Intel® vPro™ Platform
Intel Manageability Forum (Intel® EMA, AMT, SCS & Manageability Commander)
Announcements
Intel® Endpoint Management Assistant (Intel® EMA) Cloud Start Tool for Azure* 2.0 is now available for download here.

The Intel® Manageability Commander 2.2 has been released! Learn more here.

The Intel® Endpoint Management Assistant, version 1.5.1 is now available for download here.

The Intel® Setup and Configuration Software tool will End of Life (EOL) on 12/31/2022. The Intel® Setup and Configuration Software Download will be available until March 31, 2021. For details, Please click here.
2562 Discussions

Problem with Keberos authentication

TKrem1
New Contributor I
1,242 Views

Hello, everyone,
we are currently trying to switch our AMT wakeup to Keberos authentication. Until now, the set admin account with password was used to start and manage clients. To ensure more security, Keberos will be used now.
We have set it up according to the templates of the Intel AMT Implementation and Reference Guide. The AD integration is active, objects are created under the computer name with the addition $IME. The users in question were authorized via the SCS profile.
Here we experimented with the rights, even full access does not have the desired effect.
If an authorized user tries to send a WakeUp it will be denied with missing rights.
Are there any experiences or further tips on this topic?

Thanks
Thomas

0 Kudos
1 Solution
TKrem1
New Contributor I
872 Views

Thanks to a troubleshooting we found our problem. It was homemade. The Powershell command for credential propagation required the domain in addition to the username.

Domain\Username immediately established the Keberos connection.

Thanks again.

View solution in original post

10 Replies
JoseH_Intel
Moderator
1,233 Views

Hello TKrem1,

 

Thank you for joining the Intel community.

 

Could you please attach some screenshots if possible of your AD setup and the error message received. We will use them to elevate your issue to our senior team.

There are some issues reported about Kerberos and AD integration. It seems that the issue comes from Windows trying to access WS-Management service. Go to run 'Services.msc' at Windows start button and locate 'Windows Remote Management (WS-Management)' observe his current status, restart the service and set it to automatic.

 

We will look forward for your updates.

 

Regards

Jose A.

Intel Customer Support

 

 

TKrem1
New Contributor I
1,227 Views

Hello, Jose,

I checked the WS-Management service. It is set to automatic and runs during the WakeUp attempt. I restarted the service, but it didn't help.
On the screens you can see the AD configuration in the SCS profile and the error message when the user tries to do the wakeup. If the command is sent with the default admin ID, the machine responds immediately.

 

Regards
Thomas

JoseH_Intel
Moderator
1,215 Views

Hello TKrem1,


Thanks for the updates provided. I will proceed to elevate your issue to our senior team. I will let you know as soon as I get any word from them.


Regards


Jose A.

Intel Customer Support


JoseH_Intel
Moderator
1,208 Views

Hello TKrem1,


Could you please confirm if you have PT Administrator selected for the user in permissions? 


Will look forward for your updates.


Regards


Jose A.

Intel Customer Support


JoseH_Intel
Moderator
1,208 Views

Hello TKrem1,


Could you please confirm if you have PT Administrator selected for the user in permissions? 


Will look forward for your updates.


Regards


Jose A.

Intel Customer Support


TKrem1
New Contributor I
1,203 Views

Hello Jose,
we have selected PT Adfministrator for the Testuser. It was the first permission we used.
After it didn't work we also gave him the other permissions.
At the end, the user had all possible permissions.
We we have updated the respective computers provisioning between the tests. 

Regards
Thomas

MichaelA_Intel
Moderator
1,005 Views

Hi Thomas,


Email sent to set up virtual troubleshooting. Plan to update forum when resolution is found.


Regards,

Michael


TKrem1
New Contributor I
968 Views

Hi Michael,

sorry for the late reply.
Our Exchange Servers broke down and we can't get E-Mails at the moment.

I will react as soon as i get the e-mail.

Regards,
Thomas

olliepope80
Beginner
911 Views

Clusters that use Kerberos for authentication have several possible sources of potential issues, including: Failure of the Key Distribution Center (KDC) Missing Kerberos or OS packages or libraries. Incorrect mapping of Kerberos REALMs for cross-realm authentication. 

Thanks and Best Regards:

BTS Merch

TKrem1
New Contributor I
873 Views

Thanks to a troubleshooting we found our problem. It was homemade. The Powershell command for credential propagation required the domain in addition to the username.

Domain\Username immediately established the Keberos connection.

Thanks again.

View solution in original post

Reply