4 Replies Latest reply on Mar 23, 2017 9:28 AM by dariusz.wittek@intel.com

    AMT Unauthorized

    hourlpa

      Hello,

      Here is the scenario :

       

      we configure 80 computers with AMT ( tls enable on port 16995 and digest authentification with certificate and DHCP mode with reservations).

      all machine was test before moving to a datacenter.

      we plug all the 80 computers ( power cable and network cable only) to unconfigurated network switches but not booting any computers to windows.

      after the configuration of the switch amt not working.

      The only way to make it works is tu unplug the power supplies for 10 seconds and plugin again. then without booting to windows amt fonctionalitiys work again for around 25 days.

       

      What Happend when you plug the power supplies without booting ( network initializings something )?

      Is there something to configure on network switches ?

      is there a kind of Grace period ?

      is there a powershell command to do the same reset as remove the power cable ?

       

      Hope to find somboddy to help me for this stange scenario.

      Thanks in advance

        • 1. Re: AMT Unauthorized
          michael_a_intel

          hourlpa

          Hello,

           

          Please submit a ticket at Contact Support  under Intel® vPro™ Technology.  We'd like to dive in a little further on this issue with you.

           

          Michael

          • 2. Re: AMT Unauthorized
            tkl

            Hi,

            I do have the same issues. Any news on this topic? I am using a Fujitsu Q170 mainboard with the latest BIOS. But I guess this is not important due to a KVM issue.

            It seems to be related with AMT 11.0 (no issues with former versions).

            Thanks

            Regards

            tkl

            • 3. Re: AMT Unauthorized
              hourlpa

              Hello,

              intel support said they are aware of this problem and provide update firmware to sellers in my case HP. they ask me to contact hp support to have it and can't give it to me directly( strange )

              HP support will publish this update in april !

              so we are still waiting.

              in the meantime i found that update firmware or bios with the same version unlock the grace period. ( we did that when its append  each 24 days ).

              Maybe you will have more luck with fujitsu support.

              • 4. Re: AMT Unauthorized
                dariusz.wittek@intel.com

                Intel ME FW comes from Intel to all OEMs but it has to be validated by each OEM with their HW design and BIOS (and version)  design.

                There is potential risk that if you update Intel ME FW to version not validated by OEM - some features -especially those which require BIOS module support - SOL/IDE-R or USB-R, also partially KVM  may not work properly anymore.\

                In such case you will create "OEM unsupported" configuration - in case of issues you will be on your own as OEM may not support it.

                If there is significant change/fix in ME FW due to features/performance Version Control Number in ME FW is increased, if it is security issue beeing fixed Security Control Number is increased. With Intel ME FW update  process /Tool - you may update to FW with equal or higher SCN/VCN numbers but not to lower one (where there are known issues/bugs).

                 

                This is why Intel can't provide ME FW update directly to you as if you upgrade it to higher SCN/VCN  and it will not work well with OEM BIOS (not validated config) - you won't be able to roll back to previous ME FW - existing ME FW will prevent it.

                You have to escalate your issue to OEM to expedite their validation efforts (not granted it will help but let OEM feel and share your pain).

                 

                Dariusz Wittek

                Intel  EMEA Biz Client Technical Sales Specialist