Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

Initial AMT Setup

robi_y
Beginner
4,822 Views
Hello,
I've setup my new dell optiplex 755 with WinXP according to the setup manuals with static IP.
The AMT status service shows AMT is enabled. All drivers appear as required, but when starting Outpost from the DTK I get a failure message (like a previous post complained).
Also when browsing over to http://:16992, I do not get the console.
How do I go forward? How can I validate my AMT settings - is there some lower level options?
Thanks in advance, Robi



0 Kudos
35 Replies
Gael_H_Intel
Moderator
3,655 Views

Hello,

I was wondering if you enabled AMT on your Dell system? When you refer to your static IP address, is that for your host OS? You will need to go into the BIOs, configure the ME (tell it to use Intel AMT) and then you will have to configure AMT and give it a static IP address as well. This is the IP address that you would connect to via the Web UI. (If you are using Static IP, your AMT Client will have a different IP address than your Host OS.)

You will have to change the ME password (to a strong password)if this is the first time you have gone into it.

Once AMT is enabled, make sure you can ping the system (using the AMT IP address.) If you have a firewall enabled you also won't be able to connect.

Check out the Start Here guide for some help.

Also check out this blog on setting up an AMT Client.

I hope this helps.

0 Kudos
robi_y
Beginner
3,655 Views
Thanks for replying.
Actually pinging the AMT static IP does not work on the AMT host machine, so I tried pinging form another machine and over there AMT replis. Additionally, with AMT commander on the other machine I can access the AMT machine.

So the question remains why can't I ping AMT from the local machine? Hopefully this can help resolve the problem of Outpost which can't access AMT.
Is there some way to check the installed drivers?
0 Kudos
Sreelekshm_S_Intel
3,655 Views

Hi,

You are not supposed to connect to the AMT system locally through WebUI or ping locally even if you have static IP. Another question is do you have LMS and HECI drivers installed on your system?

Thanks,

Sree

0 Kudos
robi_y
Beginner
3,655 Views
Hello,
I do have the drivers installed, on startup the LMS service informs that AMT is enabled.
I just suggested that maybe the fact that the AMT does not answer to local pings, may point to the problem of outpost not succeeding to connect either.

Thanks anyway
p.s. I've also installed WinRM - Microsoft's WS-MAN but it does not help with web local access, nor with outpost
0 Kudos
DAN_A_Intel
Employee
3,655 Views

Hey,

I wonder if your trouble is not a network topology issue ... did you configure your AMT host and AMT device with static IP on the same subnet? in that case the switch or hub will not forward any packet back to the same port and a transmitted packet from the host will never get back to the AMT device (there is no loopback).

However if you are using different subnet with correct default gateway than can route packet from one subnet to the other you will be able to ping your AMT device from the AMT host...

did you try this?

0 Kudos
robi_y
Beginner
3,655 Views
Hello,
Your'e right, they are configured to the same subnet.
Here are (one of) the settings I've tried.

AMT: 192.168.0.100 (mask 255.255.255.0)
Host: 192.168.0.101
Remote machine (which also acts as a gateway, on one of it's NICs): 192.168.0.1

From the remote machine I can ping AMT.
From the local machine I can ping the remote (gatway) and also the local ip (101) but not the AMT.

I've tried moving AMT to a different subnet, but did not succeed pinging it at all - tried to add static routing info on both machines, but possibly mistaken, so:

1) Would appreciate help on configuring the gateway routing to the other subnet.
2) Do you think that Outpost will not work till we can locally ping?

Thanks, Robi
0 Kudos
robi_y
Beginner
3,655 Views

Well, some more info (thanks for keeping along with me...)

I ran Outpost under a debugger and I see that it fails connecting while invoking a web service (probably the first one) with a method name "GetCoreVersion".The exception message is:

The underlying connection was closed: An unexpected error occurred on a receive.

So still it seemslike a networking issue.

0 Kudos
Sreelekshm_S_Intel
3,655 Views

Hi,

In the static IP mode with two IP addresses for the AMT device and host system, you won't be able to ping each other even ifthey are on different subnet. I have forwarded your Outpost question to Ylian.

Thanks,

Sree

0 Kudos
Ylian_S_Intel
Employee
3,655 Views

Hi there. I just released Intel AMT DTK v0.51x a few minutes ago. You coudl try that first.First aword on AMT/LMS/Outpost:

The way AMT is hooked up to the Gigabit network adapter makes it impossible to access using the OS loopback adapter (127.0.0.1) any traffic you send to 127.0.0.1 will never reach the network hardware and so, never reach AMT.

So, there is a way to talk to AMT using a HECI driver, it's a local driver that talks directly to AMT using a customer driver. A service called LMS ("Local Management Service" I think) will listen to TCP ports 16992 and 16993 and forward the traffic thru the HECI driver to AMT.

As you can see, when you contact port 16992 on the local computer, the traffic is just captured byLMS and forwarded to AMT using a driver. It's not going thru the network at all. Also, network configuration on AMT will not affect the HECI driver or LMS.

Here is my checklist of things that be cause Outpost to not be able to connect:

  • Check that theHECI driver is installed, and it's the correct one for your computer.
  • Check that LMS is running, it's a Windows service "Intel Local Management..."
  • Check that LMS is listening on 16992or 16993. Use "Netstat -all".
  • Check that you are not using TLS with Mutual-Authentication turned on. If you do, you will need the correct certificates to connect. If in SMB mode, this is not a problem.
  • Check that you are not using a Kerberos account. If in SMB mode, this is not a problem.
  • Check that you don't have firewall software that may be blocking loopback access to LMS. Try turning off firewalls just to see if that is the problem.

Hope this helps,
Ylian (Intel AMT Blog)

0 Kudos
robi_y
Beginner
3,655 Views
Hello,
Thanks for the detailed answer, however, in spite of:
- LMS is installed and listening to those 2 ports (checked with netstat)
- All firewalls are turned off
- Heci drivers from Dell site are installed (R148566 + R162295)
- AMT configured in SMB mode

When browsing to the local address, there is no connection.
I tried the new Reflector tool and forwarded some arbitrary port to 16992, in this case when pointing the browser to the new port, it replies with an empty screen (White Screen Of Death?), but for different ports there was again a connection error - so might be that LMS is trying to do something and fails silently. Maybe the drivers are not functioning but I don't know how to validate this, except for the status service in the Windows notification area which shows that AMT is enabled.
0 Kudos
Ylian_S_Intel
Employee
3,655 Views

I am stumpted. First, when LMS is working and you use a web browser to access 16992 on LMS, youmay not see the Intel AMT web page, it depending on the AMT version.

If you use Intel AMT Reflector, you need to run reflector on a different computer that does not have Intel AMT. In that case, you can reflect back 16992 to 16995 connections back to your own computer and it will be just like you are accessing AMT from a different computer.

Other than that, I am stumped, it should work... try updating your firmware.

Ylian (Intel AMT Blog)

0 Kudos
Gael_H_Intel
Moderator
3,655 Views
I would try using DHCP and make sure the host name of the AMT client and the host OS is the same. Aside from that, this feels like a network issue. Make sure all of your systems can ping all of your systems (at least the systems you are using to do this experiment) and make sure you are entering the correct passwords.
0 Kudos
Gael_H_Intel
Moderator
3,655 Views

Hi - one more thing... Could you verify if you have enabled SOL and IDER in your AMT Configuration? The AMT configuration does not enable Serial over Lan by default and this is what AMT Commander uses.

To enable this:

Hit CTRL-P during boot up to enter the AMT configuration Tool

Select Intel AMT Configuration
Select SOL/IDE-R
Press Y acknowledging changes

User Name and Password should be enabled
Serial over LAN should be enabled
IDE Redirection should be enabled

0 Kudos
robi_y
Beginner
3,655 Views
Hi,
One more thanks...

As detailed above I can ping all directions except from the local AMT machine to the AMT given address, however I understand this is OK, since locally the LMS catches messages and forwards to AMT through the HECI driver.

I've rechecked and all SOL/IDE-R options are enbled.
I'm also OK with the passsword since extenally (from a browser or using Commander) I can access AMT.

I think I'll try a different machine when I find one.
I'll report if something is found, thank you all.
0 Kudos
Gael_H_Intel
Moderator
3,655 Views

One more question - could you check your AMT configuration and make sure you entered the Host Name for the AMT client and that it is the same as the Host Name for the OS - if you haven't done that, you will be able to ping, but it will be the host OS that is answering, not the AMT Client.

You will not be able to ping the AMT Client from the Local AMT System. Ever. (I'm still not clear on if this is what you are trying to do...) The LMS and HECI software are used for APIs that are designed to work on the Local AMT Client. There are many operations that won't work locally and pinging is one of them.

0 Kudos
robi_y
Beginner
3,655 Views
I tried the HostName both ways. In any case, I used the ip addresses when trying to ping. I now understand that locally pinging is not a method to validate connection with the AMT client. It could be nice if you could add some other ways for diagnosing such problems.
The bottom line is that I don't have local connectivity (Browser/Outpost) to AMT.
0 Kudos
Sreelekshm_S_Intel
3,655 Views

Hi,

This page has a link at the bottom to a video tutorial on Outpost (Intel AMT Outpost agent (v0.11)) Please go through it and see if this is what you are trying to do here.

Thanks,

Sree

http://software.intel.com/en-us/articles/download-the-latest-version-of-manageability-developer-tool-kit

0 Kudos
Gael_H_Intel
Moderator
3,655 Views
Hi - are you still trying to get the Web UI from the local AMT System? You will not be able to do this. You must connect to the Web UI from a remote console.
0 Kudos
robi_y
Beginner
3,655 Views
Well, I could do without a local Web UI, but I see that (at least some of the) developer tools work above a web layer anyhow (through the LMS).
My main concern now is succeeding with operating Outpost - locally. It's local functionality like watchdog acknowledge and storage access can not be replaced by remote access. Right now it seems to fail due to local networking issues!
BTW, I followed the mentioned above videos, if not mistaken some even show local web access, e.g., by Commander (at least in the demonstrated version).
0 Kudos
Ylian_S_Intel
Employee
3,521 Views
Hi there. In the DTK video about Outpost, I wanted to show both Outpost and Commander on the same computer screen. I start the video by saying that I setup a special router that will send the network traffic back to me.

So, in the video, I connect Commander and the web browser to a router, and the router echos the packets back to Intel AMT. I hope you understand that in this video, the network traffic is going outside of my computer to the router and back.

In the video, Intel AMT Outpost is connected localy and talks to LMS. It can does basic SOAP commands, but the web page would not work.

Idealy, I should have done the video with two comptuers. One with the web browser and Commander. The other running Intel AMT Outpost. My YouTube demonstraion show the demo on two different comptuers:

http://www.youtube.com/watch?v=joeEBJeUfbk

I hope this helps. Really, Intel AMT can not server web pages localy.

Ylian (Intel AMT Blog)
0 Kudos
Reply