Currently Being Moderated

In summary - these are not compatible, as explained below.

 

Intel AMT Remote Configuration enables the authentication to the firmware for an initial Intel AMT configuration event.  Remote configuration for Admin Control Mode configuration of the Intel AMT firmware is typically done via a valid certificate for the environment.

 

More information on the remote configuration process is available at https://community.mcafee.com/docs/DOC-2225

 

The authentication process should complete without user interaction.   If the requesting application (i.e. Intel SCS) is prompted everytime when the private key is accessed, the autonomy is lost.

 

When importing the certificate to your target server, if the Strong Key Protection option is selected and grayed out this indicates a conflicting group policy for cryptography has been applied to the server.

CertImport-PrivateKeyProtect.png

 

If you miss the first prompt, another clear indication that the conflicting group policy is in affect is shown below.

CertImport-PrivateKeyProtect prompt.png


Changing the group policy setting of the server will remove this barrier.

 

In the example below, the incorrect or conflicting setting is shown.

GPO_crypto.png

 

Change the System Cryptography policy to the "User input is not required when new keys are stored and used"

 

GPO_crypto_correct.png

Comments

Filter Blog

By author:
By date:
By tag: