0 Replies Latest reply on Aug 31, 2009 6:00 AM by michael.fees

    SCS: plattform status: In Configuration

    michael.fees

      Hello,
      can somebody help me? I try to configure my first AMT device.

      The device is in the SCS in status: "In Configuration".

      What have I to do to get it configured?

       


      In the client software "Intel Management and Security Status" I see:
      Intel AMT Status:
      Status: Not configured
      Mode: Ready for configuration
      Firmware Version: 4.1.11.1051

      Advanced Information:
      <not available>

      Advanced Systemdetails:
      System UUID: <number>
      Intel ME Driver: active 4.0.1.1074
      LMS: active: 4.10.1042
      power directive: N/A

      I have installed the Service with IIS 6.0, SOAP, a root certificate of our domain CA, enhanced the schema, configured option 15 of the DHCP to foo.de and generate 50 pairs of PID and PPS.
      I have set password, one pair of the sets of PID and PPS and the set the FQDN of my AMT device.
      I have set the FQDN in the plattform in the SCS, set the OU, set the profile to "default profile" and authorized AMT.


      Here are my settings:


      AMT CLIENT DEVICE

      ############################################
      Management Engine BIOS Extension v4.0.4.0006
      --------------------------------------------
      ME Configuration
        ME State Control: [X] Enabled
        ME Firmware Local Update Qualifier: [X] Always open
        ME Features Control
         Manageability Feature Selection: [X] Intel AMT
         ME FW Update Interface: [X] ME and TPM
        ME Power Control
         ME ON in Host Sleep States: [X] S0-S5
      --------------------------------------------
      AMT Configuration
        Host Name: PC01
        TCP/IP: DHCP Enabled
        Domain Name: foo.de
        Provision Model: Enterprise
        Setup and Configuration
         Current Provisioning Mode: PSK
         Provisioning Record
          TLS Provisioning Mode: PSK
          Provisioning IP: <IP address of the Server>
          Date of Provision: 8/31/2009 at 11:40
         Provisioning Server address: <IP address of the Server> Port: 9971
          TLS PSK
           TLS PSK Configuration
           Set PID and PPS: <set with one pair of the servers set>
          TLS PKI
           Remote Configuration: [X] Enabled
           Manage Certificate Hashes: <only the default from Verisign, Go Daddy, Comodo, Starfield>
           FQDN of provisioning server: provision.foo.de
           PKI DNS Suffix: foo.de
        SOL/IDE-R: [X] Enabled
        Password Policy: [X] Default Password only
        Secure Firmware Update: [X] Enabled
        PTRC: <empty>
        Idle Timeout: 1
      --------------------------------------------
      ME Password
        P@ssword
      ############################################

       

      INTEL SCS

      Serivce Status:
      Service name: Provision
      Version: 5.2.0.34
      Status: Running

      default profile
      Enabled interfaces: [X] Web UI, [X] Serial Over LAN, [X] IDE Redirection
      Power Management Settings: Allways On (S0-S5)
      Idle Timeout 3 Minutes
      New MEBx password: P@ssword
      Encryption mode: (*) force encryption
      Kerberos clock tolerance: 5
      Network Settings: [ ] Use VLAN, [X] Enable ping response
      Optional Settings: [X] ACL, [ ] Domains, [ ] TLS, [ ] 802.1x, [ ] WiFi, [ ]EAC, [ ] Remote Access
      ACL:
      Digest user: (grey) admin, (grey) [X] Randomize Password, (grey) AccessType Both, Realms (grey) [X] PT Administraton - other [ ] unchecked
      AD user: cn=domain-admins,dc=foo,dc=de, AccessType: Both, Realms all [X] checked

      Plattform Collections
      Using Profile default profile (1)
        Configured (0)
        Not Configured (0)

      Under Using Profile default profile (1)
      UUID: <number>
      FQDN: PC01.foo.de
      Status: InConfiguration
      version: 4.1.11
      green connector

      Plattform
      Properties
        FQDN: PC01.foo.de
        UUID: <number>
        AD OU: ou=my computers,dc=foo,dc=de
        Profile: default profile
        Configuration Status: Configured
        Admin Password: admin
      Advanced
        Connection STatus: AMT is connected
        Configuration communication type: PSK
        Intel AMT Version: 4.1.11
        Las Clock Sync: N/A
        SKU: Intel vPro
        Last Admin Password Update: N/A
        Last Configuraiton: N/A
      History
        ExtendConfigWindowOfOpportunity InQueue 12:12
        ExtendConfigWindowOfOpportunity Succeeded 12:07
        Configuration InProgress 12:07

      Profile
      Profile Components
        Trusted Root Certificates
         foo root CA
          valid from: 27.08.2007 to 27.08.2012
          all given directives and all application directives (in German: Alle ausgegebenen Richtlinien, Alle Anwendungsrichtlinien)
          Version: V3
          Serial: <number>
          Requester: CN=foo root CA, DC=foo, DC=de
          Signature algorithm sha1RSA
          Public Key: RSA 2048 Bits
          certification template: CA
          key usage: approved, zertificate signature, offline signing of certification revoke list, signing of certification revoke list (46)
                     in German: Zugelassen, Zertifikatssignatur, Offline Signieren der Zertifikatsperrliste, Signieren der Zertifikatssperrliste (46)
          keysign or requester (in German: Schlüsselkennung des Antragsstellers): <number>
           
          Version of CA V0.0
          basic restrictions: type of Requester=CA, , path length restriction=None
                              in German: Type des Antragsstellers=Zertifizierungsstelle, Einschränkung der Pfadlänge=Keine
          fingerprint algorithm: sha1
          fingerprint: <number>
         
      ############################################

      Thank you in advance
      Kind regards
      Michael