I am not a developer. I'm an operations engineer responsible for SCCM in my organization. I just updated SCCM to 1511 and the out of band management server role was deprecated. I've installed MeshCommander.
When I run meshcommander on a local machine and connect to the vPro technology (AMT) it is successful. When I try to connect to a remote machine, I get a timeout error in the Meshcommander Console.
I checked my test machine and the needed protocols are allowed through the Windows firewall (16992 - 16995). Are there any other ports that need to be opened in the firewall or any network configuration needed?
Should any ports be opened "outbound" on the console machine?
Hi. I am the developer of MeshCommander, thanks for posting. First thing you probably want to try is just connecting to Intel AMT using a regular web browser on port 16992 (HTTP) or 16993 (HTTPS). Just to make sure this works. The only ports you need open are 16992/16994 is TLS is not setup and 16993/16995 if TLS is setup.
If the browser works, the next probably is authentication. I don't know a huge amount about SCCM, but Kerberos authentication to AMT is used by default, this could be the problem. Start by running MeshCommander stand-alone (just run the .exe) and add your machines hostname/user/pass and see if that works. Also, try Kerberos if that is setup.
After this, you should get a better view of what the problem is. By the way, you can run "MeshCommander.exe -debug" and see if any errors popup.
Hope it helps,
Thanks for the quick reply, Ylian!. I am able to get a login page to remote machines via a browser. I need to figure out the authentication. If I install mesh commander on a machine, I'm able to access its components via meshcommander using localhost and digest/none for authentication. I cannot access a remote machine through meshcommander using the same authnticatoin.
If your trying to connect to am Intel AMT client using Mesh Commander, it should work fine if you are able to access it locally as well.
The only additional requirement is if there is a network connection available. Can you access the remote Intel AMT device's WebUI by IP or FQDN? Example: http://<fqdn or IP>:16992
Thank you for your comment, Joseph O. I can access the login page but when providing credentials, I cannot login. The authentication is Keberos using AD authentication and my account is in the authorized user group.
Issue could be two things if the configuration is correct.
1. if using IE make sure to enable tools>internet options>advanced>Security>Enable Integrated Windows Authentication is chosen
2. I occasionally see where an IT admin has access to so many groups the profile size becomes to large for AMT to handle. I would recommend using a test user with only only 1 security group and see if that works. If it does you know the profile is too big
I have installed Intel Manageability Commander which I want to integrated with my SCCM. When I add an AMT computer with Intel manageability and try to connect to it time out.
When I try to connect to a computer using Intel MC from SCCM, it throws me the exception. The picture belows shows the error attached.
Can anyone lead me in the right direction?
I am on vacation now, but in the next few weeks when I get back, I will try to fix it so instead of "timeout" a better error is displayed. MeshCommander only uses TCP ports 16992 to 16995. MeshCommander will not use any HTTP proxies, so if you browser is set to use one, that will not work. Lastly, make sure you set the TLS setting in MeshCommander correctly. If you try to connect to a remote computer that is TLS enabled and MeshCommander is setup without TLS, you will see the timeout.
I am running into a potentially similar issue. I use Domotz which can open up a connection to the device ports over the web. If I request 16992 and 16994 I get (See photo)
So then I run the following to redirect so I can open on 127.0.0.1
netsh interface portproxy add v4tov4 listenport=16992 listenaddress=127.0.0.1 connectport=32721 connectaddress=us-west-XXX.domotz.co
netsh interface portproxy add v4tov4 listenport=16994 listenaddress=127.0.0.1 connectport=32723 connectaddress=us-west-XXX.domotz.co
But it fails to connect. It seems that it is using additional ports. This is over the internet and not local but when I cam local the only 2 ports connected are 16992 and 16994.