Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2835 Discussions

How to connect to Intel AMT via powershell https and mutual authentication.

GMaie4
Beginner
‎06-08-2020 09:10 PM
2,798 Views

I can't find any information how to intiate a powershell wsman connection for mutual tls. I configured both system with certificates and setup remote mutual tls connection in the amt device. Its possible to connect via meshcommander, but I can't find the configuration process to connect via powershell.

 

Help is appreciated!

 

 

$wsmanConnectionObject = new-object 'Intel.Management.Wsman.WsmanConnection'

$wsmanConnectionObject.Username = $user

$wsmanConnectionObject.Password = $password

$wsmanConnectionObject.AuthenticationScheme = "???????”;

$wsmanConnectionObject.Address = "https://" + $FQDNhostname + ":16993/wsman"

?????????

0 Kudos

Link Copied

6 Replies
JoseH_Intel
Moderator
‎06-09-2020 12:51 AM
2,741 Views

Hello GMaie4,

 

Thank you for joining the Intel community

 

I am not totally sure if this PowerShell connection method you are trying is supported by AMT or not. I am trying to look information related but cannot find any. Usually the remote connection software supported are Intel Manageability Commander, MeshCommander (open source), Microsoft SCCM, VNC+, Symantec Altiris and any other Frame Buffer protocol compatible software

 

I found this on the Intel SCS user guide but I am pretty sure it is not what you are talking about

 

Regards

 

Jose A.

Intel Customer Support

0 Kudos
Copy link
JoseH_Intel
Moderator
‎06-12-2020 12:58 AM
2,741 Views

Hello GMaie4,

 

Do you have any further details, updates, questions or comments in regards to this issue?

 

Please do not hesitate to contact us back.

 

If you consider the issue to be completed please let us know so we can proceed to mark this thread as closed.

 

Regards

 

Jose A.

Intel Customer Support Technician

0 Kudos
Copy link
GMaie4
Beginner
‎06-12-2020 08:04 AM
2,741 Views

Hello Jose

 

There is no information that intel Vpro powershell scripts support mutual authentication.

If I check the doku for the scripting libary I found a hint that it should be possible using the com object itself.

 

* * * * * * * * * * * * * * * * * * * * *

"Before WS-Management operations can be performed, a connection to a WS-Management endpoint must be established. Connections can be relatively simple requiring only a user name, password and address. However, depending on the state or configuration of the endpoint, connections may require more information such as digital certificates and proxy information.

 

using Intel.Management.Wsman;

// create a connection object

IWsmanConnection conn = newWsmanConnection();

// read the connection values from the project settings

conn.Username = "admin";

conn.Password = "P@ssw0rd";

conn.Address = "http://myAmtBox:16992/wsman";

conn.AuthenticationScheme = "Digest”; "

* * * * * * * * * * * * * * * * * * * * *

 

I can't find the dokumentation what parameters to use! Can you check your internal documentation please!

 

Regards from germany

 

Günter Maier

 

 

0 Kudos
Copy link
JoseH_Intel
Moderator
‎06-15-2020 05:36 AM
2,741 Views

Hello GMaie4,

 

I will search for this info in our documentation. In the meantime you can check (if not done yet) in this URL. You can do a search using the search tab.

 

I will let you know as soon as I have updates.

 

Regards

 

Jose A.

Intel Customer Support Technician

0 Kudos
Copy link
JoseH_Intel
Moderator
‎06-18-2020 03:13 AM
2,741 Views

Hello GMaie4,

 

I got the following from engineering:

 

"Yes, it’s possible to connect to AMT with the PowerShell module using mutual authentication. If you are already able to connect with MC, then you should be more than halfway there (you have created and issued the mutual auth cert).

 

The basic requirements for this to work are

• AMT configured with the domain root certificate (Mutual TLS)

• Management computer (PowerShell computer) issued mutual authentication certificate containing the remote mutual authentication OID: 2.16.840.1.113741.1.2.1

• Use the -TLS and -CertificateName switches when calling the PowerShell script

o PowerShell searches the computer store for a certificate matching the Subject Name field

 

Here’s an example

• Issued a certificate to the local computer

• Get-AMTPowerState -ComputerName <FQDN> -Username admin -Password <computer password> -TLS -CertificateName amt.vprodemo.com"

 

Let me know if this works for you

 

Regards

 

Jose A.

Intel Customer Support Technician

 

 

0 Kudos
Copy link
JoseH_Intel
Moderator
‎06-25-2020 05:30 PM
2,733 Views

Hello GMaie4,


We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and create a new topic.


Jose A.

Intel Customer Support Technician


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.