- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yesterday I provisioned my first AMT machine via SCCM Task Sequence & RCS. It truly was a beautiful moment after days / weeks of pain. I can connect via Commander using my AD creds (Kerberos & TLS) just fine but no matter what I try I cannot login via Web UI. I have tried IE, Chrome and Firefox. All display slightly different results. If I use IE I receive the username / password prompt but no matter what I enter I cannot login. I do not receive the username / password prompt in Chrome or Firefox.
I'm thinking it might have something to do with the client certificate. I followed section 9.2.5 of the SCS guide when defining the certificate template. Any ideas? Many thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grahamriley
Hey there Graham,
Nice detail on the post. This is an issue we are aware of and has to do with some registry settings for IE (which would affect, Chrome, firefox,etc.)
Please follow this link:
https://support.microsoft.com/en-us/help/908209/internet-explorer-6-cannot-use-the-kerberos-authentication-protocol-to-connect-to-a-web-site-that-uses-a-non-standard-port-in-windows-xp-and-in-windows-server-2003 https://support.microsoft.com/en-us/help/908209/internet-explorer-6-cannot-use-the-kerberos-authentication-protocol-to-c…
I'd make the modifications for both the x32 and x64 this is really meant for the version of the browser you are running vs your OS. The patch, however should already be applied to newer versions just need to make the registry modifications. Also, will need to restart your browser.
Let me know if this fixes the issue.
Michael
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grahamriley
Hey there Graham,
Nice detail on the post. This is an issue we are aware of and has to do with some registry settings for IE (which would affect, Chrome, firefox,etc.)
Please follow this link:
https://support.microsoft.com/en-us/help/908209/internet-explorer-6-cannot-use-the-kerberos-authentication-protocol-to-connect-to-a-web-site-that-uses-a-non-standard-port-in-windows-xp-and-in-windows-server-2003 https://support.microsoft.com/en-us/help/908209/internet-explorer-6-cannot-use-the-kerberos-authentication-protocol-to-c…
I'd make the modifications for both the x32 and x64 this is really meant for the version of the browser you are running vs your OS. The patch, however should already be applied to newer versions just need to make the registry modifications. Also, will need to restart your browser.
Let me know if this fixes the issue.
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Graham,
As Michael responded you need to enable Web Browser to use Kerberos authentication over non standard port (Intel AMT ports).
You need to do it for any version of MS Explorer anyway - see more details at Intel AMT SDK's implementation and reference guide -online version:
https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments/usingactivedirectorytomanageintelamtdevices.htm https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments/usingactivedirectorytomanageintelamtdevices.htm
(BTW - check this site home - it provides very useful explanation of AMT technology).
So you need to add two registry entries -you can use following commands, make sure you have enabled "Enable Integrated Windows Authentication" (in Internet Options > Advanced) restart Web Browser and enjoy your Kerberos access.
rgds
Dariusz Wittek
Intel EMEA Biz Client Technical Sales Specialist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks chaps,
Following your replies I found some other threads related to this - it seems quite a common problem. Anyway I found this thread where Dariusz has provided the Reg add commands. I entered these and confirmed that I have integrated auth enabled within IE advanced settings. I can now log on to Web UI using IE. However I still have the same error message in Chrome & Firefox. It is not the end of the world as we can use IE but I just wondered why this might be?
Many thanks for your continued help. Happy to say we are now mostly up and running with AMT.
Regards,
Graham
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page