Intel® vPro™ Platform
Intel Manageability Forum (Intel® EMA, AMT, SCS & Manageability Commander)
Announcements
Intel® Endpoint Management Assistant (Intel® EMA) Cloud Start Tool for Azure* 2.0 is now available for download here.

The Intel® Manageability Commander 2.2 has been released! Learn more here.

The Intel® Endpoint Management Assistant, version 1.6.0 is now available for download here.

The Intel® Setup and Configuration Software tool will End of Life (EOL) on 12/31/2022. The Intel® Setup and Configuration Software Download will be available until March 31, 2021. For details, Please click here.
2563 Discussions

Issue with TLS and remotecontrol.exe utility

idata
Community Manager
936 Views

I have SCS 5.0.0.9 setup and working to provision by AMT devices. AD integrated, with an enterprise CA

I have a profile setup to use TLS (not mutual) authentication. I specify WebServer as the template and have made sure the security is correct. The machines are provisioning successfully and from the SCS console I can communicate fine to these devices. I'm now trying to use the remotecontrol.exe utility on my workstation to issue power commands. Whenever I try to query the device status I get this response - An exception occurred while attempting to get the system power state. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Here is the syntax I'm using

remotecontrol.exe -tls -hostname <host> -user admin -pass <password> -query

If I change the profile to remove TLS, the command works fine (removing the -tls option)

Anyone ever see this or have an idea why I would get this error?

0 Kudos
1 Reply
Brett_M_Intel
Employee
86 Views

When you are running the Remote Control Utility from your workstation, are you sure that the workstation is able to verify the server certificate that the AMT system was provisioned with? If you have the WebUI enabled on the AMT system, you can verify this by opening a web browser to 'https://<hostname>:16993' to see if the certificate is trusted. Otherwise, you can add the following switch to the command line when using the Remote Control Utility: -ignorecert. While not documented (yet), this will allow the utility to ignore server certificates that are returned from the AMT system.

- Brett McKown

Reply