Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2966 Discussions

Change client IP on VPRO Console via Powershell

NoName2
Beginner
813 Views

Hi everyone,
I'm an IT Administrator that manages almost 300 devices via VPRO console. We have two different domains in AD, trusted each other. We noticed something strange, while these managed devices are in a secondary domain (es. correct.domain.com) , if we try to ping them without the domain extension where they are (es. W10TEST01.correct.domain.com) we get a DNS record on the other domain (es. W10TEST01.wrong.domain.com).
We made some tests and it seems related to the Vpro because if we go to the device page of a managed PC, we can see that it is on DHCP mode but they have a static IP assigned (for obvious reasons). So, we need to change these IP massively and remotely( if possible) from the vPRO console.
So, how can I perform this action? Is it necessary to modify the IP manually from console?
Eventually, which are the needed Powershell modules?


Thanks in advance.

0 Kudos
14 Replies
Suneesh
Employee
760 Views

.

0 Kudos
Suneesh
Employee
758 Views

Hello NoName2,

 

Good day.

 

Please provide the following details:

 

  • Which DNS is being used
  • Are you using Intel EMA to manage these devices
  • Are the devices provisioned in Admin Control Mode (ACM) or Client Control Mode (CCM)

 

Looking forward to your response.

 

Regards,

Suneesh_intel

 

0 Kudos
NoName2
Beginner
727 Views

Hi Suneesh, thanks for your fast reply.

  • Which DNS is being used -> These PCs are in the second domain (in this example correct.domain.com) and have two DNS records configured, one for the first domain and another for the second domain, which is the correct one. It's the standard configuration for all our PCs, included those which are not managed by vPRO. We don't have these duplicate dns records when we ping them.
  • Are you using Intel EMA to manage these devices -> Yes, we use Intel EMA Agent.
  • Are the devices provisioned in Admin Control Mode (ACM) or Client Control Mode (CCM) -> Admin Control Mode


Thanks.

 

0 Kudos
NoName2
Beginner
712 Views

Here's some screenshots so you can understand better the problem:

- When we try to ping a device managed by vPRO without specify the domain extension, we get a response from a DNS record which is from the other domain:

 

NoName2_0-1738139786627.png


This is the wrong DNS record. When we try to ping the same hostname but with the domain extension, we get the correct response with the right DNS record:

NoName2_1-1738139851814.png

Let's move on the VPRO console, we can check from the device page the wrong Network Settings. As you can see here from the screenshot, it is set to get a dynamic IP, but that's wrong. The Vpro shold get the IP set on the PC and update on the console, not set it into DHCP.

NoName2_3-1738140107506.png

This setting is wrong, it should have the same IP configured on the PC. And if you look the General tab of the device you can notice that something is wrong:

 

NoName2_4-1738140444325.png

 

 

Then, let's try to ping a device that is in the same domain but not managed by vPRO:

NoName2_2-1738139890933.png


As you can see here, we get the correct DNS from the domain NEG, where these example devices are all into.

If you need other screenshots or informations, just let me know.


Thanks.

0 Kudos
Suneesh
Employee
654 Views

Hello NoName2,

 

Good day.

 

We see that there are issues with the trusted AD domain where the complex domain support would be addressed in the next release of EMA (1.14.2.0) or we can have a workaround by only supporting a single domain.

 

And the AMT does not seem to be reflecting the static IP address that it is being assigned. So please confirm if you have set the static option in the AMT profile of intel EMA console. Also please share the screenshot of the AMT profile under IP address tab.

 

Regards,

Suneesh_intel

 

0 Kudos
NoName2
Beginner
633 Views

Hi Suneesh,

thanks for all of your information. I checked the AMTProfile that we have on the EMA Console and as you can see from this screenshot, the IP Address is set to DHCP and not static IP from host.

NoName2_0-1738308882218.png


If we change this setting to static, does it works immediately and or/ requires a reboot?  Can this operation temporarily compromise client reachability on the network?

Thanks.

0 Kudos
Suneesh
Employee
609 Views

Hello NoName2,

 

Good day.

 

Please set or enable the static IP in the IP settings shown in the screenshot. Once the changes are made, we should be able to notice the difference else you may restart and then share your observations.

 

Regards,

Suneesh_Intel

 

0 Kudos
NoName2
Beginner
518 Views

Hi Suneesh,
thank you.
Since these PCs are in our stores, we would not want to compromise their network accessibility by making modifications that could impact them from this perspective. Could you confirm that there is no client-side impact?


Thank you.

0 Kudos
Jimmy_Wai_Intel
Employee
440 Views

Hi NoName2,

Any changes in the Intel AMT profile on Intel EMA server will trigger an AMT re-configuration of all endpoints using that Intel AMT profile. Since you are changing the Intel AMT network settings, it should not have any impact to the PC operation at the OS level. However, if you are concerned, you can create a new Intel AMT profile using static IP address but keeping other AMT settings as before, and a new endpoint group with the same settings but using the new Intel AMT profile. You can then migrate a PC to this new endpoint group to check if the new Intel AMT profile is working fine. To migrate the PC to the new endpoint group, you just need to download the new set of Intel EMA agent files, install them on the PC, and wait for Intel AMT to be re-configured with the new Intel AMT profile. If you are using random passwords for Intel AMT Administrator and MEBx, a safer way is to unprovision AMT on the PC immediately before installing the new agent files. (This is to safe guard any error in the migration process that prevents you from retrieving the passwords in future.)

Once you are satisfy with the result, you can make the change in the original Intel AMT profile and let the all PCs in the corresponding endpoint groups to re-configure automatically to the new Intel AMT settings.

 

Regards,
Jimmy Wai

Technical Sales Specialist, Intel

0 Kudos
NoName2
Beginner
366 Views

Hi Jimmy and Suneesh,

thank you both for all of your suggestions and explainations. We'll make some test the next week changing the settings in the AMT Profile and we'll let you know.

Thanks.

0 Kudos
Suneesh
Employee
464 Views

Hello NoName2,

 

Good day.

 

Regarding your first question about trust AD domains (complex AD forests), this feature is currently in the developer’s backlog and is expected to be released in EMA 1.14.2, the next EMA release. At present, trust AD domains do not work as EMA logic does not read right to left like DNS, but this is being addressed and should be available around March.

 

For your second question, I checked with my colleagues, and we don’t believe there is a way to set static IP addresses in bulk for endpoints via EMA. However, we are conducting further research. You are on the right track this functionality will likely need to be implemented through a custom PowerShell script using the Intel vPro Module for PowerShell.

 

Best regards,

Suneesh_intel

 

0 Kudos
vij1
Employee
106 Views

Hello NoName2,


Thank you for joining the community.


I am following up on the case. Could you please provide an update?


Best regards,

Vijay N

Intel Customer Support


0 Kudos
Suneesh
Employee
37 Views

Hello NoName2,


Thank you for joining the community.


I am following up on the case. Could you please provide an update.


Best regards,

Suneesh_intel


0 Kudos
NoName2
Beginner
13 Views

Hi everyone,

thanks for your updates. We'll apply this fix following your instruction in the next weeks.


Thanks.

0 Kudos
Reply