15 September 2016

Intel AMT: Configuration | AMT Status: Detected | Not Externally Provisioned

Recently I have been trying to setup and configure Intel SCS to leverage Intel AMT features through SCCM 2012 R2.  I've done this before and it's worked fine, but for whatever reason, with this particular client, SCCM is failing to detected that the workstations have been configured, and that AMT is Externally Provisioned (thus not allowing me to control the power etc).

After running the Intel AMT: Configuration Task Sequence (which works by the way), I get the following messages in the AMTOPMGR.log file:


I've tested that I can log into the web GUI with the admin credentials and that's all fine, but for whatever reason, I'm getting AMT Status is 1 which translates to 'detected', rather than 'externally provisioned'.  I checked all my settings and everything had been configured accurately.

The machine account was in the appropriate ACL which was mentioned in the SCS profile (that's a big one if you haven't done that).  There was nothing online which actually related to the issue I was having, so I logged a ticket with Intel themselves.  After a couple of hours of troubleshooting with an Intel guy from Oregon, US (who was very helpful) we basically came to the conclusion that we couldn't find out what was actually causing this error message.  Everything had been configured correctly.

With the end goal in mind and wanting to be able to start up lots of computers, or a single device using the AMT Wake-Up feature, we comprimised and used a third party application called MeshCommander.  This application is installed on the SCCM server and essentially provides a whole lot more functionality to the Out of Band Management through SCCM.

To obtain the AMT Functionality, run the Intel AMT: Configuration Task Sequence as per ususal.  Then run the Discovery AMT Status like you normally would.  It will show up as Detected which is fine.  From here, you can right-click on a device and click on the MeshCommander option:


Select Kerberos and TLS.


Once you have done this, and provided there's nothing wrong with your AMT Configuration TS, it will allow you full access to the Intel AMT section of that workstation.  Allowing you to power the device up and use Serial over LAN etc.


If you're wanting to power up an entire device collection, simply right-click on that collection and select the MeshCommander Option:



Whilst I was pulling my hair out trying to get this one resolved, I'm actually grateful that I had this issue, because the solution that Intel suggested to achieve the overall outcome seems to be a lot better than the initial solution of simply using the Power-On feature through Intel SCS and SCCM.

Overall, this is actually a much better way to control the machines through Intel AMT.  I highly recommend it.

1 comment: