How to Manage AMT-based Computers Out of Band in Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

After you have provisioned Intel AMT-based computers for System Center 2012 Configuration Manager, you can manage them by using the following procedures:

  • How to Run the Out of Band Management Console

  • How to Power off Computers

  • How to Power on and Restart Computers

  • How to Configure BIOS Settings for a Computer

  • How to Run Commands, Repair Tools, and Diagnostic Applications for a Computer

You can also block an Intel AMT-based computer if you no longer trust the computer. However, after you block an AMT-based computer that is provisioned by Configuration Manager, you cannot manage it out of band any longer. For more information, see Blocking AMT-Based Computers.

How to Run the Out of Band Management Console

You can use the out of band management console to connect to an AMT-based computer to manage it even if the operating system is not responding, or if the computer is turned off. You can run multiple out of band management consoles to connect to different AMT-based computers at the same time. However, an AMT-based computer cannot be managed by more than one out of band management console at the same time. In this scenario, the second and subsequent connections fail to restart the computer or to establish a serial connection.

The computer must be provisioned for AMT before you can connect to it by using the out of band management console, and you must be logged on by using one of the AMT User Accounts that you specified in the Out of Band Management Component Properties dialog box.

Log on by using one of the AMT User Accounts that you specified in the Out of Band Management Component Properties dialog box, and then use one of the following procedures to run the out of band management console.

To run the out of band management console from the Configuration Manager console

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, click Devices or Device Collections.

  3. Select the computer that you want to manage by using the out of band management console, and then, on the Home tab, in the Device group, click Manage Out of Band, and then click Out of Band Management Console.

    Note

    The Out of Band Management Console option is available for a resource only if it is provisioned for AMT.

  4. When you have completed your out of band management tasks for the currently selected computer, you can leave the console running and connected, or perform one of the following actions:

    - Click **File**, and then click **Exit** to disconnect from the computer and exit the out of band management console.
    
    - Click **Connection**, and then click **Disconnect** so that you can reconnect to the same computer later.
    

To run the out of band management console at the command prompt

  1. At the command prompt, type: <ConfigMgrInstallPath>\bin\oobconsole.exe -s <siteserver> -t <resourceID>

    Note

    If you are running the out of band management console outside the client's assigned site, specify the site server in the client's assigned site.

  2. When you have completed your out of band management tasks for the currently selected computer, you can leave the console running and connected or perform one of the following actions:

    - Click **File**, and then click **Exit** to disconnect from the computer and exit the out of band management console.
    
    - Click **Connection**, and then click **Disconnect** so that you can reconnect to the same computer later.
    

How to Run the Intel AMT Web Console

You can use the Intel AMT web console as an alternative to running the out of band management console. For more information about this web console, see the Intel documentation.

Note

To support the AMT web console on computers, in the Out of Band Management Component Properties dialog box, on the AMT Settings tab, select the option Enable Web interface.

Use the following procedure to manage computers by using the Intel AMT web console.

To manage computers by using the Intel AMT web console

  1. Open a web browser. In the address bar, type: https://<FQDN_of_computer>:16993 

    Note

    If your web browser uses a proxy web server, you might have to configure the computer's FQDN as an exception in your web browser so that the connection does not use the proxy web server for this connection on the intranet.

  2. Click Log On, and supply an AMT User Account and credentials.

  3. When you have finished using the AMT web console, close the web browser.

How to Power off Computers

You can power off a single computer or multiple computers in a selected collection, or power off all computers in a collection. This power control action is available from the Configuration Manager console and from the out of band management console.

Warning

When you power off a computer, this action should be performed as a last resort in a troubleshooting scenario where the operating system is not responding. To power off a computer has the same effect as removing the power cable from the computer: the operating system does not shut down correctly, unsaved work is lost, and logged-on users are not notified of the power off action.

Use the following procedures to power off one or more computers.

To power off individual computers from the Configuration Manager console

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, click Devices or Device Collections.

  3. Select one or multiple computers to power off, and then on the Home tab, in the Device group, click Manage Out of Band, and then click Power Control.

    Note

    The Power Control option is available for a resource only if it is provisioned for AMT.

  4. In the Power Control dialog box, select Power off, and then click OK to confirm the action.

To power off a single computer by using the out of band management console

  1. Connect to the resource by using the out of band management console.

  2. Click Power Control, click Power Off, and then click Yes to confirm the action.

To power off all computers in a collection from the Configuration Manager console

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, click Devices or Device Collections.

  3. Select a collection that contains the computers to power off, and then on the Home tab, in the Device group, click Manage Out of Band, and then click Power Control.

    Note

    The Power Control option is always available for a collection, even if the collection contains resources that are not provisioned for AMT. Configuration Manager sends power control actions only to the computers that are provisioned for AMT.

  4. In the Power Control dialog box, select Power off, and then click Yes to confirm the action.

How to Power on and Restart Computers

You can power on or restart a single computer or multiple computers in a selected collection, or power on or restart all computers in a collection. The power-on and restart power control actions are available from the Configuration Manager console and the out of band management console.

When you power on or restart a computer by using the out of band management console, you can also select the boot action to perform when the computer has powered on or restarted. The boot options available depend on what the computer supports, but typically include the following:

  • Boot normally

  • Boot from local CD or DVD drive

  • Boot from local hard drive

  • Boot from IDE redirection location

  • Boot from the network

  • Boot to BIOS

Note

If you power on or restart a computer that has a BIOS password configured, by default, the computer waits for the password to be entered until after the computer has powered on or restarted. If the computer supports bypassing the BIOS password for AMT management (this setting is manufacturer-dependent), selecting the option Enable BIOS password bypass in the Out of Band Management Component Properties dialog box on the AMT Settings tab or in the out of band management console enables the computer to start after the power on or restart action is performed.

Additionally, you can power on a computer before the configured deadline for a software deployment.

When you power on a computer by using the Configuration Manager console and when power on commands are sent to wake up computers for scheduled activities, the packets are always sent from the out of band service point. When you power on a computer by using the out of band management console, the packets are sent from the computer that is running the out of band management console. When the targeted computer is connected by a WAN link with the out of band service point, consider using the out of band management console from a computer that is local to the targeted computer to avoid traffic across the WAN.

Warning

Consider the restart of a computer to be a last resort in a troubleshooting scenario where the operating system is not responding. Restarting a computer has the same effect as pressing the Restart button: the operating system does not shut down correctly, unsaved work is lost, and logged-on users are not notified of the restart action.

Use the following procedures to power on or restart a computer.

To power on or restart individual computers from the Configuration Manager console

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, click Devices or Device Collections.

  3. Select one or multiple computers to power on or restart, and then, on the Home tab, in the Device group, click Manage Out of Band, and then click Power Control.

    Note

    The Power Control option is available for a resource only if it is provisioned for AMT.

  4. In the Power Control dialog box, select Power on if the computer is turned off or Restart Computer if the computer is running, and then click OK.

To power on or restart all computers in a collection from the Configuration Manager console

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, click Devices or Device Collections.

  3. Select a collection that contains computers to power on or restart, and then on the Home tab, in the Device group, click Manage Out of Band, and then click Power Control.

    Note

    The Power Control option is always available for a collection, even if the collection contains resources that are not provisioned for AMT. Configuration Manager sends power control actions only to the computers that are provisioned for AMT.

  4. In the Power Control dialog box, select Power on if computers are turned off or Restart Computer if the computers are running, and then click OK.

To power on or restart a single computer by using the out of band management console

  1. Connect to the resource by using the out of band management console.

  2. Click Power Control.

  3. If you want the computer to use a boot option that is different from its default configuration after it has powered on or restarted, select it from the Boot option list.

  4. If you select a boot option that uses IDE redirection, click Boot from local drive or Boot from file, and ensure that the default value associated with the option specified is correct for the computer. If you want to use another value, click the drop-down menu for the local drive, or click Browse to select the path and file name that contains the image file that you want to use. IDE paths must use ASCII characters only.

    Note

    To use the Boot from local drive and Boot from file options, the option Enable serial over LAN and IDE redirection must be selected in the Out of Band Management Properties dialog box on the AMT Settings tab.

  5. Optionally, select Bypass BIOS password and Lock remote keyboard if required and if these options are supported by the AMT-based computer.

  6. Click Power On if the computer is turned off, or click Restart Computer if the computer is running.

To power on computers before the configured deadline for a software deployment

  1. Ensure that the site is configured to send power-on commands for scheduled wake-up activities. For more information, see Step 6: Configuring the Site to Send Power on Commands for Scheduled Wake-Up Activities.

  2. Configure the scheduled deployment for wake-up packets.

How to Configure BIOS Settings for a Computer

You can remotely view and change BIOS settings of an AMT-based computer when you have selected the option Allow serial over LAN and IDE-Redirect for AMT devices in the Out of Band Management Component Properties dialog box on the AMT Settings tab.

This out of band management option uses serial-over-LAN technology and runs a terminal emulation session within the out of band management console so that you can remotely view and interact with the computer output.

Use the following procedure to run a serial over LAN connection to a computer so that you can remotely view and modify BIOS settings.

To configure BIOS settings for a computer

  1. Connect to the resource by using the out of band management console.

  2. If you have to change the default terminal emulation type from PC ANSI to VT-100 to match the terminal emulation settings in the targeted computer's BIOS, click Tools, click Options, select VT-100, and then click OK.

  3. Click Serial Connection.

  4. Click the Open Serial-over-LAN button, and then click Yes to acknowledge the warning about disconnecting a wireless connection. Wait for the BIOS Setup menu to display.

  5. Click Power Control, and from the displayed list of options for Boot Option, select the option that refers to BIOS Setup.

  6. Click Power On if the power state of the computer is off, or click Restart Computer if the power state of the computer is on.

  7. Click inside the blank window to activate the remote display session.

  8. View or change the BIOS settings, and then save them as required. When you have completed BIOS setup, and select the option to save the settings, the computer automatically restarts.

    Note

    Refer to your computer manufacturer's documentation for more information about configuring the BIOS settings.

  9. If you have finished managing the computer, choose one of the following options:

    - To disconnect from the computer and close the out of band management console, click **File**, and then click **Exit**.
    
    - To disconnect from the computer but leave the out of band management console running so that you can reconnect to it later, click **File**, and then click **Disconnect**.
    

How to Run Commands, Repair Tools, and Diagnostic Applications for a Computer

You can remotely run commands, repair tools, and diagnostic applications for an AMT-based computer when both of the following conditions apply:

  • The files or commands to run character-based tools or applications, which can be located from a network share or are locally available to the computer. (For example, they have been installed onto the local hard drive by using Configuration Manager application management.)

  • A boot image that runs a character-based operating system.

    Note

    To use this option, in the Out of Band Management Component Properties dialog box on the AMT Settings tab, select the Enable serial over LAN and IDE redirection advanced setting.

This out of band management option uses serial-over-LAN technology and runs a terminal emulation session from within the out of band management console so that you can remotely view and interact with the computer output.

Although it is possible to remotely run graphics-based applications, the output will not be visible in the out of band management console. Run graphics-based applications only if you can run them completely automated. For example, you can reinstall an operating system if you also specify an unattended setup file so that no interaction is required for completion.

Use the following procedure to remotely run commands, repair tools, or diagnostic applications on a computer.

To remotely run commands, repair tools, or diagnostic applications on a computer

  1. Connect to the resource by using the out of band management console.

  2. If you have to change the default terminal emulation type from PC ANSI to VT-100 to match the terminal emulation settings in the targeted computer's BIOS, click Tools, click Options, select VT-100, and then click OK.

  3. Click Serial Connection.

  4. Click the Open Serial-over-LAN button, and then click Yes to acknowledge the warning about disconnecting a wireless connection. Wait for the computer to complete startup, while the command prompt is displayed.

  5. Click Power Control, and from the displayed list of options for Boot option, select the option that refers to IDE redirection.

  6. Click Boot from file, and if required, change the default value for the IDE redirection file path so that it specifies the path and file that will run the character-based operating system. IDE paths must use ASCII characters only.

  7. Click Power On if the power state of the computer is off, or click Restart Computer if the power state of the computer is on.

  8. Click inside the blank window to activate the remote display session.

  9. Run the commands, repair tools, or diagnostic applications.

  10. Click Power Control, and then choose one of the following options:

    • To restart the computer, select the option that refers to normal boot from the displayed list of options for Boot option, and then click Restart Computer.

    • To power down the computer, click Power Off.

  11. If you have finished managing the computer, choose one of the following options:

    • To disconnect from the computer and close the out of band management console, click File, and then click Exit.

    • To disconnect from the computer but leave the out of band management console running so that you can reconnect to it later, click File, and then click Disconnect.