IsAMTEnabledInBIOS value is false even though AMT actually is enabled in BIOS

IsAMTEnabledInBIOS value is false even though AMT actually is enabled in BIOS

Hi, I'm a developer working for a company that sells a software/hardware combination. Some of the hardware SKUs are having an issue where something about the AMT configuration is changing in a way that when I run system discovery the report says that AMT is not enabled in the BIOS. This is a bit confusing because none of the developers or QA who are experiencing this issue have done anything in the BIOS or the MEBx. One thing that I think may be a clue to why this is happening is the fact that all of the affected machines are in Admin Control Mode, whereas the machines that are not experiencing this problem are in the Client Control Mode. All of these machines have the same BIOS version, the same SCS version, the same MEI version and the same LMS version. In addition, I have no option that even remotely resembles 'Enable AMT' in MEBx and the only AMT related option in the BIOS is also enabled.

Below is the Manageability info for one of the problematic machines:

<ManageabilityInfo>
    <AMTSKU>Intel(R) Standard Manageability</AMTSKU>
    <AMTversion>11.0.10</AMTversion>
    <FWVersion>11.0.10.1002</FWVersion>
    <PingConfigurationServer>False</PingConfigurationServer>
    <Capabilities>
      <IsAMTSupported>True</IsAMTSupported>
      <IsCCMSupported>False</IsCCMSupported>
      <IsHBPSupported>False</IsHBPSupported>
      <IsKVMEnabledInBIOS>False</IsKVMEnabledInBIOS>
      <IsAntiTheftSupported>False</IsAntiTheftSupported>
      <IsKVMSupportedInBIOS>True</IsKVMSupportedInBIOS>
      <IsSOLSupportedInBIOS>True</IsSOLSupportedInBIOS>
      <IsIDERSupportedInBIOS>True</IsIDERSupportedInBIOS>
      <IsAMTEnabledInBIOS>False</IsAMTEnabledInBIOS>
      <IsSOLEnabledInBIOS>False</IsSOLEnabledInBIOS>
      <IsIDEREnabledInBIOS>False</IsIDEREnabledInBIOS>
    </Capabilities>
    <ManagementSettings>
      <AMTConfigurationMode>Enterprise Mode</AMTConfigurationMode>
      <AMTState>Post Provisioning</AMTState>
      <IsAMTConfigured>True</IsAMTConfigured>
      <AMTConfigurationState>PKI</AMTConfigurationState>
      <IsZTCEnabled>True</IsZTCEnabled>
      <CertificateHashes>VeriSign Class 3 Primary CA-G1, e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e70, Enabled, Default; VeriSign Class 3 Primary CA-G3, eb04cf5eb1f39afa762f2bb120f296cba520c1b97db1589565b81cb9a17b7244, Enabled, Default; Go Daddy Class 2 CA, c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4, Enabled, Default; Comodo AAA CA, d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4, Enabled, Default; Starfield Class 2 CA, 1465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658, Enabled, Default; VeriSign Class 3 Primary CA-G2, 83ce3c1229688a593d485f81973c0f9195431eda37cc5e36430e79c7a888638b, Enabled, Default; VeriSign Class 3 Primary CA-G1.5, a4b6b3996fc2f306b3fd8681bd63413d8c5009cc4fa329c2ccf0e2fa1b140305, Enabled, Default; VeriSign Class 3 Primary CA-G5, 9acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df, Enabled, Default; GTE CyberTrust Global Root, a53125188d2110aa964b02c7b7c6da3203170894e5fb71fffb6667d5e6810a36, Enabled, Default; Baltimore CyberTrust Root, 16af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb, Enabled, Default; Cybertrust Global Root, 960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3, Enabled, Default; Verizon Global Root, 68ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f6603, Enabled, Default; Entrust.net CA (2048), 6dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177, Enabled, Default; Entrust Root CA, 73c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c, Enabled, Default; VeriSign Universal , 2399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c, Enabled, Default; Go Daddy Root CA - G2, 45140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda, Enabled, Default; Entrust Root CA - G2, 43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339, Enabled, Default; Starfield Root CA - G2, 2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5, Enabled, Default; </CertificateHashes>
      <IsMoveToInProvisionPossible>True</IsMoveToInProvisionPossible>
      <AMTControlMode>Admin Control Mode</AMTControlMode>
      <IsTLSEnabled>False</IsTLSEnabled>
      <IsHWCryptoEnabled>False</IsHWCryptoEnabled>
      <IsNetworkInterfaceEnabled>True</IsNetworkInterfaceEnabled>
      <IsAMTFWUpdateEnabled>False</IsAMTFWUpdateEnabled>
      <IsAMTEACEnabled>False</IsAMTEACEnabled>
    </ManagementSettings>
  </ManageabilityInfo>

And below is the manageability info from a machine that is working:

<ManageabilityInfo>
    <AMTSKU>Intel(R) Standard Manageability</AMTSKU>
    <AMTversion>11.0.10</AMTversion>
    <FWVersion>11.0.10.1002</FWVersion>
    <PingConfigurationServer>False</PingConfigurationServer>
    <Capabilities>
      <IsAMTSupported>True</IsAMTSupported>
      <IsCCMSupported>True</IsCCMSupported>
      <IsHBPSupported>True</IsHBPSupported>
      <IsKVMEnabledInBIOS>False</IsKVMEnabledInBIOS>
      <IsAntiTheftSupported>False</IsAntiTheftSupported>
      <IsKVMSupportedInBIOS>True</IsKVMSupportedInBIOS>
      <IsSOLSupportedInBIOS>True</IsSOLSupportedInBIOS>
      <IsIDERSupportedInBIOS>True</IsIDERSupportedInBIOS>
      <IsAMTEnabledInBIOS>True</IsAMTEnabledInBIOS>
      <IsSOLEnabledInBIOS>False</IsSOLEnabledInBIOS>
      <IsIDEREnabledInBIOS>False</IsIDEREnabledInBIOS>
      <CRLStoreSize>1424</CRLStoreSize>
      <RootCertificatesMaxSize>2500</RootCertificatesMaxSize>
      <RootCertificatesMaxInstances>4</RootCertificatesMaxInstances>
      <FQDNSuffixMaxEntries>4</FQDNSuffixMaxEntries>
      <FQDNSuffixMaxLength>63</FQDNSuffixMaxLength>
      <CertificateChainMaxSize>4100</CertificateChainMaxSize>
      <SupportedCertificatesKeyLengths>
        <SupportedCertificateKeyLength>1024</SupportedCertificateKeyLength>
        <SupportedCertificateKeyLength>1536</SupportedCertificateKeyLength>
        <SupportedCertificateKeyLength>2048</SupportedCertificateKeyLength>
      </SupportedCertificatesKeyLengths>
    </Capabilities>
    <ManagementSettings>
      <AMTConfigurationMode>Enterprise Mode</AMTConfigurationMode>
      <AMTState>Post Provisioning</AMTState>
      <IsAMTConfigured>True</IsAMTConfigured>
      <AMTConfigurationState>PKI</AMTConfigurationState>
      <IsZTCEnabled>True</IsZTCEnabled>
      <CertificateHashes>VeriSign Class 3 Primary CA-G1, e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e70, Enabled, Default; VeriSign Class 3 Primary CA-G3, eb04cf5eb1f39afa762f2bb120f296cba520c1b97db1589565b81cb9a17b7244, Enabled, Default; Go Daddy Class 2 CA, c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4, Enabled, Default; Comodo AAA CA, d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4, Enabled, Default; Starfield Class 2 CA, 1465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658, Enabled, Default; VeriSign Class 3 Primary CA-G2, 83ce3c1229688a593d485f81973c0f9195431eda37cc5e36430e79c7a888638b, Enabled, Default; VeriSign Class 3 Primary CA-G1.5, a4b6b3996fc2f306b3fd8681bd63413d8c5009cc4fa329c2ccf0e2fa1b140305, Enabled, Default; VeriSign Class 3 Primary CA-G5, 9acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df, Enabled, Default; GTE CyberTrust Global Root, a53125188d2110aa964b02c7b7c6da3203170894e5fb71fffb6667d5e6810a36, Enabled, Default; Baltimore CyberTrust Root, 16af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb, Enabled, Default; Cybertrust Global Root, 960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3, Enabled, Default; Verizon Global Root, 68ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f6603, Enabled, Default; Entrust.net CA (2048), 6dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177, Enabled, Default; Entrust Root CA, 73c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c, Enabled, Default; VeriSign Universal , 2399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c, Enabled, Default; Go Daddy Root CA - G2, 45140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda, Enabled, Default; Entrust Root CA - G2, 43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339, Enabled, Default; Starfield Root CA - G2, 2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5, Enabled, Default; </CertificateHashes>
      <IsMoveToInProvisionPossible>True</IsMoveToInProvisionPossible>
      <AMTControlMode>Client Control Mode</AMTControlMode>
      <IsTLSEnabled>False</IsTLSEnabled>
      <IsHWCryptoEnabled>False</IsHWCryptoEnabled>
      <IsNetworkInterfaceEnabled>True</IsNetworkInterfaceEnabled>
      <IsAMTFWUpdateEnabled>False</IsAMTFWUpdateEnabled>
      <IsAMTEACEnabled>False</IsAMTEACEnabled>
      <AMTDigestRealm>Digest:17D60000000000000000000000000000</AMTDigestRealm>
    </ManagementSettings>
  </ManageabilityInfo>

Beyond this information I'm at a loss as to what could be causing this to occur. Any help would be greatly appreciated!

Zona: 

publicaciones de 3 / 0 nuevos
Último envío
Para obtener más información sobre las optimizaciones del compilador, consulte el aviso sobre la optimización.

Bumping this thread after a week and a half just to see if anyone has any ideas about how a computer could get into this state without going through the bios extension. 

Hey Reed,

Please send me the complete Discovery XML via Private Message

Admin Control Mode vs Client Control mode, should not be causing any issue with IsAMTEnabledInBIOS. The fact the your code shows IsAMTConfigured = True indicates AMT is fully enabled. 

Is it just this field that is causing issues in your reports or is this part of a larger issue?

For more on control modes see the AMT Developers Guide

Joe

 

Deje un comentario

Por favor inicie sesión para agregar un comentario. ¿No es socio? Únase ya