7 Replies Latest reply on Nov 28, 2014 6:34 AM by brunodom

    vPro OOB demo AMT 8.1.20

    Triss

      Hi all,

       

      I have been asked to demo vPRO Out of Band Management to a potential customer and after looking through shed loads of documentation, I got started on testing.

       

      The client has AMT 8.1.20 build 1366

       

      I configured the AMT client settings in the MEBx menu (ctrl+p)

           Set password

           Set Domain

           Set IPv4 details (fixed IP etc)

           everything else is at defaults.

       

      From the system I am using to manage from, I have managed to connect using the web browser and 'http://AMT_IP_Address:16992' and log in.

      Everything here looks fine.

       

      The problem I have is when I try to connect with VNC Viewer Plus.

           The AMT IP is in

           Security set to 'none'

           Connection type to 'Intel (R) AMT KVM'

       

      When I click connect and enter the username and password it tells me to check user permissions (It is definitely not incorrect login details as that gives a different message)

      On top of the I have installed the PowerShell module and attempted to get-powerstate and it comes back with unauthorized.

       

      Does anyone have any thoughts or suggestions?

       

      Thanks,

      Triss

       

      PS. if you need more info please feel free to ask.

        • 1. Re: vPro OOB demo AMT 8.1.20
          brunodom

          Triss,

           

          I'm assuming that you are using 'admin' user and the password that you defined, right?

          In this case, there are two configuration in VNC Viewer Plus that may cause this behavior:

          in VNC Viewer Start screen -> Options... -> Connection -> Uncheck "Use single sign-on if VNC Server supports it" - basically, this mark try to use you kerberos token to authenticate and as far you are not using it integrated with AD, it will fail;

          Also, check 'AMT Server' tab, and see if 'connect without requiring consent' is marked - doing SMB provisioning, as you did, you can do direct connect without user consent.

           

          See if it works.

           

          Best Regards!

          -Bruno Domingues

          • 2. Re: vPro OOB demo AMT 8.1.20
            Triss

            Thanks for the direction but unfortunately I get the same response.

             

            The fact that the PowerShell Module gives me 'Unauthorized' makes me think it's something for the AMT end. I have been looking and notice client control mode and admin control mode. Could it be anything to do with that?  should I need a Certificate?

             

            roll on remote access cards in clients No offence Intel, but this is too time consuming to figure out, through the web, a phone call with an expert could probably solve it in minutes.

             

            Thanks again,
            Triss

            • 3. Re: vPro OOB demo AMT 8.1.20
              brunodom

              Triss,

               

              It's should be a detail that I hope we can fix in a minute

              Basically, PowerShell and VNC Viewer Plus rely on IE configuration to access vPro machines and in IE you have two possible configuration for authentication, i.e. AD integrated, i.e. kerberos or digest authentication. As you mentioned that you made manual provisioning, you only have digest authentication available, that is not the default IE option. What is missing in this puzzle is the fact that you told that was able to authenticate using browser, probably you didn't use IE, right?, so try change this option in IE and try it again (uncheck Windows integration):

              IE-uncheck.PNG

               

              Hope it solve your problem and that you can do a great vPro demo

               

              Best Regards!

              -Bruno Domingues

              • 4. Re: vPro OOB demo AMT 8.1.20
                Triss

                Thanks again Bruno but still no luck,

                 

                I was able to log in to the browser session with IE before removing the setting and rebooting, bit still no VNC access, same message.

                 

                'Failed to access resources IPS_KVMRedirectionSettingData, check user permissions'

                PowerShell is still unauthorised too but with the IntelvProGui invoked and the login settings correct I can connect (through PS)

                 

                Any other Ideas,

                Thanks,

                Triss

                • 5. Re: vPro OOB demo AMT 8.1.20
                  brunodom

                  But now you brought further details... can you confirm your maker and model of your vPro system? I'm assuming that as far you can get access through WebUI and also been able to connect using PS, it's not a problem with vPro provisioning, but with KVM. I found some makers/models that beside the fact that is vPro, OEM configured the machine to use a 3rd party GPU and to KVM works you need to use Intel integrated GPU.

                   

                  Best Regards!

                  -Bruno Domingues

                  • 6. Re: vPro OOB demo AMT 8.1.20
                    Triss

                    Hey Bruno,

                     

                    It is a Dell Precision, I am looking through the documentation now but the process suggested uses USB provisioning and Dell's software requires a TLS Certificate.

                     

                    All I want is simplicity

                    • 7. Re: vPro OOB demo AMT 8.1.20
                      brunodom

                      Hi,

                      Could be that your system does not support KVM. I'm not sure about your DELL Precision model, but just taking one such this from DELL website

                       

                      As you can see, this SKU uses a Graphic Card that is not Intel, so KVM will never works:

                       

                      DELLPrecision.PNG

                       

                      That matches with what you are experiencing.

                       

                      BTW: What you have done for provisioning is right, it can simple or complex based on what security level you want and also match your infrastructure requirements, e.g. AD integration, 802.1x wired and wireless, etc.

                       

                      Best Regards!

                      -Bruno Domingues