Notes and Limitations

   All systems performing SOAP HTTP communications to Intel AMT devices using Kerberos authentication require a Microsoft Hotfix to WinHTTP so that they will execute correctly. This applies both to remote applications and local agents, although using Kerberos authentication from the local platform is not recommended. It also applies to the platform performing modifications to the Active Directory schema. Hotfixes for Windows 2003 and for Windows XP are available from Microsoft. The Hotfix number is KB899900.

(See http://support.microsoft.com/?id=899900 for detailed information.)

Microsoft does not anticipate fixing this issue for Windows 2000 due to its reduced support for this product. This impacts all Intel SDK sample programs except for the redirection library and redirection console.

   Internet Explorer is the only browser that supports Kerberos authentication.

   Internet Explorer 6 requires a Hotfix to use the Kerberos authentication protocol to connect to the Intel AMT WEBUI. The Hotfix number is KB908209.

(See http://support.microsoft.com/?id=908209 for detailed information, including the need to modify Registry entries.)

   One of the following Registry changes is required for any version of Internet Explorer (including IE 7 and IE 8):

For 32 Bit: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209\"iexplore.exe"=dword:00000001

For 64 Bit: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209\"iexplore.exe"=dword:00000001

   A client application that attempts to use Kerberos authentication must be on an intranet in common with the Intel AMT device. This is a requirement of the WinHTTP library. It is necessary to identify the domain of the intranet to WinHTTP by setting up a proxy bypass. If this is not done, the Intel AMT SDK sample will not work with Kerberos authentication. The command used to set the proxy bypass domain is a function of the operating system in use:

In the following example, applicable to Windows 2003 and Windows XP, the command proxycfg configures the intel.com domain to be on the proxy bypass list. “_” is set up as a dummy “proxy”.

 Note:

When using any Windows 64-bit operating system, the commands shown below to set the proxy bypass domain are the same as those used in a 32-bit operating system, but they need to executed from the SysWOW64 folder, located at C:\Windows\SysWOW64\.

 

Z:\>proxycfg

Microsoft (R) WinHTTP Default Proxy Configuration Tool

Copyright (c) Microsoft Corporation. All rights reserved.

 

Current WinHTTP proxy settings under:

  HKEY_LOCAL_MACHINE\

    SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

      WinHttpSettings :

 

     Direct access (no proxy server).

 

Z:\>proxycfg -p "_" *.intel.com

Microsoft (R) WinHTTP Default Proxy Configuration Tool

Copyright (c) Microsoft Corporation. All rights reserved.

 

Updated proxy settings

Current WinHTTP proxy settings under:

  HKEY_LOCAL_MACHINE\

    SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

      WinHttpSettings :

 

    Proxy Server(s) :  _

    Bypass List     :  *.intel.com

See
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/proxycfg_exe__a_proxy_configuration_tool.asp

for a description of the proxycfg command and its parameters.

In Vista*, the command proxycfg has been dropped and WinHTTP proxy setting has been incorporated into the netsh command.

From the command line, perform the following sequence to place intel.com on the bypass list:

Z:\>netsh

netsh>winhttp

netsh winhttp>set proxy

netsh winhttp>set proxy proxy-server=”xyz” bypass-list=”<local>, *.intel.com”

 

Current WinHTTP proxy settings:

 

Proxy Server(s) : xyz

Bypass List: <local>, *.intel.com

Note that the proxy server is a dummy name.

Copyright © 2006-2022, Intel Corporation. All rights reserved.