Hello everyone,
we are currently implementing SCS and are haveing issues with the Certificate Setup.
This is the Environment:
- We deployed one RCS Server "scs.europe.example.corp" with SCS 8.1.4.16 with a database hosted on another machine. The RCS Service is running as the User "rcsuser".
- We created a Server Certificate with IIS, stating a CN of "scs.europe.example.corp" and OU=Intel(R) Client Setup Certificate.
- The Server Certificate was signed by a Microsoft CA by using the Web Server Template.
- The Certificate Chain contains one Root CA ("Example Corp Root CA1"), followed by an issuing CA ("Example Corp Issuing CA1").
- The Server Certificate was installed (with private key) into the Certificate Store of the "rcsuser" Profile on the "scs.europe.example.corp" Server.
- Same with the Certificate Chain.
- The RCS Server runs on Windows Server 2008 R2.
- The Test Client is a HP EliteBook 8440p with BIOS V22 and AMT Firmware Version 6.2.0.1022, and runs Windows 7 Enterprise SP1 32-Bit. The HECI Driver is at version 6.0.0.1179.
- We inserted both Certificate SHA1 Hashes into the AMT ROM of the Test Client by using the usbfile Tool: usbfile -create setup.bin admin NewPa$$w0rd -hash "CA1.cer" "Example Corp Root CA1" -hash "CA2.cer" "Example Corp Issuing CA1" -v 2.1
When we now run ACUconfig on the Test Client (ACUConfig /verbose /output console ConfigviaRCSonly scs.europe.example.corp Example_EU_Clients /AbortonFailure), we get an error stating that there is an SSL issue:
An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable. (0xc000521f) ((ExecMethod WMI_ConfigAMT) Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). Intel(R) AMT connection error 0xc000521f: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable. (0xc000521f). Valid certificate for PKI configuration not found. (0xc00007e5). (0xc000521f). )
The SCS Console logs tha same error.
Failed while calling WS-Management call GetAmtVersion (CIM_SoftwareIdentity.Get). Intel(R) AMT connection error 0xc000521f: An SSL error occurred. Verify the username and password, and the PSK or certificate settings, where applicable. Valid certificate for PKI configuration not found.
ACUconfig logs that the Certificate Hashes have successfully been imported:
Active certificate hashes have the following names: (0xc000005a)
15
[...]
Example Corp Root CA1
Example Corp Issuing CA1
So... did we miss anything?
Kind regards