Closed nomis closed 4 years ago
Based on the SDK code the 0x02 response indicates that the session is busy, but it's not.
The /ws-redirection
URL just always fails like this.
Using authentication type 02
on the WebSocket connection instead of 00
works:
-> 13:00:00:00:02:00:00:00:00
<- 14:00:00:00:02:00:00:00:00
However... while that fixes the problem for HTTP it doesn't even get that far on HTTPS.
When using HTTPS, AMT 12 immediately closes the established WebSocket connection:
GET /ws-redirection HTTP/1.1
Host: 127.0.0.1:8080
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: sckiHh3nixFfu1uMLOZBpw==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Authorization: Digest username="*", realm="Digest:*", nonce="*", uri="/ws-redirection", response="*", qop="auth", nc=00000002, cnonce="*"
User-Agent: Python/3.7 websockets/8.1
HTTP/1.1 101 Switching protocols
Content-Type: text/html
Server: Intel(R) Active Management Technology 12.0.22.1310
Upgrade: websocket
Connection: Upgrade
Content-Length: 0
Sec-Websocket-Accept: YEGdOE4KoaWIqxQfyAXg80y1RQo=
The same process works on AMT 11:
GET /ws-redirection HTTP/1.1
Host: 127.0.0.1:8080
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: ovp/qFOn9OCbwSSkBjOu+Q==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Authorization: Digest username="*", realm="Digest:*", nonce="*", uri="/ws-redirection", response="*", qop="auth", nc=00000002, cnonce="*"
User-Agent: Python/3.7 websockets/8.1
HTTP/1.1 101 Switching protocols
Content-Type: text/html
Server: Intel(R) Active Management Technology 11.8.70.3626
Upgrade: websocket
Connection: Upgrade
Content-Length: 0
Sec-Websocket-Accept: 8+TNFG9qxMHNP0sEaCod18AogB4=
..V].WF\.W.....
........W.......U...U...U.... .........................A.......RFB 004.000
..b4._a.....
(127.0.0.1:8080 is a stunnel proxy to :16993)
Wow, it's crazy you found this and the fix for it. I just published a "new" version of MeshCommander v0.8.8 with your pull request included. You need to uninstall/downloads/reinstall v0.8.8 to get the update.
Do you have a solution to /ws-redirection not working at all over HTTPS on AMT 12? I've opened a support case with Intel (04749316) but MeshCommander is the only user of this URL. The feature gets a couple of mentions in the SDK documentation without providing the URL.
Intel will have fixed this in an unspecified later version of AMT but refused to fix this in AMT 12.
With 11.8.70.3626 the WebSocket messages look like this:
With 12.0.22.1310, this happens (it fails to skip authentication):
If I connect directly with MeshCommander, it authenticates and then the RFB session works:
I'm using MeshCommander v0.8.8.