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page