Hello,
Currently we have few machines that are running intel AMT version: 7.1.52-build 1176.
We have a need to preform a scripted reset. I tried to use CURL method and ran in to issues with the hidden token field, since it changes for each curl call...
Whats the best way to accomplish a scripted reset ?
Any help is really appreciated, I need to get this done very soon so please let me know.
Thank you in advance !
Hi there,
I'm encountering an error when trying to configure the AMT password from Windows using ACUConfig. I am not using RCS, and the only reason I want to change the password is for security reasons. Right now I have no other configurations I am trying to make.
Here's the command I am running:
ACUConfig.exe ConfigAMT "profile.xml" /DecryptionPassword "Password"
The XML profile was created using the ACUWizard. From what I can tell in the User Guide I shouldn't be encountering any RCS errors, but I am. EDIT: Worth mentioning that it is currently unconfigured so the default password is set.
When running as Administrator, I get this in the logs:
2015-10-22 16:06:09:(ERROR) : ACU Configurator , Category: ConfigAMT failed: A call to this function has failed - (0xc000278b) (Connection to the Remote Configuration Service is necessary, but the RCSParameters tag is missing in the profile. (RCSAddress))
2015-10-22 16:06:09:(ERROR) : ACU Configurator, Category: Exit: ***********Exit with code 68. Details: Invalid parameter was found. (RCSAddress)
The only other thread I found concerning this same problem is located here, but it was never answered.
Hello,
I'm trying to make a simple connection to Intel AMT with SOAP messages. I'm following this intel's article:
https://software.intel.com/en-us/articles/amt-create-your-own-soap-messa...
However the schemas used are on a url no long used, like: http://schemas.intel.com/platform/client/RemoteControl/2004/01
What should I use to replace this? I tried to look for a substitute for the schemas in the Intel AMT Implementation and Reference Guide, I actually found, but when I try to access the link I get a 404 error. Like: http://intel.com/wbem/wscim/1/amt-schema/1 and http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AuthorizationService
Where all the schemas are now? How I'm supposed to make a SOAP connection without the WSDL available?
Thanks a lot,
Tiago
I have been using Intel AMT for quite a while but I still have not been able to penetrate beyond just starting the computers remotely. I have several questions (maybe rather lame):
1. People here seem to know a lot about the technology, yet the documentation is scarce. Is there a turorial or documentation - not marketing material or material for developers as I do not intend to program any software
I know of two major tools that Intel promotes
I have been using the former. Only commander tool as the other programs in the bundle have unknown function.
2. Where would I find a proper documentation for Open manageability toolkit?
3. I watched some tutorial videos suggested here. I have no function Agent discovery in the view options of the commander tool. I only have mesh discovery which does nothing.
4. As per those videos pressing ` should do something special, in my case it does not do anything. I still have black terminal no matter what I do. I can only boot to bios. On some clients I can see the windows bootloader menu while on others, i cannot see it at all, the terminal goes grey right after information about network card. I access AMT "bios" through ctrl + e. If I use a terminal only linux remote boot from cd, the screen is always just black, there is no redirection (again I am not using graphical interface but rather terminal).
5. In some of those videos, it is shown that after pressing ` one can even browse directory structure if the computer is powered up. Again it does not work in my case.
All the points above suggest that AMT in my case is not working as it should be. I assume, I am missing something. What would that be?
It’s been a while since the last mail and so much is going on. Last week, we released the latest version of Manageability Commander Web Edition with many new improvements. For people who have not noticed yet, a lots of the world has switched to the web and web applications are huge. Intel AMT is taking steps for fully support the web and this starts with a entirely web based Intel AMT console. The latest version of Manageability Commander is entirely built in Javascript. This is, to say it lightly, the future and where Intel AMT is headed.
The new Manageability Commander Web Edition has plenty of new improvements, and here are just a few:
What is probably more crazy in this release is the all new Interceptor. A Intel AMT management man-in-the-middle component built in C#. This never before built module sits between a management console and Intel AMT, fully understands all WSMAN and Redirection traffic and can change the traffic on the fly! Why is this beneficial and not an evil plot to intercept traffic? Because we can use this on trusted servers to add server-side Intel AMT credentials and in the future audit operations, record KVM sessions and more. As you see in the diagram below, Manageability Commander hosted within IIS can login to remote Intel AMT machines even if the browser/user does not know (and can’t know) the Intel AMT credentials. This has plenty of benefits.
Feel free to download and give Manageability Commander Web Edition a try. It’s still an early version: http://opentools.homeip.net/open-manageability/web-management. Big thanks for Kevin Wang for all his help with samples and Kerberos support.
Feedback appreciated,
Ylian Saint-Hilaire
info.meshcentral.com
Manageability Commander Web Edition has a lot of improvements.
Move Intel AMT configuration options, live power polling, wireless and more.
The all new Interceptor is the first a man-in-the-middle component for Intel AMT.
Understands both HTTP/WSMAN and Intel AMT redirection protocol.
Can swap-in Intel AMT digest & Kerberos credentials on the fly.
Hello,
According to the AMT Reference Guide, the AMT 9.0 supports up to 2K resolution
https://software.intel.com/sites/manageability/AMT_Implementation_and_Re...
Does the AMT 10 or AMT 11 support 4K resolution?
Thank you.
We are always looking for ways to make Intel® AMT easier to use and today, we are making available a new and interesting option that should help. In the past few months, we have been working on Manageability Commander Web Edition, a new web based Intel® AMT console that can run entirely in a browser and allows administrators to remotely manage computers from any browser enabled device. This is part of the vision of making Intel® AMT more web friendly. Today, we are adding to this with a new MicroLMS that has Manageability Commander built-in. Typically, the Local Management Service (LMS) is used to help developers interact with Intel AMT on the local system. MicroLMS is a smaller alternative to the official Intel LMS that we use in Meshcentral’s Mesh Agent, on Linux and in other situations. We also use it to experiment with new usages.
In addition to routing Intel AMT ports 16992/16993, MicroLMS has a new web server on port 16994 with a Websocket-to-MEI bridge and hosts a special version of Manageability Commander that is built for local configuration only. It’s a cut down version of Commander without KVM, Terminal or power control that don’t make sense on the local machine. Instead, this version of Commander is geared towards local information gathering and configuration of Intel AMT. Once MicroLMS is running, administrators can browse to http://localhost:16994 and view Intel AMT activation status, version information and login to change settings. When we get a bit of testing on this new MicroLMS, a new Meshcentral agent will be released with the same feature, so everyone using Meshcentral will get this feature automatically and this, for both Windows and Linux.
The new MicroLMS is available on the Manageability Commander Web Edition site for people to try out and feedback is most appreciated. Moving forward, as Manageability Commander evolves, we will release new versions of the MicroLMS with the latest version of the console built-in.
Feedback appreciated,
Ylian Saint-Hilaire
info.meshcentral.com
Improved MicroLMS has a Websocket-to-MEI bridge and web hosting on port 16994.
Makes LMS capable of hosting and interacting with web applications.
A special version of Manageability Commander Web Edition is built into MicroLMS.
Allows users and administrators to view Intel AMT activation status and configure Intel AMT settings.
Hello,
I am seeking guidance on why my calculated password is different than the password I get returned from the RCS API function 'GetCalculatedMasterPassword'.
When I follow through on the examples located here:
I get a different password than when I call GetCalculatedMasterPassword with the same Digest realm challenge value. I am fairly certain my DMP is the same I am using with the RCS (although I am unaware of a way to verify this on demand as the RCS appears to store the DMP encrypted).
I did notice that the documentation has some ambiguity, and I am also operating on an Optiplex 790 as my test machine (appears to be AMT version 7). Is it possible this has changed since then and I need to look at an old SDK?
Examples:
On page 5 of the Intel SCS SDK guide - the example digest challenge values they provide look fairly different than the ones actually returned by my client. PDF shows 'Digest:Intel:A004A' whereas mine is more like 'Digest:A40040000000000000000000..'.
Step 3 in the SCS SDK PDF under the '1.3.1 About the Digest Master Password' section and Step 4 in the SDK link above, the text says "concatenates the realm-value to the username of the digest account it wishes to access", which would imply the username and THEN the realm value, whereas the example code in both cases shows the opposite order - realm value first and then username. Despite this, no matter what order I specify I do not get the same password as I get from the Intel SCS API call.
Step 3 in the AMT SDK says 'The management console converts the realm value to upper case and removes all white space', this is also referenced in the SCS SDK under step 2 of the '1.3.1 About the Digest Master Password' section. However the example provided in the SCS SDK PDF actually only converts the part after 'Digest:' to uppercase and converts 'digest' into 'Digest' and 'intel' into 'Intel'. The AMT SDK example does not do any special handling for this requirement - even in the realm gathering snippet.
Has anyone made this work correctly? I am trying to develop a way to use the DMP and the realm challenge value to calculate the configured password in the event the RCS was unavailable or lost, provided the DMP was saved.
Can anyone confirm that this does work with the latest SDK and the latest RCS available?
Thanks!
I'm trying to understand what's going on with a 2nd hand Dell Latitude XT2.
Once the laptop has booted its OS, it works just fine, but the boot phase is very slow.
For what I can see something is not right with the Intel MEBx.
At the boot, first I see the Dell boot logo, then for 52-53 seconds I see a black screen with a blinking underline cursor, then finally the machine access the MBR and shows the OS bootscreen.
* during those 53s there is no attempt to access CD or HDD, and no activity on the ethernet (so no netboot)
* if from the F12 Boot options I select 'Intel Management Engine Boot Extensions (MEBx)' I get a screen titled 'Intel Management Engine Boot Extensions (MEBx) v.4.0.4.0007' and the text 'ME is initializing' which lasts once again for the exactly 53 seconds, then it goes to the OS boot screen without any further message.
* F12 + select HDD incurs in the same 53s penalty time before seeing the OS boot screen
* I tried to flash the BIOS using Dell utilities (which is a two-stages flashes, first Intel ME, then BIOS) and while the laptop BIOS gets correctly flashed, for the ME part it gets stuck for a few minutes until probably the flash tool timeouts and aborts. The messages on the screen are:
ME Firmware Image was found - CRC-32 is correct
Flashing ME Firmware image:
Initiating F/W Update... ME Firmware Update failed (Error Code: 8725)
-> Failed to receive last update status from the firmware
* I also tried to remove the socketed flash chip that should contain the BIOS and use an external programmer to reflash the BIOS, but it did not help, even if including also a 'reset to default settings' and removing the CMOS backup battery, and even with a different BIOS version.
* Windows seems to see an 'Intel Active Management Technology - SOL' device, but communication with that device doesn't seem to work.
Can anyone help me understand what's the problem with this laptop? If no simple fix is possible I'd be happy to entirely disable ME, but... is it possible, and how?
Or is it just a faulty mainboard?
Hi,
Unfortunatly i have to develop on Linux (;
In one of the directories of the linux AMT SDK i found a folder named "Generated Code" with CIM_*, AMT_* and IPS_* classes.
==> i need to compile/link with the library that exports them. where can i find it in the SDK for linux?
==> do i need to compile then by my self ? How ?
Tnx,
Ronnie
Hi,
On linux:
I encounter the following error while compile/link EventLogreader example:
/bin/ld: ../../../../../Common/ThirdParty/OpenWSMAN/lib/libwsman_curl_client_transportRH5_X64.a(wsman-curl-client-transport.o) undefined reference to symbol 'X509_digest@@libcrypto.so.10'
Installed all crypto* and libcrypt* packages, but still could not solve the problem.
Thx.
Ronnie
Hi,
My PC is a Fujitsu mod ESPRIMO P7935 (D2812-A2x) ,Serial: YL1B003165, Bios vers: 6.00 R1.20.2812.A2, o.s.: Windows 7 x64
After battery replacement, after every boot i see the attached error.
If i press a key , Windows will be loaded and run all fine.
I tryed update (again) the bios without success, the function CTRL P has not effect
I don't use AMT, i I looked for a option in the bios options like "disable AMT" without success
This isssue is for me very serious because this Client is unattended and i can't reboot remotely
Some suggestions?
Thanks very much!!
Luciano
Hi,
I am trying to compile EventLogReader sample on windows with VS 2015 express but encountered many link errors like:
CimOpenWsmanClientD.lib(error.obj) : warning LNK4217: locally defined symbol _vsnprintf imported in function _xmlReportError 2>MSVCRTD.lib(vsnprintf.obj) : warning LNK4049: locally defined symbol _vsnprintf imported 2>CimOpenWsmanClientD.lib(entities.obj) : error LNK2001: unresolved external symbol __imp___snprintf
Couldn't solve.
Tnx,
Ronnie
Hi,
When compiling and running the EventLogReader sample on Linux, i encounter an exception when reaching the following line in WSMANCommunicator::ReadRecords() method on WSMANCommunicator.cpp:
messageLog.Get(NULL, this->client);
the exception give error message of:
Failed to establish a connection with server. Openwsman last error = 2
I have connection with ping to target machine.
I disabled firewalls
Running the same sample (C++ version) on same computer on windows with same target machine runs successfully.
1) does the first parameter in Get method should be a NameValuePair object with key-value of "Name" and "Intel(r) AMT:MessageLog 1", and not NULL (as in windows version of the sample) ?
2) Any ideas ?
Tnx,
Ronnie
On linux:
libimrsdk*.a and libxerces*.a both define stricmp - How to use both libraries ?
They cause a link error:
multiple definition of 'stricmp(char const*, char const *)'
How to solve ?
Thx,
Ronnie
Hello. I bought a new motherboard, a Q170 with AMT/vpro support and vpro CPU i5. All in all it works, but I have 2 questions.
1) Is it possible to build up a connection into my AMT computer via WWAN? I succeeded to build up a LAN Connection (192.168.1.x) using VNC-Viewer plus. But my main goal is to use AMT from outside WWAN (worldwide). Especially I would like to type in my bitlocker key (cause I don't use TCM). I really want to see "Windows pre-boot-Screens" like bios or bitlocker from everywhere in the world-->
http://www.eightforums.com/attachments/tutorials/17627d1362339471-bitloc...
What are the correct Settings in MEBx for Host Name and Domain Name? I use a router, I opened ports TCP 16992-16995. I don't use my computers in a domain network. Domain Name means I have to type in for example a dyndns-adress? I tried a lot, but did not find a way to establish a connection via WWAN (also tried IP-Adress after a DNS-lookup. I am able to ping my router) and using VNC-Viewer plus or "Intel Manageability Commander Tool". LAN connections are ok, but no WWAN connections are established.
2) I activated the internal Intel GPU in MEBx and BIOS. Most of the time I see a black screen. Do I have to use the internal GPU all the time to see for example Bios Settings or Windows-Pre-Boot Screens? I mean I got an expansive 770GTX. I don't see anything in VNC-Viewer plus, when my Monitor is pluged in into 770GTX. When I plug in the Monitor into the internal Intel-GPU then everything is fine (red yellow frame around the monitor and connection is established). But is it really important where the Monitor is pluged in to have a successful VNC_Viewer plus connection? Both videocards (internal+external) are activated in Bios.
Hi,
From the doc, to wake up AMT ME, it is suggested to wait 25s.
https://software.intel.com/en-us/wake-up-amt
First, I am try to wake up AMT ME using ICMP pings, does that means I have to wait 25s before send further request?
Secondly should I use arping send arp request to AMT ME or ping AMT ME like 5 times, which one is better?
BTW, this doc is a little old, do you have any updates on this topic?
B.R
Tan
I am trying to find a programmatically way to detect the AMT capabilities locally with or without MEI or other driver installed (which is like Platform Discovery Utility do).
Is there any API (C/C++) in the AMT SDK or other packages can do the job?
Thanks
Hi vPro team,
we have the problem if we connect us to a laptop with the lid closed, the screen output will remain black. Is this normal behavior, or is there a workaround?
The device is an HP EliteBook 840 G2. AMT/BIOS are up to date. The connection is established with RealVNC Plus.
Hi,
With linux AMT SDK, there is a problem linking with static library libimrsdk*.a when creating a shared library (.so) that use the AMT SDK !!!
The linker provide the following error:
relocation R_X86_64_PC32 against symbol 'g_lock' can not be used when making a shared object. recompile with -fPIC.
NOTE: creating an executable goes fine, but shared library that use the static library cause the above link error...
1) can you please provide libimrsdk*.a static library compiled with -fPIC option ?
2) or provide the IMRSDK source code so i will do that myself ?
It's urgent,
Tnx,
Ronnie
