Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

Intel AMT 3.2.1 Self-signed certificate issue and working around it for Microsoft System Configuration Manager SP1

idata
Employee
‎08-28-2008 02:05 PM
1,199 Views

Intel AMT 3.2.1 Self-signed certificate issue and working around it for Microsoft System Configuration Manager SP1

I have exactly this problem with about 500 Dell Optiplex 755 Clients (BIOS upgraded from A09 to A10, AMT 3.2.1) as described in the blog "Intel AMT 3.2.1 Self-signed certificate issue and working around it for Microsoft System Configuration Manager SP1".

Is this a bug in the Intel AMT Implementation or the Microsoft SCCM? Will this be corrected? I could correct this with a local un-provision, but the remote un-provision method doesn't work. How can i troubleshoot the WS-MAN Translator to use the remote un-provison workaround?

I think that the WS-MAN Translator doesn't work correctly, because i have also a view Dell Latitude D630c with AMT 2.6.1. This Clients could not be detect a AMT Version in SCCM.

0 Kudos

Link Copied

1 Reply
Matthew_R_Intel
Employee
‎09-02-2008 03:26 PM
358 Views

The Self-signed certificate issue is directly related to an AMT issue introduced in firmware 3.0 and corrected in 3.2.1; however, due to the way firmware upgrade works today, it does not reset the self-signed certificate because it is considers the self signed certificate a data component of the AMT settings. If you were to perform a factory reset (which requires you to pull the CMOS battery) on a client that was upgraded from 3.x to 3.2.1 firmware, you would not see the issue. A long terms resolution is currently under investigation.

In terms of the Intel WS-MAN Translator, I'm assuming you are running the Intel WS-MAN Translator version 1.0 and have configured in alignment with what was described in the p-11434 following Blog? You can take a look at your C:\Program Files\Intel Corporation\Intel WS-Management Translator\wstrans.log; this is the Intel WS-MAN Translator Log and should give you more detail on what is going on when you try to run the script. You may temporarily want to change your error logging in the Translator to Verbose to get some more detail. To do so, modify wstrans.exe.config (make a backup copy first) to look like the following and restart the Intel WS-MAN Translator service:

<system.diagnostics>

<switches>

<add name="Intel.Wstrans" value="Verbose" />

<add name="Intel.Wstrans.Eoi" value="Verbose" />

<add name="Intel.Wstrans.WsMan" value="Verbose" />

</switches>

</system.diagnostics>

--Matt Royer

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.