Forcefully disconnecting console users

Forcefully disconnecting console users

The AMT power management functions do not work when someone is connected to the KVM-over-IP console.
Is there any way to override that behavior? E.g. by forcefully disconnecting the user?

I noticed IPS_KVMRedirectionSettingData and AMT_RedirectionService have a TerminateSession() function, but those only seem to work locally (Permitted realms: ADMIN_SECURITY_LOCAL_SYSTEM_REALM).
Need something that works remotely.

5 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.
Best Reply

I just ran a KVM session where I was able to send the power management commands from the Web UI (you can do this from your kvm session as well..) This work fine on my systems. Perhaps I do not understand your specific usage? What version of AMT are you running. Are you using the default KVM port or are you using the Redirection port? Have you looked at KVM_deinit, or KVM_Stop? What do you mean by KVM-over-IP console?And then when I was inactive, the connection timed out on it's own.

Follow me on Twitter: @GaelHof

Perhaps I do not understand your specific usage?

Our use case: we make software for datacenters to manage and provision dedicated servers.
In order to start the installation of the operating system, we need a way to force the server to perform a PXE network boot.
With "real" server mainboards we tell the server to do so using IPMI commands.
But some of our customers like to use use standard desktop grade mainboards to save cost, or because there is a problem with the availability of server hardware in their country, and that's where AMT technology comes into play as alternative.

In the case of an AMT mainboard, we tell the server to boot using the RemoteControl SOAP API, RemoteControlCommand: 0x13 = PowerCycleReset, Specialcommand: 0x01 = ForcePxeBoot.

That does work great in normal circumstances.
But now we decided to add support for the VNC console to our system as well, so that the datacenter operator or their end-user customer can monitor the installation process.
The client software connects to the redirection port 16994 for this purpose, using a VNC client that speaks the 3.8 RFB protocol and some modification so that it does the Intel redirect port authentication.

However we noticed that if the customer is already connected to the console first, and then wants to install an operating system on his server, the RemoteControl command that should force the PXE boot fails.


<?xml version="1.0" encoding="UTF-8"?> 193431

<?xml version="1.0" encoding="UTF-8"?>16

Result code 16 seems to stand for PT_STATUS_NOT_PERMITTED, making me think this is by design.
So I am looking for a way to override this behavior.

If the customer is using our own software to connect to the console, we may be able to modify our own software so that it disconnects from the console.
That's also what the KVM_deinit and KVM_close functions you mention seem to do, they close YOUR OWN connection if you are using the redirection library to connect in the first place.
But the customer could theoretically also be connected to the console using third party software (e.g. RealVNC)
So we are actually more looking for a function that does not just closes your own connection on your own side, but takes more drastic measures and tells the AMT server to disconnect ANYONE connected. If there is such command.

My test mainboard is an Intel DQ67EP, which I believe is AMT 7.0.
This may not be the boards our customers end up using, so commands that are supported in multiple AMT versions are preffered over those that do not.

UPDATE: found a workaround

Thanks to your hint that it does work in the Web UI, I took a closer look at the power management options in the Web UI, and noticed the list of available options is different when the console is active.

Command0x13 = PowerCycleReset which I was using is indeed not available when the console is active, but0x10 = Reset is, and the ForcePXE suboption also seems to work fine with that.
Problem solved!

I'm so glad it's working!!

Follow me on Twitter: @GaelHof

Leave a Comment

Please sign in to add a comment. Not a member? Join today