1 Reply Latest reply on Oct 10, 2012 2:10 PM by Joseph Oster

    Why cant I get Kerberos to work with or without TLS?

    ferozekhan267oa

      Hi vPro Experts and Friends,

       

      Seems like I could use a little help here- The problem I have with my SCS setup is that we cant remote KVM (VNC Viewer) nor run non KVM commands using Intel vPro PS module via kerberos authentication with or without TLS.

      For non KVM commands, the PowerShell console errors saying "Unauthorised" while the VNC viewer brings up a credentials box asking for the digest credentials. Kerberos doesnt work at all but the digest user (admin and ACL) works fine with or without TLS.

      Cant even login into the webUI using https://fqdn:16993. I dont think there is any issue with the cert as we can provision just fine.
      AD authentication with or without TLS = FAILS.

      Only Digest credentials seems to be working.
      We even tried with individual domain user accounts and it FAILS.
      Client and Mgmt consoles are on the same domain + intranet + AMT clocks too are in sync.

      CheckAmtAcl tool shows that the ACL includes the domain users and are already loaded into the MEBx with the provisioned profile.

       

      My setup is as follows:

      1. Two VMs (standalone win server 2008 without AD domain services and are connected to our corporate network) - Running SCS one and MPS on the other
      2. Root CA is running on one of our physical domain controllers on the corporate network
      3. AMT Objects OU, User accounts and Groups are located on another physical domain controller.
      4. Vendor cert GoDaddy installed on the SCS server.
      5. Client AMT version 6.2 and 7.x
      6. TLS profile with AD integration

       

      Please help.

      Regards
      Mohammed