Community
cancel
Showing results for 
Search instead for 
Did you mean: 
TCotu
Beginner
2,147 Views

Issues with Intel ME firmware update and INTEL-SA-00086 command-line tool

We're packaging the Intel ME firmware for deployment to our laptops/desktops. We noticed that the firmware updates whether the system is vulnerable or not, and since we're including the firmware as part of our build process we wanted to avoided continuously rewriting firmware, so we included the INTEL-SA-00086 command-line tool as a pre-check. If the tool returns an error code saying the system is vulnerable then we run the firmware update and restart, if the system comes back as patched or non-vulnerable then we return success.

With some systems we've been getting errors when running the INTEL-SA-00086, one of which is "The signature of the file HeciWrapper64.dll cannot be validated." We tried installing the Intel ME Components driver and restarting which fixed the issue on some systems, but not all.

On one system we were even able to run the firmware update but the INTEL-SA-00086 tool still failed, and running the Intel ME Components driver didn't fix the issue. What was odd was that the command-line tool failed, and while the command-line session was still open we ran the GUI version which succeeded, and then the command-line version succeeded when run again.

Is there something the GUI version of the INTEL-SA-00086 does that would affect the command-line version of the tool or was this a coincidence?

How can we ensure the command-line tool works consistently?

Tags (1)
0 Kudos
7 Replies
idata
Community Manager
388 Views

Hello tcotuleo,

 

 

I understand that you are currently experiencing problems with the Intel ® Management Engine firmware update and the SA-00086 command-line tool.

 

 

Regarding this, I will need some more information in order to find and see what the problem can be, first, let me know if the systems you have built are the same processor-wise or perhaps the configuration, are they the same or do they differ from each other?

 

 

Let me know so we can start an investigation about this problem.

 

 

 

Regards,

 

David V
TCotu
Beginner
388 Views

Thanks for responding.

We've seen the issue multiple times on three different models of machine. Each model has a standard hardware and software build. We're currently running HP Elitebook 820 and 850 laptops (both G1 and G2) in our environment, as well as HP Prodesk 600 G1 workstations.

This latest issue that I mentioned was on an 850 G1 laptop.

idata
Community Manager
388 Views

Hello tcotuleo,

 

 

Thank you for your response.

 

 

What I can recommend you to do in this case is to refer to the link below:

 

 

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

 

 

This has a list of the different manufacturers who are addressing the problem. Normally if you have the latest BIOS version the patch for the Intel ® SA-00086 should be applied. They should also have a list of the different devices affected, we have provided all of the information necessary to the different manufacturers in order to address the issue.

 

 

I apologize for any inconvenience.

 

 

 

Regards,

 

David V
TCotu
Beginner
388 Views

We had actually reached out to HP for assistance, and they has us reach out to Intel regarding the INTEL-SA-00086 command-line tool since it's an Intel tool.

I'm really just trying to determine if the GUI version of the tool does anything to the system that would affect the operation of the command-line tool. The command-line started working for us after we ran the GUI tool.

Does the GUI tool do anything different from the command-line tool?

RAJU2529
New Contributor III
388 Views

I have tested on my laptop with same tool , its worked perfectly , I am sure tool tells true

here is the video

TCotu
Beginner
388 Views

Thank you for trying it out.

The GUI tool works on most systems for us as well, but we have a few where it fails. On the last system the command-line tool failed but the GUI tool succeeded, which seemed to fix the command-line tool.

We're just trying to find out if the GUI tool would do something that would fix the command-line tool or if it was a coincidence.

n_scott_pearson
Super User Retired Employee
388 Views

Hhmmm, sounds like GUI tool is installing driver or library that is needed by either version...

...S

Reply