WSMAN Messages in Newest Intel AMT

WSMAN Messages in Newest Intel AMT

Hello,
I'm looking for a way to generate and send WSMAN messages. The goal is to write software ready for the new AMT 3.0 chipsets. I've been reading Ylian's blog and trying to find examples in the SDK and DDKs that format the XML and Soap messages in the WSMAN format so they're readable by AMT3.

Does anyone know where I can find a good code sample? C# preferred, but anything else works too.
THANKS

7 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi.

For just doing WSMAN, you can use Microsoft's WinRM or OpenWSMAN (That I never used). The WSMAN samples in the SDK all use Microsoft's WinRM and I also use WinRM in the DTK.

If you are going to code in C#, I recommand you use IAmtRemoteStack.dll, the Intel AMT stack from the DTK. I am making it so it will transparently work with both EOI and WSMAN and switch automaticaly, using WSMAN first if available.

If you have not tried it already, you should start your WSMAN work by trying out the WSMAN browser in Commander and Outpost. Once WinRM is setup and working, just go in Outpost, login and in the file menu you can access the WSMAN browser. If it is grayed out, WinRM is probably not setup right. In Commander, connect to a computer and in the "Management engine" tab, look for "Interaction Type". If it says "WSMAN + EOI" then you can click the button to the right to enter the browser, it's super useful.

Hope this helps,
Ylian (Intel AMT Blog)

Hi Ylian,
I have just installed the WinRM on Windows XP. Which appears to be working in with the windows schema. But can't seem to get it working with the any of the SDK samples and I can not see the WSMan Browser in AMT Commander.

Could you tell where the WSMan Browser is in the AMT Commander?
Also, what are the conditions/setup of WSMan in order for it to work with the AMT Devices.

Any ideas?

Thanks

Gibbo

I have never actually tried WinRM on XP... I thought it did not work... but like I said... I have never tried it. ;)

http://msdn2.microsoft.com/en-us/library/aa384426.aspx

whereas it states...

Windows Server2003, WindowsXP/2000, and WindowsNT:WinRM is not available. You can use WMI to obtain data from remote computers, but remote access requires DCOM configuration. For more information, see Connecting to WMI on a Remote Computer.

Thanks John for the update. Althoug, things have changed and now there is support for WinRM for Windows Server 2003, Windows XP. More information about the support can be found here - http://support.microsoft.com/kb/936059.

Hi Gibbo,
Here are the steps to get it to work.
- WinRM Config - run the "quick configure" that YLian has on his blog
- Note that WinRM runs on port 80 or 443. (NOT Amt port 16992)
- Note that AMT 3.0 supports WSMAN natively, but AMT 2.0 does not. I only got my AMT 3.0 machines yesterday, so had been trying WSMAN scripting against WinRM's listener until then. If you have AMT 2.0, don't expect any WSMAN communication from it.

To get a code sample to work, you will have to change the port numbers in the source file.
I modified the AssetDisplay project inside the SDK Source:
Intel_AMT_Release_3.0_148862WindowsIntel AMT WS-Management SDKSamplesAssetDisplay

Change port numbers to port 80, or specify them in the constructor for WsManClient. Here you can change the port number on line 720 of AssetDisplay.cs . After that (And if you have proper security set up), you should be able to solicit WSMAN communication with AssetDisplay.exe. For me to set up security, I just needed the machiens to be part of the same domain. you can also run locally and avoid the security issue.

Also, I haven't been able to use any of Intels GUI based tools to perform WSMAN communications. The one that got me closest was Intel AMT Outpost, which runs on the local host. Unfortunately I still couldn't get it to work. Try some command line utilities until AMT 3.0 is complete !

Hope that helps.
Rajat Banerjee

Hi Rajat,

Thanks for the detailed post. Unfortunately, when you change the port number to 80 or 443, you are communicating with host OS. AMT will communicate on port 16992 (no TLS) or 16993 (TLS). The samples are using the correct ports. We need to understand if Gibbo has configured WinRM correctly, whether using Kerberos or TLS?

For all of the forum users, the samples in the SDK for WS-Man does not support kerberos authentication or TLS encryption. When runnig the samples, you would need to use digest authentication only. We will provide more details on how to configure WinRM later today.

Thanks.

Leave a Comment

Please sign in to add a comment. Not a member? Join today