Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Blog > 2009 > June
Up to Blog Posts in Intel® vPro™ Expert Center
Previous Next

Intel vPro Expert Center Blog

June 2009
Trevor Sullivan
0

OOB Console Error

Posted by Trevor Sullivan Jun 22, 2009

Hello vPro Experts!

 

Are you having trouble getting the Microsoft Out-of-Band (OOB) Console to connect to your Intel vPro clients? If so, one of the first things you should do, is enable verbose logging in your OOBConsole.exe.config file. This file is located in the following folder: %PROGRAMFILES%\Microsoft Configuration Manager Console\AdminUI\bin. If you open this file in Notepad, you should see a line that looks like <source name="OOBConsole" switchValue="Error">. If you change the text Error to Verbose, you will enable verbose logging for the OOB Console. The next time you try to connect to an AMT device, you should start seeing more detailed logging in the OOBconsole.log file, located in: %PROGRAMFILES%\Microsoft Configuration Manager Console\AdminUI\AdminUILog.

 

If you're seeing this message specifically: GetAMTPowerState fail with result:0x800401F3, then you might have forgotten to install WinRM 1.1 on your Windows XP client running the OOB console. Also make sure that you're running Windows XP Service Pack 3! Once you install WinRM 1.1, this error should magically disappear, and have you well on your way to managing vPro devices!

 

Cheers,

 

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Comments Permalink Tags: oobconsole, vpro, issue, problem, error, message, microsoft, configmgr, configuration, manager, amt, isv, software, console, sccm
Michele Gartner
1

Losing a laptop costs your company a lot more than just the lost hardware...think of the data that is on that PC. Now think about how many laptops you have in your enterprise and potential that there is for data breaches. Yeah, it is staggering - isn't it?!

 

Join us for the Securing Your Environment with Intel Anti-Theft Technology webinar on Tuesday, June 23 2009 to learn more about the impact of data breaches and how Intel Anti-Theft Technology can help you strengthen your PC hardware and security solutions.

 

Our panelists include Dr. Larry Ponemon, Mike Schulien, and Geoff Glave:

 

  • Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute, will share information from his annual study on the cost of data breaches; the associated financial impacts to business, the threat of customer turnover as well as preventative solutions. The Ponemon institutue is a research “think tank” dedicated to advancing privacy and data protection practices. Click here to read the study.

 

  • Intel Solution Architect, Mike Schulien, will discuss how Intel’s latest security innovation, Intel® Anti-Theft Technology, can combat security breaches by strengthening PC hardware and security solutions.  This new hardware-level technology will shut down a PC and/or its data if it is lost or stolen with the ability to reactivate it if it is recovered.

 

  • Geoff Glave, Absolute Software Product Manager, will talk about how IT administrators can use Computrace, Absolute’s leading IT asset-management and security solution, to secure their assets remotely, automatically locking down a system quickly in case of theft or suspicious circumstances. Computrace technology is the leading security service now using Intel® Anti-Theft Technology. Computrace with Intel® Anti-Theft Technology Whitepaper

 

Logistics

Date: June 23, 2009

Time: 9:00 am PDT

Registration: https://www2.gotomeeting.com/register/217766930

 

And of course, what's an Intel Anti Theft announcement without Josh's stellar surfing video?

 

1 Comments Permalink Tags: webinar, intel_at, openportpromo, vpro
Josh Hilliker
38

Windows 7 – Be Ready

Posted by Josh Hilliker Jun 9, 2009

Key challenge with deploying a new operating system is preparing for the upgrade in your enterprise, from legacy applications, deployment schedules and seriously down to the how are you planning to roll out a new OS.  While in the lab testing we discovered a few use cases that highlighted how you could deploy new OSes after normal work hours - Minimize end user and IT productivity impacts and maximize deployment saturation in the shortest period of time using Intel vPro Technology to initiate a remote PXE or media boot or an integrated power on command.

We dug in deeper and found the following value points from our lab test for deploying after you have vPro enabled: 

       Perform remote OS deployments on bare metal hardware

       Perform remote OS deployments on PCs where the OS or PC agent are non-responsive

       Meet defined or mandated OS deployment timelines regardless of PCs’ power state or connectivity (wired / wireless)

 

While I realize that having vPro enabled is not always possible before an OS upgrade, therefore we are going to be posting how to deploy Win7 and enable vPro at the same time to assist with your deployment.   We will be updating the following wiki as the new use cases are completed. 

 

First Use case completed (as seen at MMS)

http://communities.intel.com/click.jspa?searchID=446723&objectType=102&objectID=3232

Windows 7 / vPro Wiki

http://communities.intel.com/docs/DOC-3096

38 Comments Permalink Tags: openportpromo, windows7
Abhilasha Bhargav-Spantzel
0

Importance of protecting company data has led to the advent of various types of encryption solutions being deployed in the companies IT environments. One interesting question that comes to mind is if all of the company data that could potentially reside in different types of devices e.g. Desktops/Laptops/Smartphones etc. need to be encrypted? The answer to this question may need to take into account numerous considerations including security risk analysis, cost, management overhead etc.

 

Considering only laptops and desktops – we have observed that laptop encryption is more prevalent as compared to desktops. The two major questions then are 1) what reasons prevent enterprises from encrypting desktops?; 2) what reasons would motivate encryption of data in desktops?

 

Disadvantages of encrypting desktops

1)      Lack of security need due to low risk of theft – It may be less likely, given the physical and other security measures deployed in a company, that the physical desktops are stolen from the company premises

2)      Manageability costs and maintenance – Admins have to manage additional user credentials, increased helpdesk calls and also recovery of encrypted data is hard.

3)      Trend towards using stateless devices and virtual desktops

 

Advantages of encrypting desktops

1)      Insider Threat – Disgruntled employees stealing data from within the enterprise premises. Most desktops have bigger storage capabilities than laptops

2)      Regulatory Compliances require encryption of all devices

3)      Multi-User Machine- If there are multiple users that are using a common desktop and one of them happens to be malicious then encryption helps protect the data from such users.

 

Please take this quick survey and let us know what you think? Click Here to take survey

 

 

0 Comments Permalink
Trevor Sullivan
0

Hello vPro Experts!

 

I would like to pass on some information that I discovered a while ago, based on a Microsoft Premiere Support ticket. I was having trouble getting the Microsoft Out-of-Band (OOB) Management Console functioning from a Windows XP system. I tried everything on a fresh, standard build of Windows XP, but nothing would work.

 

After working with Premiere Support, we finally discovered that Windows XP Service Pack 3 (SP3) was required for proper functioning of the Microsoft OOB console.

 

This behavior is actually related to some functionality that was added in SP3, specifically in the winhttp.dll library. There is a function called WinHttpSetOption in the WinHttp library, which is called with a parameter enabling the WinHttp Option Flag named WINHTTP_ENABLE_SPN_SERVER_PORT. This flag enables the WinHttp library to include the server port in the Kerberos Service Principle Name (SPN), since the AMT web service is running on a non-standard HTTP port (16993).

 

The Windows XP Service Pack 2 (SP2) version of the WinHttp library does not include this capability, and consequently fails to authenticate. In order to properly connect to ConfigMgr-provisioned AMT devices with the Microsoft OOB Console, please make sure your helpdesk / support systems are running Windows XP SP3.

 

If you have any questions, feel free to post them in the comments section, and I will do my best to answer them.

 

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Comments Permalink Tags: oob, console, center, issue, failure, system, configuration, manager, microsoft, isv, configmgr, tools, vpro, sccm_sp1, kerberos, amt, trevor, sullivan, problem, sccm, troubleshoot, authentication
Terry Cutler
0

Join us for a Webinar on June 11

Joint AMP Intel v2.jpg

Lower your IT manageability costs with Intel vPro and Altiris Client Management Suite

Join Advanced Marketplace and Intel as we discuss new approaches to common IT manageability challenges. This webinar will focus on how Intel vPro technology extends and enhances the Altiris Client Management Suite (CMS) with live demonstrations and discussions. The combination of Altiris CMS and Intel(r) vPro Technology will allow you to improve Power Management, SW distribution, Patch Management and help with Remote Diagnostics and Repair.  

Come ready to watch and learn the capabilities of these combined technologies and bring your questions to ask experts from Advanced Marketplace and Intel.

Title:

Lower your IT manageability costs with Intel(r) vPro and Altiris CMS

Date:

Thursday, June 11, 2009

Time:

10:00 AM - 11:00 AM PDT

Space is limited.
Reserve your Webinar seat now at:
https://www2.gotomeeting.com/register/300550755

After registering you will receive a confirmation email containing information about joining the Webinar.

Webinar System Requirements
PC-based attendees
Required: Windows® 2000, XP Home, XP Pro, 2003 Server, Vista

Macintosh®-based attendees
Required: Mac OS® X 10.4 (Tiger®) or newer

 

0 Comments Permalink Tags: webinar, vpro
Josh Hilliker
7

This week we just launched a new program to help you on your activation journey of Intel vPro technology.   The x-intel team has provided key links to defining how to get a ROI, how to activate and how to get in contact with Intel insiders to explain what vPro can do for you.   here's the link to the site and I highly recommned it if you are just getting started on vPro.

 

Activation Program

 

Now for those already activated, I recommend the ROI section as it was re-vamped to help pin point particular use cases and the value IT shops are seeing.   http://communities.intel.com/openport/docs/DOC-1494

 

If you were reading the Wall Street Journal today, you might have seen this ad - http://twitpic.com/6hhwi

 

Now if your joining the community check out a few of our Pro's like Trevor Sullivan & Javed Lodhi, these guys are pro's on Intel Technology.

 

Josh H

7 Comments Permalink Tags: openportpromo
Trevor Sullivan
0

Hello vPro Experts,

 

In case you've worked with any of the Powershell code samples I've previously posted, you've probably noticed that the AmtSystem.Connect() method executes asynchronously, and returns immediately. In this case, you'd have to develop some sort of loop in order to determine whether or not the connection was successful. Typically, I would just use this code to prevent a script from continuing before the connection was established:

 

while ($amtdevice.State -eq "Connecting") { Start-Sleep 1 }

 

But that's ugly, because, what happens if it never connects? Although it's nice to have the ability to asychronously connect to AMT devices, writing code and understanding the logic, to handle async processes is significantly more difficult than writing code that is synchronous. For this reason, we will look at how to modify and recompile the ManageabilityStack .NET assembly in the Intel AMT Developer Toolkit (DTK) to allow synchronous connections to AMT from PowerShell code.

 

In order to perform the next steps, you'll need the following:

 

 

Once you've installed these components, continue on:

 

  1. Download the Intel AMT DTK source code and extract to a folder
  2. Navigate to <Source>\Manageability Stack and open the Manageability Stack.csproj file in Visual Studio 2008
  3. Open the AmtSystem.cs file in the Visual Studio Solution Explorer
  4. Rename the Connect() method to ConnectAsync()
  5. Copy the following code above the ConnectAsync() method:
    public void Connect()
    {
       if (State != AmtSystemObjState.Disconnected) return;
       ChangeState(AmtSystemObjState.Connecting);
       ConnectEx(this);
    }
  6. In the Visual Studio Solution Explorer, right-click the Manageability Stack project, and click Build
  7. Go to your <Source>\Manageability Stack\obj\Debug folder, and grab your new ManageabilityStack.dll .NET assembly

 

Now that you have a recompiled ManageabilityStack assembly, you can load this into PowerShell, and connect synchronously using the Connect() method!

 

Update: I attached the AmtSystem.cs file to this blog post, if you're not comfortable modifying source code yourself! You'll still need to replace the file, open the project, and recompile the library though

 

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Comments Permalink Tags: programming, automation, vpro, administer, code, developer, visual, dtk, administration, amt, microsoft, studio, c#, coding, .net

Popular Blog Posts