content of setup.bin binary file is imported by Intel MEBx FW module (it is within BIOS) directly
PC doesn't have to boot / shall NOT boot from it -so do not make it bootable USB neither force USB boot in BIOS.
Some OEM BIOS'es require to enable USB Provisioning (or setup) in BIOS setup, some other require USB boot device to be on BIOS boot from list (to enable USB port & device initialization in the BIOS -pre OS stage).
Once this is done put your USB with setup.bin file into USB port -reboot PC and wait for MEBx to recognize it (during POST) and display user confirmation question ("Found USB Key for Provisioning ... Continue Y/N ?")
Then press Y on the keyboard (keyboard layout in MEBx is always US one!!)
Bare in mind that you have to create USB setup.bin file with current MEBx password in it (in command line you refered) -for factory default state of AMT it is "admin".
If you configured AMT previously (or changed MEBx password manually) you will have to know this password or perform Full AMT reset to factory defaults (via BIOS or disconnecting CMOS RTC battery for 30 sec).
thanks for this Information.
I ckecked all Points you mentioned, but i stuck at this Problem.
Maybe somebody with Dell Hardware can help me at this Point in BIOS.
I dont find any Option that prevents the System from detecting that Setup.bin file at boot time?
I looked at this Guide here:
How can i ensure that the sector size on the USB Key is 1 KB?
When I select this allocation Unit Size at Volume Creation:
Then i get:
Maybe im wrong...
Once you provided PC HW model things become more clear.
Dell Optiplex 745 is Intel AMT 2.x based.
To use Remote Configuration for Intel AMT you have make sure Intel AMT FW is version 2.2 (or update it to this version) - this applies also to Remote Configuration using factory default PKI cert hashes.
For Dell systems Intel AMT FW usually comes bundled with BIOS update package so please make sure to update system to the latest BIOS version.
For USB setup.bin file it may be in 4 different file versions depending on Intel AMT FW generation to suport new Intel AMT features and their settings.
Setup file version is forward compatible (if Intel AMT FW supports particular setting) or if you look from the other end Intel AMT FW and Intel MEBx FW is setup file version backward compatible.
You have used the latest USBFile.exe version 4 which by default creates Setup File version 3 (see your screen shot) which is supported only by Intel AMT 6.x or newer (even if it contains settings that are supported by earlier FW versions.
For Intel AMT 2.x (2.5/2.6 as well) you need to create Version 1 of Setup File simply just add - v 1 into your USBFile.exe command and it will create Version 1 of the file.
This Setup File can be used to import your own PKI root certificate hash into any Intel AMT FW version so you will achieve single consistent proces.
sorry i missed this Information at my last post:
I dont have the Dell Optiplex 745.
I have the Optiplex 980 with AMT Version 6 and i used the v3 Setup File (see at my first post).
now i know what was wrong in my configuration:
I renamed Setup.bin to setup.bin, then everthing was working :-)
Thanks for your help
sorry it was my oversight.
I have seen that you refered to Dell Optiplex 745 Administrator's Manual - that suggested your HW to be Optiplex 745
Did you know that if you update your Dell system BIOS to the latest one - that shall include also Intel® ME FW 6.2 -your system will support also Host Based Configuration to Client Control Mode?
Client Control Mode will require User Consent (random) Code that is displayed on the manager system screen to be passed by end user (over phone) to IT technician to grant access for KVM redirection.
As you are touching your system(s) with USB you can create bit different setup.bin file using following command:
USBfile.exe -create setup.bin admin NewMEBxP@ssw0rd -conf 1 -passPolicyFlag 2 -userConsentOption 1 -userConsentPolicy 1 -v 3 -redir 7 -kvm 1 -scramble
It will perform USB Local Configuration to Admin Control Mode (where User Consent Code is optional, can be disabled by AMT admin - same like Remote Configuration proces with Root certificate you do currently) and then you may follow up with Host Based Configuration using extra parameter for ACUConfig.exe tool : /AdminPassword NewMEBxP@ssw0rd .
This two stage Configuration will configure rest of desired AMT parameters -also for LAN Less systems or LAN less environment.