Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2759 Discussions

Status: In Configuration



can somebody help me, please?


I try to configure my first AMT device. The first device has the status "In Configuration" with a green connector. I can see the following history:


ExtendConfigWindowOfOpportunity InQueue 07:32:05


ExtendConfigWindowOfOpportunity Succeeded 07:27:09


Configurtion InProgress 07:27:06

Connectivity: AMT is connected


Configuration communcation type: PSK


Intel AMT Version: 4.1.11


Last Clock Sync: N/A


SKU: Intel vPro


Last Admin Password Update N/A


Last Configuration: N/A

No error messages. What can I do?

What have I already done?


Installed Service with IIS, SOAP and a trusted Root Certifikate from our domain (allowed, certificate signature, offline signing of blocked certification lsit, and signing the blocked certification list - sorry for the bad English in German there are: Zugelassen, Zertifikatsignatur, Offline Signieren der Zertifikatssperrlise, Signieren der Zertifikatssperrliste (46)). Installed the Setup and Configuration Console


ExportSchema.VBS seems to be okay.



Intel ME BIOS Extension v4.0.4.0006


ME State Control [X] Enabled


ME Firmware Local Update Qualifier [X] Always open


Manageablility Feature Selection [X] Intel(R) AMT


ME FW Update Interface

[X] ME and TPM

Intel ME ON in Host Sleep States: S0-S5

AMT Configuration:


Host Name: PC01


DHCP enabled


Domain name:


Provision Model: not changed to Small Business


Current Provisioning Mode: PSK

Provisioning Record

TLS Provisioning Mode : PSK


Provisioning IP:


Date of provision:


Provisioning Server:


TLS Preshared key: set PID and PPS with one of the 50 keys from the console


SOL/IDE-R: [X] enabled


Password Policy: [X] default password only


Secure firmware update [X] enabled


no PRTC set


Idle timeout 1

Inserted in the AMT Device one pair of PID and PPS, setting hostname, DHCP enabled, domainname, setting ip of provisioning server, changing the admin password "IntelvPro", provision mode is PSK.

In the console I got Hellos with UUID, setting the FQDN of the device,



AD OU: ou=my computers,dc=foo,dc=de


Profile: default profile


Admin Password: admin

default profile:


Enabled Interfaces: [X]Web UI, [X]Serial Over LAN, [X] IDE Redirection


Power Manageability Always on (S0-S5)


Idle timeout 3 minutes


New password for certificate based configuration: mailto:p@ssword p@ssword


(*) Force encrypteion


Kerberos clock tolerance 5


[ ] Use VLAN


[X] Enable ping response



digest user: "admin", random password, Access-Type: both, Realms: [X] PT-Administrator


AD-user: domain-admins, Access-Type: both, Realms: all checked


Domains, TLS, 802.1x, WiFi, EAC, Remote Access all off.

All Events:

Verbose Creating Active Directory AMT object: "" at "OU=my computers,dc=foo,dc=de"

Verbose Deleting Active Directory AMT object: "" at "OU=my computers,dc=foo,dc=de"


Verbose The SOAP connection with connection parameter set # 1 succeeded


Verbose Configuring Intel AMT device started

On the clientsoftware I get:


Intel AMT Status: not configured


mode: ready to configure


Firmware version:

What have I to do next?


Thanks for every welcome answers.


Michael Fees
0 Kudos
2 Replies

I see you list 4.1.11 as the FW of the platform, This FW is relatively old and a number of OEM's have more recent FW versions. since I am not aware of the specific platform you have used I have some general suggestions that may help resolve your issue.

First, please update to the latest FW your OEM has available - over time AMT has worked thru a variety of unique issues that resolved authentication failurers, the FW kit that is posted on the OEM site should have the release notes and specific fixes that are included in that kit. Please review these notes and if you see an issue that resembles your problem, I strongly recommend you update the FW (note some OEM's require updating the BIOS also, I tend to do both when i find they are both newer that your current versions).

While I know your in an enterprise mode and have a Certificate of Authority I would also recommend using the certificate checker tool found here in the vPro expert center. I will follow up with a link to the tool set that will help in identiying your issue.

last suggestion is based on your permisisons for provisioning, the AD credential needs to have admin priviliges so if you are logged into the client with non provisioning admin credentials you will not be successful in provisioning, even if you ahve admin rights to the platform. As long as your certificate is valid I would recommend using the remote activation tool for all your provisioning, activator.exe is the recommended method for starting remote provisioning.


here is the tool set I mentioned - please review the SCS setup wizard tool and the certificate validation tool along with the other capabilities to help you provision and manage your platform - /docs/DOC-1171