Altiris Handling of the Intel AMT connection credentials with Out of Band Management (OOB) and Real-Time System Manager (RTSM)
Puzzled about where to enter Intel AMT connection credentials? (You're not alone.)
Here's the (step-by-step, detailed, and most probably accurate) Juice from Joel Smith, an esteemed member of the tech support team.
Where to Look
- Out of Band Management (OOB) solution's Intel AMT Settings located under View > Solutions > Out of Band Management > Configuration > Default Settings > Intel AMT Settings.
- Real-Time System Manager (RTSM) Solution's Intel AMT Settings located under View > Configuration > Solutions Settings > Real Time Console Infrastructure > configuration > Intel AMT Connection Settings tab.
- OOB solution's advanced settings, located under View > Solutions > Out of Band Management > Configuration > Advanced Settings > Connection Settings Database.
- Settings – When specified for a single run of a task (via Task Server). This is configured during the Task setup for that Task only.
- Here is another place where passwords are kept for Intel AMT devices provisioned by OOB in enterprise mode. You can't adjust the passwords directly:
- Intel SCS database (Database name: IntelAMT)
- And here is the place where "good" settings are stored when used successfully. You can see the settings but you cannot change them:
- OOB solution's Used Connection Settings Database, read-only
One important thing to note is that when OOB connects to an Intel AMT device, it tries all connection credentials known to the Solution: Connection Credentials found in places 1 to 6. Having the correct credentials stored at one of those locations is sufficient to successfully connect to a device.
All connection credentials are prioritized: for example, the settings that worked for the specific computer marked as Excellent and stored in 6. Next time you run a task against the same computer, the settings marked Excellent are tried first. There are six priority levels for connection credentials and credentials' priority may change dynamically every time a task is run depending on what credentials succeed or fail during the execution.
- You have used OOB to provision an Intel AMT computer without TLS and specified a random password in the provisioning profile: When you run an AMT task, the connection credentials (user:admin password:something random, like rT5#rerT) are taken from Intel SCS database (5). You do not need to specify connection credentials at other locations.
- You have used OOB to provision an Intel AMT computer without TLS and specified the password (e.g. @Altiris1) manually in the provisioning profile: The connection credentials (user:admin password:@Altiris1) are taken from Intel SCS (5). You do not need to specify connection credentials at other locations.
- You have a computer, provisioned by another Notification Server, or other third-party utility. You know the "admin" password. You have to enter the username "admin" and the password for "admin" into (1) or (2) or (3) or (4).
- You have a computer provisioned by another Notification Server or other third-party utility. A user "Mike" has been added to the Intel AMT device, whether manually thru the web interface, or using the ACL when provisioning. Mike has permission to perform remote management only (e.g. Mike cannot change settings). You know Mike’s password. You have to enter the username Mike and the password for Mike into (1) or (2) or (3) or (4). You can use OOB to perform remote management tasks only.
- You have used OOB to provision an Intel AMT computer with TLS. Credentials are taken from (5). You do not need to specify connection credentials at other locations; however, you have to enter trusted domain suffix (e.g. altiris.com) in either (1) or (2).