Beginning with AMT enterprise mode.

Beginning with AMT enterprise mode.

Hi, I'm beginning with enterprise mode

Can somebody explain me the steps to start. I've read the Development Guide but I don't understand how it works.

Thanks.

21 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi Raul,

What are you starting to do? Are you wanting to provision a system in enterprise mode? I would suggest downloading the AMT DTK and play with the AMT Director - you can provisionwith or without TLS and the Director doesn't use IIS, AD, SQL as the Intel SCS does. Once you are comfortable with the AMT Director, then move on to trying out the Intel SCS. Or are you wanting to write your own Set up and Config Server using the Setup and Configuration Sample from the SDK?

You will also find Videos at the link for the AMT DTK. In fact Ylian (theAMT DTK owner) has a lot of videos on just about everything "Intel AMT" that you might want to watch.

I hope this helps.

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

Here is a guide I wrote for someone else, I hope this is useful.

Performing One-Touch Configuration

  • In order to perform this scenario a network with DNS and
    DHCP is recommended. Any generally available home router will work but a real DNS server works best.
  • Open up Intel AMT Director and go under Security Profiles
    on the left pane and click Add Security Profile and give it a name (for example:
    "BasicProfile")
  • Set Intel AMT Features by clicking the button on the right
    side and check all features.
  • Optionally, this profile can be adjusted as needed to add
    user accounts, TLS security and more.
  • Select the "One-Touch Configuration" node in the tree view
    and press the "Generate Key..." button.
  • Select the key strength using the slider bar. On a private
    network, move it completely to "weak".
  • Set the Administrative Password to a secure password (such
    as P@ssw0rd). This password must be the MEBx password of the Intel AMT
    computer.
  • Select the "BasicProfile" as the security profile used when
    using this key and hit OK.
  • On the left pane, click Remote Configuration to look at the
    configuration log.
  • Now, Intel AMT Director is ready to configure Intel AMT
    computers.
  • Reboot the Intel AMT computer and enter the Intel AMT
    configuration screen using CTRL-P.
  • If already setup, perform a "Full Un-provision" of Intel AMT
  • Once done, make sure the computer is setup in Enterprise
    Mode.
  • Enter the IP address of the computer that is running Intel
    AMT Director as the provisioning server and 9971 as the provisioning server
    port.
  • Enter the PID and PSK of the key generated above.
  • Make sure IDE redirect and SOL are both enabled.
  • Save the setting and the computer will reboot.
  • In a minute or two, Intel AMT Director will receive a
    message from Intel AMT and start the configuration process.
  • The computer will appear in the list of know computers
    configured with the "BasicProfile" settings.

Hope this helps,
Ylian (Intel AMT Blog)

Hi!!:

I have done all these steps, but in AMT Director AMT Cliente doesn't appear. I try to find it with Network Discory and it finds computer, but when I try to connect it doesn't works.

Never connect with AMT Client.

I don't know what is happening!!:(

Thanks.

Hi,

In order to be able to connect to an AMT client, it must have been provisioned, either in Small Business Mode or in Enterprise Mode. AMT commander/director won't be able to actually connect to it unless it detects that it has AMT Capabilities and AMT has been enabled (the system has been provisioned.) Until then, AMT Director/Commander will simply see a system out there that may or may not be of interest.

When you went through all the Steps that Ylian sent, did you get the "Hello" packet? Did the screen that shows the PID/PPS keys display as "used"? or still as "pending?" If they are still showing up as "Pending," your system is not provisioned and therefore cannot be connected as an AMT Client.

Did you correctly set the listening port number in the AMT Configuration on the AMT clientto 9971 (which is the default port that the AMT Director uses?)

Did you correctly set the provisioning Server to the ip address of the system you are running AMT Director from?

How did you set up your profile that AMT Director uses for it's provisioning process?

Perhaps if you could send us some screen shots of how you are setting up the AMT Director, we might be able to be of more assistance.

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

Hi,

we have PID/PPS keys pending, but we don't know why. We attach an image.

And in AMT BIOS we are configured correctly IP and 9971 port.

We attach info.

Please, it is urgent.

Thanks in advance.

Best regards.

Informationa attached.

Attachments: 

AttachmentSize
Downloadimage/jpeg One-Touch_Setup.JPG65.89 KB

Information attached II.

Attachments: 

AttachmentSize
Downloadimage/jpeg BasicProfile.JPG47.33 KB

Hi,

Could you make sure that you have changed the admin password? Do you have SCS loaded on this system? if so, it will hog port 9971 and the Director won't be able to use it. In that case, you can change the port the Director uses to something like 9981 and type that one to MEBx. Also, please confirm that you have added PID/PPS into the BIOS configuration screen as well.

Thanks,

Sree

Please veryify Sree's questions and in the Director's menus that you sent says that the admin password is unchanged - I always go in there and set it just to make sure it is using the right password.

If everything is entered correctly then you should get the "Hello" packet as soon as you reboot your AMT system- after you save your MEBx settings - you will allow your system to boot - I find that about when Window's starts to load that is when the "hello" packet comes (Unless some other process on your system is already using port 9971 - in that case the Hello packet will never be received by the AMT Director.)

One more thing - (just for a test)if you quickly set up the AMT system in Small Business Mode, have you verified that you can access this system's WebUI from your Management console? (Make sure Firewalls are not activated on either system.)

Basically, we are looking for anything that might be blocking packets on port 9971 from being received by your system that is running the AMT Director (if everything has been entered correctly.)

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

Hi, i attach a new image for AMT Director for the password changed, but the result is the same...???????

I answer your questions:
- In SMB mode, we can access to web page without problems.
- We don't use SCS.
- We have put correct PID/PPS in BIOS.

AMT DIRECTOR with the password changed.

Attachments: 

AttachmentSize
Downloadimage/jpeg AMT_DIRECTOR.JPG47.02 KB

Well your AMT director side looks good. The only thing I might question is the strength of the PPS key. I have not tried it with all 0's. You could try setting it at the next higher security setting (all 0's except for the last four digits.)

Have you tried doing a full unprovision on your AMT system and entering everything again (and with a new PID/PPS pair?)

Are there any errors that you are seeing on your AMT system? Can you tell us exactly what in the AMT MEBx you are setting and what the values are? And you are booting the system after entering the PID/PPS and the other provisioning fields, correct?

If this doesn't work, I would also change the port to 9981 on both the AMT Director and in the MEBx.

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

We have tried with higher security, not all 0's, then unprovision and entering new PID/PPS, rebooting the system, but the result is the same.
How can we change port to 9981 in AMT Director?

With TCPView SW, we view we are listening in port 9971, but we don't obtain any answer.

Port 9971.

Attachments: 

AttachmentSize
Downloadimage/jpeg port9971.JPG104.42 KB

Hi Raul,

You can change the port on AMT Director by selecting "Configuration Server" which is on the left panel of the GUI - it is the first entry of the tree structure. When you select "Configuraiton Server" you will see "Server Port" in the "Provisioning Server" are in the main portion of the GUI - it is here where you select a different port. Once you change it there, get a new PID/PPS pair and start over on your provisioning on your AMT System. Make sure you enter the same port in the MEBx as you did in the AMT Director.

If this doesn't work, please respond with everything you are setting on your AMT System in the provisioning process.

We also need to understand how your network is set up - are you using DHCP? Static IP?IF DHCP, is the AMTsystem getting registered in DNS (you should be able to see the AMT Clientin DNS during this process - if you don't, it will not be able to communicate with it.)

And just to make sure, you did go through all of Ylian's steps for the AMT Client, correct?

  • Reboot the Intel AMT computer and enter the Intel AMT configuration screen using CTRL-P.
  • If already setup, perform a "Full Un-provision" of Intel AMT
  • Once done, make sure the computer is setup in Enterprise Mode.
  • Enter the IP address of the computer that is running Intel AMT Director as the provisioning server and 9971(enter what you changed it to)as the provisioning server port.
  • Enter the PID and PSK of the key generated above.
  • Make sure IDE redirect and SOL are both enabled.
  • Save the settings and exit the BIOS -the computer will reboot.
  • In a minute or two, Intel AMT Director will receive a message from Intel AMT and start the configuration process.
  • The computer will appear in the list of know computers configured with the "BasicProfile" settings.
  • Follow me on Twitter: @GaelHof
    Facebook: https://www.facebook.com/GaelHof

    Hi,

    all about DNS and DHCP work perfectly, and i viewed message Hello in AMT
    Director, too, but only in one occasion with 9981 port, and now i can not
    reproduce it, i dont know why

    But other thing, can we access to web page, for example with IP:9971,
    like SMB with IP:16992?

    Best regards.

    Ok if you could get the hello packet with using port 9981 it looks like something on your system was already using port 9971 (did you or anyone else install the Intel SCS onto your provisioning system if this is installed and the service is running, AMT Director will not be able to use port 9971.

    Once provisioned with enterprise mode you would connect via the web ui with the following http://:16992 or if you are using TLS, you would use 16993 as the port. The 9971 or 9981 is just the listening port used for provisioning.

    When you say you can not reproduce getting the hello packet with 9981 are you trying other systems? Or are you trying to re-provision the same system? Remember if you are using the same system you may need to disconnect from it from the AMT Commander (if you connected to it) or from the Web UI and you would have to fully un-provision your AMT system and make sure you set the port to match what is in the AMT Director (and make sure it is 9981 still.)

    Also, remember that once you use a PID/PPS pair, you will need to generate a new one - once one has been marked as used, it can not be used again.

    Follow me on Twitter: @GaelHof
    Facebook: https://www.facebook.com/GaelHof

    Hello Raul,

    I am just updating the forum with your latest news that you did get your problem resolved (this was communicated outside the forum.) I wanted to let folks know that the problem was indeed due to having the SCS installed and that was why there was success with using port 9981.

    Follow me on Twitter: @GaelHof
    Facebook: https://www.facebook.com/GaelHof

    HI ALL,

    YES NOW IT WORKS PERFECTLY WITH PORT 9971.

    THANKS.

    BEST REGARDS.

    Leave a Comment

    Please sign in to add a comment. Not a member? Join today