Intel® Converged Security and

Management Engine Software

Installation and Configuration Guide
Supporting Intel® CSME firmware version: 15

June 2022

Revision 1.15
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED,
BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS
PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER
AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS
INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR
INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

A “Mission Critical Application” is any application in which failure of the Intel Product could result, directly or indirectly, in
personal injury or death. SHOULD YOU PURCHASE OR USE INTEL’S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION,
YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS,
OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE
ATTORNEYS’ FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR
DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS
SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS
PARTS.

Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the
absence or characteristics of any features or instructions marked “reserved” or “undefined”. Intel reserves these for future
definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The
information here is subject to change without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata which may cause the product to
deviate from published specifications. Current characterized errata are available on request.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.

Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained
by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm%20
All products, platforms, dates, and figures specified are preliminary based on current expectations, and are subject to change
without notice. All dates specified are target dates, are provided for planning purposes only and are subject to change.
This document contains information on products in the design phase of development. Do not finalize a design with this
information. Revised information will be published when the product is available. Verify with your local sales office that you have
the latest datasheet before finalizing a design.
Intel® Active Management Technology requires activation and a system with a corporate network connection, an Intel® AMT-
enabled chipset, network hardware and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-based
VPN, when connecting wirelessly, on battery power, sleeping, hibernating or powered off. Results dependent upon hardware,
setup and configuration. For more information, visit Intel® Active Management Technology.
No system can provide absolute security under all conditions. Intel® Anti-Theft Technology (Intel® AT) requires an enabled
chipset, BIOS, firmware and software, and a subscription with a capable Service Provider. Consult your system manufacturer an d
Service Provider for availability and functionality. Service may not be available in all countries. Intel assumes no liability for lost
or stolen data and/or systems or any other damages resulting thereof. For more information, visit http://www.intel.com/go/anti-
theft.
No system can provide absolute security under all conditions. Requires an Intel® Identity Protection Technology-enabled system,
including a 2nd gen Intel® Core™ processor enabled chipset, firmware and software, and participating website. Consult your
system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more
information, visit http://ipt.intel.com.
Code names featured are used internally within Intel to identify products that are in development and not yet publicly announced
for release. Customers, licensees and other third parties are not authorized by Intel to use code names in advertising, promotion
or marketing of any product or services and any such use of Intel’s internal code names is at the sole risk of the user.
Intel, Core, and the Intel logo are trademarks of Intel Corporation in the U.S. and other countries.
*Other names and brands may be claimed as the property of others.
Copyright © 2022 Intel Corporation. All rights reserved

2
IMPORTANT—READ BEFORE COPYING, INSTALLING OR USING.
Do not use or load this software or any associated materials (collectively, the “Software”) until you have carefully read the
following terms and conditions. By loading or using the Software, you agree to the terms of this Agreement. If you do not wish to
so agree, do not install or use the Software.
LICENSE—Subject to the restrictions below, Intel Corporation (“Intel”) grants you the following limited, revocable, non-exclusive,
non-assignable, royalty-free copyright licenses in the Software.
The Software may contain the software and other property of third party suppliers, some of which may be identified in, and
licensed in accordance with, the “license.txt” file or other text or file in the Software:
DEVELOPER TOOLS—including developer documentation, installation or development utilities, and other materials, including
documentation. You may use, modify and copy them internally for the purposes of using the Software as herein licensed, but you
may not distribute all or any portion of them.
RESTRICTIONS—You will make reasonable efforts to discontinue use of the Software licensed hereunder upon Intel’s release of
an update, upgrade or new version of the Software.
You shall not reverse-assemble, reverse-compile, or otherwise reverse-engineer all or any portion of the Software.
Use of the Software is also subject to the following limitations:
You,
(1) are solely responsible to your customers for any update or support obligation or other liability which may arise from the
distribution of your product(s)
(ii) shall not make any statement that your product is “certified,” or that its performance is guaranteed in any way by Intel
(iii) shall not use Intel’s name or trademarks to market your product without written permission
(iv) shall prohibit disassembly and reverse engineering, and
(v) shall indemnify, hold harmless, and defend Intel and its suppliers from and against any claims or lawsuits, including
attorney’s fees, that arise or result from your distribution of any product.
OWNERSHIP OF SOFTWARE AND COPYRIGHTS—Title to all copies of the Software remains with Intel or its suppliers. The
Software is copyrighted and protected by the laws of the United States and other countries, and international treaty provisions.
You will not remove, alter, deface or obscure any copyright notices in the Software. Intel may make changes to the Software or
to items referenced therein at any time without notice, but is not obligated to support or update the Software. Except as
otherwise expressly provided, Intel grants no express or implied right under Intel patents, copyrights, trademarks, or other
intellectual property rights. You may transfer the Software only if the recipient agrees to be fully bound by these terms and if you
retain no copies of the Software.
LIMITED MEDIA WARRANTY—If the Software has been delivered by Intel on physical media, Intel warrants the media to be free
from material physical defects for a period of ninety (90) days after delivery by Intel. If such a defect is found, return the media
to Intel for replacement or alternate delivery of the Software as Intel may select.
EXCLUSION OF OTHER WARRANTIES—EXCEPT AS PROVIDED ABOVE, THE SOFTWARE IS PROVIDED “AS IS” WITHOUT ANY
EXPRESS OR IMPLIED WARRANTY OF ANY KIND INCLUDING WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR
FITNESS FOR A PARTICULAR PURPOSE. Intel or its suppliers do not warrant or assume responsibility for the accuracy or
completeness of any information, text, graphics, links or other items contained in the Software.
LIMITATION OF LIABILITY—IN NO EVENT SHALL INTEL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER
(INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, OR LOST INFORMATION) ARISING OUT OF THE
USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF INTEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME JURISDICTIONS PROHIBIT EXCLUSION OR LIMITATION OF LIABILITY FOR IMPLIED WARRANTIES OR CONSEQUENTIAL OR
INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT
VARY FROM JURISDICTION TO JURISDICTION.

3
Revision History
Revision Description Revision Date
Number

0.3 • Initial Release April 2018

0.5 • Updated Tiger Lake and Intel® CSME References February 2019

0.7 • Updated Tiger Lake and Intel® CSME References February 2019

0.8 • Update backward supporting platform May 2019

1.0 • Remove IPT in –meidalonly in section 6.1.1 November 2019

• Remove Intel® Online Connect (IOC)
• Remove OEM extension INF since the function has been
migrated to MEI driver, update in section 3.4 and 6.1.2
• Add WIFI driver requirement for Wiman driver in section
6.1.2
• Add Note in section 6.1.2 : MEI driver folder layout change
in \Installers\WindowsDriverPackages\MEI

1.1 • Update copyright year to 2020 April 2020

• Update section 1
• Remove section ME_SW_MSI
• Remove support of Win7 / Win 8 in section 4 and section 6
• Remove section : Installing Microsoft* .NET Framework
• Update section : How to Install
• Remove section : Advanced Configuration of Intel®
Management and Security Status Application
• Update description of installer option -b in section 5.1

1.2 • Update description of MEI device in section 2.1: add HECI3 June 2020
for ME15

1.3 • Replace Intel® iCLS with Intel® TCS July 2020

• Add description: Intel® DAL also known as JHI

1.4 • Update description of MEI device in section 2.1: remove September 2020
HECI3
• Add flag -wmionly in section 5.1

1.5 • Change the display name of MEI device in section 5.1 September 2020

1.6 • Add description about installation of Intel® TCS in section October 2020
2.7
• Revise LMS, TCS and DAL description in section 3.2
• Update the table for different platform capabilities in section
3.2

1.7 • Update copyright year to 2021 December 2020

• Update supporting OS in section 4

4
1.8 • Add description about requirement of Intel® Wiman in January 2021
section 2.8

1.9 • Update titles in section 3 to align with SW package layout April 2021
• Add IMSS_HSA_EXTENSION in section 3.3 and section 5.2
• Update Intel® Wiman driver requirement in section 2.8 and
3.2
• Remove PAVP column in table in section 3.2

1.10 • Update the description of IMSS in section 2.5 May 2021

1.11 • Remove MEI-Only Installer section October 2021

• Add note for Wiman uninstallation in section 8
• Add extension description in section 2.3,2.8, 3.1 and 5.1
• Add WMI provider INF in section 2.4, 5.1
• Update description in section 9.2

1.12 • Update copyright year to 2022 March 2022

• Add description about SOL LMS Extension and LMS
installation requirement
• Update table in section 3.1
• Update uninstall requirement in section 8

1.13 • Add new feature of WMI provider, description in section 2.4 April 2022

1.14 • Update version numbering in section 6 May 2022

1.15 • Add Windows* 11 in system requirement June 2022

• Remove new feature of WMI provider
• Update .NET framework requirement to 4.8

5
Contents
1 Introduction ...................................................................................................... 7
2 Software Components Overview .......................................................................... 8
2.1 Intel® Management Engine Interface (Intel® MEI) Driver ............................. 8
2.2 Intel® Serial Over LAN (Intel® SOL) Driver ................................................. 8
2.3 Intel® Local Manageability Service (Intel® LMS) .......................................... 8
2.4 Intel® CSME WMI Provider ....................................................................... 9
2.5 Intel® Management and Security Status (IMSS) Application ......................... 9
2.6 Intel® Dynamic Application Loader (Intel® DAL) ........................................ 10
2.7 Intel® Trusted Connect Service (Intel® TCS) ............................................ 10
2.8 Intel® Wireless Manageability (Intel® Wiman)........................................... 10

3 Installer List .................................................................................................... 11

3.1 ME_SW_DCH ........................................................................................ 11
3.2 Drivers ................................................................................................ 12

4 System Requirements ...................................................................................... 13

5 Installing Intel® CSME Software Components ...................................................... 14
5.1 How to Install ....................................................................................... 14
5.2 IMSS ................................................................................................... 17
5.3 Error Codes during Installation ............................................................... 17
5.4 Windows* PE........................................................................................ 18
5.5 Firewall policy ...................................................................................... 18

6 Identifying Intel® CSME Software Components .................................................... 20

7 Configuring LMS .............................................................................................. 21
7.1 LMS Registry Configuration Parameters ................................................... 21
7.2 Intel® PROSet/Wireless Software Adapter Switching Override ..................... 22
8 Uninstalling Intel® CSME Software and Drivers .................................................... 24

9 Troubleshooting Intel® CSME Software Components............................................. 25

9.1 Error Message when Intel® Management and Security Status Application Loads
.......................................................................................................... 25
9.2 ” Information Unavailable” Displays instead of Status ................................ 26
9.3 Client Initiated Remote Access Connection Failure..................................... 26
9.4 Grayed-Out Notification Icon .................................................................. 26

6
Introduction

1 Introduction
This guide describes how to install, configure and troubleshoot the Intel® Converged
Security and Management Engine (Intel® CSME) software components.

For a list of software components, see Software Components Overview.

7
 Software Components Overview

2 Software Components
Overview
This section lists the software components supplied with the firmware kit and provides
a short overview of each component.

Applications and drivers are installed based on the system’s specific hardware and
firmware features. For example, if none of the following technologies: Intel® Active
Management Technology (Intel® AMT), Intel® Small Business Advantage (Intel® SBA),
or Intel® Standard Manageability exists on the system, the Intel® Management and
Security Status application and Serial Over LAN Driver should not be installed.

To view the installer options, enter the following in a Command window:

SetupMe.exe -? and the help dialog should appear.

2.1 Intel® Management Engine Interface (Intel® MEI)

Driver
This driver is the interface between the Intel® Converged Security and Management
Engine (Intel® CSME) firmware and the operating system. Drivers and applications on
the host that wish to interact with Intel ® CSME can use the Intel® MEI host Windows*
driver.

2.2 Intel® Serial Over LAN (Intel® SOL) Driver

This driver enables the remote display of managed client's user interface through
management console and emulates serial communication over standard network
connection. This driver supports systems with one of the following technologies: Intel ®
AMT, Intel® Standard Manageability.

2.3 Intel® Local Manageability Service (Intel® LMS)

This service enables local applications running on Intel ® AMT, Intel® SBA or Intel®
Standard Manageability supported devices to use common SOAP and WS-Management
functionality that is available to remote applications. It listens to the Intel ® CSME
IANA (Internet Assigned Names Authority) ports and routes all traffic to the firmware
through the Intel® MEI.

It also provides Intel® CSME with various host operation abilities. For instance, it
enables Intel® CSME technologies to write user notifications to the local host OS event
log for the purpose of notifying end users of predefined events, such as when support
personnel connect remotely to the platform for a healing session. Intel provides
documentation on how ISVs can extract these events from the event log for use in
their applications.

8
Software Components Overview

Intel® LMS will be functional only if Intel® SOL device exists and SOL LMS extension
INF is installed. The detail usage of SOL LMS extension refer to TA#722931.

2.4 Intel® CSME WMI Provider

The Intel® CSME WMI provider enables ISV and IT administrators to perform Intel®
AMT discovery and configuration operations using WMI technology. The Intel ® CSME
WMI provider complements the existing WS-Management API by abstracting low-level
Intel® MEI operations through WMI. In addition, the provider enables the user to
subscribe to LMS events and receive them via WMI events.

Following are the main functionalities implemented in the Intel ® CSME WMI provider:
• Discovery of Intel® CSME and Intel® AMT related attributes, such as firmware
version and provisioning state.
• Local activation operation, performed as part of Remote Configuration.
• Hardware events.

Intel® CSME WMI provider is implemented as a DLL (MeProv.dll) and operates as part
of Windows* WMI service.

Intel® CSME WMI Provider has switched to INF installation support. Refer to section
5.1 for more detail of installing method.

2.5 Intel® Management and Security Status (IMSS)

Application
This application is a Microsoft* Windows* application that displays information about a
platform’s Intel® Active Management Technology (Intel® AMT), Intel® Small Business
Advantage (Intel® SBA), Intel® Standard Manageability, and Intel® Anti-Theft
services. The Intel® Management and Security Status application indicates whether
Intel® AMT, Intel® SBA, Intel® AT and Intel® Standard Manageability are running on
the platform.

When Intel® Management and Security Status application is running on the platform,
an icon is displayed in the notification area. Clicking the icon opens the application.

By default, the icon is loaded and displayed every time Windows* starts. The icon will
be gray if the Intel® Management and Security Application Local Management Service
is not running or the Intel® Management Engine Interface (Intel® MEI) driver is
disabled or unavailable.

If the Intel® Management and Security Status application starts automatically as a

result of the user logging on to Windows*, the icon will be loaded to the notification
area only if Intel® AMT, Intel® SBA or Intel® Standard Manageability exists on the
system. If the Intel® Management and Security Status application is started manually
(via the Start menu or file manager), the icon is loaded even if none of these
technologies exists.

9
 Software Components Overview

The information displayed in the Intel® Management and Security Status application is
refreshed at pre-defined intervals. The application dynamically hides tabs that are not
relevant. For example, on platforms that do not support Intel ® AT, the Intel® AT tab is
hidden.

2.6 Intel® Dynamic Application Loader (Intel® DAL)

Also known as JHI. This is a service which exposes the host interface to usage of the
Intel® Dynamic Application Loader infrastructure abilities, for loading/unloading signed
applications to the Trusted Execution Environment and communicating with them. It
will only be installed if the platform is Intel ® Dynamic Application Loader capable.

2.7 Intel® Trusted Connect Service (Intel® TCS)

Also known as Intel® Capability Licensing Services (Intel® iCLS). It is a set of
applications, services and dynamic libraries used to establish a trusted connection
between FW and Intel’s backend. It is responsible for:

- EPID group certificates provisioning to the FW

- Trusted Computing Base Recovery: EPID rekey

- Platform Trust Technology (firmware TPM) recertification

- Delivering assets to the FW (i.e. DRM keying material, signed permits)

Intel® TCS will be not installed by Intel® CSME SW installer and will be no functional if
Intel® CSME FW support On-Die Certificate Authority (ODCA), e.g., Tiger lake platform
running FW 15.0.10.1368 or later. Detail refers to TA#634464.

2.8 Intel® Wireless Manageability (Intel® Wiman)

This driver includes CSME-related flows which once were in Windows WIFI driver. This
driver is placed on the WLAN device stack and will be capable of filtering OS request,
especially System-state and device power state queries and transitions. In addition
this driver will be capable of filtering WDI - IHV requests and notifications, filtering
and diverting Tx and Rx data traffic to CSME, injecting CSME data traffic to WLAN Tx
path.

Intel® Wiman driver is only present and functional on Corporate sku FW image for
Coffee Lake platform and above.

To comply with Microsoft DC requirement, Intel® Wiman Extension is required to be

installed along with installation of Intel® Wiman driver. Intel® Wiman will be functional
only if Intel® Wiman extension INF is installed.

10
Installer List

3 Installer List
This section describes the installation packages for the Intel® CSME software.

3.1 ME_SW_DCH
This installation program in this folder installs the Intel® CSME software components
required for the platform on which you are installing, and installs only those
components that match your platform’s capabilities.

Following is a complete list of the components in the installer:

• Intel® Management Engine Interface (Intel® MEI) driver
• Intel® Serial Over LAN (Intel® SOL) driver
• Intel® Local Manageability Service (Intel® LMS)
• Intel® CSME WMI provider
• Intel® Dynamic Application Loader (Intel® DAL)
• Intel® Trusted Connect Service (Intel® TCS)
• Intel® Wireless Manageability (Intel® Wiman)

IMSS application will not be installed by this installer. For installation of IMSS APPX
please refer to section 5.2.

The following table describes the components that are installed for the different
platform capabilities:

If the platform includes this These software components are

capability.… installed

Intel® AMT, Intel® SBA, Intel® Intel® MEI driver, Intel® SOL driver,
Standard Manageability Intel® TCS(1), Intel® LMS, Intel® CSME
WMI provider, Intel® Wiman(2) ,
Intel® DAL(3)

Intel® Dynamic Application Loader Intel® MEI driver, Intel® DAL(3)

None of the above Intel® MEI driver, Intel® CSME WMI
provider

(1) Intel® TCS is not installed by Intel® CSME SW installer and will be no functional if
Intel® CSME FW support On-Die Certificate Authority (ODCA), e.g., Tiger Lake
platform running Intel® CSME FW 15.0.10.1368 or later. Detail refers to
TA#634464.

11
 Installer List

(2) Intel® Wiman is only installed and functional on Corporate sku FW image for
Intel® Coffee Lake and above.
(3) The Installer provides the option to install only Intel® MEI driver and Intel® DAL
service by running the installer with the following flag: setup.exe –meidalonly.

3.2 Drivers
The package in SW\Drivers includes INF installer for Intel® CSME SW components,
extension INF and IMSS APPX package.
• MEI: heci.inf in SW\Drivers\MEI
• SOL: mesrl.inf in SW\Drivers\SOL (only available in corporate sku)
• TCS: iclsClient.inf in SW\Drivers\ICLS
• LMS: LMS.inf in SW\Drivers\LMS (only available in corporate sku)
• DAL: DAL.inf in SW\Drivers\JHI\win10
• IMSS APPX: SW\Drivers\IMSS (only available in corporate sku)
• Wiman: SW\Drivers\WiMan (only available in corporate sku)
• Wiman extension: SW\Drivers\wiman_wlan_extension (only available in corporate
sku)
• WMIProvider: MEWMIProv.inf in SW\Drivers\WMIProvider
• IMSS HSA extension: SW\Drivers\IMSS_HSA_EXTENSION (only available in
corporate sku)
• SOL LMS Extension: SW\Drivers\SOL_LMS_Extension (only available in corporate
sku)

For the IPU kits lacking Intel® SOL LMS extension INF, Intel provides a standalone
kit#722904 which includes Intel® SOL LMS extension INF only

12
System Requirements

4 System Requirements
To enable installation and use of the Intel® CSME software components, the following
are required on the platform:
• Windows 10* / Windows 11* / Windows Server 2019*
• Microsoft* .NET Framework: version 4.8 or above, required if the Intel®
Management and Security Status application is installed on the platform.
• Microsoft Visual C++ 2015 Redistributable: version 14.0.26905.0 or above,
required if the Intel® Management and Security Status application is installed on the
platform.

13
 Installing Intel® CSME Software Components

5 Installing Intel® CSME

Software Components

5.1 How to Install

The INF installer for Drivers and SW components are in the SW\Drivers folder.

To install the components, right click on INF file, and click on install.

System manufacturers can take advantage of the components in SW\Drivers folder to

do offline injection e.g. via DISM. More information about DISM can be found at:

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/what-is-
dism

Intel® MEI driver is required to be installed before other components.

Intel® Wiman Extension is required to be installed along with installation of Intel®

Wiman driver. Intel® Wiman will be functional only if Intel® Wiman extension INF is
installed.

SOL LMS Extension is required to be installed along with Intel® SOL device and
installation of Intel® LMS. Intel® LMS will be functional only if Intel® SOL device exists
and SOL LMS extension INF is installed.

The following devices will be shown in the device manager if the according
components are installed on compatible devices:

MEI: System devices \ Intel(R) Management Engine Interface #1

SOL: Ports(COM & LPT) \ Intel(R) Active Management Technology - SOL

DAL: Software components \ Intel(R) Dynamic Application Loader Host Interface

LMS: Software components \ Intel(R) Management and Security Application Local

Management

TCS: Software components \ Intel(R) iCLS Client

Wiman: Software components \ Intel(R) Wireless Manageability

WMIProvider: Software components \ Intel(R) Management Engine WMI Provider

14
Installing Intel® CSME Software Components

User may use installer SetupME.exe in the ME_SW_DCH folder.

1) Double-click the installer to install the software components
2) Follow the steps in the installation wizard to complete the installation.
3) When the installation is complete, click Next in the Setup Progress window, then
click Finish in the Setup is Complete window.

The software installer has command line option for specific installing configuration,
under command line mode execute setupME.exe -? will display the available options
as follows:
-?
Displays this help dialog.

-b

15
 Installing Intel® CSME Software Components

Reboots the system without prompting after setup is complete, if reboot is

required.

-l <LCID>
Specifies the language of the setup dialogs.

-nodrv
Does not install the driver.

-overwrite
Ignores the overwrite warning.

-p <path>
Changes default directory location for application files.
Warning : User who chooses to use –p flag must make sure the destination
directory is a secure folder (write access by admin). Otherwise it can lead to a
security issue.

-report <path>
Changes the default log path.

-s
Does not display any setup dialogs (silent install).

-ver
Displays driver versions.

-drvonly
Installs drivers only.

-meidalonly
Installs Intel® MEI and Intel® DAL only.

-preinst
Installs all drivers even if hardware is not present.

-tcs
Installs only TCS.

-nowiman
Does not install Intel® Wiman

-wmionly
Install and register only Intel® CSME WMI Provider.

The installation logs can be found at <user folder>\Intel\Logs.

16
Installing Intel® CSME Software Components

5.2 IMSS
IMSS is for Intel® AMT system only, it is not required to be installed on NON Intel®
AMT system.

User may download IMSS from Microsoft* store, or install IMSS_HSA_EXTENSION

INF, which will pull IMSS from the store when Intel® SOL device exists and install
IMSS in the background.

IMSS APPX for pre-install is located in the SW\Drivers\IMSS folder.

DISM is required to install IMSS APPX. Refer to https://docs.microsoft.com/en-

us/windows-hardware/manufacture/desktop/preinstall-apps-using-dism for more
detail.

For the OS without Microsoft Visual C++ 2015 Redistributable (e.g. fresh OS or pre-
install OS without windows update), the DependencyPackagePath is required for
installing Microsoft Visual C++ 2015 Redistributable along with IMSS APPX.

The example DISM command for pre-install OS as below:

Dism /Image:c:\test\offline /Add-ProvisionedAppxPackage /PackagePath:<pre-install

kit Folder Path>\<IMSS APPX appxbundle file> /LicensePath:<pre-install kit Folder
Path>\<IMSS APPX License xml file> /DependencyPackagePath:<pre-install kit Folder
Path>\Microsoft.VCLibs_xxx_<OS sku>_xxx.appx /region=all

where c:\test\offline is the folder where you mounted the WIM image

<pre-install kit Folder Path> is the folder where the package is extracted to

The example DISM command for running OS as below:

Dism /online /Add-ProvisionedAppxPackage /PackagePath:<pre-install kit Folder

Path>\<IMSS APPX appxbundle file> /LicensePath:<pre-install kit Folder
Path>\<IMSS APPX License xml file> /DependencyPackagePath:<pre-install kit Folder
Path>\Microsoft.VCLibs_xxx_<OS sku>_xxx.appx /region=all

5.3 Error Codes during Installation

Error Error String Description
code

0 ERROR_SUCCESS Operation was successful and a reboot is not

needed. Use of the –b switch will not cause a
reboot in this case.
1602 ERROR_INSTALL_USEREXIT
One of:
• The user canceled the operation
• Setup was run silently but a downgrade
was detected and the –overwrite switch
was not used.

17
 Installing Intel® CSME Software Components

Error Error String Description

code

1603 ERROR_INSTALL_FAILURE
General failure code. The error could have
been an unanticipated error or one of the
expected errors such as:
• Not admin
• No device matches
• OS requirement not met
• .NET requirement not met
1633 ERROR_INSTALL_PLATFORM_ Architectures not supported
UNSUPPORTED
1641 ERROR_SUCCESS_REBOOT_I
NITIATED A system reboot has been initiated either by
the user choosing to “reboot now” or the –b
switch was used in silent mode and setup
requires a reboot.
Note that depending on the OS and platform
speed, the calling process may never get this
code due to it being terminated as part of the
shutdown procedure.
3010 ERROR_SUCCESS_REBOOT_ Successful, but a reboot is required to complete
REQUIRED the process.

Note that the installer may return other error codes in cases where an application or
other process called returns one. The error code returned will be passed through.

5.4 Windows* PE
The Intel® MEI driver can be installed on Windows* PE OS, and this is primarily used
during manufacturing, when attempting to run Windows*-based manufacturing line
tools.

More information can be found at:

http://msdn.microsoft.com/en-
us/library/windows/hardware/ff544208%28v=vs.85%29.aspx

The required coinstallers can be found at:

http://msdn.microsoft.com/en-US/windows/hardware/br259104

5.5 Firewall policy

To use DAL, applications need to be able to communicate with the DAL service over a
network interface. The following traffic must not be blocked:
• Incoming traffic
o From: Localhost
o To process: jhi_service.exe

18
Installing Intel® CSME Software Components

o Port: Any

19
 Identifying Intel® CSME Software Components

6 Identifying Intel® CSME

Software Components
Once the Intel® CSME software stack is installed by the installer SetupME.exe located
in the kit, the contents of that kit can be identified via a single Software Package
Version (SPV) marker. The Single Package Versioning feature provides one unique
version identifier for a package (i.e. anything that is updated in the package iterates
the version number). This SPV is useful for systems which need to identify and
manage installations such as Software Inventory Control applications used in large IT
organizations.

Each Intel® CSME Software Installer package contains a file called the ‘mup.xml’
which can be used to identify the SPV. The mup.xml describes the following
information: Example:

<fullpackageidentifier>
<msis>
<msi componentID="100950">
<identifyingnumber>{1CEAC85D-2590-4760-800F-
8DE5E91F3700}</identifyingnumber>
<upgradecode>{1CEAC85D-2590-4760-800F-8DE5E91F3700}</upgradecode>

<version> YYWW.BR.BUILD.PFU</version>
</msi>
</msis>
</fullpackageidentifier>

The ‘fullpackageidentifier’ section points out where to look for the package version and
what it should be in order to be the latest. The ‘DisplayVersion’ and {GUID} above are
found Microsoft* Windows* registry in the locations below:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{GU
ID}\DisplayVersion

Typical release version numbering is as follows, YYWW.BR.BUILD.PFU where:

• YY – Build year
• WW – Build WorkWeek
• BR – branch indication number
• BUILD – 4 digits, increments globally
• PFU – indicate PFU was modified. Increased integer.
Service name for Intel® LMS, Intel® DAL and Intel® TCS can be found in Services tab
in task manager or services in Microsoft Management Console:

LMS: LMS / Intel(R) Management and Security Application Local Management Service

DAL: jhi_service / Intel(R) Dynamic Application Loader Host Interface Service

TCS: SocketHeciServer.exe / Intel(R) Capability Licensing Service TCP IP Interface

TPMProvisioningService.exe / Intel(R) TPM Provisioning Service

20
Configuring LMS

7 Configuring LMS
LMS is able to write user notifications to the local host OS event log for the purpose of
notifying end users of predefined events, such as when critical System Defense
policies are applied by the Intel® CSME firmware. LMS also has additional
functionalities, such as synchronizing the network configuration information between
the host and the firmware. Intel provides documentation on how the ISV can extract
these events from the event log for use in their application.

LMS.exe is installed along with the other software components. Note the following
installation circumstances:

7.1 LMS Registry Configuration Parameters

User can add the following registry keys under HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\LMS\IntelAMTUNS:

The following keys are not mandatory and LMS will function as required without their
existence. All changes to registry keys are noted at LMS startup only. To force the
changes to be noted, restart LMS.

AllowFlashUpdate: Allows LMS to invoke Partial FW Updates. This is a DWORD

Value. Setting value to 0 will prohibit LMS from invoking Partial FW Update, while
setting value to 1 allows Partial FW Update by LMS. Default behavior (i.e. no value) is
Partial FW Update allowed.

Partial Firmware Update is a feature new from Intel® ME 8 that allows update of
specific sections of Intel ME, without requiring a system reset.

Disabling Partial FW Update will eliminate the user's ability to change the user consent
language and to replace the wireless adapter type without affecting Intel ® AMT
functionality over wireless LAN.

PartialFWUImagePath: A custom path to the update partitions file, including the

filename (using absolute or relative path), e.g. C:\<path>\pfwupdateimg.bin.
Default is the LMS.exe path.

Note :The path can't point to a network shared folder. It must point to a local folder.

You can configure the following parameters in the

HKEY_LOCAL_MACHINE\SOFTWARE\Intel\IntelAMTUNS\ConfigData registry key:

The following Registry keys could be added for configuring which events will be shown
in Event Log. This is a DWORD Value. Setting value to 0 will prevent the event from
appearing, while setting value to 1 will cause the relevant event to appear. Note that
the settings only take effect when LMS is (re)started.

21
 Configuring LMS

Registry Key Event Log event

NETWORK_TRAFFIC_TX_CEASED Security policy invoked. Some or all

network traffic (TX) was stopped
NETWORK_CONNECTIVITY_TX_REDUCED Security policy invoked. TX Network
connectivity was reduced
NETWORK_TRAFFIC_RX_CEASED Security policy invoked. Some or all
network traffic (RX) was stopped
NETWORK_CONNECTIVITY_RX_REDUCED Security policy invoked. RX Network
connectivity was reduced
WLAN_WIRELESS_PROFILE_STATE_CHANGED WLAN Wireless Profile sync
enablement state changed WLAN
interface
WLAN_SESSION_ESTABLISHED Control preference for WLAN interface
assigned to Intel(R) Converged Security
and Management Engine. Intel(R) CSME
will take control of WLAN interface
when it is able
WLAN_SESSION_ENDED Preference for WLAN interface assigned
to operating system. Operating system
will take control of WLAN interface
when it is able
REMOTE_SOL_STARTED A remote Serial Over LAN session was
established
REMOTE_SOL_ENDED Remote Serial Over LAN session
finished. User control was restored
REMOTE_IDER_STARTED A remote IDE-Redirection session was
established. For platforms supporting
USB-Redirection instead of IDE-
Redirection, remote USB-Redirection
session was established.
REMOTE_IDER_ENDED Remote IDE-Redirection session
finished. User control was restored. For
platforms supporting USB-Redirection
instead of IDE-Redirection, Remote
USB-Redirection session finished. User
control was restored

7.2 Intel® PROSet/Wireless Software Adapter

Switching Override
The Intel® CSME firmware configuration of the Intel® PROSet/Wireless Software
Adapter Switching override is disabled by default. However, on systems without Intel ®
LAN support (as defined by hardware configuration settings), it is enabled by default.
When enabled, and when Adapter Switching is active (as notified by Intel®
PROSet/Wireless Software to Intel® CSME firmware), the Intel® CSME firmware will
configure the WLAN to override the Host software RF-Kill and establish its own
wireless connection when wireless Intel® AMT is configured. When Adapter Switching

22
Configuring LMS

is inactive or if the Host WLAN driver is healthy, the Intel® CSME firmware will not
configure the WLAN to override the Host software RF-Kill, nor establish its own
wireless connection.

Users wishing to override the default setting in Intel® CSME firmware may add the
following registry key under:
HKEY_LOCAL_MACHINE\SOFTWARE\Intel\IntelAMTUNS

The Intel® PROSet/Wireless Software Adapter Switching override feature in Intel®

CSME firmware is available only on systems with Intel® AMT 11.6 or later.

23
 Uninstalling Intel® CSME Software and Drivers

8 Uninstalling Intel® CSME

Software and Drivers
If you are using CSME SW installer, uninstall the software via the Windows Control
Panel:
• Double-click Intel® Management Engine Components to uninstall the Intel ® CSME
software components.
• The uninstall welcome window opens.
• Click Next. Uninstall will be performed.
• After uninstall operations are completed, click Next to reach the uninstall
completion window.
• Restart may be required for changes to take effect. Click Finish to end the
uninstall.

If you are installing the inf drivers manually – from the WindowsDriverPackages
folder, you should uninstall them manually from device manager
• Right click the device name in device manger and choose uninstall
To remove extension INF, use pnputil command to get assigned number of the INF
and remove it accordingly.

If some system dlls have been removed between the installation and uninstallation of
the Intel® CSME software, the uninstallation may fail. This has been noted, for
example, when uninstalling Microsoft* Visual C.

Don’t manually uninstall ME SW components via device manager if you are installing
CSME SW using installer

Intel® WiMan install will add wiman and wiman_extension. Therefore, when
uninstalling manually from device manager it will uninstall only the WiMan. User then
need to uninstall manually the wiman_extension that is shown in device manager as
“Generic Software Component”.

There are 3 different WiMan’s (WiMan-WiFi for CNL/WHL, WiManH for CML/TGL,
WiManHu for ADL and above). When user use NIC that is relevant for CNL/WHL on
upper platform version he will get the WiMan-WiFi as hidden device in device manager
and it will be as a “zombie”.

If users installing SOL LMS extension INF want to downgrade Intel® CSME SW, the
existing Intel® CSME SW including SOL LMS extension INF should be removed firstly.

Intel® SOL and Intel® LMS device must be removed before SOL LMS extension INF is
uninstalled.

24
Troubleshooting Intel® CSME Software Components

9 Troubleshooting Intel® CSME

Software Components

9.1 Error Message when Intel® Management and

Security Status Application Loads
Microsoft* .NET applications fail when executed in an environment that has no
Microsoft* .NET framework installed. Microsoft* does not provide a safeguard
mechanism in such conditions.

The Intel® Management and Security Status application will display the following error
message if no Microsoft* .NET framework is present in the system:

The Intel® Management and Security Status application will display the following error
message if Microsoft* .NET framework version is not 4.8 or above:

If these happen, install Microsoft* .NET Framework version 4.8 or above and then re-
open the application.

25
 Troubleshooting Intel® CSME Software Components

9.2 ” Information Unavailable” Displays instead of

Status
The service status of Intel® Active Management Technology or Intel® Standard
Manageability in the General tab depends on which technology is operational on the
system.

If “Information Unavailable” displays on the systems supporting Intel® Active

Management Technology or Intel® Standard Manageability, Check that:
1. Intel® Active Management Technology or Intel® Standard Manageability is
functioning properly in Intel® CSME firmware.
2. Intel® LMS is installed, running normally and starts automatically on Windows*
startup.
3. Intel® MEI driver is installed, enabled and functioning properly.

9.3 Client Initiated Remote Access Connection Failure

Failure to connect to the Information Technology network can be caused by the
following:
1. The Local Management Service is not running. It can be started through the
Services pane in the Computer Management window. If it is not installed,
reinstall the software components.
2. The network cable is disconnected, or the network connection is not
configured properly.

If the actions above do not resolve the problem, it is recommended to contact your
Information Technology department.

9.4 Grayed-Out Notification Icon

Whenever either Intel® Active Management Technology or Intel® Standard
Manageability is enabled, Intel® Management and Security Status icon is loaded into
the notification area when Windows* starts. It can also be started by clicking Start>
All Programs\Intel\Intel® Management and Security Status\ Intel®
Management and Security Status.

While the Intel® Management and Security Status application is running, the Intel®
Management and Security Status icon is visible in the notification area. This icon will
appear blue if any one of the aforementioned technologies is enabled on the
computer. In any other case, the icon will appear gray.

The icon will also be gray if Intel® LMS service is not running or the Intel® MEI driver
is disabled or unavailable.

26