We are in the process of setting up SCCM Out of Band Management using Intel AMT and have an issue with the client web interface.
SCCM is at 2007 SP2 – recently upgraded from SP1 R2
The AMT ME version is at 5.2.0
We appear to have successfully provisioned the ME and the SCCM OOB Management Properties have the following settings:
AMT user accounts – a global security group containing 8 users and a single user account with PT Admin rights;
Default IDE-R image – set to a known working ISO;
Manageability is set to Always on (S0-S5);
Enabled Web Interface;
Enabled serial over LAN and IDE redirection;
Disabled Allow ping responses;
Disabled Enable BIOS password bypass......
Disabled support for Intel WS-MAN translator; and
Kerberos clock tolerance is set to 5 mins
The OOB Management Console appears to function as expected, i.e. displays system status, system information, event logs etc and allows Power Control operations.
Adverts to the PC function as expected.
This is all good, but we would like to be able to use a browser periodically.......we can navigate to https://[sysname]:16993 and see the logon screen. However when attempting a logon using any of the AMT user accounts above we are unable to authenticate......... This is true using IE8 on Win XP Pro SP3 fully patched or Win 7 Ultimate fully patched.
Thinking Kerberos token sizes may be an issue – these are the token sizes for two of the accounts that don’t work user – in base 64 they are 3230 and 1995.
Anyone any ideas........
Thanking you in advance