Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

Cannot connect to vPro 9 from MDTK 1.26

mcbsys
Novice
3,154 Views

Hi,

I found this forum from the Open Manageability Developer Tool Kit (MDTK) page.

I'm setting up a new Lenovo M93p running AMT 9.0.2-build 1345. This is for a small business, so it's all manual provisioning. I've turned on SOL, IDER, and KVM. I've set user consent to NONE.

I can access the machine via a web browser (port 16992) for power control, log viewing, etc. However when I try to Connect from MDTK 1.26, the connection times out. Same thing if I try to connect from UltraVNC.

If I run Wireshark while trying to connect with MDTK, I can see packets going back and forth between the management station and the M93p. (This is all on a local IPv4 LAN for now.) I don't know what the packets mean, but at leat there is bi-directional traffic. Just to be sure, I disabled the firewall on my Win7 management PC just in case that was a problem, but that didn't make a difference.

Is there something I'm missing to able to connect remotely to this machine using MDTK and VNC/KVM?

Thanks,

Mark

0 Kudos
31 Replies
mcbsys
Novice
709 Views

Hi Ylian,

Any update on this? I'd still like to be able to use MDTK with vPro 9. I upgraded from 1.26 to 1.28 but I'm still getting the System.net.WebException when I try to connect.

Also, any chance you could add release dates to http://opentools.homeip.net/open-manageability? That would make it easier to tell if I have there has been an update since my last visit. Also maybe a note when a release is pulled, e.g. 1.26 disappeared.

Thanks,

Mark

0 Kudos
mcbsys
Novice
709 Views

Still trying to get this to work. Downloaded MDTK 1.31 but it cannot connect to a vPro 9 system. See new screenshot, attached.

What is the status of this issue?

Mark

0 Kudos
Gael_H_Intel
Moderator
709 Views

There is a new version out there.  Please let us know if it is working for you:  https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=22183

0 Kudos
mcbsys
Novice
709 Views

Oops did not mean to reply about PSM on this thread. This thread is about the MDTK issue, which is still my main concern. I've moved my PSM reply here:  https://software.intel.com/en-us/forums/topic/516500#comment-1792252.

Mark

0 Kudos
Gael_H_Intel
Moderator
709 Views

Ok thanks.  Did you try the 32 bit as well?  I have reported this back to the developers.

0 Kudos
mcbsys
Novice
709 Views

Some good news on the MDTK issue:  it finally occurred to me to install it on the LAN where the actual vPro 9 machines are located, as opposed to working through a VPN tunnel. Voila! Instant connection to the vPro 9 machines, which allowed me to enable their VNC ports so I can use the free UltraVNC for remote control as described here.

So the new description of the issue:

  • MDTK 1.31 _cannot_ connect to any vPro machines across a VPN.
  • MTDK 1.31 _can_ connect to vPro machines, including vPro 9 machines, on the local LAN. However it cannot connect to the machine where it is installed either user localhost or the actual IP address.

Mark

0 Kudos
Ylian_S_Intel
Employee
709 Views

Hi Mark. Sorry for the delay. With my work on Meshcentral, I had little time to work on the MDTK. This said, these are lots of requests for MDTK updates and starting getting some test machines at my desk. So, should start focusing on it a little more in the next few weeks.

I need a little help understanding the issue. For your VPN setup, are you running a VPN client on the Intel AMT machine, connecting to a network and trying to access Intel AMT back thru the VPN? Or is the machine on a corporate network and the machine running the MDTK is running the VPN client?

If your run the VPN client & the MDTK on the same machine and connect to a network and access Intel AMT, it should work fine. In this case, the VPN will get make the MDTK machine look like it's on the corporate network and connections should route ok.

If the VPN client is on the Intel AMT machine itself, this is a bit more tricky. Your basicaly accessing the Intel AMT machine like if Command was running in the Intel AMT machine's own OS. It's like installing Commander on the local machine and connecting to 127.0.0.1. It should work, but it's not going to give you the out-of-band features that Intel AMT offers. If the OS goes down, the VPN will also drop and you will not be able to remotely access Intel AMT. Still, accessing Intel AMT using a VPN (Where the VPN client software is on Intel AMT) should work.

Let me know what type of setup you have.
Ylian

0 Kudos
mcbsys
Novice
709 Views

Hi Ylian,

Thanks for the reply.

The VPN in this case is set up on the routers. Basically I have Tomato open-source firmware on my router and the client's router. The routers establish and maintain the VPN tunnel. All I have to do on the client is access the IP address on the remote network. This works fine for Remote Desktop, copying files back and forth via Windows Explorer, accessing an intranet site hosted on the client's network, etc. In fact, now that I was able to configure the target machines to accept VNC on 5900, those VNC connections work fine across the VPN as well. So far the only thing I haven't been able to do is get MDTK working across the VPN.

Now that I have VNC working, I probably won't need the MDTK very often and I've left an installation inside the client's network for when I do. So I wanted to report this status to you, but being able to run it successfully inside their network is okay as a workaround for me.

Regards,

Mark

0 Kudos
Ylian_S_Intel
Employee
709 Views

Thanks for the report. I get it now. It's weird, your VPN setup should just forward everything like if you where on the local network. So, MDTK or any other application should just work. If you run into this problem and want to help, go in Commander's help mesh, hit "Show Debug Information...", try to connect and send us the debug log.

Also, if your are going to be managing lots of machines all over the Internet, check out Meshcentral.com. You can setup all your machines on the server and do web based hardware KVM, IDE-R and piles more for free. The entire site is open source, so you can setup your own instance of meshcentral. The main benefit over what you are doing is that you don't need a VPN. Machines can move all over the Internet and you still can manage them using a web site.

Ylian

0 Kudos
mcbsys
Novice
709 Views

Thanks Ylian. You can find my latest debug screen shot above in post #23. It's like a .Net call doesn't like the VPN, or maybe the VPN is okay but it doesn't like the attempt to connect outside the local subnet?

Meshcentral sounds very cool but is more than I need for now. If I ever need VNC access outside the firewall, I will definitely be looking for alternatives.

Mark

0 Kudos
mcbsys
Novice
709 Views

Quick update. I now have the Managebility Commander Tool 1.32 working across the Internet and VPN for KVM control using the free UltranVNC client. I documented the procedure (including certificate generation) here:

http://www.mcbsys.com/techblog/2014/12/set-up-intel-amt-for-remote-kvm/

I did have one problem today trying to connect to a new AMT 9 machine on the local LAN using an IP address. It kept timing out, even after I corrected the password. I deleted the machine and re-added it, this time specifying the correct password in the Add Intel AMT Computer dialog. This time it connected immediately. My hunch is that it wasn't using the password I typed in the main Connect & Control screen. Also, passwords seem to always be remembered even when you uncheck Remember. Ylian, perhaps you could review password handling sometime. Meanwhile, I'me pretty happy with the functionality I get from this tool!

Mark Berry
MCB Systems
 

0 Kudos
Reply