Wanted to share a great post by Gael Holmes (Intel) who recently posted in the Intel® vPro™ Expert Center .   See the original post here: also a copy provided below...


We recently made available to our Intel AMT Developers the first version of the SCS (Setup and Configuration Server) Lite tool. Eventually this tool will morph into a full blown setup and configuration server that supports all the infrastructure that SCS 5.0 now supports. This "Lite" version, however, is very "Lite" as the name implies. It does not require (or support) SQL database, AD, TLS.  It, instead supports one touch and remote provisioning using the SCS Service, the SCS Console, and the Activator tool. This tool currently provisions an Intel AMT Client in "Enterprise Mode" without TLS.

Many developers, or users, may have been provisioning their systems in what we call SMB (Small to Medium Business) mode manually and then they may decide to try out the new SCS Lite tool and realize suddenly they can no longer do a SOL/IDE-R (Serial Over LAN/IDE-Redirect) operation on the same AMT Client they did this on prior to provisioning with the SCS Lite Tool.

What is going on here is simple. When we provision our AMT systems manually (SMB mode) we enable SOL and IDER options in the MEBx BIOS extentions (otherwise there will be no SOL/IDE-R actions) and the Redirection port gets enabled automatically. This is not the case when provisioning in Enterprise mode (because it is a security issue to enable the port and leave it open.) Software vendors who provision their systems in Enterprise Mode (whether or not they have TLS) know that their software must open the port in order to have a successful SOL/IDER session and then they are expected to close the port when the session is over.

If someone is running a Manageability Application that was designed to work on AMT systems that were provisioned in SMB mode, but now they have been re-provisioned in Enterprise Mode, the Manageability APP may not open the port and so SOL/IDER will not work unless the redirection port is enabled.

This Screen Shot (From the Manageability DTK) shows what is enabled on an AMT Client after provisioning with the SCS Lite, or other Enterprise provisioning tool. Note that "Redirection Port" is Disabled. Simply click on the box next to "Disabled" and this will allow SOL/IDER sessions to occur.


This Screen Shot shows the SOL/IDER settings that occur automatically when the AMT Client is provisioned using SMB Mode - Note that the Redirection Port is automatically enabled and the AMT system is free to perform SOL/IDER sessions.

Note that whether the system is being provisioned in SMB mode or in Enterprise Mode we still must enable SOL and IDER in the MEBx Extensions. If we fail to enable them in the BIOS or in our Profile (for the SCS) then we cannot perform SOL/IDER at all - and this has nothing to do with the enabling or disabling of the Redirection Port.

Moving forward it will be necessary for all Manageability Apps to check the status of the Redirection Port and then open the port prior to initiating the SOL/IDER session (and then close the port when the session is complete.) By putting this flow into your code base, you are covered when communicating with the devices that are configured in either SMB or enterprise mode.

These are the API's of interest in this flow:

  • SetEnabledInterfaces - Make sure SOL and IDE-R are set as enabled interfaces
  • GetRedirectionListenerState - Gets the current redirection listener status
  • SetRedirectionListenerState - Set the redirection listener state to enabled if not already enabled.