Remote Desktop with the web app does not work with AMT 12.0.22.1310

[nomis]

With 11.8.70.3626 the WebSocket messages look like this:

-> 10:01:00:00:4b:56:4d:52
<- 11:00:00:00:01:00:0b:08:57:01:00:00:00

-> 13:00:00:00:01:00:00:00:00
<- 14:00:00:00:01:00:00:00:00

-> 40:00:00:00:00:00:00:00
<- 41:00:00:00:00:00:00:00:52:46:42:20:30:30:34:2e:30:30:30:0a

With 12.0.22.1310, this happens (it fails to skip authentication):

-> 10:01:00:00:4b:56:4d:52
<- 11:00:00:00:01:00:0c:00:57:01:00:00:00

-> 13:00:00:00:01:00:00:00:00
<- 14:02:00:00:01:00:00:00:00

If I connect directly with MeshCommander, it authenticates and then the RFB session works:

-> 10:01:00:00:4b:56:4d:52
<- 11:00:00:00:01:00:0c:00:57:01:00:00:00

-> 13:00:00:00:00:00:00:00:00
<- 14:00:00:00:00:01:00:00:00:04

-> 13:00:00:00:04:20:00:00:00:*
<- 14:01:00:00:04:4e:00:00:00:*

-> 13:00:00:00:04:b3:00:00:00:*
<- 14:00:00:00:04:00:00:00:00

-> 40:00:00:00:00:00:00:00
<- 41:00:00:00:00:00:00:00:52:46:42:20:30:30:33:2e:30:30:38:0a

I'm using MeshCommander v0.8.8.

[nomis]

Based on the SDK code the 0x02 response indicates that the session is busy, but it's not. The /ws-redirection URL just always fails like this.

[nomis]

Using authentication type 02 on the WebSocket connection instead of 00 works:

-> 13:00:00:00:02:00:00:00:00
<- 14:00:00:00:02:00:00:00:00

[nomis]

However... while that fixes the problem for HTTP it doesn't even get that far on HTTPS.

When using HTTPS, AMT 12 immediately closes the established WebSocket connection:

GET /ws-redirection HTTP/1.1
Host: 127.0.0.1:8080
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: sckiHh3nixFfu1uMLOZBpw==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Authorization: Digest username="*", realm="Digest:*", nonce="*", uri="/ws-redirection", response="*", qop="auth", nc=00000002, cnonce="*"
User-Agent: Python/3.7 websockets/8.1

HTTP/1.1 101 Switching protocols
Content-Type: text/html
Server: Intel(R) Active Management Technology 12.0.22.1310
Upgrade: websocket
Connection: Upgrade
Content-Length: 0
Sec-Websocket-Accept: YEGdOE4KoaWIqxQfyAXg80y1RQo=

The same process works on AMT 11:

GET /ws-redirection HTTP/1.1
Host: 127.0.0.1:8080
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: ovp/qFOn9OCbwSSkBjOu+Q==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Authorization: Digest username="*", realm="Digest:*", nonce="*", uri="/ws-redirection", response="*", qop="auth", nc=00000002, cnonce="*"
User-Agent: Python/3.7 websockets/8.1

HTTP/1.1 101 Switching protocols
Content-Type: text/html
Server: Intel(R) Active Management Technology 11.8.70.3626
Upgrade: websocket
Connection: Upgrade
Content-Length: 0
Sec-Websocket-Accept: 8+TNFG9qxMHNP0sEaCod18AogB4=

..V].WF\.W.....
........W.......U...U...U....   .........................A.......RFB 004.000
..b4._a.....

(127.0.0.1:8080 is a stunnel proxy to :16993)

[Ylianst]

Wow, it's crazy you found this and the fix for it. I just published a "new" version of MeshCommander v0.8.8 with your pull request included. You need to uninstall/downloads/reinstall v0.8.8 to get the update.

[nomis]

Do you have a solution to /ws-redirection not working at all over HTTPS on AMT 12? I've opened a support case with Intel (04749316) but MeshCommander is the only user of this URL. The feature gets a couple of mentions in the SDK documentation without providing the URL.

[nomis]

Intel will have fixed this in an unspecified later version of AMT but refused to fix this in AMT 12.