Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor I
438 Views

Problem with Keberos authentication

Jump to solution

Hello, everyone,
we are currently trying to switch our AMT wakeup to Keberos authentication. Until now, the set admin account with password was used to start and manage clients. To ensure more security, Keberos will be used now.
We have set it up according to the templates of the Intel AMT Implementation and Reference Guide. The AD integration is active, objects are created under the computer name with the addition $IME. The users in question were authorized via the SCS profile.
Here we experimented with the rights, even full access does not have the desired effect.
If an authorized user tries to send a WakeUp it will be denied with missing rights.
Are there any experiences or further tips on this topic?

Thanks
Thomas

0 Kudos

Accepted Solutions
Highlighted
New Contributor I
68 Views

Thanks to a troubleshooting we found our problem. It was homemade. The Powershell command for credential propagation required the domain in addition to the username.

Domain\Username immediately established the Keberos connection.

Thanks again.

View solution in original post

0 Kudos
10 Replies
Highlighted
Moderator
429 Views

Hello TKrem1,

 

Thank you for joining the Intel community.

 

Could you please attach some screenshots if possible of your AD setup and the error message received. We will use them to elevate your issue to our senior team.

There are some issues reported about Kerberos and AD integration. It seems that the issue comes from Windows trying to access WS-Management service. Go to run 'Services.msc' at Windows start button and locate 'Windows Remote Management (WS-Management)' observe his current status, restart the service and set it to automatic.

 

We will look forward for your updates.

 

Regards

Jose A.

Intel Customer Support

 

 

0 Kudos
Highlighted
New Contributor I
423 Views

Hello, Jose,

I checked the WS-Management service. It is set to automatic and runs during the WakeUp attempt. I restarted the service, but it didn't help.
On the screens you can see the AD configuration in the SCS profile and the error message when the user tries to do the wakeup. If the command is sent with the default admin ID, the machine responds immediately.

 

Regards
Thomas

0 Kudos
Highlighted
Moderator
411 Views

Hello TKrem1,


Thanks for the updates provided. I will proceed to elevate your issue to our senior team. I will let you know as soon as I get any word from them.


Regards


Jose A.

Intel Customer Support


0 Kudos
Highlighted
Moderator
404 Views

Hello TKrem1,


Could you please confirm if you have PT Administrator selected for the user in permissions? 


Will look forward for your updates.


Regards


Jose A.

Intel Customer Support


0 Kudos
Highlighted
Moderator
404 Views

Hello TKrem1,


Could you please confirm if you have PT Administrator selected for the user in permissions? 


Will look forward for your updates.


Regards


Jose A.

Intel Customer Support


0 Kudos
Highlighted
New Contributor I
399 Views

Hello Jose,
we have selected PT Adfministrator for the Testuser. It was the first permission we used.
After it didn't work we also gave him the other permissions.
At the end, the user had all possible permissions.
We we have updated the respective computers provisioning between the tests. 

Regards
Thomas

0 Kudos
Highlighted
Moderator
201 Views

Hi Thomas,


Email sent to set up virtual troubleshooting. Plan to update forum when resolution is found.


Regards,

Michael


0 Kudos
Highlighted
New Contributor I
164 Views

Hi Michael,

sorry for the late reply.
Our Exchange Servers broke down and we can't get E-Mails at the moment.

I will react as soon as i get the e-mail.

Regards,
Thomas

0 Kudos
Highlighted
Beginner
107 Views

Clusters that use Kerberos for authentication have several possible sources of potential issues, including: Failure of the Key Distribution Center (KDC) Missing Kerberos or OS packages or libraries. Incorrect mapping of Kerberos REALMs for cross-realm authentication. 

Thanks and Best Regards:

BTS Merch

0 Kudos
Highlighted
New Contributor I
69 Views

Thanks to a troubleshooting we found our problem. It was homemade. The Powershell command for credential propagation required the domain in addition to the username.

Domain\Username immediately established the Keberos connection.

Thanks again.

View solution in original post

0 Kudos