If you want to have the Intel Manageability Tool Kit interoperate with a vPro client that has been provisioned by Microsoft System Center Configuration Manager SP1, there are two key things you need to do: Configure Manageability Commander to trust the Issuing Certificate Authority of AMT Web Certificates and to authenticate with a Kerberos user that has access to the vPro Client.




Before configuring Manageability Commander, you will need to obtain a copy of the Root Certificate Authority Certificate that the vPro Client AMT Web Server Certificate was issued from. This is the same Certificate Authority that was configured in “Microsoft System Center Configuration Manager Console” -> “Out of Band Component Configuration” -> "Site Database" -> "Site Management" -> "Site" -> "Site Settings" -> "Component Configuration" -> "Out of Band Management" -> "General Tab" -> "Certificate Template".

If you are issuing AMT Web Server Certificates from a subordinate certificate authority, you should still use the certificate from the Root Certificate Authority the SubCA is chained up to.





Export a copy of the Root CA

1)   To export of a copy of the Root CA Certificate, you can open your local certificate store, select “Trusted Root Certificate” -> “Certificate” and search for the proper Root CA Certificate. If you do not have the Root CA certificate in your trusted root store, your CA Administrator can obtain a copy for you from the CA by selecting the “Properties” of the Certificate Authority and selecting “View Certificate”.

2)   Once you have the certificate open, select the “Detail” tab and then select “Copy to File”.cert2.JPG

3)   When the “Certificate Export Wizard” appears, click “Next”.

4)   Select “DER encoded binary X.509(.CER)” and click “Next”.

5)   Select a location to export the certificate to and then click “Next”.

6)   On the “Complete the Certificate Export Wizard”, click ‘Finish”.





Trusting your Root Certificate Authority in Manageability Commander

Now that you have a copy of the Root CA certificate, you are able to configure Manageability Commander so that it can manage a vPro client provisioned by SCCM.

1)   If you have not already done so, you can download a copy of the Manageability Tool Kit from the following location: http://software.intel.com/en-us/articles/download-the-latest-version-of-manageability-developer-tool-kit/. Follow the onscreen instructions on how to install it.

2)   Once Manageability Tool Kit is install and Manageability Commander is open, select “File” -> “Certificate Manager”.

3)   In the “Certificate Manager” window, ensure you delete all other existing certificates by highlighting them and clicking the “Delete” button. After which, select “Import”.

4)   Browse for the Root Certificate Authority Certificate you exported (which is the Root CA Certificate that is chained up from your AMT Web Server certificates) and click “Open”.

5)   Back in the “Certificate Manager” window, click the “Refresh Displayed Certificates” button. You should now see your CA in the “Trusted Root Certificates” list. Click “Close” to exit the Certificate Manager window.





Adding a Client to Manageability Commander

Once the Root CA certificate has been trusted, you can now add the client (that is provisioned by SCCM) you want to manage via Manageability Commander.

1)   To add the vPro client, select “File” -> “Add” -> “Add Intel® AMT Computer”.

2)   When the “Add Intel® AMT Computer” window appears, enter in the full qualified domain name (FQDN) of the client you want to manage. If you want Manageability Commander to use Kerberos authentication of the local user logged, leave the Username and Password blank. If you want to specify a different Kerberos user then the local logged on user, enter in the desired Kerberos user as domain\user and the appropriate password. Click “OK” to close the “Add Intel® AMT Computer” window.

3)   Once you have added the vPro client, you should see it in the list of clients to manage. Right click on the client, and select “Connect”.

4)   Once connected, you can invoke any of the vPro / AMT use cases that the Manageability Commander Tool supports on the client provisioned and also managed by SCCM.










Debugging Connection

If you are having connection issue, you can perform some general troubleshoot by viewing the debug information.

1)   To view the debug information, select “Help” -> “Show Debug Information...”

2)   Once the “Manageability stack” window opens, you can see additional detail of any issues encountered.










--Matt Royer