I had Remote KVM working great through the MDTK. I documented the setup here. I don't use it often and recently discovered that UltraVNC gives me the message "Connection failed - End of Stream" no matter which machine I try to control.
- Running MDTK 1.35. (The latest version listed at http://www.meshcommander.com/open-manageability is 1.34, but when you install it, it says it is 1.35.) Also tried 1.31 with the same results.
- Remote test machines are running AMT 9.0.2 or 9.1.0.
- Security is set up as described in the first link above. Remote Desktop is "Enabled using redirection port."
- I get the connection to the remote with no problem. I can see all the Hardware Asset info, Event Log, etc. I can even see in the Audit Log that I had a successful KVM session in April 2016.
- When I click on "Launch Viewer," the connection fails with the "End of Stream" message.
- When I click on "Take Control, I get "Unable to connect to serial-over-lan port (IMR_RES_TIMEOUT) before the black window opens. It shows "TLS Secured, Serial-over-LAN - Disconnected."
This happens on multiple machines at different sites, whether connecting over the Internet or through a site-to-site VPN.
What could cause the remote control functions to stop working?
The first thing I would check is the KVM Settings and the path to the KVM viewer.
The KVM settings can be found on the Remote Control Tab, all the settings in the "Remote Control" Section should all show enabled, as well as the label for "Remote Desktop Settings".
By default Mesh Commander doesn't have a integrated viewer, but has the option to name a viewer and where it is installed, So the path to the KVM application can be inspected by selecting the down arrow on the remote Control Tab for Remote Desktop Viewer. If that path and viewer is correct, I would try manually launching the viewer, instead of directly through Mesh Commander.
Thanks for your reply. The UNCViewer,exe is there and registered.
The error message is coming from the viewer:
I'm relying on the MDTK to establish the connection via the redirection port. As you can see, the viewer connects to 127.0.0.1 on a random port. I'm not aware of how to run the viewer over the redirection port without the MDTK (the paid version of RealVNC may have that option).
Hi. I have not been on the forums for a while. First off, the MDTK is getting old and being replaced with Mesh Commander. You can find it at http://meshcommander.com. It has a built-in KVM viewer that I wrote completely from the ground up and works with the redirection port. So, you don't need to activate port 5900 or setup a different password. It also supports Intel AMT tile compression, etc. Basically, it's a KVM viewer that is built from the ground up for Intel AMT. As an added bonus, I just released Mesh Commander 0.2.4 about an hour ago with IDER support and improved KVM full screen mode. Let me know if that works for you.
As for the MDTK, I am slowly going to try to get rid of it if possible. It seems to be calling UltraVNC incorrectly, but I would have to check.
So I installed Mesh Commander 0.2.4. Pretty slick tool! When I tried to use Remote Desktop on one of the machines, I got this message:
I checked the "KVM Remote Desktop" option and was in fact able to control the remote machine again.
Then I disconnected from Mesh and went back to the MDTK. I still could not get in to KVM with Launch Viewer.
Seems strange that this used to work in MDTK, then stopped. I don't see an option in MDTK to enable KVM Remote Desktop beyond what I've already done (State = Enabled).
A little Mesh feedback:
In any case, thanks for an option that restores KVM functionality!
You should be able to establish a connection to the older devices for most things, however a KVM connection will not be available.
Intel AMT KVM started with AMT 6.0, for these older systems (Pre AMT 6) you will need to make a SOL connection, which is a non graphical connection similar to telnet.
Yes I know there's no KVM to old machines; mostly I would just be doing power up/down on old machines.
Connections to older machines work fine from MDTK but in Mesh Commander, it just hangs on "Loading..."
I believe that the Mesh Commander tool is written for wsman only as using SOAP was deprecated as of AMT 9.
Using the MDTK, make the connection and then go to the Management Engine Tab. There will be a value for the Interaction type, what is that value?
If the value is SOAP, Switch it so that wsman can also be used.
Let me know what you find
The old 5.2.x machines all show "EIO (SOAP) + WS-MAN". SOAP only is not an option. I changed them to WS-MAN only but Mesh Commander still gets stuck "Loading...". Eventually it shows a Timeout Error.
The issue has been reported to the Mesh team for review, so an update should occur soon.
In the mean time, you can try an uninstall of the App, just make sure to export your computer list first. Then install 0.2.8.
Let me know your results
I uninstalled 0.2.5, then downloaded and installed 0.2.9.
I am now able to connect to machines running Management Engine 5.2.0 and 5.2.40. Even if I specify "Digest/TLS", it is able to connect to a machine that does not support TLS.
MDTK says it can establish a Serial-over-LAN connection to the old machines. Mesh says it cannot. However, Mesh shows more stuff on the Status page, in particular Power options, which is pretty much the only reason I ever used the "Take Control" button on MDTK.
1. Mesh should suppress or gray out Power Actions based on teh current Power state, e.g. Power up when it is already on doesn't make sense and is potentially confusing.
2. Mesh needs a way to generate and install TLS certificates on machines that support them. I'll keep MDTK around for that for now.
3. I miss the ability to manage multiple connections at once.
4. Would it be possible to code-sign installers? It's a bit nerve-wracking to install unsigned code especially when it supposedly originates at Intel.
Thanks for your help on this. I think we can consider the original issue closed.
On 08/09/2016 you stated "I miss the ability to manage multiple connections at once." in regards to Mesh Commander functionality. The developers heard about your request and as of Mesh Commander version 0.2.9 that feature is now available!
To use this feature simply hold down the the shift key and select connect. This will open a new Mesh Commander window and connect to the selected computer.
I'm not sure I understand how to get that to work. In 0.2.9, if f I hold Shift while connecting, the screen just changes to the management UI for the machine. There is no popup or second window. Also I'd prefer not to have a bunch of windows. Maybe to keep with the new look-and-feel, they could use tabs like a browser: put the computer list on a permanent first tab and then open each new connection in a new tab.
Hi Mark. I often update MeshCommander without changing the version number (Sometimes a few times a day), so I added the "shift" with the standalone executable (.exe) version of MeshCommander on v0.2.9 a few days back. If it does not work, re-download and install the latest v0.2.9 and try again. Holding shift while hitting the "Connect" button on a machine should open a new window.
If you are running MeshCommander within IIS or NodeJS web servers, I did not do the shift key yet, but I am thinking I can open a new browser tab and do kinda the same thing.
Hope it helps,
Thanks, the newer version of 0.2.9 does open a new window if I press Shift before clicking on Connect. Unfortunately, the master window disappears by default--I often won't know that I want to see machine 2 until I am already connected to machine 1. Also, as mentioned, I don't really want a bunch of windows on the screen. Besides the MDTK, mRemoteNG is a nice example of a free app for managing connections to multiple computers (via RDP) in a single window.
Would it be too much trouble to use different version numbers for different program versions? It's frustrating and confusing to hear "this feature is in 0.2.9" but find out later that there are multiple editions of version 0.2.9. Maybe add a build number if you don't want to bump the version? And code signing, please! I used https://cheapsslsecurity.com/ to buy my cert for about $75/year. It takes some work to add it to the build process but after that, it's automatic. I know this is free/beta/demo software but it has the potential to be a powerful sysadmin tool--and to drive sales. (I for one always look for vPro/AMT when buying machines.) I hope Intel will increase its support of your project.