PID - PPS is required in non tls based implementation??

PID - PPS is required in non tls based implementation??

Dear All,

i am tryign to set up NON-TLS based intel SCS Setup, i have manually entered the MEBX password and Intel AMT password, i want to know do i still need to import the keys using the usb or not?? am just confused at this point.....

my system is not picked up my intel scs and was wondering if importing keys through the usb might make it work? though dont see any reason as its Small Business Mode.


4 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

I don't know what your provisioning requirements are - how many systems you need to configure but you can quickly and easily configure your system using the MEBx menus (will result in non-tls Admin Control Mode) or by doing Host-Based provisioning using the ACU Wizard from the SCS package (non-tls). The only time you need pid/pps keys or a provisioning certificate is when you are trying to configure your AMT Client remotely, using a tool such as the Intel SCS. This does not result in a TLS based configuration - you actually have to apply a different certificate to do that, and that again, can by done via your SCS Setup, remotely or you can use OpenSSL and the AMT SDK to apply the certificate once AMT is already enabled (in a non-TLS mode.) I have some videos/blogs that go through these topics and you should also read through the instructions in the User's Guide that is inside the Intel SCS (it has step by step instructions on how to setup your system.)Video: Host-Based Provisioning Intel vPro clients using the ACU Wizard This results in your system being in "Client Control Mode"Video: How to Configure and Un-configure an Intel vPro technology client (Intel AMT) inside the MEBx Menus This results in your system being in "Admin Control Mode"How to create AMT Certificates using the AMT SDK and OpenSSL This blog shows you how to apply the certificate as well, resulting in an AMT Client that is operating in TLS authentication mode (server Authentication.)

My environment is simple, i am having two systems both are HP 8100 elite Desktops and both have Vpro.

1 system has windows server 2003 sp2 (32 bit) with intel SCS Version
2nd system has windows server 2008 R2 with HPCA installed.

Also, the intel SCS that is bundled with HPCA have only AMT Configuration Server and AMT Configuration Console, there is no ACU Wizard in that package (This is one issue, however i downloaded Intel SCS Vesion 7.1 i guess and copied the ACU Wizard from there and tried to configure system through that using USB)

was initially trying to integrate HPCA with Intel SCS but i have
stopped working on HPCA since i am initially stuck with Intel SCS issue.
I want to do host based configuration, i have tried both methods, using
the ACU Wizard and USB key to configure system and also manually
configuring the system as well.

Yes i can access the client
through web interface but for some reason the system is not listed in
Intel SCS. What i did once was to right click platforms and manually
entering the UUID and the system appeared in Intel SCS but it was
showing unconfigured and i couldnt do much on it.

In my opinion,
i think once the system is configured using USB it should be picked up
automatically by Intel SCS but why Intel SCS is not picking the system
even though i can access the system using the web gui.. am failing to
understand this..

All i know once INTEL SCS picks up the system ,
i would be able to have the Vpro Clients discovered in HPCA as well (HP
Client Automation) i mean.

Is there any way , we can have skype conversation or any team viewer session, where you can help me out? Just a thought..

Apologies for the delay - I was on vacation last week. First, I am not familiar with HPCA - could you describe what it is/does? Also, what version of the SCS is bundled in it? There was a major design shift between SCS 5 and 6 - nothing past SCS 5 is compatible - you would have to use a migration tool to move to a newer version. (SCS 5.0 used the EOI Soap calls and SCS 6 moved to WSMAN so all the api calls changed.) Then during the SCS 6/7 timeframe the database requirement went away in favor of an xml file for storing system info and then with SCS 8 we bring back the database.You can do Host Based configuration if your AMT systems are version 6 or newer. As for being automatically picked up by the SCS - I am not so sure about this (depending on what version your HPCA expects to be working with.)Let's see if we can get all the versions figured out - you might have to contact your HPCA support if configuration via their bundled SCS is a requirment.

Leave a Comment

Please sign in to add a comment. Not a member? Join today