Any tips on why my AD integration may be failing, or where to start looking / debugging?
RCS server deployed in database mode.
AD OU set up and permissioned.
Enterprise CA set up and template created and permissioned.
Profile created on the RCS
acuconfig.exe ConfigViaRCSOnly succeeds and provisions machine. Certificate is created by the CA, Computer object is created in the OU.
Logging on to https://127.0.01:16693/ works using Admin and the "Get configured Password" from the RCS
Logging on to https://127.0.01:16693/ fails for Domain accounts.
Am I missing something here? I assume this should work.
acuconfig.exe /Verbose /Output Console ConfigViaRCSOnly rcsserver.mydomain.com StandardLan /AbortOnFailure /ADOU OU=AMT,OU=Others,DC=mydomain,DC=com /RCSBusyRetryCount 5
Profile details (domain names changed for obvious reasons)
Profile Name: StandardLAN
Profile Type: Intel AMT
FQDN will be the same as the Primary DNS FQDN
IP will be taken from DHCP
Active Directory Integration
Active Directory OU:OU=AMT,OU=Others,DC=mydomain,DC=com
Access Control List (ACL)
User 1: mydomain.com\AMTAdministrators
User Type: Active Directory
User has both remote and local access to the realms listed below
Realms: Redirection, PT Administration, Hardware Asset, Remote Control, Storage, Event Manager, Storage Administration, Agent Presence Local, Agent Presence Remote, Circuit Breaker, Network Time, General Info, Firmware Update, EIT, Local User Notification, Endpoint Access Control, Endpoint Access Control Administrator, Event Log Reader, User Access Control
Transport Layer Security (TLS)
Server authentication used for remote interface
Server Authentication Certificate Properties:
Certificate Authority: ca-cert-001.mydomain.com\MYDOMAIN-ISSUING-CA-001
Certificate Template: AMTWebServerCertificate
Common Names (CNs) in certificate: DNS Host Name (FQDN), Host Name, SAM Account Name, User Principal Name, UUID
Do not enable synchronization of Intel® AMT with host platform WiFi profiles
Enabled Management Interfaces:
Serial Over LAN
RFB password not defined
Power Management Settings: Always On (S0-S5), Timeout if idle: 3 minutes
The Intel® AMT clock will be synchronized with the operating system clock
Intel® AMT will not respond to ping requests
Fast Call for Help (within the enterprise network) is Enabled