Unsolved
This post is more than 5 years old
7 Posts
0
18383
Optiplex 7040 Enable AMT
When booting the machine, pressing F12 does not provide an option to configure AMT. The option to display is enabled in the BIOS but that option does not appear during boot, and pressing the key combo does nothing. In Windows, device manager does show the management engine. Is there a firmware update that is needed to be able to configure vPro options? My understanding is that this can be configured from Dell - if the machines we have were ordered with vPro disabled in firmware, how do we re-enable it, as the hardware obviously supports it - i7-6700 and a Q-series chipset with Intel NIC.
Thanks!
-Mike
ejn63
9 Legend
9 Legend
•
87.5K Posts
0
March 4th, 2017 04:00
There's no easy way to enable vPro if the board has it disabled -- it requires extensive BIOS hacking to accomplish.
speedstep
9 Legend
9 Legend
•
47K Posts
0
March 4th, 2017 08:00
Systems without INTEL AMT or if the control P MEBx has been disabled is a one way trip. This is not reversible.
It is not possible to change the Manageability Mode when options 3 or 4 have been selected.
Long: TLS Encryption Disabled, Dell OptiPlex
Option Online: TLS Encryption Disabled
MOD MOD,INFO,MGMT,TLS,DISABLE,OPTI
* The No TLS option only applies to the following countries: China, France, Hong Kong, Israel, Korea, Poland, and Russia.
This is true from the 755 and up.
Manageability Mode Options on Replacement System Boards for the OptiPlex™ 755
The OptiPlex™ 755 has one system board per chassis available for dispatch. The system board is shipped in manufacturing mode and the end user or service provider must select the manageability option upon first boot. There are four manageability options that might be seen on the customer order according to the original configuration purchased.
For information on what manageability options were configured when the system was originally shipped, refer to Table 1:
AMT
DASH Ready
Long: Advanced Client Systems Management,with vPro,Dell OptiPlex
Option Online: Advanced Client Systems Management (w/ vPro)
MOD MOD,LBL,MGMT,VPRO/AMT/DASH
DASH Ready
Long: Advanced Client Systems Management,with iAMT,Dell OptiPlex
Option Online: Advanced Client Systems Management (w/ iAMT)
MOD MOD,INFO,MGMT,AMT/DASH,OPTI
Long: Basic Client Systems Management,with ASF,Dell OptiPlex
Option Online: Basic Client Systems Management (w/ ASF)
MOD MOD,INFO,MGMT,ASF ENABLED
NN180
Long: Client Systems Management Disabled, Dell OptiPlex
Option Online: Client Systems Management Disabled
MOD MOD,INFO,MGMT,MEBX,DISABLE,OPT
MOD MOD,INFO,1-WATT,BIOS,OPTI,755
Long: One Touch Provisioning Support, Dell OptiPlex
Option Online: One Touch Provisioning Support
MOD MOD,INFO,MGMT,ONE TOUCH CNFG
Long: Legacy ASF Setting for iAMT,Dell OptiPlex
Option Online: Legacy ASF Setting for iAMT
MOD MOD,INFO,MGMT,ASF ROLL BACK
Long: TLS Encryption Disabled, Dell OptiPlex
Option Online: TLS Encryption Disabled
MOD MOD,INFO,MGMT,TLS,DISABLE,OPTI
* The No TLS option only applies to the following countries: China, France, Hong Kong, Israel, Korea, Poland, and Russia.
Table 1: Manageability Mode Labels
When issuing a dispatch, leave a note in the Comments to Service Provider field with the Manageability Mode option that must be selected after the system board is replaced.
The Manageability Mode Sticker on the Chassis Cover for the OptiPlex™ 755
On the inside of the removable side cover there is a 2" x 1" label denoting the manageability mode with which the system was purchased (Figures 1 and 2).
Figure 1: The Manageability Mode Sticker Location on the OptiPlex 755
Figure 2: The Four Different Manageability Mode Stickers on the OptiPlex 755
Configure the Manageability Mode on a Replacement System Board
Open the chassis cover and locate the manageability mode sticker.
Verify the number on the manageability mode sticker.
Close the chassis cover, plug the power cord back into the system, and turn the system on.
At the Type the number corresponding with your selection: prompt, press the key for the number obtained from the sticker (Figure 1).
Figure 1: Prompt Received After Replacing the System Board
At the Continue with selection? (Y/N) prompt, press .
After the system shuts down, turn the system back on to continue with normal operation.
Change Manageability Modes 1 and 2 if Incorrectly Selected
It is not possible to change the Manageability Mode when options 3 or 4 have been selected.
If Manageability Mode options 1 or 2 are incorrectly selected after replacing the system board, correct this by performing the following steps:
Restart the computer.
Press and hold while tapping
at the Dell logo screen to enter the Intel Management Engine BIOS Extension (MEBx) screens.
When prompted, enter the password and press .
Select Intel (R) ME Configuration and press .
At the [ Caution ] screen, press .
At the Intel (R) ME Configuration screen, press to select Intel (R) ME Features Control amd Press the key.
Press to select Manageability Feature Selection.
Use or to select either Intel (R) AMT or ASF, which are respectively options 1 and 2 when selecting the Manageability Mode on a replacement system board.
mpanichello
7 Posts
0
March 4th, 2017 14:00
Ejn63 is correct. I know there's no simple, or supported, way of doing this, but I have found guides for extracting, modifying, and reflashing the management engine firmware. I guess I'll have to give that a shot.
Saying it's not possible is technically not true - this is a firmware limitation rather than something physically on the board or chip, so all it should require is a modification of that flag. I'll update with a how to if I can get some time to walk through it and document what works.
mpanichello
7 Posts
0
March 6th, 2017 22:00
Success! I updated three Optiplex 7040's from ME disabled to enabled using the Intel Flash Programming Tool and Flash Image Tool. Actually, a very simple procedure! I'll make a new post with a writeup if anyone's interested and if it doesn't violate the site's policy - obviously, this would be completely unsupported by Dell.
speedstep
9 Legend
9 Legend
•
47K Posts
1
March 8th, 2017 07:00
"Saying it's not possible is technically not true" - this is a firmware limitation rather than something physically on the board or chip"
This is not entirely correct because the AMT firmware and Bit Locker requires the TPM chip which is not on embargoed country's motherboard. The No TLS option applies to the following countries: China, France, Hong Kong, Israel, Korea, Poland, and Russia.The microsoft Certificates and SLP Product key are also not stored in the bios chip. Flashing Utilities for BIOS are not made available to the general public. TPM chips are actually banned and illegal in china and russia etc. This is also why there are export restrictions on encryption and TPM and other technologies.
:emotion-3:
mpanichello
7 Posts
0
March 8th, 2017 09:00
You're correct regarding the TPM being removed from certain motherboards for export restrictions. The TPM isn't required for AMT - it's optional, and the management engine will still function without it.
akrell1715
3 Posts
0
March 22nd, 2017 10:00
I would be very interested in the answer. I have the same problem.
anton.bogdanovi
1 Message
0
July 18th, 2017 11:00
Hello, could you post an instruction.
bluetoe
8 Posts
0
September 14th, 2017 09:00
Please do post your solution or a link to it. Thanks!
aquarc
1 Message
0
October 5th, 2017 04:00
I have the same problem and would be interested in the howto. Please do help the community if you found the answer (and said you'd post it).
speedstep
9 Legend
9 Legend
•
47K Posts
0
October 10th, 2017 10:00
Dell doesn't post how to "enable" amt firmware or bios features. This is done at the factory.
If you disable AMT you must replace the motherboard because this can only be done at the factory at the time of purchase.
mpanichello
7 Posts
0
October 10th, 2017 16:00
Am I allowed to post external links here? I took screenshots and documented how to do it, I just don't know where to post it.
It's really not that difficult. You copy the data from flash, modify a flag, and reflash your motherboard. Literally takes less than five minutes.
mpanichello
7 Posts
1
October 10th, 2017 16:00
I'm working on organizing my screenshots into an imgur album. I did this on three different Optiplex 7040's, so I'm confident it can be done. Keep in mind that you are modifying your system flash and doing this could render your system unbootable if there is an error. I'm not *recommending* that you do this, I'm just showing that it is possible.
Album (completely a mess) here: https://imgur.com/a/Mh9Jz
Essentially, you need to close a jumper on the motherboard marked "service mode." I used the PW reset jumper since I didn't have a spare laying around. You'll need to get a copy of Intel's Flash Image Tool kit - you're on your own, there - and using those tools, you can see the commands I ran to get the flash into a file, modify the AMT flag, and reflash the resulting file in the screenshots.
mpanichello
7 Posts
0
October 10th, 2017 17:00
I really want to stress that this is firmware level modification that, done incorrectly, could render your system unbootable and require a hardware replacement. Only do this if you are willing to tinker and don't care about any sort of warranty support from Dell. Your best bet is to make sure you get a machine with AMT enabled from the factory. While *I* did it, I don't know you, or your technical skillset. That being said, I'm not a super genius - I figured this out from lots of google searching.