- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
can somebody help me, please?
I try to configure my first AMT device. The first device has the status "In Configuration" with a green connector. I can see the following history:
ExtendConfigWindowOfOpportunity InQueue 07:32:05
ExtendConfigWindowOfOpportunity Succeeded 07:27:09
Configurtion InProgress 07:27:06
Connectivity: AMT is connected
Configuration communcation type: PSK
Intel AMT Version: 4.1.11
Last Clock Sync: N/A
SKU: Intel vPro
Last Admin Password Update N/A
Last Configuration: N/A
No error messages. What can I do?
What have I already done?
SERVER:
Installed Service with IIS, SOAP and a trusted Root Certifikate from our domain (allowed, certificate signature, offline signing of blocked certification lsit, and signing the blocked certification list - sorry for the bad English in German there are: Zugelassen, Zertifikatsignatur, Offline Signieren der Zertifikatssperrlise, Signieren der Zertifikatssperrliste (46)). Installed the Setup and Configuration Console 5.2.0.34.
ExportSchema.VBS seems to be okay.
AMT DEVICE
Intel ME BIOS Extension v4.0.4.0006
ME-Configuration:
ME State Control [X] Enabled
ME Firmware Local Update Qualifier [X] Always open
Manageablility Feature Selection [X] Intel(R) AMT
ME FW Update Interface
[X] ME and TPM
Intel ME ON in Host Sleep States: S0-S5
AMT Configuration:
Host Name: PC01
DHCP enabled
Domain name: foo.de
Provision Model: not changed to Small Business
Current Provisioning Mode: PSK
Provisioning Record
TLS Provisioning Mode : PSK
Provisioning IP:
Date of provision:
Provisioning Server:
TLS Preshared key: set PID and PPS with one of the 50 keys from the console
SOL/IDE-R: [X] enabled
Password Policy: [X] default password only
Secure firmware update [X] enabled
no PRTC set
Idle timeout 1
Inserted in the AMT Device one pair of PID and PPS, setting hostname, DHCP enabled, domainname, setting ip of provisioning server, changing the admin password "IntelvPro", provision mode is PSK.
In the console I got Hellos with UUID, setting the FQDN of the device,
FQDN: PC01.foo.de
AD OU: ou=my computers,dc=foo,dc=de
Profile: default profile
Admin Password: admin
default profile:
Enabled Interfaces: [X]Web UI, [X]Serial Over LAN, [X] IDE Redirection
Power Manageability Always on (S0-S5)
Idle timeout 3 minutes
New password for certificate based configuration: mailto:p@ssword p@ssword
(*) Force encrypteion
Kerberos clock tolerance 5
[ ] Use VLAN
[X] Enable ping response
ACL:
digest user: "admin", random password, Access-Type: both, Realms: [X] PT-Administrator
AD-user: domain-admins, Access-Type: both, Realms: all checked
Domains, TLS, 802.1x, WiFi, EAC, Remote Access all off.
All Events:
Verbose Creating Active Directory AMT object: "PC01.foo.de" at "OU=my computers,dc=foo,dc=de"
Verbose Deleting Active Directory AMT object: "PC01.foo.de" at "OU=my computers,dc=foo,dc=de"
Verbose The SOAP connection with connection parameter set # 1 succeeded
Verbose Configuring Intel AMT device started
On the clientsoftware I get:
Intel AMT Status: not configured
mode: ready to configure
Firmware version: 4.1.11.1051
What have I to do next?
Thanks for every welcome answers.
Michael Fees
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see you list 4.1.11 as the FW of the platform, This FW is relatively old and a number of OEM's have more recent FW versions. since I am not aware of the specific platform you have used I have some general suggestions that may help resolve your issue.
First, please update to the latest FW your OEM has available - over time AMT has worked thru a variety of unique issues that resolved authentication failurers, the FW kit that is posted on the OEM site should have the release notes and specific fixes that are included in that kit. Please review these notes and if you see an issue that resembles your problem, I strongly recommend you update the FW (note some OEM's require updating the BIOS also, I tend to do both when i find they are both newer that your current versions).
While I know your in an enterprise mode and have a Certificate of Authority I would also recommend using the certificate checker tool found here in the vPro expert center. I will follow up with a link to the tool set that will help in identiying your issue.
last suggestion is based on your permisisons for provisioning, the AD credential needs to have admin priviliges so if you are logged into the client with non provisioning admin credentials you will not be successful in provisioning, even if you ahve admin rights to the platform. As long as your certificate is valid I would recommend using the remote activation tool for all your provisioning, activator.exe is the recommended method for starting remote provisioning.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
here is the tool set I mentioned - please review the SCS setup wizard tool and the certificate validation tool along with the other capabilities to help you provision and manage your platform - /docs/DOC-1171 http://communities.intel.com/docs/DOC-1171
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page