Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

MeshCommander Timeout Error

Allen_R_1
Beginner
12,542 Views

Hello,

I am not a developer.  I'm an operations engineer responsible for SCCM in my organization.  I just updated SCCM to 1511 and the out of band management server role was deprecated.  I've installed MeshCommander.

When I run meshcommander on a local machine and connect to the vPro technology (AMT) it is successful.  When I try to connect to a remote machine, I get a timeout error in the Meshcommander Console.

I checked my test machine and the needed protocols are allowed through the Windows firewall (16992 - 16995).  Are there any other ports that need to be opened in the firewall or any network configuration needed?

Should any ports be opened "outbound" on the console machine?

 

 

0 Kudos
11 Replies
Ylian_S_Intel
Employee
12,542 Views

Hi. I am the developer of MeshCommander, thanks for posting. First thing you probably want to try is just connecting to Intel AMT using a regular web browser on port 16992 (HTTP) or 16993 (HTTPS). Just to make sure this works. The only ports you need open are 16992/16994 is TLS is not setup and 16993/16995 if TLS is setup.

If the browser works, the next probably is authentication. I don't know a huge amount about SCCM, but Kerberos authentication to AMT is used by default, this could be the problem. Start by running MeshCommander stand-alone (just run the .exe) and add your machines hostname/user/pass and see if that works. Also, try Kerberos if that is setup.

After this, you should get a better view of what the problem is. By the way, you can run "MeshCommander.exe -debug" and see if any errors popup.

Hope it helps,
Ylian

0 Kudos
Allen_R_1
Beginner
12,536 Views

Thanks for the quick reply, Ylian!.  I am able to get a login page to remote machines via a browser.  I need to figure out the authentication.  If I install mesh commander on a machine, I'm able to access its components via meshcommander using localhost and digest/none for authentication.  I cannot access a remote machine through meshcommander using the same authnticatoin.

0 Kudos
Joseph_O_Intel1
Employee
12,536 Views

If your trying to connect to am Intel AMT client using Mesh Commander, it should work fine if you are able to access it locally as well. 

The only additional requirement is if there is a network connection available. Can you access the remote Intel AMT device's WebUI by IP or FQDN? Example: http://<fqdn or IP>:16992

 

0 Kudos
Allen_R_
Beginner
12,536 Views

Thank you for your comment, Joseph O.  I can access the login page but when providing credentials, I cannot login.  The authentication is Keberos using AD authentication and my account is in the authorized user group.

0 Kudos
Joseph_O_Intel1
Employee
12,536 Views

Hey Allen,

Issue could be two things if the configuration is correct.

1. if using IE make sure to enable tools>internet options>advanced>Security>Enable Integrated Windows Authentication is chosen

2. I occasionally see where an IT admin has access to so many groups the profile size becomes to large for AMT to handle. I would recommend using a test user with only only 1 security group and see if that works. If it does you know the profile is too big

 

 

0 Kudos
Linares__Jonatan
Beginner
12,544 Views

Hello,

I was getting same error ("timeout error"), when trying to login through MeshCommander (Npm version), using: http://127.0.0.1:3000/

But finally I solve it by using: http://localhost:3000/

"localhost" instead of "127.0.0.1".

 

Thank you MeshCommander/Central,

Jonatan

0 Kudos
AKahl2
Novice
12,542 Views

Hello,

I have installed Intel Manageability Commander  which I want to integrated with my SCCM. When I add an AMT computer with Intel manageability and try to connect to it time out.

When I try to connect to a computer using  Intel MC from SCCM, it throws me the exception. The picture belows shows the error attached.

Can anyone lead me in the right direction?

Thanks,

Aman

 

0 Kudos
Joseph_O_Intel1
Employee
12,542 Views

Hello Aman

I would suggest going to bizsupport page to get help on this issue.

Joe

0 Kudos
Ylian_S_Intel
Employee
12,542 Views

I am on vacation now, but in the next few weeks when I get back, I will try to fix it so instead of "timeout" a better error is displayed. MeshCommander only uses TCP ports 16992 to 16995. MeshCommander will not use any HTTP proxies, so if you browser is set to use one, that will not work. Lastly, make sure you set the TLS setting in MeshCommander correctly. If you try to connect to a remote computer that is TLS enabled and MeshCommander is setup without TLS, you will see the timeout.

Ylian

0 Kudos
Gilbert__Mark
Beginner
12,542 Views

I am running into a potentially similar issue.  I use Domotz which can open up a connection to the device ports over the web.  If I request 16992 and 16994 I get (See photo)

 

So then I run the following to redirect so I can open on 127.0.0.1

 

netsh interface portproxy add v4tov4 listenport=16992 listenaddress=127.0.0.1 connectport=32721 connectaddress=us-west-XXX.domotz.co
netsh interface portproxy add v4tov4 listenport=16994 listenaddress=127.0.0.1 connectport=32723 connectaddress=us-west-XXX.domotz.co

 

But it fails to connect.  It seems that it is using additional ports.  This is over the internet and not local but when I cam local the only 2 ports connected are 16992 and 16994.

0 Kudos
Willj01
Beginner
9,812 Views

Just wanted to see if there was any update to your issue you posted or if you found a resolution?  I am experiencing the same exact thing from a server that I have MechCommander on.  I have a list of machines and mostly with red icons next to them so not sure what that means there, guessing a connection or communication issue.  When trying to connection, I get a Timeout Error.  Not sure what's going on because at the subject PC, I set up everything right between the Intel AMT and the MEBx login.  Communication is not blocked between VLANS as I can ping and also RDP from the server to the subject machine I'm trying to reach.  Any thoughts would be much appreciated, thank you?

0 Kudos
Reply