Due to a number of reasons I can only use the SCS service and digest authentication and cannot use AD Integration or PKI and TLS for security to provision and access the workstation. Also, the workstations are pre-configured at the factory with a PSK for zero touch provisioning.
Due to these restrictions and security requirements we can only use the default digest user account, admin and no additional manually created digest accounts in the SCS profile. To satisfy security requirements further, we need to set the admin account password using the Digest Master Password (DMP)setting within SCS.
I can successfully connect to a workstation via WebUI and VNC Viewer Plus using the default account, admin and the calculated DMP. Also, I can successfully connect to the workstation using the Manageability Commander Tool using these credentials. However, when I go to the Remote Control Tab and select Take Control to connect to the workstation via SOL I get the following error: Serial-over-LAN error: IMR_RES_INVALID_PARAMETER - when I select OK the Manageability Terminal Tool window launch and the status of Serial-over-LAN is Disconnected.
Doing research I found the following extract in the Intel AMT Implementation and Reference Guide in the TCP Parameters, Redirection Sample Console GUI section:
The lengths of the user name and user password are limited by the Redirection SDK to 32 characters. If either the user name or password exceeds this limit, IMR_RES_INVALID_PARAMETER, will be returned.
The length of the digest master password is 44 characters…
I then tested SOL with the default admin account and a password I set manually which is less than 32 characters and SOL connects successfully.
Therefore, I have the following questions and am hoping that someone is able to answer my questions:
How to get SOL working with the default admin account using a Digest Master Password or is this not possible?
Is there a way to truncate the DMP to conform to the maximum password length requirements?
Is there an alternative tool or utility to connect via SOL using the digest account, admin and DMP password?
Am I able to increase the length of the password in the Redirection SDK?
Hi all, I'm pleased to report that this issue has been resolved in Intel AMT SDK 8.0, where you can now pass the default admin user name and calculated Digest Master Password credentials through to establish a Serial Over LAN session.
On a personal note, I'm also pleased to report that the Intel team do take issues we come accross serious and are actively improving Intel vPro and associated tool sets. As with this problem I was facing, it was esculated to the Engineering/Developers team and within a few days they resolved the issue and released a new version of the SDK.