Dell 7020 - is there a chance to activate AMT for KVM/remote control?

Hi,
Dell Optiplex 7020 has standard management onboard and that’s working fine (power on/off, reset, hardware inventory etc.).
I’ve checked that with Meshcommand so far.
But “KVM” for remote console is not available.
Is there a chance to activate the Remote Control (KVM) feature with active management?

See Output of MEInfo here:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 

Intel(R) MEInfo Version: 9.1.45.3000
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.
 
Intel(R) Manageability and Security Application code versions:
 
BIOS Version: A18
MEBx Version: 9.0.0.0029
Gbe Version: 1.3
VendorID: 8086
PCH Version: 4
FW Version: 9.1.45.3000 H
LMS Version: 11.7.0.1035
MEI Driver Version: 11.7.0.1032
Wireless Hardware Version: Not Available
Wireless Driver Version: Not Available
 
FW Capabilities: 0x493A1946
 
Intel(R) Standard Manageability - PRESENT/ENABLED
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED
Service Advertisement & Discovery - PRESENT/ENABLED
 
Intel(R) Standard Manageability State: Enabled
TLS: Enabled
Last ME reset reason: Global system reset
Local FWUpdate: Enabled
BIOS Config Lock: Enabled
GbE Config Lock: Enabled
Host Read Access to ME: Disabled
Host Write Access to ME: Disabled
SPI Flash ID #1: C22017
SPI Flash ID VSCC #1: 20452045
SPI Flash ID #2: C22016
SPI Flash ID VSCC #2: 20452045
SPI Flash BIOS VSCC: 20452045
BIOS boot State: Post Boot
OEM Id: 68853622-eed3-4e83-8a86-6cde315f6b78
Link Status: Link up
System UUID: 4c4c4544-0036-5010-804b-c7c04f533432
MAC Address: 98-90-96-b8-77-55
IPv4 Address: 192.168.0.87
IPv6 Enablement: Disabled
Privacy/Security Level: Default
Configuration state: Completed
Provisioning Mode: PKI
Capability Licensing Service: Enabled
OEM Tag: 0x00000000
Slot 1 Board Manufacturer: 0x00001028
Slot 2 System Assembler: Unused
Slot 3 Reserved: Unused
M3 Autotest: Enabled
C-link Status: Disabled
Wireless Micro-code Mismatch: No
Wireless Micro-code ID in Firmware: 0x0082
Wireless LAN in Firmware: Intel(R) Centrino(R) Ultimate-N 6205
Wireless Hardware ID: No Intel WLAN card installed
Wireless LAN Hardware: No Intel WLAN card installed
Localized Language: German
Independent Firmware Recovery: Disabled
 

Hi,

It should be possible if the CPU and PCH are compatible. What AMT sticker from Dell do you see in the system? Also, what motherboard jumpers do you see?

CPU is i5-4690, Chipset is Q87 express.
According to the specifications both are fully AMT (including OOB/KVM/Remote Console) capable.

From Dell they are coming only with “standard Management” (=no KVM).
A Sticker on the inside says: AMT_DASH_VPRO: Default "1"
No other related stickers on the outside.

Jumpers inside:

Jumper Setting Description
PSWD Default Password features are enabled
RTCRST pin 1 and 2 Real-time clock reset. Can be used for troubleshooting.

Service_Mode (found no documentation, tested it, but could not see any real change on the bios except a message about active service mode)

Offical Tech Specs from Dell (https://i.dell.com/sites/csdocuments/Bus…Sheet-FINAL.pdf) says in footnote 8:
8. Systems Management Options:
- Intel® Standard Manageability – Fully enabled at point of purchase, the Intel Standard Management option is a subset of the AMT features. ISM is not upgradeable to vPro technology post-purchase.
- No Out-of-Band Systems Management - This option entirely removes Intel out of band systems (OOB) management features. The system can still support in band management. OOB management
support through AMT cannot be upgraded post-purchase.

So i don’t assume an “easy” switch to activate OOB/KVM/AMT is available.
Some tricky stuff necessary; that’s why I’m here with the specialists :slight_smile:

Yes, both CPU and PCH are vPro compatible. I’m used to seeing other stickers from Dell such as ME LOCKOUT, ME DISABLE etc but I don’t think it’s going to be a problem. Set the Service Mode jumper, download ME System Tools v9.1 from Section C of Intel Management Engine: Drivers, Firmware & System Tools, run Flash Programming Tool with parameter “fptw -d spi.bin”, compress and attach “spi.bin” output SPI image.

No Read Access …

D:\Intel ME System Tools v9.1 r7\Flash Programming Tool\WIN64>fptw64.exe -d spi.bin

Intel (R) Flash Programming Tool. Version: 9.1.10.1000
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.

Platform: Intel(R) Q87 Express Chipset
Reading HSFSTS register… Flash Descriptor: Valid

— Flash Devices Found —
MX25L6405D ID:0xC22017 Size: 8192KB (65536Kb)
MX25L3205A ID:0xC22016 Size: 4096KB (32768Kb)



Error 26: The host CPU does not have read access to the target flash area. To enable read access for this operation you must modify the descriptor settings to give host access to this region.

Ooops…my fault. Forgot the Jumper to be shortened … It does work …

D:\Intel ME System Tools v9.1 r7\Flash Programming Tool\WIN64>fptw64.exe -d spi.bin

Intel (R) Flash Programming Tool. Version: 9.1.10.1000
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.

Platform: Intel(R) Q87 Express Chipset
Reading HSFSTS register… Flash Descriptor: Valid

— Flash Devices Found —
MX25L6405D ID:0xC22017 Size: 8192KB (65536Kb)
MX25L3205A ID:0xC22016 Size: 4096KB (32768Kb)


- Reading Flash [0xC00000] 12288KB of 12288KB - 100% complete.
Writing flash contents to file “spi.bin”…

Memory Dump Complete
FPT Operation Passed

File is ZIP/RAR/7z around 7MB … max. file attachment is 6MB here …
Let’s see how I can get it uploaded…

Hmmm… a little tricky here. 6MB limit and only a list of extensions allowed.
Okay, I used a zip file split in two and added .ZIP to each filename.
To recover: remove the final ".zip" from the files and then extract.

spi.zip.001.zip (5 MB)

spi.zip.002.zip (1.85 MB)

Alright, here is the fixed SPI image with AMT enabled. Make sure the jumper is set, flash via "fptw -f spi_fix.bin", set the jumper back while the system runs and execute "fptw -greset" to restart the CPU+ME. Afterwards, you should have AMT working.

spi_fix.part1.rar (5 MB)

spi_fix.part2.rar (1.47 MB)

Nice,
work’s like a charm. KVM now active,
Thank you for your support.

Is that spi_fix usable for other identical systems as well? Or is it locked to this one machine only.

Good. Not the full SPI image, only the ME region. You can flash that at all 7020’s, when the jumper is set, via “fptw -me -f spi_me.bin” followed by “fptw -greset”.

spi_me.rar (2.86 MB)

Hi @plutomaniac.
Could you please help me to enable AMT on my 7020 me fw?
It is OK to have only the ME region ?
Or you need all SPI fw?
Thanks !

Use the above attachment with the same instructions. It’s a ME region only so applicable to all 7020 machines.

Thanks for the quick answer !
I’ve tried the attached ME fw but I’ve noticed that after flashing it has a System UUID different than dumped from my bios and the Localized Language is set to German.
It is working, but Memanuf returns an error.

Meantime, following your instructions on another thread, I’ve just managed to dump, enable AMT and reflash the ME region firmware dumped from my pc.
Now everything is working OK and Memanuf returns also no error.
I have only one question related to Independent Firmware Recovery which i forgot to enable.
There is a need to be enabled, as in your attached fw, or can be left disabled ?

Best regards !

Ok, great work. No that option doesn’t matter, leave it as it is. You’re good to go.

Hey @plutomaniac

I was hoping you might be able to help me out. I have a Dell 7020 and am trying to enable AMT. There is a small yellow sticker inside the cover which says "ME Disabled" and also has a large "3" printed on it.

When I run "MEInfoWin64" with no service mode jumper (i.e OFF, default mode) I get the following output:


Intel(R) MEInfo Version: 9.1.45.3000
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.

Intel(R) ME code versions:

BIOS Version: A18
MEBx Version: 0.0.0.0000
Gbe Version: 1.3
VendorID: 8086
PCH Version: 4
FW Version: 9.1.45.3000 H
LMS Version: Not Available
MEI Driver Version: 11.7.0.1032
Wireless Hardware Version: Not Available
Wireless Driver Version: Not Available

FW Capabilities: 0x01111940

Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - PRESENT/ENABLED
Intel(R) Dynamic Application Loader - PRESENT/ENABLED

TLS: Disabled
Last ME reset reason: Power up
Local FWUpdate: Enabled
BIOS Config Lock: Enabled
GbE Config Lock: Enabled
Host Read Access to ME: Disabled
Host Write Access to ME: Disabled
SPI Flash ID #1: C22017
SPI Flash ID VSCC #1: 20452045
SPI Flash ID #2: C22016
SPI Flash ID VSCC #2: 20452045
SPI Flash BIOS VSCC: 20452045
BIOS boot State: Post Boot
OEM Id: 68853622-eed3-4e83-8a86-6cde315f6b78
Link Status: Link down
MAC Address: 00-00-00-00-00-00
IPv4 Address: 0.0.0.0
Capability Licensing Service: Enabled
OEM Tag: 0x00000000
Wireless Micro-code Mismatch: No
Wireless Micro-code ID in Firmware: 0x0082
Wireless LAN in Firmware: Intel(R) Centrino(R) Ultimate-N 6205
Wireless Hardware ID: No Intel WLAN card installed
Wireless LAN Hardware: No Intel WLAN card installed
Localized Language: English
Independent Firmware Recovery: Disabled


However, when I have the service mode jumper on and run the same command "MEInfoWin64" I get the following errors:


Intel(R) MEInfo Version: 9.1.45.3000
Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.


Error 9256: Communication error between application and Intel(R) ME module (FW Update client)

Error 0099: Unknown error code

Error 9256: Communication error between application and Intel(R) ME module (FW Update client)

Error 0099: Unknown error code

Error 9256: Communication error between application and Intel(R) ME module (FW Update client)

Error 0099: Unknown error code

Error 9256: Communication error between application and Intel(R) ME module (FW Update client)

(This continues but I think you get the idea)


Then when I run the command (service jumper still on) "fptw64.exe -d spi.bin" or "fptw -me -f spi_me.bin" I get the following errors:


Intel (R) Flash Programming Tool. Version: 9.1.10.1000
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.


Error 284: Fail to load driver (PCI access for Windows).
Tool needs to run with an administrator priviledge account.


I think it it because of this line:

MEBx Version: 0.0.0.0000

Any help would be much appreciated and thank you in advance …

thanks, it worked without a problem on my 7020 sff.

I flashed the spi_fix, it worked fine. My bios language was left on English and service tag was left intact. How do I know if my UUID changed? I foolishly didn’t backup my BIOS or ME.
Could you please link to the another thread?

Hello,
my system is Optiplex 7020 SFF bios A18
What I did is:
put jumper on service_mode
and flash spi_me.bin
with command
fptw -me -f spi_me.bin
followed by
fptw -greset
my PC reset and
now it power led blinks yellow 2 bliks, pause, 1 blink
says motherboard is faulty - replace motherboard
Is there any way I can bring it to live?
regards,
Maciek

Either Dell has a recovery mode or you’ll have to buy a programmer and flash back your backup.

I replaced PC for reused one;
Is there a way for safe:
backup whole bios
activate KVM
in case of any problems to recover bios
is this task bios version dependent?
(I can borrow bios programmer if neccesarry)
ragards,
Maciek

Too little information, too unspecific questions.
Backup complete bios can be done with programmer, or often with fpt for Intel- bios, lots of information in the forum.

Activating KVM was done several times for different ME versions. Be sure to meet the requierements- vpro capable network device, vpro capable chipset, vpro capable cpu, corporate ME firmware