SCS 3.0 release notes

Intel® Active Management Technology (Intel® AMT) Setup and Configuration Service

Version 3.0 (Build -  Release Notes


Version Overview

Release 3.0 of the Intel® AMT Setup and Configuration Server and Console (Intel® AMT SCS) adds the following functionality to SCS Release 1.2:

  • Support for Intel AMT Releases 2.2, 2.5 and 3.0
  • Support Intel AMT certificate store
  • Support Intel AMT wireless profiles
  • Support for 802.1x protocol
  • Support for Remote Configuration
  • Support for Cisco NAC

Also, a number of open issues have been resolved and the documentation has been updated.

Document Scope

This document lists the known limitations and open bugs in this version

Version Details





Version Name



Version Number


Build Date



Components Included

  • WinService
  • Console
  • Add User Command line tool

Installer includes all components in two packages - one for the Console, and one for the remaining components.







See the Intel AMT Setup and Configuration Server Installation and User Manual for installation details.

Known Issues



Tracking Number



Configuration of Intel AMT Release 1.0 devices is not supported.


SCS does not work with an IAS Radius server.


There are memory leaks that are evident when configuring a large number of Intel AMT devices. The recommended workaround is to periodically re-start the service.


When installing more then one client certificate with the same oid (for remote client amt) the service works with the first certificate it finds.


The AD Organizational Unit (OU) entered for a new Intel AMT device cannot contain blanks.


Some Log messages do not show the username that executed the command.


A console user with Administrator privileges cannot perform reprovisioning.


The WakeOnME timer setting sometimes fails.


Sometimes maintenance actions are displayed as successful even though some of the tasks were not performed.


The status of a configured Intel AMT device shows the date as 1970 after the first attempt at configuring the device.


Silent install/uninstall does not roll back properly in certain cases.


When Enable AD integration is enabled in the console General configuration, AD OU validation may fail even if the OU e xists and is correct.


Performing Partial-Unprovisioning on a provisioned Intel AMT device with an active wireless profile leads to an inconsistent state in AMT Systems table.


Service may not work properly when there is no connection to an Intel AMT device.


SOAP API and Console do not limit the number of client/root certificates per profile.


SCS Installation Modify/Update/Repair problems. Some of the components do not react well when selected for “modify” or “repair”.


Log: While reprovisioning, the following message appears in the log: "Remove existing 802.1x wired profile," even when no wired profile was configured as part of the previous provisioning.


After provisioning an Intel AMT device, the database contains a cert_expiry_date value of 12/31/1969 in the table of the devices.


Service: Can provision Intel AMT device with NAC enabled, even if the 8021x profile used is not configured to use the EAP-FAST protocol.


Service: Cannot configure NAC when handle 0 is used by the trusted root certificate.


Service: Cannot configure NAC for wireless 802.1x EAP-FAST authentication if wired 802.1x was not configured.


Log: Attempting to provision an Intel AMT device with Profile with a certificate template that was deleted from the CA fails without an error message.


Infrequently, the Console will crash or hang when navigating from the Intel AMT Systems view to the log view.


It is possible to successfully provision an Intel AMT device with TLS using an empty Enterprise CA template in the profile.


Console: A failed action may be flagged in the action log as “success”.


Performing a global operation on a large number of systems will occasionally fail.


"Modify" checkbox in InstallShield does not update the console version.


No Audit Log entry is generated if an unauthorized user attempts to send a SOAP command to the SCS.


A script path cannot contain Unicode.


USB disk on key will not be identified by SCS if Windows does not recognize the device as a local disk.


An error may occur when browsing for a domain user during the SCS installation when there are many users defined in AD.


Service: Re-provision with mutual TLS authentication - unnecessary trusted root certificates are not deleted.


API: Can remove the trusted certificate from a profile that has mutual TLS enabled. May result in configuring a device requiring MA without a trusted root certificate.


GUI: Profile update ->TLS mutual authentication settings->CRL: after updating this window for a second time and pressing "OK” a previously loaded CRL is deleted.


The remote configuration certificate must be both in the Local Computer certificate store and in the Current User store for the SCS user.


When attempting to configure an Intel AMT device with 10 to 12 wireless profiles (all using the same certificates) the device returns internal errors for the last three profiles.


The Export Log to File function takes too long for a short log and will return an error if there are 500 or more log entries.


Performing a global operation on a large number of Intel AMT devices may result in some of the operations remaining in the queue. No further operations can be performed on a device stuck in the queue. There are no error messages when this occurs.


SOAP API: the UpdateProfileFQDNCN function does not limit the number of trusted FQDNs to 4.


API: SetServiceZTCConfiguration function operates independently of the SetServicePAMConfiguration, so OTP may be required without activating authorization.


Loadcert Tool: "Select Certificate" window opens up in the background.


Wrong "Failed" declaration on the log tab when reprovisioning an Intel AMT Release 3.0 machine.


API: Calling SetProfilePowerPolicy with an unsupported power state returns successfully but the profile is left with no power policy.


The console does not indicate that the SCS service is not running.


The maintenance task cannot perform two maintenance task simultaneously.


The summary of systems might be incorrect during the global operation process.


GUI: The GUI allows configuring mutual authentication parameters even though the configured profile works with server authentication.


GUI: "Failed to apply al l changes" message may appear while returning to NAC configuration.


Service: Re-provisioning from TLS to no TLS does not delete the TLS certificate and the TLS Credentials are not changed to FALSE.


SQL 2000 reports some warnings when building the Database.


Occasionally the installer cannot browse domains, servers, or users.


Occasionally there is an xml error when refreshing the log table in GUI.


Configuring Web site during installation with non-default port (different than 80 or 81) does not succeed.


In the installation process, adding a new user does not work.


GUI: Select AD OU doesn't show sub-domains.


An Administrator user cannot perform the unprovision function.


Often the return code of an operation that failed is 0, which is interpreted as success.


Unrecognized characters in the License Agreement Tags.


AddServiceNewAmtProperties.exe does not work.


SetProfileCAParams API failure if no TLS supported in the profile.


Set Certificate does not check for duplicate serial numbers.


SCS could not perform any operations on an Intel AMT device in a profile with cr ypto disabled and TLS enabled.


SCS cannot discover Enterprise CAs located in parent domain.


Initiating a global operation when there are many platforms (>1000) in the database may result in an operation that does not actually get performed, with no log messages to indicate what happened.


GetServiceLog: when trying to filter by Profile the execution fails (code 907).


GetServiceNewAMTProperties: when the AD OU string length is > 85
the connection is reset and there is no response.


The GUI often fails when trying to view Logs if using a large DB.


SOAP API: CreateServicePSKPairs does not return the PSK pairs it created.


Filtering the Log by Severity does not work properly


Documentation: a few error codes returned by SCS do not appear in the documentation.


SetMEBxSettings: When the numSecurityKeys parameter exceeds the maximum, the response is not well-formed XML.


Spelling mistake on password GUI interface.


DB upgrade from release 1.2 to release 3.0 from a system other than the one where release 1.2 was first installed prevents making any changes in the general settings window.


Service and DB – unprovisioning an Intel AMT device that had certificates installed - certificate records are not erased from the DB.


The SCS schedules maintenance operations incorrectly.


Basic global operations may fail in a very large environments (3200 Intel AMT devices) – results in "queue full" message.


GetServiceLogLast: OriginatorServer and errorCode fields are incorrect.


setProfileAdminUserAndPassword{Ex}: does not report when password value is not changed.


Para obtener información más completa sobre las optimizaciones del compilador, consulte nuestro Aviso de optimización.