Hi everyone,
I am trying to use the Intel AMT HLAPI to make a connection to an AMT device that has been provisioned to use Kerberos authentication and mutual TLS.
The machine I am connecting from has a valid certificate for mutual TLS, the subject is CN=<machine_fqdn>.
The connection works fine if I enter the username:
ci = new ConnectionInfoEX("<target_machine_fqdn>", "<domain\\username>", "<password>", true, "CN=<machine_fqdn>", ConnectionInfoEX.AuthMethod.Kerberos, null, null, null);
However, if I try to use the currently logged in user on the machine where I run this command from (I saw that this works by leaving the user and password blank):
ci = new ConnectionInfoEX("<target_machine_fqdn>", "", "", true, "CN=<machine_fqdn>", ConnectionInfoEX.AuthMethod.Kerberos, null, null, null);
if fails in GetVersionWSMan() in AMTInstanceManager line 922 after a few seconds (4-5). Exception is:
{Intel.Management.Wsman.WsmanConnectionException: Server unexpectedly disconnected ---> Intel.Management.Wsman.WsmanConnectionException: Server unexpectedly disconnected
at Intel.Management.Wsman.HttpTransport.GetResponse(String method)
at Intel.Management.Wsman.ClientRequest.Send(XmlDocument reqDoc, String soapCmd)
at Intel.Management.Wsman.ClientRequest.Send(XmlDocument reqDoc)
at Intel.Management.Wsman.WsmanConnection.RetryLoop(XmlDocument reqDoc, Exception& resultExp)
--- End of inner exception stack trace ---
at Intel.Management.Wsman.WsmanConnection.SendObjectRequest(String msgId, XmlDocument reqDoc, IManagedReference refObj, IManagedInstance input)
at Intel.Management.Wsman.WsmanConnection.SubmitRequest(XmlDocument reqDoc, IManagedReference refObj, IManagedInstance input)
at Intel.Management.Wsman.WsmanConnection.SubmitRequest(String requestString, IManagedReference refObj, IManagedInstance input)
at Intel.Management.Wsman.ManagedReference.Get()
at Intel.Manageability.Impl.AMTInstanceManager.GetVersionWSMan() in f:\AMT_SDK_11.6.0.7\Windows\High Level API\Src\Intel_Manageability_Library\HLAPI Lib\AMTInstance\AMTInstanceManager.cs:line 922
at Intel.Manageability.Impl.AMTInstanceManager.SetVersionInfo() in f:\AMT_SDK_11.6.0.7\Windows\High Level API\Src\Intel_Manageability_Library\HLAPI Lib\AMTInstance\AMTInstanceManager.cs:line 868}
System.Exception {Intel.Management.Wsman.WsmanConnectionException}
If I provision the machine to use only server TLS (not mutual), from the same machine I ran the code above, both connecting with username and password blank (so using the currently logged on user) and connecting by entering the user in ConnectionInfoEx works fine. The only difference from the commands above is that the certificate is an empty string "".
My only conclusions so far:
- It works with mutual TLS by entering the credentials manually, so the TLS mutual certificate is correct.
- It works with server TLS by leaving the credentials empty, it indeed uses the current user, so that is not the problem
- It works with entering the same user that's logged in manually, so it cannot be a permission issue
If anyone came across this, or has any idea how I could find the cause for the exception, I would be most grateful.