Community
cancel
Showing results for 
Search instead for 
Did you mean: 
RBens2
Valued Contributor I
54 Views

Problems with MPS

Is there a whitepaper or a blog or something that goes into depth on how to install and configure a Management Presence Server? I've been working on trying to install the MPS from the SDK, and I haven't had any luck in getting it to work. I'm getting certificate errors that are stopping the client from connecting, but I'm using the certs specifed by the docs in the example. Any thoughts?

Thanks,
Roger
0 Kudos
7 Replies
Gael_H_Intel
Moderator
54 Views

Quoting - rogerb
Is there a whitepaper or a blog or something that goes into depth on how to install and configure a Management Presence Server? I've been working on trying to install the MPS from the SDK, and I haven't had any luck in getting it to work. I'm getting certificate errors that are stopping the client from connecting, but I'm using the certs specifed by the docs in the example. Any thoughts?

Thanks,
Roger

Roger - I wrote a blog a while back - click here to see it.. Unfortuneately, it is pretty high level - it takes you through setting the APIs using Soap UI and since you don't have my VM or my SOAP project, you'll have to fill in the blanks. Also, I don't provide the config files which is what I suspect you may be having difficulties with.

1. Did you enable Environment Detection on your AMT System?
2. The Certificates for setting up the connection with the MPS are different than the Certificates that go into making up an Enterprise TLS environment as well. So in my instructions, you will see a certificate being applied to AMT - this one is not for a TLS environment, but for the connection to the MPS Server.

I have forwarded your question to our MSP guru. If the answer turns out to be blog material, I will blog it.
Ajith_I_Intel
Employee
54 Views

Quoting - rogerb
Is there a whitepaper or a blog or something that goes into depth on how to install and configure a Management Presence Server? I've been working on trying to install the MPS from the SDK, and I haven't had any luck in getting it to work. I'm getting certificate errors that are stopping the client from connecting, but I'm using the certs specifed by the docs in the example. Any thoughts?

Thanks,
Roger

Hi Roger,
I have used the MPS in the SDK in conjunction with DTK tools. I used DTK director to provision and configure AMT device, create all my certificates. From DTK, I imported all the needed certificates to MPS tools and that worked for me. I can provide you detailed instruction on how to configure using DTK and then use MPS in the SDK. Do you want to try this approach?

If you want to use the certificates created by SDK, then I will need to look at your configuration files, certificates that you are using etc to assist you with the problem you are facing. Let me know your preference.

Thanks,
Ajith
RBens2
Valued Contributor I
54 Views

I finally got the examples to work. I had to modify some config files, and some of the docs are out of date. Now the question that I have is about AMT Commander. I got Commander to connect to the system through a CIRA connection, but I can't get it to do any remote control functions. When I look at the system through Commander it just shows UNKNOWN for all of the entries regarding the ability to do SOL, IDER, and remote control. Do you have any thoughts on this?

Thanks,
Roger

Ajith_I_Intel
Employee
54 Views

Quoting - rogerb
I finally got the examples to work. I had to modify some config files, and some of the docs are out of date. Now the question that I have is about AMT Commander. I got Commander to connect to the system through a CIRA connection, but I can't get it to do any remote control functions. When I look at the system through Commander it just shows UNKNOWN for all of the entries regarding the ability to do SOL, IDER, and remote control. Do you have any thoughts on this?

Thanks,
Roger


Hi Roger,
Glad to hear that you got the MPS going. Regarding the connection through commander, since you mentioned that you are able to connect, I am assuming the proxy settings you configured in commander are correct. When Commander connects over CIRA connection, it takes a while for it to laod all of the AMT properties, I have observed about 2-3 minutes in my setup. I would say give it couple minutes and you should see all of the fields populated.

On another note, I am assuming that you have enabled SOL/IDE-R and are able to do those operations when connected directly. If not please make sure that you have enabled these in MEBx (BIOS).

If we cant resolve the issue through commander, we can try couple other things to ensure the connectivity. All of our SDK samples are able to run over CIRA connection. We can run a sample to see if the connection is good and that AMT device is respoding over CIRA connection. You can try this simple call. After you unpacked the SDK, cd to this folder - WindowsIntel_AMTBin in a command window. Try running this command "GeneralInfo.exe -verbose -user admin -pass AMTPASSWORD -proxy HTTP_PROXY_IP:PORT http://AMTFQDN:16992/GeneralInfoService". If that command works and you get a response, we know for sure that the device is responding and commander may be having some problems. Hope this helps.

Just curious, what did you have to do to make it work and what configuration files you had to change. Also can you let me know which document you think is out of date, we can try to fix that.

Thanks,
Ajith
LexiS_Intel
Moderator
54 Views

This is a test. Please ignore.

RBens2
Valued Contributor I
54 Views

Hi Ajith

I got the MPS working finally. Here's the things that I had to change to make it work. In the stunnel.conf file, I had to change the cert pointers to point to the MPS_cert that is created in the SCA script.

;trusted root certificate authority
CAfile = cacert.cer should be CAfile = trusted_cert.cer from ExternalSecScripts

;trusted server certificate
cert = remote_client.pem should be cert = MPS_cert.pem from ExternalSecScripts
key = remote_client_key.pem should be key = MPS_key.pem from ExternalSecScripts/MPS/private

The MPS_cn in the checkcs.bat file needs to match the MPS common name parameter in the default.conf.xml file.

I ran the GetGeneralInfo example on the CIRA connection, and it worked just fine. However, Commander will only get the hardware asset info. All of the other functions of Commander are not functioning. Any ideas as to why this is?

Thanks,
Roger
Lance_A_Intel
Employee
54 Views


Thanks for sharing that info, Roger.

The team that manages the DTK says that many similar issues have come up and that they are working on a solution.

We will follow-up with you with progress on this.
Reply