Community
cancel
Showing results for 
Search instead for 
Did you mean: 
jacace
Black Belt
219 Views

Redirection Exception

Hi there,


I'm trying to use SOL/IDE-R in an Enterprise provisioned machine with TLS enabled (basic, not mutual) and I'm getting a Exception.

I'm able to see the asset information and to power up/down the machine (with EOI, NOT WsMan), but SOL/IDE-R does not work, so I'm sure it's not an access issue (cause the machine security certificate is added is the client trusted root certificate store and the user being used is admin).


The method which one returns the error is (AmtRedirectorWrapper.cs line 617):
r = IMR_SOLOpenTCPSession(clientId, login, data, IntPtr.Zero);

An the error is in r = IMRResult.IMR_RES_SOCKET_ERROR

Help!


Javier Andrs Cceres Alvis

0 Kudos
34 Replies
Jerome_E_Intel
Employee
187 Views

Usually this means some sort of connectivity error. Also, possibly due to certificate verification issues. Check to make sure you've set the value ClientInfo.ip to be the same as the CN of the AMT certificate. Also,check the value ofStorage_Enabled in your ini file (is it 0?).

-Jerome

jacace
Black Belt
187 Views

Usually this means some sort of connectivity error. Also, possibly due to certificate verification issues. Check to make sure you've set the value ClientInfo.ip to be the same as the CN of the AMT certificate. Also,check the value ofStorage_Enabled in your ini file (is it 0?).

-Jerome

Hello Jerome,

Sorry for delay.

The CN ofAMT certificate shows the machine FQDN, while the hostname is resolved as the same IP so when I try to connect with DTK Commander I can do it but shows me warnings and Remote control is disabled.

The problem is that SCS Console makes those certificates so I can not change the FQDN to use IP address; I also was trying to get the FQDN from machine but aways returns me the IP address instead.

Thanks a lot,

Javier Andrs Cceres Alvis

jacace
Black Belt
187 Views

Hello Jerome,
I forgot to mention inprevius post thatI did not have a imrsdk.ini file, but now I have one I copied from abin DTK directory.
In this file the parameter is : Storage_Enabled=0 but I have a question, What does this parameter do?
By other hand, Is it possible to handle the certificate authentication process?
Thanks a lot,
Javier Andrs Cceres Alvis

jacace
Black Belt
187 Views

Hello Jerome,
I have more feedback:
I did a test with bad results; I manually change the RedirectorWrapper IP parameter to Machine FQDN to be the same as certificate CN but I got the same error (RedirectorWrapper.IMRResult.IMR_RES_SOCKET_ERROR), so I do not think this is the reason.
Thanks a lot,
Javier Andrs Cceres Alvis
jacace
Black Belt
187 Views


Hello there,
I'm still getting the error. Any help is welcome
=)
Javier Andrs Cceres Alvis
Gael_H_Intel
Moderator
187 Views

Hi Javier,

Can you also verify that the listener is active? I think you can use the Redirection samplein the bin directory to look at the current redirection settings.

Also, so that we can help you better could you send over your FW version, DTK code version, SDK version (5?)

Thanks

jacace
Black Belt
187 Views

Hi Javier,

Can you also verify that the listener is active? I think you can use the Redirection samplein the bin directory to look at the current redirection settings.

Also, so that we can help you better could you send over your FW version, DTK code version, SDK version (5?)

Thanks

Hi Gael,

I verified listener is active.

I'm trying to use the RemoteControl.exe in many ways but I think I'm doing something wrong, can you pleasecheck this sintax:

RedirectionConfig.exe -g -user admin -pass PB4e

187 Views

Hi Gael,

I verified listener is active.

I'm trying to use the RemoteControl.exe in many ways but I think I'm doing something wrong, can you pleasecheck this sintax:

RedirectionConfig.exe -g -user admin -pass PB4e

Andrew_S_Intel2
Employee
187 Views

Javier,
For the two examples you gave, I'm pretty sure the error on the second is due to not having the name and password.
But for the first, if you used:
RedirectionConfig.exe -g -user admin -pass PB4e
jacace
Black Belt
187 Views

Javier,
For the two examples you gave, I'm pretty sure the error on the second is due to not having the name and password.
But for the first, if you used:
RedirectionConfig.exe -g -user admin -pass PB4e
187 Views

Hi,
Coming back to my previous question - have you tried sdk 5.0?
Thanks,
Sree

jacace
Black Belt
187 Views

Hi,
Coming back to my previous question - have you tried sdk 5.0?
Thanks,
Sree

Hello Sree,

I updated to SDK 5.0 but I'm still getting the same Exception.

Thanks,

Javier Andrs Cceres Alvis

RBens2
Valued Contributor I
187 Views

Hi Javier,

You can't use an IP address with TLS. The TLS needs to use the certificate for authentication, but the IP address doesn't match the name on the cert, so the connection fails. To use TLS you have to use an FQDN, that way the lookup on the cert will match the name on the request.

Regards,

Roger

jacace
Black Belt
187 Views

Quoting - rogerb

Hi Javier,

You can't use an IP address with TLS. The TLS needs to use the certificate for authentication, but the IP address doesn't match the name on the cert, so the connection fails. To use TLS you have to use an FQDN, that way the lookup on the cert will match the name on the request.

Regards,

Roger

Hello Roger,

I switch to:

RedirectionConfig.exe -g -user admin -pass >i;U3Ho$ http://LINTVPRO-PC.AMT.LOCAL:16993/RedirectionService

And I can see something like a log file in the bin directory with this text:

Calling function GetRedirectionListenerState...
Error: failed while calling GetRedirectionListenerState
SOAP failure: error code = 25

Thanks a lot,

Javier Andrs

jacace
Black Belt
187 Views

Hi there,
Any help?
Thanks a lot,
Javier Andrs Cceres Alvis

RBens2
Valued Contributor I
187 Views

Hi Javier,

As was said earlier, the protocol type and the port number have to match: http with 16992, and https with 16993. In your code, you show http with 16993, this will not work. Please try the code again with the corrrect protocol type.

Regards,

Roger

jacace
Black Belt
187 Views

Quoting - rogerb

Hi Javier,

As was said earlier, the protocol type and the port number have to match: http with 16992, and https with 16993. In your code, you show http with 16993, this will not work. Please try the code again with the corrrect protocol type.

Regards,

Roger

Hello Roger,

It was a typing mistake, I have tried with HTTPS with the same results.

Thanks a lot,

Javier Andrs Cceres Alvis

Andrew_S_Intel2
Employee
187 Views

Hello Roger,

It was a typing mistake, I have tried with HTTPS with the same results.

Thanks a lot,

Javier Andrs Cceres Alvis

I think the issue hereand the issue you raised in the other thread you started today (the SCS mutual authentication error) are both related to a certificate issue that's keeping the SDK example code or your code from being able to connect to the AMT system correctly. I'm looking more into how to try to resolve this, since setting up the certificates can be somewhat involved, especially in the mutual authentication case.

Andy

jacace
Black Belt
187 Views

I think the issue hereand the issue you raised in the other thread you started today (the SCS mutual authentication error) are both related to a certificate issue that's keeping the SDK example code or your code from being able to connect to the AMT system correctly. I'm looking more into how to try to resolve this, since setting up the certificates can be somewhat involved, especially in the mutual authentication case.

Andy

Hello Andy,


Me too. I think both errors are related.
The certificate creation process is simple: my server is running Windows 2003 with the certificate authority services.
This authority issues all certificates in my enviroment (I mean, the ones used by the IIS, by SCS and by my Windows client application).
I googled it but the reasons why this error happens are verified or do not apply to my scenario (for example, this also happens when the client application is web and then the problem is about file permissions).

I have tried to connect to AMT machine with the DTK utilities but they raise the same exception.

Thanks a lot Andy,

Javier Andrs Cceres alvis

jacace
Black Belt
122 Views

I think the issue hereand the issue you raised in the other thread you started today (the SCS mutual authentication error) are both related to a certificate issue that's keeping the SDK example code or your code from being able to connect to the AMT system correctly. I'm looking more into how to try to resolve this, since setting up the certificates can be somewhat involved, especially in the mutual authentication case.

Andy

Hello Andy,


Me too. I think both errors are related.
The certificate creation process is simple: my server is running Windows 2003 with the certificate authority services.
This authority issues all certificates in my enviroment (I mean, the ones used by the IIS, by SCS and by my Windows client application).
I googled it but the reasons why this error happens are verified or do not apply to my scenario (for example, this also happens when the client application is web and then the problem is about file permissions).

I have tried to connect to AMT machine with the DTK utilities but they raise the same exception.

Thanks a lot Andy,

Javier Andrs Cceres alvis

Hello Andy,

Ihave been trying many things and I give up.

This thread and the one related to mutual authentication are my current issues.

Thanks a lot,

Javier Andrs Cceres Alvis

Reply