3 Replies Latest reply on Feb 10, 2010 9:50 PM by russelanderson

    AMT Web UI - SCCM Provisioned

    MikeFi

      Hi all!

       

      I am having difficulty obtaining access to the Web UI on an SCCM provisioned device. I can successfully reach the Web UI at https://FQDN:16993

       

      When i try to login however, the AMT Accounts i specified in SCCM are not working. I found a post by Trevor at http://communities.intel.com/thread/3037 outlining a similar situation. I have tried logging into the web ui from the SCCM server without success. I have tried inputing the registry key required by the KB article but that did not work as well. I have confirmed that the Kerberos ticket IS issued however the ticket is issued to an SPN of HTTP/FQDN and not HTTP/FQDN:PORT. Is this correct?

       

      example

       

      HTTP/laptop.domain.com      instead of    HTTP/laptop.domain.com:16993

       

      I have verified that the SPN's for the OOB object in AD (created during the provision process) contains SPN's for 16992,16993,16994,16995

       

      I have included a network sniff below showing what is going on. Anybody experience this at all?

       

      Kerberos TGS-REP
          Record Mark: 1460 bytes
              0... .... .... .... .... .... .... .... = Reserved: Not Set
              .000 0000 0000 0000 0000 0101 1011 0100 = Record Length: 1460
          Pvno: 5
          MSG Type: TGS-REP (13)
          Client Realm: DOMAIN.COM
          Client Name (Principal): amtadmin
              Name-type: Principal (1)
              Name: amtadmin
          Ticket
              Tkt-vno: 5
              Realm: DOMAIN.COM
             Server Name (Service and Instance): HTTP/laptop.domain.com
                  Name-type: Service and Instance (2)
                  Name: HTTP
                  Name: laptop.domain.com
              enc-part rc4-hmac
          enc-part rc4-hmac