2 Replies Latest reply on Jan 24, 2011 5:07 PM by spabercr

    Status: In Configuration

    michael.fees

      Hello,

      can somebody help me, please?
      I try to configure my first AMT device. The first device has the status "In Configuration" with a green connector. I can see the following history:
      ExtendConfigWindowOfOpportunity     InQueue     07:32:05
      ExtendConfigWindowOfOpportunity     Succeeded     07:27:09
      Configurtion     InProgress      07:27:06    

       

      Connectivity: AMT is connected
      Configuration communcation type: PSK
      Intel AMT Version: 4.1.11
      Last Clock Sync: N/A
      SKU: Intel vPro
      Last Admin Password Update N/A
      Last Configuration: N/A

       

      No error messages. What can I do?

       

      What have I already done?

      SERVER:

      Installed Service with IIS, SOAP and a trusted Root Certifikate from our domain (allowed, certificate signature, offline signing of blocked certification lsit, and signing the blocked certification list - sorry for the bad English in German there are: Zugelassen, Zertifikatsignatur, Offline Signieren der Zertifikatssperrlise, Signieren der Zertifikatssperrliste (46)). Installed the Setup and Configuration Console 5.2.0.34.
      ExportSchema.VBS seems to be okay.

       

      AMT DEVICE
      Intel ME BIOS Extension v4.0.4.0006

       

      ME-Configuration:

      ME State Control [X] Enabled
      ME Firmware Local Update Qualifier [X] Always open
      Manageablility Feature Selection [X] Intel(R) AMT
      ME FW Update Interface

      [X] ME and TPM

      Intel ME ON in Host Sleep States: S0-S5

       

       

      AMT Configuration:
      Host Name:          PC01
      DHCP     enabled
      Domain name:      foo.de
      Provision Model:     not changed to Small Business
      Current Provisioning Mode: PSK

      Provisioning Record

      TLS Provisioning Mode : PSK
      Provisioning IP: <IP-address of the server>
      Date of provision: <today>
      Provisioning Server:     <IP-address of the server>
      TLS Preshared key:      set PID and PPS with one of the 50 keys from the console
      SOL/IDE-R: [X] enabled
      Password Policy: [X] default password only
      Secure firmware update [X] enabled
      no PRTC set
      Idle timeout 1

       

       

       

      Inserted in the AMT Device one pair of PID and PPS, setting hostname, DHCP enabled, domainname, setting ip of provisioning server, changing the admin password "IntelvPro", provision mode is PSK.

      In the console I got Hellos with UUID, setting the FQDN of the device,

      FQDN: PC01.foo.de
      AD OU: ou=my computers,dc=foo,dc=de
      Profile: default profile
      Admin Password: admin

       

      default profile:
      Enabled Interfaces: [X]Web UI, [X]Serial Over LAN, [X] IDE Redirection
      Power Manageability Always on (S0-S5)
      Idle timeout 3 minutes
      New password for certificate based configuration: p@ssword
      (*) Force encrypteion
      Kerberos clock tolerance 5
      [ ] Use VLAN
      [X] Enable ping response

       

      ACL:
      digest user: "admin", random password,  Access-Type: both, Realms: [X] PT-Administrator
      AD-user: domain-admins, Access-Type: both, Realms: all checked
      Domains, TLS, 802.1x, WiFi, EAC, Remote Access all off.

      All Events:

      Verbose     Creating Active Directory AMT object: "PC01.foo.de" at "OU=my computers,dc=foo,dc=de"

      Verbose     Deleting Active Directory AMT object: "PC01.foo.de" at "OU=my computers,dc=foo,dc=de"
      Verbose     The SOAP connection with connection parameter set #1 succeeded
      Verbose     Configuring Intel AMT device started

       

       

      On the clientsoftware I get:
      Intel AMT Status: not configured
      mode: ready to configure
      Firmware version: 4.1.11.1051

      What have I to do next?
      Thanks for every welcome answers.
      Michael Fees

        • 1. Re: Status: In Configuration
          spabercr

          I see you list 4.1.11 as the FW of the platform, This FW is relatively old and a number of OEM's have more recent FW versions. since I am not aware of the specific platform you have used I have some general suggestions that may help resolve your issue.

          First, please update to the latest FW your OEM has available - over time AMT has worked thru a variety of unique issues that resolved authentication failurers, the FW kit that is posted on the OEM site should have the release notes and specific fixes that are included in that kit. Please review these notes and if you see an issue that resembles your problem, I strongly recommend you update the FW (note some OEM's require updating the BIOS also, I tend to do both when i find they are both newer that your current versions).

           

          While I know your in an enterprise mode and have a Certificate of Authority I would also recommend using the certificate checker tool found here in the vPro expert center. I will follow up with a link to the tool set that will help in identiying your issue.

           

          last suggestion is based on your permisisons for provisioning, the AD credential needs to have admin priviliges so if you are logged into the client with non provisioning admin credentials you will not be successful in provisioning, even if you ahve admin rights to the platform. As long as your certificate is valid I would recommend using the remote activation tool for all your provisioning, activator.exe is the recommended method for starting remote provisioning.

          • 2. Re: Status: In Configuration
            spabercr

            here is the tool set I mentioned - please review the SCS setup wizard tool and the certificate validation tool along with the other capabilities to help you provision and manage your platform - http://communities.intel.com/docs/DOC-1171