Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Maynman28
Beginner
255 Views

WsmanUnauthorizedException with Powershell Commands

I've got a lab system with a locked down Windows Server 2019 OS installed, specifically the Secure Host Baseline image. I've got all the necessary drivers and programs loaded for Intel AMT (the Management Engine Components, and the Security Status application)

I've also got the IntelVPro cmdlets loaded, as well as the assemblies from the needed dlls.

 

When I run commands that query the status of the AMT configuration, I get an unauthorized error.

 

Like in the Get-AMTSetup command, it fails at when discover() is invoked:

Add-Type -Path "C:\PowershellModules\IntelvProModule\Bin\IntelvPro\Intel.Wsman.Scripting.dll"

$me = new-Object 'Intel.Management.Mei.MeDevice'
$result = new-Object 'System.Object'

$MeEnabled=$me.Enable()

$me.Discover()

Exception calling "Discover" with "0" argument(s): "Unauthorized"
At C:\Users\xAdministrator\Desktop\AMTtesting.ps1:9 char:1
+ $me.Discover()
+ ~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WsmanUnauthorizedException

 

Other "Get" commands produce similar Unauthorized messages.

 

I've been able to run the exact same commands on fresh installations of Windows Server 2019 on the same hardware and do not get these errors.

 

I've also copied over the Local Security Policies and Local Group Policies from the fresh installation to the Locked Down Image, and still receive the same error messages.

 

Does anyone have any ideas or guidance where to look next? I believe it's either got to be permissions somewhere, or some dependency that's locked down that I'm not able to find.

 

0 Kudos
7 Replies
JoseH_Intel
Moderator
237 Views

Hello Maynman28,


Thank you for joining the Intel community


Are you using any kind of script? Is this script authenticated? Please take a look at the SCS userguide section 6.18.7 and let me know if it applies to you: https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf#page=161...


I will look forward for your comments


Regards


Jose A.

Intel Customer Support Technician



Maynman28
Beginner
224 Views

Hello Jose, the issue came to light when I was using Powershell to call all cmdlets included in the VPro SDK provided by Intel. I was running the commands locally on the workstation itself from a elevated command prompt so authentication shouldn't be a factor.

I did some further digging and found the problem: in the local Security Settings, the commands do not work if the following local policy is enabled:

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

If I set that setting to disabled, then reboot the system, I no longer receive the errors.

I don't know if that is a bug, or an incompatibility, or an accepted constraint, but it may be worth lo

 

 

JoseH_Intel
Moderator
197 Views

Hello Maynman28,


This indeed looks like a possible bug. I will let our senior team know to see if they have any previous reports of this.


Regards


Jose A.

Intel Customer Support Technician


JoseH_Intel
Moderator
135 Views

Hello Maynman28,


Could you please run a systemdiscovery and attach the output to the case. For more details you can check here: https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf#page=10


Regards


Jose A.

Intel Customer Support Technician


JoseH_Intel
Moderator
110 Views

Hello Maynman28,


I am just following up to double check if you were able to gather the requested information. Otherwise let us know if you require more time to accomplish this. I will try to reach you back on next Monday 1st.


Regards


Jose A.

Intel Customer Support Technician


Maynman28
Beginner
89 Views

I have attached the requested XML file. Although I'm not sure how it will help given the issue was that FIPS was enabled.

JoseH_Intel
Moderator
76 Views

Hello Maynman28,


Thank you for the file provided. We will proceed to analyze it and will let you know our findings soon


Regards


Jose A.

Intel Customer Support Technician