Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2920 Discussions

Intel AMT How to Enable VNC KVM on Port 5900 in latest Intel AMT Versions

Megaman
Beginner
‎04-22-2024 10:03 AM
2,072 Views

Hi,

i recently updated to Intel 14th Gen System and upon setting up Intel AMT, I stumbled upon the fact that in the latest versions of Intel AMT Firmware, intel has finally disabled VNC KVM at port 5900, while in older versions KVM VNC on that port could be easily enabled via the Intel AMT WebUI with just a simple mouse click, now Intel in his documentation requires it to be enabled through Powershell according to this documentation:

Background of the Problem:

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fworkingwithport5900.htm

 

Intels Solution:

 

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=HTMLDocuments%2Fpowershelltemplate.htm

 

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fsdkinstallationlayout.htm

 

 

The following code needs to be executed:

$kvmRedirectionSettingDataRef =$wsmanConnectionObject.NewReference("SELECT * FROM IPS_KVMRedirectionSettingData WHERE InstanceID='Intel(r) KVM Redirection Settings'")
$kvmRedirectionSettingDataInstance =$kvmRedirectionSettingDataRef.Get()
$kvmRedirectionSettingDataInstance.SetProperty("Is5900PortEnabled","true")
$kvmRedirectionSettingDataInstance.SetProperty("RFBPassword","P@ssw0rd")
$kvmRedirectionSettingDataRef.Put($kvmRedirectionSettingDataInstance)

via the following powershell snippet:

Begin flow template
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true, position = 0,HelpMessage = "Hostname, FQDN, or IP Address")] [String] $hostname,
[Parameter(Mandatory = $true, position = 1,HelpMessage = "Digest User")] [string] $user,
[Parameter(Mandatory = $true, position = 2,HelpMessage = "Digest Password")] [string] $password)
 
Import-Module 'IntelvPro'
 

   Create a Wsman Connection Object  

$wsmanConnectionObject = new-object 'Intel.Management.Wsman.WsmanConnection'
$wsmanConnectionObject.Username = $user
$wsmanConnectionObject.Password = $password
$wsmanConnectionObject.Address = "http://" + $hostname + ":16992/wsman"
 

  >>> Insert your code snippet here  

 
Remove-Module 'IntelvPro'
End flow template
 

 

My problem is that I don't have the whole picture, as Intel in their documentation only provide bits and snippets of information and refer to several other sources and requires a relatively high degree of experience with powershell, at which point I loose track.

Following the "Intel vPro Technology Module for Microsoft Windows PowerShell Installation and User Guide" that comes with the Inteal AMT SDK, I'm able to run powershell scripts and for example run the Invoke-amtgui script etc. which works.

But when running the script to enable VNC KVM on Port 5900, I get "WsmanUnauthorizedException". Apparently because I don't know and the documentation does not tell me how to properly pass through my credentials for that script to work.

So I failed so far to google that information.

Anyone please can help me enabling KVM VNC on Port 5900 as simple as possible.

Thanks!

0 Kudos

Link Copied

3 Replies
MIGUEL_C_Intel
Moderator
‎04-22-2024 12:21 PM
2,033 Views

Hello, Megaman,


VNC KVM applications have stopped supporting endpoints running Intel® AMT versions 12 and higher. The port 5900 is no longer supported. VNC supported AMT versions 6 through 11.  


Remote connections to Intel® AMT unsecure TCP/IP ports 16992, 16994 and 623 are no longer supported.


For reference

Intel AMT and Security Considerations

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/intelamtandsecurityconsiderations1.htm


Non-TLS Port Deprecation in Alder Lake Generation (12th Gen Core processors)

https://www.intel.com/content/dam/support/us/en/documents/technologies/adl-non-tls-update-support-guidance.pdf


VNC Viewer Plus - Supported Intel Core vPro computers

https://help.realvnc.com/hc/en-us/articles/360002311997-VNC-Viewer-Plus-Supported-Intel-Core-vPro-computers


Regards,

Miguel C.

Intel Customer Support Technician



0 Kudos
Copy link
Megaman
Beginner
‎04-22-2024 12:39 PM
2,026 Views

Yes I understand that the port 5900 has been closed deliberately.

 

But I want to open it again. Please provide a way to enable port 5900 again or a solution to connect to VNC without TLS, just simple password login like it was possible until now. I do not need security but ease of use to be able to remote control with any VNC client.

0 Kudos
Copy link
MIGUEL_C_Intel
Moderator
‎04-22-2024 03:56 PM
2,008 Views

Hello, Megaman,

I understand your frustration.  Intel has increased the hardware and software security requirements in relation to AMT responding on port 5900.  It is also important to note we no longer support any SW that connects to AMT using 5900.  RealVNC Viewer Plus has also quit supporting connecting to AMT using 5900 per their product announcement at
https://help.realvnc.com/hc/en-us/articles/360002311997-VNC-Viewer-Plus-Supported-Intel-Core-vPro-computers

Regards,
Miguel C.
Intel Customer Support Technician

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.