Not able to connect over SOL using a Digest Master Password

Not able to connect over SOL using a Digest Master Password

Ritratto di pdujardin

A bit a background to my problem:

Due to a number of reasons I can only use the SCS service and digest authentication and cannot use AD Integration or PKI and TLS for security to provision and access the workstation. Also, the workstations are pre-configured at the factory with a PSK for zero touch provisioning.

Due to these restrictions and security requirements we can only use the default digest user account, admin and no additional manually created digest accounts in the SCS profile. To satisfy security requirements further, we need to set the admin account password using the Digest Master Password (DMP)setting within SCS.

I can successfully connect to a workstation via WebUI and VNC Viewer Plus using the default account, admin and the calculated DMP. Also, I can successfully connect to the workstation using the Manageability Commander Tool using these credentials. However, when I go to the Remote Control Tab and select Take Control to connect to the workstation via SOL I get the following error: Serial-over-LAN error: IMR_RES_INVALID_PARAMETER - when I select OK the Manageability Terminal Tool window launch and the status of Serial-over-LAN is Disconnected.

Doing research I found the following extract in the Intel AMT Implementation and Reference Guide in thTCP Parameters, Redirection Sample Console GUI section:

The lengths of the user name and user password are limited by the Redirection SDK to 32 characters. If either the user name or password exceeds this limit, IMR_RES_INVALID_PARAMETER, will be returned.

The length of the digest master password is 44 characters

I then tested SOL with the default admin account and a password I set manually which is less than 32 characters and SOL connects successfully.

Therefore, I have the following questions and am hoping that someone is able to answer my questions:

  1. How to get SOL working with the default admin account using a Digest Master Password or is this not possible?
  2. Is there a way to truncate the DMP to conform to the maximum password length requirements?
  3. Is there an alternative tool or utility to connect via SOL using the digest account, admin and DMP password?
  4. Am I able to increase the length of the password in the Redirection SDK?

Many thanks

Pierre

4 post / 0 new
Ultimo contenuto
Per informazioni complete sulle ottimizzazioni del compilatore, consultare l'Avviso sull'ottimizzazione
Ritratto di Gael Hofemeier (Intel)

Thank you for your detailed questions/background. I am going to need to do some research on this. I don't think you can increase the length of the password for the redirection component as we only give you the dlls - you don't have access to the source. I will get back with you soon. Thanks, Gael

Follow me on Twitter: @GHIntelBlogs Facebook: https://www.facebook.com/gh.intelblogs
Ritratto di Gael Hofemeier (Intel)

I sent your question regarding the password lengths on but I'm still mulling over your initial statements about being stuck because your systems came preconfigured for remote configuration (you must have a provisioning certificate that you can apply when using the SCS to do the provisioning?) You should still be able to set up your AMT environment however you like wrt to authentication methods. You can even provision them minimally and then apply what ever changes you want from your own application. Or you can use the SCS to do a "partial" unconfigure - that will keep your provisioning certificate information and then you can reapply any configurations that you would like to add or remove. This includes moving the systems to TLS. I wrote a blog on applying TLS security via Power Shell (this method is applied to an AMT system that is already enabled via non-TLS.) What AMT Versions are you working with?

Follow me on Twitter: @GHIntelBlogs Facebook: https://www.facebook.com/gh.intelblogs
Ritratto di Gael Hofemeier (Intel)

Here is an update on the password length issue. Our engineering team has fixed this issue and it will be available in the AMT SDK Release 8 which will be available on our Community site in a a few weeks.

Follow me on Twitter: @GHIntelBlogs Facebook: https://www.facebook.com/gh.intelblogs

Accedere per lasciare un commento.