Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

Issue with Intel AMT Design

idata
Employee
‎02-12-2013 11:17 AM
1,188 Views

Following the AMT setup guide, on the "ConfigMgr AMT Web Server Certificate" certificate template, we should be enabling "Publish certificate in Active Directory."

By selecting this, it causes the certificate to be stored in the Active Directory object's userCertificate multi-value attribute.

As the SMS site server requests all certificates on behalf of all AMT devices, all of the certificates are stored in the userCertificate attribute of our SMS site server's AD computer object.

In Active Directory, any multi-value object has a size limit of 1300 rows/values. This means, that once we exceed 1300 AMT clients (which we have) we start running into problems. Currently, our SMS site server's computer object is no longer replicating the userCertificate attribute as it's exceeded the maximum size. I also suspect that new certificates are not properly being added when requested.

Does this mean that the Intel AMT, by its design, has a 1300 client limit per SMS site? Or is there a way around this?

thanks

Stéphane

0 Kudos

Link Copied

1 Reply
Joseph_O_Intel
Employee
‎02-20-2013 01:39 PM
310 Views

Hey Stephane,

In cases such as yours, you can easily disregard the action of enabling "Publish certificate in Active Directory."

Just make sure that you select "Supply in Request" within the Subject Name tab. If you are using SCCM 2012, it will be a little different.

Let me know if I can help you further.

Joe

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.