Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

how to be able to enable standard port (5900) for kvm?

mname1
Beginner
3,279 Views

I'm using Manageability Commander Tool Mesh Edidion v0.1.34 ( yay for short names ), connecting to an AMT 9 machine ( HP 800 G1 ), this machine is using basic provisioning, when I connect and go to "remote desktop settings" I change "enable standard port (5900)" from disabled to enabled, but when I hit ok button this gives an error

something similar happens when I use wsmancli from a linux machine to change the same setting, it gives me an error ( now can't remember but can redo if needed )

so I'm thinking the problem is in the MEBx configuration, either I have to enable something or basic provisioning doesn't allow for this change

I can connect without problem with real vnc pro

0 Kudos
1 Solution
Dariusz_W_Intel
Employee
1,730 Views

Sorry - deleted my oroginal response by mistake - here is recreated answer:

Intel AMT KVM RFB Standard port (5900) requires to be protected by RFB strong password.

It is exactly 8 characters (not 7 or less neither 9 or more!).

This password has to be configured into AMT FW to allow enabling RFB Standard port (via Intel SCS, Host Based Configuration or other AMT tools).

Setting RFB Standard port password and enabling RFB Standard port requires AMT PT Administration ACL realm (AMT administrator access).

Uppon RFB Viewer app connection over RFB standard port user will be asked to provide this RFB Standard Port password -but nothing else!.

RFB Standard port access is NOT encrypted neither protected with AMT access credentials (digest /AD Kerberos) so it is not recommended to be setup/used in enterprises.

Good for POC/Small pilot but not for production environment.

rgds

darek

View solution in original post

0 Kudos
4 Replies
mname1
Beginner
1,730 Views

yes the password was the problem, I was trying to write a longer one, then trying without setting a password, thinking it would use the same one as for MEB

hope there would be a AMT/vPRO for dummies

also found that vnc procotol has a 8 bytes password limit, wish I'd known that beforehand

thx for sheding light

0 Kudos
Dariusz_W_Intel
Employee
1,730 Views

"hope there would be a AMT/vPRO for dummies" ...

Hmm -it is WIP - have ~50% of it ready now - have to update with Intel SCS 10 + Remote Configuration + Intel tools and ... it shall be ready before vacations (maybe middle of July).

Will post it in this community.

rgds

darek

0 Kudos
mname1
Beginner
1,730 Views

looking forward to it since by then I might be starting to think about the final implementation on my organization

0 Kudos
Dariusz_W_Intel
Employee
1,731 Views

Sorry - deleted my oroginal response by mistake - here is recreated answer:

Intel AMT KVM RFB Standard port (5900) requires to be protected by RFB strong password.

It is exactly 8 characters (not 7 or less neither 9 or more!).

This password has to be configured into AMT FW to allow enabling RFB Standard port (via Intel SCS, Host Based Configuration or other AMT tools).

Setting RFB Standard port password and enabling RFB Standard port requires AMT PT Administration ACL realm (AMT administrator access).

Uppon RFB Viewer app connection over RFB standard port user will be asked to provide this RFB Standard Port password -but nothing else!.

RFB Standard port access is NOT encrypted neither protected with AMT access credentials (digest /AD Kerberos) so it is not recommended to be setup/used in enterprises.

Good for POC/Small pilot but not for production environment.

rgds

darek

0 Kudos
Reply