- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Configuration of an uncofigured device works fine. But if I execute the same command to reconfigure the device, the command Fails:
"Exit with code 75. Details: Failed to complete remote configuration of this Intel(R) AMT device. Final status of Intel(R) AMT is unknown because a failure occurred when configuring the system. Intel(R) AMT operation failed. Error while configuring TLS settings. A TCP error occurred. Make sure that the destination settings are correct and that a network connection exists to the target. ".
I used the following command:
ACUConfig.exe /output console ConfigViaRCSonly amt1.example.com DefaultProfile
After the device is set to unconfigured, the configuration (with the above command) works fine again.
ACUConfig.exe /output console unconfigureI added the verbose log of a successfully configuration and a failed reconfiguration as attachment.
Does anybody know why the reconfiguration fails?
Best regards, fabian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to implement a workaround by allow the TCP port 16992 from RCS-Server to Client although TLS is used. I think this is a Bug, because the implementation guide advise, that port 16992 is not used if TLS is enabled ("Starting with Release 6.0, the port is optionally open when TLS is enabled") https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fmanageabilityports.htm
To clarify:
To configure a unconfigured device over RCS the following ports are sufficiently:
RPC (135,49152-65335)
AMT HTTPS (16993)
To reconfigure a already configured device over RCS the following ports are required:
RPC (135,49152-65335)
AMT HTTPS (16993)
AMT HTTP (16992)
Can you confirm the incorrect behavior of Intel RCS v12.1.0 with Intel AMT 11.8.65?
Best regards
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SysArch,
Thank you for joining the community
May I ask if this device you unconfigured and tried to reconfigure was already provisioned and functional before the unconfiguration?
The reason for failure looks like a TLS compatibility and/or configuration issue. Did you enabled TLS on the xml profile for the reconfiguration?
Regards
Jose A.
Intel Customer Support Technician
A Contingent Worker at Intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jose
Yes, the same device was already provisioned with the same Profile on RCS.
What I did exactly:
- Configure Client1 by ACUConfig.exe via RCS-Server Amt1 with DefaultProfile --> Successful
- Configure Client1 by ACUConfig.exe via RCS-Server Amt1 with DefaultProfile --> Failed
- Unconfigure Client1 by ACUConfig.exe --> Successful
- Configure Client1 by ACUConfig.exe via RCS-Server Amt1 with DefaultProfile --> Successful
- Configure Client1 by ACUConfig.exe via RCS-Server Amt1 with DefaultProfile --> Failed
I used the same rcs, client and profile in all steps. From the RCS-Server I can connect the AMT webinterface on Client1 over HTTPS without any certificate warnings.
As additional information I added the RCS Log for a successful configuration and a failed reconfiguration as attachment. Maybe it helps for your troubleshooting.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Was not possible to add two files in the same post, so here is the second one
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to implement a workaround by allow the TCP port 16992 from RCS-Server to Client although TLS is used. I think this is a Bug, because the implementation guide advise, that port 16992 is not used if TLS is enabled ("Starting with Release 6.0, the port is optionally open when TLS is enabled") https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fmanageabilityports.htm
To clarify:
To configure a unconfigured device over RCS the following ports are sufficiently:
RPC (135,49152-65335)
AMT HTTPS (16993)
To reconfigure a already configured device over RCS the following ports are required:
RPC (135,49152-65335)
AMT HTTPS (16993)
AMT HTTP (16992)
Can you confirm the incorrect behavior of Intel RCS v12.1.0 with Intel AMT 11.8.65?
Best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello SysArch,
Its good to hear you figured out this workaround and got it fixed.
It is possible the ports issue might be a bug, but it is known that both ports 16992 and 16993 are used depending a TLS or non TLS connection. What changes between AMT v11 to v12 is the deprecation of TLS 1.0 for security purposes mainly.
Jose A.
Intel Customer Support Technician
A Contingent Worker at Intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"it is known that both ports 16992 and 16993 are used depending a TLS or non TLS"
Right 16992 for non TLS and 16993 for TLS. It is explicit documented (https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fmanageabilityports.htm), that port 16992 is not required if TLS is used. But based on my experience 16992 is also required during reconfiguration although using TLS.
Best regards
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page