Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2920 Discussions

Status: In Configuration

idata
Employee
1,346 Views

Hello,

can somebody help me, please?

 

I try to configure my first AMT device. The first device has the status "In Configuration" with a green connector. I can see the following history:

 

ExtendConfigWindowOfOpportunity InQueue 07:32:05

 

ExtendConfigWindowOfOpportunity Succeeded 07:27:09

 

Configurtion InProgress 07:27:06

Connectivity: AMT is connected

 

Configuration communcation type: PSK

 

Intel AMT Version: 4.1.11

 

Last Clock Sync: N/A

 

SKU: Intel vPro

 

Last Admin Password Update N/A

 

Last Configuration: N/A

No error messages. What can I do?

What have I already done?

SERVER:

Installed Service with IIS, SOAP and a trusted Root Certifikate from our domain (allowed, certificate signature, offline signing of blocked certification lsit, and signing the blocked certification list - sorry for the bad English in German there are: Zugelassen, Zertifikatsignatur, Offline Signieren der Zertifikatssperrlise, Signieren der Zertifikatssperrliste (46)). Installed the Setup and Configuration Console 5.2.0.34.

 

ExportSchema.VBS seems to be okay.

AMT DEVICE

 

Intel ME BIOS Extension v4.0.4.0006

ME-Configuration:

ME State Control [X] Enabled

 

ME Firmware Local Update Qualifier [X] Always open

 

Manageablility Feature Selection [X] Intel(R) AMT

 

ME FW Update Interface

[X] ME and TPM

Intel ME ON in Host Sleep States: S0-S5

AMT Configuration:

 

Host Name: PC01

 

DHCP enabled

 

Domain name: foo.de

 

Provision Model: not changed to Small Business

 

Current Provisioning Mode: PSK

Provisioning Record

TLS Provisioning Mode : PSK

 

Provisioning IP:

 

Date of provision:

 

Provisioning Server:

 

TLS Preshared key: set PID and PPS with one of the 50 keys from the console

 

SOL/IDE-R: [X] enabled

 

Password Policy: [X] default password only

 

Secure firmware update [X] enabled

 

no PRTC set

 

Idle timeout 1

Inserted in the AMT Device one pair of PID and PPS, setting hostname, DHCP enabled, domainname, setting ip of provisioning server, changing the admin password "IntelvPro", provision mode is PSK.

In the console I got Hellos with UUID, setting the FQDN of the device,

FQDN: PC01.foo.de

 

AD OU: ou=my computers,dc=foo,dc=de

 

Profile: default profile

 

Admin Password: admin

default profile:

 

Enabled Interfaces: [X]Web UI, [X]Serial Over LAN, [X] IDE Redirection

 

Power Manageability Always on (S0-S5)

 

Idle timeout 3 minutes

 

New password for certificate based configuration: mailto:p@ssword p@ssword

 

(*) Force encrypteion

 

Kerberos clock tolerance 5

 

[ ] Use VLAN

 

[X] Enable ping response

ACL:

 

digest user: "admin", random password, Access-Type: both, Realms: [X] PT-Administrator

 

AD-user: domain-admins, Access-Type: both, Realms: all checked

 

Domains, TLS, 802.1x, WiFi, EAC, Remote Access all off.

All Events:

Verbose Creating Active Directory AMT object: "PC01.foo.de" at "OU=my computers,dc=foo,dc=de"

Verbose Deleting Active Directory AMT object: "PC01.foo.de" at "OU=my computers,dc=foo,dc=de"

 

Verbose The SOAP connection with connection parameter set # 1 succeeded

 

Verbose Configuring Intel AMT device started

On the clientsoftware I get:

 

Intel AMT Status: not configured

 

mode: ready to configure

 

Firmware version: 4.1.11.1051

What have I to do next?

 

Thanks for every welcome answers.

 

Michael Fees
0 Kudos
2 Replies
idata
Employee
509 Views

I see you list 4.1.11 as the FW of the platform, This FW is relatively old and a number of OEM's have more recent FW versions. since I am not aware of the specific platform you have used I have some general suggestions that may help resolve your issue.

First, please update to the latest FW your OEM has available - over time AMT has worked thru a variety of unique issues that resolved authentication failurers, the FW kit that is posted on the OEM site should have the release notes and specific fixes that are included in that kit. Please review these notes and if you see an issue that resembles your problem, I strongly recommend you update the FW (note some OEM's require updating the BIOS also, I tend to do both when i find they are both newer that your current versions).

While I know your in an enterprise mode and have a Certificate of Authority I would also recommend using the certificate checker tool found here in the vPro expert center. I will follow up with a link to the tool set that will help in identiying your issue.

last suggestion is based on your permisisons for provisioning, the AD credential needs to have admin priviliges so if you are logged into the client with non provisioning admin credentials you will not be successful in provisioning, even if you ahve admin rights to the platform. As long as your certificate is valid I would recommend using the remote activation tool for all your provisioning, activator.exe is the recommended method for starting remote provisioning.

idata
Employee
509 Views

here is the tool set I mentioned - please review the SCS setup wizard tool and the certificate validation tool along with the other capabilities to help you provision and manage your platform - /docs/DOC-1171 http://communities.intel.com/docs/DOC-1171

Reply