Configure Profile: Failed to read certificates from given files. Reason: File decryption failed.

Configure Profile: Failed to read certificates from given files. Reason: File decryption failed.

I am new to vPro and want to package something to remotely configure workstations at my work.

I have used SCS to create a .XML file that I have used successfully to configure a machine with the ACUCONFIG.exe tool. My goal is to allow the use of VNC plus to remotely control an enabled machine. VNC plus will connect to my machine with no encryption. I now want to make encryption work.

I downloaded the Intel AMT SDK and used AuditCertGen.bat to generate the certificate files I'd need. I then went back into SCS and the TLS section. Used the 'use certificate from a file' method and put in the path for the certificate and private key and generated a new XML file. I am using the newcert.pem and newkey.pem files that were generated. I am not sure if I need the newcert.der or newreq.pem files...I am not sure where to use these.

On my test machine I brought over the ACUCONFIG files, the new XML and certificate files and executed ACUCONFIG as before.

This time I get an error in the log file. I am not sure what to look at next regarding the file decryption failure. I have the XML file encrypted, but I am as before using the /decryptpassword command password used to encrypt the XML when I made it in SCS. So I assume the error message is describing something else?

Any suggestions?

2013-08-21 16:05:05:(INFO) : ACU Configurator , Category: HandleOutPut: Starting log 2013-08-21 16:05:05
2013-08-21 16:05:05:(INFO) : ACU Configurator , Category: VerifyFileSignature: The file "C:\Users\eg24177\Desktop\Configurator\ACU.dll" is signed and the signature was verified.
2013-08-21 16:05:10:(INFO) : ACU Configurator, Category: -ConfigAMT-: B3682KC01.prod.cgic.ca:Starting Unified configuration flow...
2013-08-21 16:05:17:(ERROR) : ACU.dll, Category: Configure Profile: Failed to read certificates from given files. Reason: File decryption failed.
2013-08-21 16:05:17:(ERROR) : B3682KC01.prod.cgic.ca, Category: Configure Profile: Configure Profile Failed: File decryption failed.  (0xc000028f).
2013-08-21 16:05:17:(ERROR) : ACU.dll, Category: Profile Configuration: File decryption failed.  (0xc000028f).
2013-08-21 16:05:17:(ERROR) : ACU Configurator, Category: Exit: ***********Exit with code 33. Details: Failed to configure this Intel(R) AMT device. File decryption failed.

2 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

 You might want to check out the following blog regarding creating certs using powershell:  http://software.intel.com/en-us/blogs/2012/01/18/how-to-create-amt-certificates-using-the-amt-sdk-and-openssl

Also you could try the Open Manageability DTK for creating the certs as well: http://opentools.homeip.net/open-manageability

Also, check out Ylian Saint-Hillaire's blog about what you must know when enabling AMT using TLS:  http://software.intel.com/en-us/blogs/2013/01/08/rtfb-episode-7-with-ylian-saint-hilaire-what-software-developers-must-now-about

I hope some of this helps.

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

Leave a Comment

Please sign in to add a comment. Not a member? Join today