Hello Mansee,

Greetings of the day.

We suggest using the sample commands available at the Intel vPro Technology Module for Windows PowerShell Installation and User Guide.pdf included in the Intel vPro® Technology Module for Windows* PowerShell* zip file v18.0.1.1.

Section 6.1 Intel® AMT Power Management gives the command to turn off the system.

https://www.intel.com/content/www/us/en/download/704395/intel-vpro-technology-module-for-windows-powershell.html

Regards,

Suneesh

Hi Suneesh,

As I mentioned above I was trying the sample commands from the User Guide but it isn't helping. Before when we didn't had the TLS connection, the below command was working fine

$AMTCredential = New-Object System.Management.Automation.PSCredential ($username,$password)
Get-Content contents.txt | Invoke-AMTPowerManagement -Operation:PowerOff -credential $AMTCredential 

Now for the newer PCs which requires TLS connection, this doesn't work anymore. Can you please help me if there is something wrong that I am doing in the command?

Hello Mansee,

Greetings of the day.

We want to let you know that example 4 of this section 6.1.1 gives the script for powering the system off (Endpoints with TLS support only, port 16992 closed).

Regards,

Suneesh

Subject: Update on Your Issue

Hello Mansee,

Good day.

We are currently checking on the issue and will provide an update as soon as possible.

Regards,  

Suneesh

Hi @Suneesh ,

Any update on the issue?

Thanks,

Inesh

Hello Mansee,

Good day.

The Engineering team is currently working on the issue and will provide an update soon.

Best regards,

Suneesh

Hello Mansee,

To begin troubleshooting the issue, please verify that you can communicate with port 16993 by using either test-netconnection or telnet. We need to ensure that there isn't a networking or system obstacle preventing direct communication with AMT.

Additionally, it appears that the steps in the documentation are not being followed. Below is the relevant script from the vPro PS module SDK to properly encrypt the credentials. You can find this information in the documents, encapsulated in the SDK, located on page 8.

Write-AmtCredential Function Code

powershell

Function Write-AmtCredential {

  <#

  .Synopsis

  Writes an Intel Active Management Technology credential from secure string storage

  .Description

  Writes an Intel Active Management Technology (AMT) credential to System.Security.SecureString in the default user path.

  .Link

  http://vproexpert.com

  http://www.intel.com/vpro

  http://www.intel.com

  .Example

  Write-AmtCredential

  .Example

  $AMTCredential = Write-AmtCredential (will assume the digest account "admin")

  .Example

  $AMTCredential = Get-Credential

  Write-AmtCredential –Username $AMTCredential.Username –Password $AMTCredential.Password

  .Example

  Write-AMTCredential [[-FilePath] <String>] [[-Key] <String>] [[-Hint] <String>] [[-AsPlainText]] [[-Force]] [[-Username] <String>] [-Password] <SecureString> [<CommonParameters>]

  #>

  [CmdletBinding()]

  Param (

    [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true, position=0, HelpMessage="Path to Credential File")]

    [string] $FilePath,

    [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=1, HelpMessage="An ASCII Key of 128,196, or 256 Length")]

    [string] $Key,

    [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=2, HelpMessage="Password Hint")]

    [string] $Hint,

    [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=3, HelpMessage="Save password as plain text")]

    [System.Management.Automation.SwitchParameter] $AsPlainText,

    [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$false, position=3, HelpMessage="Force")]

    [System.Management.Automation.SwitchParameter] $Force

  )

}

Example:

powershell

PS C:\WINDOWS\system32> $password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force

PS C:\WINDOWS\system32> $AMTCred = New-Object System.Management.Automation.PSCredential ("admin", $password)

Lastly, please note that the **FQDN** matching your certificate needs to be used for this process. Using an IP address will not match the certificate and thus won’t be trusted.

Please let me know if this resolves the issue or if further assistance is needed.

Best regards,  

Vijay N

Hello Mansee,

We understand the frustration you're experiencing and would like to provide clarity on the changes related to Intel AMT connections starting from the Intel® 13th Gen and Intel® 12th Gen Core™ Processors.

As of the Alder Lake platforms (Intel CSME 16.1 firmware) and Raptor Lake CPUs, remote connections to Intel AMT unsecure TCP/IP ports (16992, 16994, 623) are no longer supported. To ensure secure communications, connections must now be established using TLS over the following ports:

16993 for AMT web interface (HTTPS)

16995 for redirection

664 for secure redirection (Intel AMT).

Additionally, with the Intel CSME 19 firmware on Arrow Lake platforms, all connections to Intel AMT, including local, must use these secure TLS ports. Non-TLS connections are no longer supported under any circumstances.

Steps to Check and Troubleshoot:

Connection Check: Please ensure the correct connection settings are used, such as:

Example: https://<endpoint_IP_address>:16993

(e.g., https://192.168.xxx.xxx:16993 – note: IP partially hidden for security)

Proxy and Firewall Verification: Ensure the required ports (16993, 16995, 664) are open and not blocked by any firewall or proxy settings.

BIOS Configuration: Verify that Intel AMT is enabled in the system BIOS, and that your machine has been configured with an administrator password using the Ctrl+P configuration interface.

FQDN and Certificates: When managing an Intel vPro technology-enabled client over TLS (port 16993), ensure the computer name matches the Fully Qualified Domain Name (FQDN) in the issued TLS certificate.

Intel® AMT SDK Implementation and Reference Guide

Please review of section 2.1.3 from attached guide for Intel vPro® Technology Module for Microsoft* Windows* PowerShell* : Cmdlet and Function Communication Encryption

If the Intel vPro technology enabled client is configured to use Transport Layer Security (TLS) by having a web server certificate issued to the Intel Management Engine, the –TLS switch must be passed to the cmdlet. When managing an Intel vPro technology enabled client over TLS (port 16993), it is mportant that the computer name match the primary subject name of the issued TLS certificate. This is typically the Fully Qualified Domain Name (FQDN).

Best regards,

Vijay N.

Hello Mansee,

Greetings!!

I am following up on the case and wondering if I can help you with anything else. Look forward to your response.

Regards,

Vijay N.

Hello Mansee,

Greetings!!

If further assistance is necessary, do not hesitate to reply.

Regards,

Vijay N.

Hi @vij1 @Suneesh ,

Sorry was busy with other stuff. I tried getting the AMT Self Signed Certificate and installed in both the PC as well as the Server from where we are going to use the IntelAMTPower Management Powershell script but it still ended up saying trust failure. I am still checking if there are any solutions for this issue.

Thanks