Hi Suneesh, thanks for your fast reply.

• Which DNS is being used -> These PCs are in the second domain (in this example correct.domain.com) and have two DNS records configured, one for the first domain and another for the second domain, which is the correct one. It's the standard configuration for all our PCs, included those which are not managed by vPRO. We don't have these duplicate dns records when we ping them.
• Are you using Intel EMA to manage these devices -> Yes, we use Intel EMA Agent.
• Are the devices provisioned in Admin Control Mode (ACM) or Client Control Mode (CCM) -> Admin Control Mode
  
  
  

Thanks.

Here's some screenshots so you can understand better the problem:

- When we try to ping a device managed by vPRO without specify the domain extension, we get a response from a DNS record which is from the other domain:

This is the wrong DNS record. When we try to ping the same hostname but with the domain extension, we get the correct response with the right DNS record:

Let's move on the VPRO console, we can check from the device page the wrong Network Settings. As you can see here from the screenshot, it is set to get a dynamic IP, but that's wrong. The Vpro shold get the IP set on the PC and update on the console, not set it into DHCP.

This setting is wrong, it should have the same IP configured on the PC. And if you look the General tab of the device you can notice that something is wrong:

Then, let's try to ping a device that is in the same domain but not managed by vPRO:

As you can see here, we get the correct DNS from the domain NEG, where these example devices are all into.

If you need other screenshots or informations, just let me know.


Thanks.

Hi Suneesh,

thanks for all of your information. I checked the AMTProfile that we have on the EMA Console and as you can see from this screenshot, the IP Address is set to DHCP and not static IP from host.

If we change this setting to static, does it works immediately and or/ requires a reboot?  Can this operation temporarily compromise client reachability on the network?

Thanks.

Hi Suneesh,
thank you.
Since these PCs are in our stores, we would not want to compromise their network accessibility by making modifications that could impact them from this perspective. Could you confirm that there is no client-side impact?

Thank you.

Hi NoName2,

Any changes in the Intel AMT profile on Intel EMA server will trigger an AMT re-configuration of all endpoints using that Intel AMT profile. Since you are changing the Intel AMT network settings, it should not have any impact to the PC operation at the OS level. However, if you are concerned, you can create a new Intel AMT profile using static IP address but keeping other AMT settings as before, and a new endpoint group with the same settings but using the new Intel AMT profile. You can then migrate a PC to this new endpoint group to check if the new Intel AMT profile is working fine. To migrate the PC to the new endpoint group, you just need to download the new set of Intel EMA agent files, install them on the PC, and wait for Intel AMT to be re-configured with the new Intel AMT profile. If you are using random passwords for Intel AMT Administrator and MEBx, a safer way is to unprovision AMT on the PC immediately before installing the new agent files. (This is to safe guard any error in the migration process that prevents you from retrieving the passwords in future.)

Once you are satisfy with the result, you can make the change in the original Intel AMT profile and let the all PCs in the corresponding endpoint groups to re-configure automatically to the new Intel AMT settings.

Regards,
Jimmy Wai

Technical Sales Specialist, Intel

Hi Jimmy and Suneesh,

thank you both for all of your suggestions and explainations. We'll make some test the next week changing the settings in the AMT Profile and we'll let you know.

Thanks.