Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2949 Discussions

AMT 0.0.0.0 IP address cannot connect

NMill3
Beginner
6,213 Views

Hello,

I am trying to get Intel vPro AMT configured on my new Windows 10 machine (named COLORADO) which I'll call "the server"

The problem is that I cannot connect to it remotely from a different machine (the client).

I have posted several screenshots/photos in the following gallery:

https://postimg.org/gallery/ot3kli5c https://postimg.org/gallery/ot3kli5c

These are photos of the web interface run on the server, at:

http://colorado:16992/index.htm http://colorado:16992/index.htm

and the MEBX (BIOS extension) accessed with Ctrl-P on boot.

and one of the network configuration in the ACUWizard application.

The web interface, running on the local machine COLORADO in Internet Explorer, is reporting the local IP address as: 0.0.0.0

I don't think this is right?

On a remote machine (even if I turn off the firewall on both computers), I get a web page not found if I try to go to the same URL as above.

Yet on that remote machine, if I run (in a command prompt window):

telnet COLORADO 16992

it does connect, though does not prompt for anything. So there IS something running on port 16992 accessible across the network.

If I run:

PING COLORADO

I get a response from 192.168.1.67

So there is network connectivity to the OS across the network.

VNC client on the client machine cannot connect to the server.

, and the Intel "Manageability Commander Tool" run on the client also tries to connect for a few seconds, then stops trying with no error message.

Both AMT and the local operating system on COLORADO are configured with static IP address: 192.168.1.67

with default gateway and DNS server set to my router: 192.168.1.254

I had tried setting them both to DHCP, with the DHCP server set to 192.168.1.67 as a fixed IP address, but no difference.

The machine is home-built (June 2017) with a SuperMicro X11SSV-Q motherboard (which supports vPro).

It is in a workgroup (not a member of a windows domain).

It is on a wired network (Ethernet) connected to a home broadband router, and I am currently using a Windows 7 client on wireless on the same local network.

The MEBX version is: Intel(R) Management Engine BIOS Extension v11.0.0.0008/Intel(R) ME v11.6.27.3264

In one of the client apps, it said that MEBX was in client mode. Perhaps it needs to be in Admin mode?

(I tried to do this, but it wanted to see a provisioning server or something, and "SCS").

I suspect it got into Client mode when I used ACUWizard on COLORADO to try to configure it, including changing the password for the "Admin" user to a new password.

The purpose for which I need AMT is to allow me to remote power-cycle the machine. Also to be able to use VNC client to access the BIOS on reboot, and see any errors occurring at reboot.

On the server by default there was no installation of the windows service "Intel(R) Management and Security Application Local Management Service".

To install this I had to download an installer from the SuperMicro FTP site, and this installer was quite old (2009), so might be obsolete??

Any ideas?

Thanks

Neil M

Edited (8th July 2017) to add website screenshots and MEBX photos:

MEBX_1:

MEBX_2:

https://s19.postimg.org/jhiq4q3o3/MEBX_2.jpg

MEBX_3:

MEBX_4:

MEBX 5:

MEBX_6:

MEBX_7:

MEBX_8:

MEBX_9:

MEBX_10:

Web Interface 1:

Web Interface 2:

Web Interface 3:

Web Interface 4:

<img alt="Web_Interface_4.jpg" class="image-14 j...

0 Kudos
10 Replies
MichaelA_Intel
Employee
4,695 Views

NeilM9327

Hi Neil M,

Due to security concerns, I am not able to click on the links provided, also, looks like the "colorado" link is directly to your server, which, unless externally facing, I would not be able to connect to anyway. I'd like to request that you post the pics directly into the discussion. This forum has the ability to just copy and paste pics directly into it.

Couple of curious questions based on the information available. You say that the system is in client control mode. Did you provision this client? They do not come provisioned by default.

Secondly, does the system have more than one NIC in it? What is the model of the NIC?

Regards,

Michael

0 Kudos
NMill3
Beginner
4,695 Views

Hi Michael,

Thanks for your reply.

As requested I have added the photos/screenshots directly to the original post.

Yes the colorado link is only accessible from my local network. But I want to get AMT working on my local network before I extend it to run across the internet (I have a domain name that points to the colorado server, with the router NATting the external IP address to the local IP address).

To set up the machine, I first went through the MEBX screens (Ctrl-P to access this on boot), setting the values as you can see in the screenshots.

Next for configuration instructions I googled: "Intel AMT" which took me to:

https://www.intel.co.uk/content/www/uk/en/architecture-and-technology/intel-active-management-technology.html

then clicked the link to:

https://www.intel.co.uk/content/www/uk/en/products/processors/core/core-vpro.html

then:

https://www.intel.co.uk/content/www/uk/en/architecture-and-technology/vpro/vpro-technology-general.html

then:

https://www.intel.co.uk/content/www/uk/en/remote-support/implementation-of-intel-vpro-technology.html

then:

https://www.intel.co.uk/content/www/uk/en/software/setup-configuration-software.html

then:

https://downloadcenter.intel.com/download/26505?_ga=2.96789535.1280009937.1499476818-592807153.1499476699

and then:

https://downloadcenter.intel.com/downloads/eula/26505/Intel-Setup-and-Configuration-Software-Intel-SCS-?httpDown=https://downloadmirror.intel.com/26505/eng/Configurator_download_package_11.1.0.75.zip

to download:

Configurator_download_package_11.1.0.75.zip

I unzipped this and ran:

\ACU_Wizard\ACUWizard.exe

to run the "Intel AMT Configuration Utility"

Here, I ran the "Configure via Windows (no boot required)" option, and ran through the steps (one of the screenshots above is here).

I read somewhere that this puts AMT into the "Client Control Mode", instead of "Admin Control Mode"

Is this what you mean by "Provisioning the system"?

I tried running the wizard again with option "Configure via a USB key" (as I understand this puts it into Admin Control Mode), but this failed with error message: "Failed to validate the system's domain name"

But the machine is not on a windows domain - it is in a windows workgroup, so I had left the "domain name" field empty.

(I tried putting the workgroup name in the domain name field, but this still resulted in the same error).

The machine has only one physical NIC.

There are two adaptors under "Network adaptors" in Device Manager:

Intel(R) Ethernet Connection (2) I219-LM

Intel(R) I210 Gogabit Network Connection

Right-click "Network" in windows explorer, and bring up properties for the Ethernet connection shows that it is a "Intel(R) I210 Gigabit network connection"

, with driver e1r65x64.sys file version 12.15.184.0

Other bits of information:

oem15.inf:5f63e534b566a329:E1533.10.0.1:12.15.184.0:pci\ven_8086&dev_1533&subsys_153315d9

Physical Device Object Name: \Device\NTPNP_PCI0016

I had to install the Local Manageability Service, using an installer provided by SuperMicro (the manufacturer of the motherboard):

ftp://ftp.supermicro.nl/driver/Intel_AMT/

LMS_AMT_ALLOS_5.1.0.1167_PV.exe

Many thanks,

0 Kudos
MichaelA_Intel
Employee
4,695 Views

NeilM9327

Hi Neil,

Thank you for embedding the pics and for all the detail. I just wanted to let you know I've only now gotten a chance to get to the forum posts, so I will take a look at this and respond by tomorrow.

 

Regards,Michael
0 Kudos
NMill3
Beginner
4,695 Views

Thanks Michael.

In fact I was incorrect to say that there was only one network connection. I have just found that there are in fact there are two ethernet ports on the motherboard.

So to simplify the problem, I have disabled one of them in the BIOS.

So now there is only a single item in Control Panel - System - Devices, which is: "Intel(R) I210 Gigabit Network Connection"

Rebooted.

The problem is still present though.

0 Kudos
MichaelA_Intel
Employee
4,695 Views

NeilM9327

Hi Neil,

Again, thank you for all of the information, it really helped out enormously. Looked up the motherboard, SuperMicro X11SSV-Q and confirm that it has two NIC's in it:

Intel(r) I210 Gigabit - Not vPro Enabled (can verify at ark.intel.com http://ark.intel.com/products/series/64399/Intel-Ethernet-Controller-I210-Series# @Intel-Ethernet-Controller-I210-Series Intel® Ethernet Controller I210 Series Product Specifications )

Intel(r) I219 - vPro Enabled (can verify at ark.intel.com http://ark.intel.com/products/82185/Intel-Ethernet-Connection-I219-LM Intel® Ethernet Connection I219-LM Product Specifications )

So it seems that you had the cable plugged into the wrong NIC port.

Please enable the one you disabled in BIOS (that is the vPro enabled one) and then plug the cable into that port. Everything else in your configuration looks correct.

Please let me know the result.

Regards,

Michael

0 Kudos
NMill3
Beginner
4,695 Views

Hi Michael,

Yes that was the problem.

I've swapped over the configuration to the other network card, and it works now.

I have connected to the machine from across the internet, and I can use the "Intel Manageability Commander" application to power-cycle it remotely, which is the main thing I need to do.

Well done!

I have also reconfigurd to use DHCP with reserved-IP address rather than static IP.

Next, with less priority, I want to be able to use the "Remote Access" feature in this application to view the BIOS and each part of the bootup cycle remotely. This works, but only if I can read the 6-digit code from the machine's console before connecting to it.

This is because AMT is configured in "Client" mode.

To remove this requirement I believe I have to reconfigure it to "Admin" mode, and to do this I need to boot the machine with a USB stick that has been configured with a .bin file.

But when I try to prepare the USB stick using the "Intel AMT Configuration Utility" application, with option "Configure/Unconfigure this system", and then "Configure via a USB Key", I get the following error message:

Failed to validate the system's domain name.

If this system is part of an active directory network, enter the domain name before continuing.

But the machine is not on an active directory domain - it is in a workgroup.

Any ideas?

Next I'll try the "Create Settings to configure multiple systems" option to try to create this USB, and see whether that provides a workaround instead.

Thanks, NeilM

0 Kudos
MichaelA_Intel
Employee
4,695 Views

NeilM9327

Hi Neil,

I'm happy to hear that we were able to resolve the initial issue. Now onto the error you are receiving looking for a domain. I know in the web interface the domain is blank but when you created the usb key, was the field blank for domain?

check out the SCS deployment guide here:

https://www.intel.com/content/dam/www/public/us/en/documents/guides/scs-deployment-guide.pdf https://www.intel.com/content/dam/www/public/us/en/documents/guides/scs-deployment-guide.pdf

Section 4.6 - Manual Configuration

 

Regards,Michael
0 Kudos
Dariusz_W_Intel
Employee
4,695 Views

Hi Neil,

You are correct - in order to disable User Consent Code use for Redirection sessions you have to configure Intel AMT into Admin Control Mode through one of possible methods:

  1. Manual configuration via MEBx - this is what you did at first time.
  2. USB Local Configuration - with binary configuration file (setup.bin) on USB Pendrive - there are different tools to create such setup.bin file: ACUWizard (you tried it), ACUconfig.exe tool from Intel SCS package, USBFile.exe from AMT SDK.
  3. Intel AMT Remote Configuration using Intel RCS from Intel SCS SW and Intel AMT Provisioning certificate - over Wired AMT enabled LAN - this one is bit too complex to configure just a single Intel AMT enabled PC.

     

     

    You will need to fully unconfigure Intel AMT first (it is currently configured to Client Control Mode) ex. via MEBx Unconfigure Network Access - and then configure into Admin Control Mode again.

     

     

So if it is just a single PC - use Manual MEBx configuration set AMT host name & domain name to be = OS FQDN - in KVM settings select to not use Consent Code for redirection sessions - User Opt-in =None. You may also like to disable Remote AMT admin option to re-enable Consent Code - Opt-in Configurable ...= Disabled.

 

Bare in mind that MEBx Password is just local, after MEBx or USB Configuration remote AMT Digest Administrator User (admin) password is set in synch to new MEBx password but you can change network password via Web UI (Users > change admin) and it will not change MEBx Password.

USB Local Configuration - ACUWizard "Create Settings to configure multiple systems" will allow you to create setup.bin file but it will not set AMT Host name and Domain name - you will have to add it manually via MEBx or AMT Web UI -bare in mind that your current MEBx Password is already configured so you will have to modify default "Old MEBx Password".

 

Please set new AMT Administrator password very strong - especially if system will be accessible on public IP address.

rgds

Dariusz Wittek

 

Intel EMEA Biz Client Technical Sales Specialist
0 Kudos
NMill3
Beginner
4,695 Views

Thanks Michael & Dariusz.

I'm away from the machine for the next few days. But when I am next in front of it I'll try out these ideas and report back on progress.

Neil M

0 Kudos
NMill3
Beginner
4,695 Views

Happy to report that I have got it all working now.

As Dariusz suggested, I unconfigured Network Access in MEBx, and set it up again. This put it into Admin control mode, and it worked then.

I can now connect to it across the internet, exactly as I need.

I have set up a strong password in the MEBx.

I have also sent an email to SuperMicro, to ask them to update their documentation for their motherboard, to state clearly that AMT can only be configured to use the I219-LM Ethernet card, not the I210-AT card.

Thanks both of you for your help!

Neil M

0 Kudos
Reply