Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander

AMT Unauthorized

idata
Employee
2,437 Views

Hello,

Here is the scenario :

we configure 80 computers with AMT ( tls enable on port 16995 and digest authentification with certificate and DHCP mode with reservations).

all machine was test before moving to a datacenter.

we plug all the 80 computers ( power cable and network cable only) to unconfigurated network switches but not booting any computers to windows.

after the configuration of the switch amt not working.

The only way to make it works is tu unplug the power supplies for 10 seconds and plugin again. then without booting to windows amt fonctionalitiys work again for around 25 days.

What Happend when you plug the power supplies without booting ( network initializings something )?

Is there something to configure on network switches ?

is there a kind of Grace period ?

is there a powershell command to do the same reset as remove the power cable ?

Hope to find somboddy to help me for this stange scenario.

Thanks in advance

0 Kudos
4 Replies
MichaelA_Intel
Moderator
580 Views

hourlpa

Hello,

Please submit a ticket at http://www.intel.com/content/www/us/en/support/contact-support.html Contact Support under Intel® vPro™ Technology. We'd like to dive in a little further on this issue with you.

Michael

0 Kudos
TKers
Beginner
580 Views

Hi,

I do have the same issues. Any news on this topic? I am using a Fujitsu Q170 mainboard with the latest BIOS. But I guess this is not important due to a KVM issue.

It seems to be related with AMT 11.0 (no issues with former versions).

Thanks

Regards

tkl

0 Kudos
idata
Employee
580 Views

Hello,

intel support said they are aware of this problem and provide update firmware to sellers in my case HP. they ask me to contact hp support to have it and can't give it to me directly( strange )

HP support will publish this update in april !

so we are still waiting.

in the meantime i found that update firmware or bios with the same version unlock the grace period. ( we did that when its append each 24 days ).

Maybe you will have more luck with fujitsu support.

0 Kudos
Dariusz_W_Intel
Employee
580 Views

Intel ME FW comes from Intel to all OEMs but it has to be validated by each OEM with their HW design and BIOS (and version) design.

There is potential risk that if you update Intel ME FW to version not validated by OEM - some features -especially those which require BIOS module support - SOL/IDE-R or USB-R, also partially KVM may not work properly anymore.\

In such case you will create "OEM unsupported" configuration - in case of issues you will be on your own as OEM may not support it.

If there is significant change/fix in ME FW due to features/performance Version Control Number in ME FW is increased, if it is security issue beeing fixed Security Control Number is increased. With Intel ME FW update process /Tool - you may update to FW with equal or higher SCN/VCN numbers but not to lower one (where there are known issues/bugs).

This is why Intel can't provide ME FW update directly to you as if you upgrade it to higher SCN/VCN and it will not work well with OEM BIOS (not validated config) - you won't be able to roll back to previous ME FW - existing ME FW will prevent it.

You have to escalate your issue to OEM to expedite their validation efforts (not granted it will help but let OEM feel and share your pain).

Dariusz Wittek

Intel EMEA Biz Client Technical Sales Specialist

0 Kudos
Reply