I have an issue authenticating to AMT machine successfully provisioned by SCCM 2012 using HLAPI: I get "(401) Unathorized" exception from AMT WSMAN service even if requests to SOAP service works fine.
Some more details:
- AMT version is 7.1.30
- We use our own CA to issue certificates to AMT computers
- I can connect to and manage the device using SCCM Out of Band Console
- I use such connection info:
ConnectionInfoEX connectionInfo = new ConnectionInfoEX("someSomputer.someDomain.ad", null, null, true, null, ConnectionInfoEX.AuthMethod.Kerberos, null, null, null);
Current user is domain admin.
- HLAPI successfully connects to the device using SOAP service: it returns version of the AMT ("7.1.30") in AMTInstanceManager.InitAMTInstanceMNG(). If I add my custom code to AMTInstanceManager I can get any data using this service:
- TlsAthenticationType == TlsAthenticationType.ServerAuth in SecurityAdministrationService.GetTlsOptions()
- And even certificate of the device by CertificateManagementEOI.GetAllCertificatesBlobs()
- I enrolled certificate, added to local store and specified it's name in ConnectionInfoEX constructor, but I still got 401 exception. This cert has following OIDs: AMT Authenticate the Redirection Library (2.16.840.1.1137188.8.131.52) and Client authentication (184.108.40.206.220.127.116.11.2).
- If I specify my userName and password in ConnectionInfoEX I get 401 from SOAP. That's strange.
Any ideas what is the difference in authentication between SOAP and WSMAN services?