If you want to have the Intel Manageability Tool Kit interoperate with a vPro client that has been provisioned by Microsoft System Center Configuration Manager SP1, there are two key things you need to do: Configure Manageability Commander to trust the Issuing Certificate Authority of AMT Web Certificates and to authenticate with a Kerberos user that has access to the vPro Client.
Before configuring Manageability Commander, you will need to obtain a copy of the Root Certificate Authority Certificate that the vPro Client AMT Web Server Certificate was issued from. This is the same Certificate Authority that was configured in âMicrosoft System Center Configuration Manager Consoleâ -> âOut of Band Component Configurationâ -> "Site Database" -> "Site Management" -> "Site" -> "Site Settings" -> "Component Configuration" -> "Out of Band Management" -> "General Tab" -> "Certificate Template".
If you are issuing AMT Web Server Certificates from a subordinate certificate authority, you should still use the certificate from the Root Certificate Authority the SubCA is chained up to.
Export a copy of the Root CA
1) To export of a copy of the Root CA Certificate, you can open your local certificate store, select âTrusted Root Certificateâ -> âCertificateâ and search for the proper Root CA Certificate. If you do not have the Root CA certificate in your trusted root store, your CA Administrator can obtain a copy for you from the CA by selecting the âPropertiesâ of the Certificate Authority and selecting âView Certificateâ.
2) Once you have the certificate open, select the âDetailâ tab and then select âCopy to Fileâ.
3) When the âCertificate Export Wizardâ appears, click âNextâ.
4) Select âDER encoded binary X.509(.CER)â and click âNextâ.
5) Select a location to export the certificate to and then click âNextâ.
6) On the âComplete the Certificate Export Wizardâ, click âFinishâ.
Trusting your Root Certificate Authority in Manageability Commander
Now that you have a copy of the Root CA certificate, you are able to configure Manageability Commander so that it can manage a vPro client provisioned by SCCM.
1) If you have not already done so, you can download a copy of the Manageability Tool Kit from the following location: http://software.intel.com/en-us/articles/download-the-latest-version-of-manageability-developer-tool-kit/. Follow the onscreen instructions on how to install it.
2) Once Manageability Tool Kit is install and Manageability Commander is open, select âFileâ -> âCertificate Managerâ.
3) In the âCertificate Managerâ window, ensure you delete all other existing certificates by highlighting them and clicking the âDeleteâ button. After which, select âImportâ.
4) Browse for the Root Certificate Authority Certificate you exported (which is the Root CA Certificate that is chained up from your AMT Web Server certificates) and click âOpenâ.
5) Back in the âCertificate Managerâ window, click the âRefresh Displayed Certificatesâ button. You should now see your CA in the âTrusted Root Certificatesâ list. Click âCloseâ to exit the Certificate Manager window.
Adding a Client to Manageability Commander
Once the Root CA certificate has been trusted, you can now add the client (that is provisioned by SCCM) you want to manage via Manageability Commander.
1) To add the vPro client, select âFileâ -> âAddâ -> âAdd IntelÂŽ AMT Computerâ.
2) When the âAdd IntelÂŽ AMT Computerâ window appears, enter in the full qualified domain name (FQDN) of the client you want to manage. If you want Manageability Commander to use Kerberos authentication of the local user logged, leave the Username and Password blank. If you want to specify a different Kerberos user then the local logged on user, enter in the desired Kerberos user as domain\user and the appropriate password. Click âOKâ to close the âAdd IntelÂŽ AMT Computerâ window.
3) Once you have added the vPro client, you should see it in the list of clients to manage. Right click on the client, and select âConnectâ.
4) Once connected, you can invoke any of the vPro / AMT use cases that the Manageability Commander Tool supports on the client provisioned and also managed by SCCM.
If you are having connection issue, you can perform some general troubleshoot by viewing the debug information.
1) To view the debug information, select âHelpâ -> âShow Debug Information...â
2) Once the âManageability stackâ window opens, you can see additional detail of any issues encountered.