can somebody help me, please?
I try to configure my first AMT device. The first device has the status "In Configuration" with a green connector. I can see the following history:
ExtendConfigWindowOfOpportunity InQueue 07:32:05
ExtendConfigWindowOfOpportunity Succeeded 07:27:09
Configurtion InProgress 07:27:06
Connectivity: AMT is connected
Configuration communcation type: PSK
Intel AMT Version: 4.1.11
Last Clock Sync: N/A
SKU: Intel vPro
Last Admin Password Update N/A
Last Configuration: N/A
No error messages. What can I do?
What have I already done?
Installed Service with IIS, SOAP and a trusted Root Certifikate from our domain (allowed, certificate signature, offline signing of blocked certification lsit, and signing the blocked certification list - sorry for the bad English in German there are: Zugelassen, Zertifikatsignatur, Offline Signieren der Zertifikatssperrlise, Signieren der Zertifikatssperrliste (46)). Installed the Setup and Configuration Console 126.96.36.199.
ExportSchema.VBS seems to be okay.
Intel ME BIOS Extension v4.0.4.0006
ME State Control [X] Enabled
ME Firmware Local Update Qualifier [X] Always open
Manageablility Feature Selection [X] Intel(R) AMT
ME FW Update Interface
[X] ME and TPM
Intel ME ON in Host Sleep States: S0-S5
Host Name: PC01
Domain name: foo.de
Provision Model: not changed to Small Business
Current Provisioning Mode: PSK
TLS Provisioning Mode : PSK
Date of provision:
TLS Preshared key: set PID and PPS with one of the 50 keys from the console
SOL/IDE-R: [X] enabled
Password Policy: [X] default password only
Secure firmware update [X] enabled
no PRTC set
Idle timeout 1
Inserted in the AMT Device one pair of PID and PPS, setting hostname, DHCP enabled, domainname, setting ip of provisioning server, changing the admin password "IntelvPro", provision mode is PSK.
In the console I got Hellos with UUID, setting the FQDN of the device,
AD OU: ou=my computers,dc=foo,dc=de
Profile: default profile
Admin Password: admin
Enabled Interfaces: [X]Web UI, [X]Serial Over LAN, [X] IDE Redirection
Power Manageability Always on (S0-S5)
Idle timeout 3 minutes
New password for certificate based configuration: mailto:p@ssword p@ssword
(*) Force encrypteion
Kerberos clock tolerance 5
[ ] Use VLAN
[X] Enable ping response
digest user: "admin", random password, Access-Type: both, Realms: [X] PT-Administrator
AD-user: domain-admins, Access-Type: both, Realms: all checked
Domains, TLS, 802.1x, WiFi, EAC, Remote Access all off.
Verbose Creating Active Directory AMT object: "PC01.foo.de" at "OU=my computers,dc=foo,dc=de"
Verbose Deleting Active Directory AMT object: "PC01.foo.de" at "OU=my computers,dc=foo,dc=de"
Verbose The SOAP connection with connection parameter set # 1 succeeded
Verbose Configuring Intel AMT device started
On the clientsoftware I get:
Intel AMT Status: not configured
mode: ready to configure
Firmware version: 188.8.131.521
What have I to do next?
Thanks for every welcome answers.
I see you list 4.1.11 as the FW of the platform, This FW is relatively old and a number of OEM's have more recent FW versions. since I am not aware of the specific platform you have used I have some general suggestions that may help resolve your issue.
First, please update to the latest FW your OEM has available - over time AMT has worked thru a variety of unique issues that resolved authentication failurers, the FW kit that is posted on the OEM site should have the release notes and specific fixes that are included in that kit. Please review these notes and if you see an issue that resembles your problem, I strongly recommend you update the FW (note some OEM's require updating the BIOS also, I tend to do both when i find they are both newer that your current versions).
While I know your in an enterprise mode and have a Certificate of Authority I would also recommend using the certificate checker tool found here in the vPro expert center. I will follow up with a link to the tool set that will help in identiying your issue.
last suggestion is based on your permisisons for provisioning, the AD credential needs to have admin priviliges so if you are logged into the client with non provisioning admin credentials you will not be successful in provisioning, even if you ahve admin rights to the platform. As long as your certificate is valid I would recommend using the remote activation tool for all your provisioning, activator.exe is the recommended method for starting remote provisioning.
here is the tool set I mentioned - please review the SCS setup wizard tool and the certificate validation tool along with the other capabilities to help you provision and manage your platform - /docs/DOC-1171 http://communities.intel.com/docs/DOC-1171