Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2881 Discussions

Using Intel EMA to configure AMT with Kerberos

The-Penguin
Beginner
1,552 Views

Hi,

 

I'd been using SCS to configure AMT for a long time until it stopped working correctly after a security update to Active Directory stopped it being able to create computer accounts with a $ in the name. Moving on and looking at Intel EMA, it seems to work quite well, except I can't find a way to configure the AMT devices for Kerberos Authentication like we had with SCS.

 

In short, is Intel EMA able to configure an AMT Endpoint for Kerberos Auth? I know the EMA portal itself supported Integrated Auth and that's working, but how about for the actual endpoints?

 

Cheers

0 Kudos
9 Replies
Victor_G_Intel
Employee
1,541 Views

Hello The-Penguin,


Thank you for posting on the Intel® communities.


To continue with your request can you please provide the following:


  1. How many endpoints does your Intel® EMA deployment have?
  2. What version of EMA is currently being used?
  3. Is this for a new deployment or an already existing one?
  4. Do you know the AMT version that your endpoints currently have?


Regards,


Victor G.

Intel Technical Support Technician  


0 Kudos
The-Penguin
Beginner
1,519 Views

Hello,

 

At the moment we only have it installed on around 10 machines for testing, but if we go ahead with it for our full fleet it will be around 150 devices.

We're running EMA 1.7.1, as we still have a few machines that are running v11.8 of the AMT Firmware. The majority of endpoints are running v12.

I guess it's kinda both a new and existing deployment. It's a new EMA deployment for testing, but we are coming from an SCS deployment where machines provisioned by SCS work with Kerberos as we require.

0 Kudos
Victor_G_Intel
Employee
1,505 Views

Hello The-Penguin,

 

Thank you so much for your response,

 

We appreciate the information provided. According to our Intel® Endpoint Management Assistant (Intel® EMA) Single Server Installation and Maintenance Guide, page 2. Section “Before You Begin” mentions that before you install EMA you need to decide whether you plan to install it under domain authentication mode (Kerberos) or normal account (username/password) mode, which is the default. If you need to use domain authentication, what we suggest is using the FQDN of your machine for the hostname; however, you still need to make sure that other endpoints or other client web browsers can connect to the value you entered. If you decide to use another value, you will need to follow IT practice to set up the Service Principle Name (SPN) after Intel EMA is installed.

 

Best regards,

 

Victor G.

Intel Technical Support Technician  

 

0 Kudos
The-Penguin
Beginner
1,488 Views

Thanks,

 

I'm aware of that and we have done that, but that is only for authenticating to EMA itself. What i'm looking for is a way to configure the Intel AMT profile for Kerberos Authentication.

0 Kudos
Victor_G_Intel
Employee
1,456 Views

Hello The-Penguin,

 

Thank you for posting on the Intel® communities.

 

Please let me review this information internally, and kindly wait for an update.

 

Once we have more information to share, we will post it on this thread.

 

Regards,

 

Victor G.

Intel Technical Support Technician  


0 Kudos
Victor_G_Intel
Employee
1,406 Views

Hello The-Penguin,



Thank you so much for your patience.



I will be sending you some information via private message; therefore, please continue replying through that private message thread until I decide is okay for us to continue the communication through the forum.



Note: Please do not reply to this message.



Best regards,



Victor G.

Intel Technical Support Technician


0 Kudos
Victor_G_Intel
Employee
1,197 Views

Hello The-Penguin,


I hope this message finds you well.

 

Were you able to check the latest private message we sent? Feel free to reply back to that private message if you need anything else.


Regards,


Victor G.

Intel Technical Support Technician


0 Kudos
Paul_R_Intel
Moderator
1,134 Views

Hello The-Penguin,


I hope this message finds you well.


We are wondering if our help is still needed. If we do not hear from you will proceed to close the ticket in 2 business days.


Best regards,


Paul R.

Intel Technical Support Technician



0 Kudos
Victor_G_Intel
Employee
1,059 Views

Hello The-Penguin,


We have not heard back from you.


If you need any additional information, please submit a new question as this thread will no longer be monitored.


Regards,


Victor G.

Intel Technical Support Technician


0 Kudos
Reply