Intel® Active Management Technology: Deployment FAQs

Submit New Article

Last Modified On :   August 20, 2008 4:17 PM PDT
Rate
 


IAMT Deployment FAQs

 

 

  • Can you transfer the private key to the system wrapped by the ISV in their public key?
    • No
  •  How can one discover an Intel AMT machine before a user goes into the Intel AMT configuration screen at boot-time and sets a new username/password from the default password?
    • • AMT must be configured in order to be discovered.
      • The first step requires manual intervention (by an IT admin) to change the default userid/password to another user id and a strong password combination. Until that is done, the Intel AMT device will refuse connection attempts.
      • The system can also be setup and configured to run in Small Business Mode. (See Small Business Mode User Guide.)
  •  What is the preferred way of performing Setup and Configuration for Enterprise mode?
  • Is there a way to determine if the user has correctly selected a valid floppy and CD boot drive and/or image file?
    • There isn't any way from Intel AMT to determine this.
  • Why are there events in the event log when running in an unprovisioned state?
    • There are default filters defined even in the unprovisioned state.
  • Why does the SDK support an EOI WSDL if the em ulator doesn't respond to it?
    • It's provided for communicating with the actual H/W.
       
  • Can one get the host UUID run before registration?
    • Yes, the ISVS_GetHostUUID API call can be used after library initialization and before registration. It's one of a very few calls that can be used prior to registration.
       
  • Can I access my block by name later as a named block?
    • Yes
       
  • Can blocks smaller than 4K be allocated? What about the scratchpad?
    • No
       
  • Does one need to lock while reading? What happens if one does not lock?
    • To ensure the data is consistent, lock before performing reads. If a lock is not done before reading you may get inconsistencies in data, partially from before and partial from after a write that has taken place may result.
       
  • Will Intel be supplying a library or code to translate the PCI Vendor and Device ID values to human friendly strings?
    • No, there are no plans to add this functionality to the library. In the meantime, ISVs can go to standard sources to get PCI string tables, e.g., http://pciids.sourceforge.net*.
        
  • When an event filter is created, the FW returns a handle. When the handle is lost (system failure, etc.), how can a console recover the handle? Does the firmware clean up?
    • Event handles live forever, but they can be recovered An application can use the SDK CircuitBreakerService interface to enumerate the filters and determine which filters belong to it. To do this, use the EnumerateEventFilters method to return an EventFilterHandleArrayType that lists the filter handles. A loop that applies GetEventFilter SOAP function to each handle can then be created to get the properties of each filter which allows the application to determine which filters are of interest.
       
  • Is the distribution of IMRSDK.DLL allowed with our product?
    • Yes
       
  • What is the maximum size of the Intel AMT event log?
    • The maximum number of event log entries is 390.
       
  • How does one set up authentication?
    • To establish a SOAP over HTTPS connection (i.e., TLS authentication), all that needs to be done is specify the proper endpoint. https://<hostname>:16993 Windows* security mechanisms will be employed to perform the proper certificate checking to establish the encrypted session. Once the encrypted session is established, the credentials are then passed to perform the userid authentication. This means there will be no change to any cod e except to when a specification of the new endpoint is needed.
       
  • When accessing the local storage on an Intel AMT 2.0 machine, there is a specification of the URL (e.g. http://localhost:16992/StorageService.) If the machine is in TLS mode, is it necessary to have the certificate on the local machine that's normally on the core server only?
    • Yes, please keep in mind one would then be specifying the URL as https://localhost:16993/StorageService. Remember that TLS mode is defined on an interface level. This means that one can configure the Intel AMT 2.0 device to utilize TLS communications on the network (remote) interface and utilize non-TLS communications on the local interface.
        
  • Is there a specific API that will indicate which version(s) of Intel AMT (1.0, 2.0, etc) that a device supports?
    • Yes, the function that will be called is: GeneralInfoService::GetCodeVersions
        
  • What happens if the flash image update crashes in mid-update?
    • There isn't an issue re-flashing the device if there is a flash write error. There is no dependency between corrupt data and the ability to re-flash the device with a good image.
       
  • Is it possible to recover the AMT ID/Password without re-programming the device? 
    • No - the password is not recoverable (this is a security feature.)
       
  • How can I tell whether or not an API can be executed locally (on the AMT Client) or remotely (from the management console via network access?)
    • You can determine this by finding the API in the Network Interface Guide (one of the documents in the Intel® AMT SDK.) Each API has an entry called “Default Interface Access Permissions” followed by a box that specifies Local Access and Network Access Permissions. Note that these permissions cannot be changed.
       
  • How can I make sense out of the AMT Event Log messages?
    • There is a conversion in the IPMI (Intelligent Platform Management Interface) Specification that takes the event data number and turns it into text. You can get the IPMI Specifications at the following link: http://www.intel.com/design/servers/ipmi/spec.htm
       
  • How do I turn on the error logs for the Intel SCS application?
    • You can do this by going into the registry as follows:
      Enter a string value V in the following:
      HKEY_LOCAL_MACHINE->SOTWARE->Intel->AMTConfServer->LOG then LogLevel 
       
  • Where can we get a Linux driver for LMS/SOL and HECI?
  • How can I solve performance issues with IDE-R over internet?
    • You can use Intel AMT Switchbox to speed this up. A network administrator can upload disk images to a remote Switchbox located on a different network over the Internet. Once uploaded, the network administrator can, at any time, make use of this disk image to reboot and remotely fix problems. Switchbox is offered as a part of Intel AMT DTK and it supports AMT versions from 1.0 to 3.0
       
  • How do you reset the password for the Intel Management Engine BIOS if you have forgotten the password?
    • In order to reset the password of ME BIOS, disconnect the power cord and LAN cable. Remove the CMOS battery for 15 second and insert it back in. This time when you power on, ME settings will revert to factory defaults. The default user name and password is admin/admin. Please remember to change it to a strong password before configuring the ME further.
       
  • Shall I need a server (such as Windows Server 2003) to management and control AMT PC clients?
    • No. If you use Intel AMT Commander, any Microsoft Windows computer is ok.
       
  • Are there any software applications available to perform hardware inventory on AMT systems? 
  •  We want to upgrade firmware of Intel AMT 2.1 to 3.0. Where we can get the firmware 3.0?
    • The supported upgrade path is from 2.1 to 2.2. AMT 3.0 release requires new hardware - please keep an eye out for this new product becoming available from your OEM and your OEM will be able to provide you the firmware
       
  • What is the BIOS update process for Intel® Desktop Boards DQ965CO, DQ965GF and DQ965WC ?
  • What are the different options available to setup PID/PPS into Intel AMT?
    • At manufacturing time. Some vendors could probably push a firmware on a computer with some settings pre-loaded.
      Manually. Going into the BIOS or MEBx and entering these values yourself. This is rather time consuming.
      Using USB Flash. You put these settings into a "setup.bin" file on a USB flash drive (512M or less, will not work on larger sticks). 
       
  • What happens in the event of an AMT client with two onboard network adapters? Will both support AMT? What could be affected by such an implementation?
    • This breaks vPro. The vPro logo allows only ONE onboard adapter
       
  • What happens if a local application tries to bind to port 16992 or 16993?
    • This is not recommended. Intel has registered these ports at IANA and nobody else is allowed to use them.
       
  • How to disable the Intel AMT privacy notification popup?
    • Disable.reg has [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun] “atchk”=””
      This will prevent the privacy icon application from ever running again.
      If you want to keep the app running, but, minimized to get rid of the “popup”, then
      [HKLMSOFTWAREIntelNetwork_Servicesatchk] “MinimizePrivacyIconAtStart”=dword:00000001
      This can also be done by altering the oementry.reg file which contains this entry. The atchk (privacy icon) app gets installed when you install the SOL/LMS driver software.
      The disable.reg and oementry.reg files should be shipped on the OEM driver CDs.