I have been asked to demo vPRO Out of Band Management to a potential customer and after looking through shed loads of documentation, I got started on testing.
The client has AMT 8.1.20 build 1366
I configured the AMT client settings in the MEBx menu (ctrl+p)
Set IPv4 details (fixed IP etc)
everything else is at defaults.
Everything here looks fine.
The problem I have is when I try to connect with VNC Viewer Plus.
The AMT IP is in
Security set to 'none'
Connection type to 'Intel (R) AMT KVM'
When I click connect and enter the username and password it tells me to check user permissions (It is definitely not incorrect login details as that gives a different message)
On top of the I have installed the PowerShell module and attempted to get-powerstate and it comes back with unauthorized.
Does anyone have any thoughts or suggestions?
PS. if you need more info please feel free to ask.
I'm assuming that you are using 'admin' user and the password that you defined, right?
In this case, there are two configuration in VNC Viewer Plus that may cause this behavior:
in VNC Viewer Start screen -> Options... -> Connection -> Uncheck "Use single sign-on if VNC Server supports it" - basically, this mark try to use you kerberos token to authenticate and as far you are not using it integrated with AD, it will fail;
Also, check 'AMT Server' tab, and see if 'connect without requiring consent' is marked - doing SMB provisioning, as you did, you can do direct connect without user consent.
See if it works.
Thanks for the direction but unfortunately I get the same response.
The fact that the PowerShell Module gives me 'Unauthorized' makes me think it's something for the AMT end. I have been looking and notice client control mode and admin control mode. Could it be anything to do with that? should I need a Certificate?
roll on remote access cards in clients No offence Intel, but this is too time consuming to figure out, through the web, a phone call with an expert could probably solve it in minutes.
It's should be a detail that I hope we can fix in a minute
Basically, PowerShell and VNC Viewer Plus rely on IE configuration to access vPro machines and in IE you have two possible configuration for authentication, i.e. AD integrated, i.e. kerberos or digest authentication. As you mentioned that you made manual provisioning, you only have digest authentication available, that is not the default IE option. What is missing in this puzzle is the fact that you told that was able to authenticate using browser, probably you didn't use IE, right?, so try change this option in IE and try it again (uncheck Windows integration):
Hope it solve your problem and that you can do a great vPro demo
Thanks again Bruno but still no luck,
I was able to log in to the browser session with IE before removing the setting and rebooting, bit still no VNC access, same message.
'Failed to access resources IPS_KVMRedirectionSettingData, check user permissions'
PowerShell is still unauthorised too but with the IntelvProGui invoked and the login settings correct I can connect (through PS)
Any other Ideas,
But now you brought further details... can you confirm your maker and model of your vPro system? I'm assuming that as far you can get access through WebUI and also been able to connect using PS, it's not a problem with vPro provisioning, but with KVM. I found some makers/models that beside the fact that is vPro, OEM configured the machine to use a 3rd party GPU and to KVM works you need to use Intel integrated GPU.
It is a Dell Precision, I am looking through the documentation now but the process suggested uses USB provisioning and Dell's software requires a TLS Certificate.
All I want is simplicity
Could be that your system does not support KVM. I'm not sure about your DELL Precision model, but just taking one such http://www.dell.com/us/business/p/precision-m4800-workstation/pd this from DELL website
As you can see, this SKU uses a Graphic Card that is not Intel, so KVM will never works:
That matches with what you are experiencing.
BTW: What you have done for provisioning is right, it can simple or complex based on what security level you want and also match your infrastructure requirements, e.g. AD integration, 802.1x wired and wireless, etc.