- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I have a mesh configured in Meshcentral, I have added several devices, I created the "Setup CIRA tunnel" and provisioned it on the devices. I have also configured the environment detection. Until that, everything is OK, but when the devices try to stablish the tunnel with the meshcentral server, the are not able to stablish it.
I have tried with devices with different versions of AMT, but the result is the same.
Is Meshcentral server working as a MPS or not now? Is that the problem?
I have installed locally a meshcentral2 server. In this case, the CIRA tunnel is stablished, but the remote management is not working fine, I suppose because it is still a beta
Regards and thanks in advaance
Fernando
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. Sorry for the delayed response. Not sure if you tried both MeshCentral1 and MeshCentral2, but right now, I am working only on MeshCentral2 (http://www.meshcommander.com/meshcentral2). I don't support version 1 anymore. So, yes, MeshCentral2 does act as an MPS and will receive CIRA connections coming from Intel AMT. By default, it will receive CIRA on port 4433 but you can change that using command line options.
As for it not connecting, there are many things to check. I have the same issue sometimes, so it's not surprising. Try this:
- Check that you can access port 4433 on the server from the Intel AMT computer. Not that the two must be different computer. You can't run the MPS server on the same computer that has Intel AMT. You can check using a browser: https://yourserver:4433/. You will get a certificate the browser will not understand, but ignore that.
- The name of your server must be an IPv4 address like 1.2.3.4, or a fully qualified domain name, like "myserver.test.com". You can't use short netbios/wins name like "myserver". Intel AMT can't resolve that, but be a real DNS. If you don't have a real DNS, set your server to an IP address. On MeshCentral2, use "--cert 1.2.3.4".
- Make sure the Intel AMT Ethernet port is plugged in, use wired first. Don't try wireless to start, it's more complex to setup. You can't use a VPN or have a HTTP proxy between Intel AMT and the server. Must be a clear path between the Intel AMT Ethernet port and the server.
- You can run MeshCentral2 with "--mpsdebug". This will show you all the traffic between MeshCentral2 and Intel AMT.
- For environment detection must be set to a different domain suffix then your current domain. MeshCentral2 will set it to a long random value, so should be ok.
I have a YouTube video on how to setup CIRA with MeshCentral2 here: https://www.youtube.com/watch?v=WgBbViz5fsQ
Last note, there are some computers where CIRA is broken. If you run MeshCentral2 with "--mpsdebug" you will see that as soon as the server sends data to Intel AMT, Intel AMT will disconnect. Does not seem like there is anything I can do if you have one of these older computers. However, it should clearly connect.
If MeshCentral2 CIRA is working, the KVM, Terminal and Intel AMT tab should all work, if not, let me know.
Hope it helps,
Ylian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ylian
Thanks a lot for your answer.
I have tried both. With Meshcentral1 there is no way to stablish the CIRA connection. With a Meschentral 2 server, the CIRA connection is stablished. What happens it that it doesn´t work totally fine yet (I suppose because it is still a beta versión); For example, when using remote desktop (using AMT HW, not the agent), some times mouse stops working or, when using the Intel AMT tab, it usually disconnects and it is difficult to use
Just one last question: if I am using a meshcentral server 2, and iI want to use a PC with Mesh Commander to connect to remote equipments throuhg CIRA instead of the own WEB portal of the server, how should I configure the proxy in the PC when I am running the Mesh Commander? Is it possible?
Best regards and thanks in advance
Fernando
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Fernando.
There are cases where AMT KVM is self disconnecting. It you are able to reach to AMT tab , please check at the System Status -> Remote Desktop, change the session timeout to 0 (never timeout).
The other situation you may need to be aware of is that AMT KVM runs on RFB protocol thus screen refresh is affected by any event sent to the server. Wiggling mouse pointer on the KVM scree typically trigger the AMT KVM server to send update.
On the last question, here are what you need to do:
- You need to host Meshcentral 2 at a publickly accessible IP address. It could be port forwarded behind a router (cable modem/DSL) with dynamic DNS.
- Configure Meshcentral 2 certificate to use your FQDN so that clients can reach back.
Regards,
Joko
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page