- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone,
I'm an IT Administrator that manages almost 300 devices via VPRO console. We have two different domains in AD, trusted each other. We noticed something strange, while these managed devices are in a secondary domain (es. correct.domain.com) , if we try to ping them without the domain extension where they are (es. W10TEST01.correct.domain.com) we get a DNS record on the other domain (es. W10TEST01.wrong.domain.com).
We made some tests and it seems related to the Vpro because if we go to the device page of a managed PC, we can see that it is on DHCP mode but they have a static IP assigned (for obvious reasons). So, we need to change these IP massively and remotely( if possible) from the vPRO console.
So, how can I perform this action? Is it necessary to modify the IP manually from console?
Eventually, which are the needed Powershell modules?
Thanks in advance.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello NoName2,
Good day.
Please provide the following details:
- Which DNS is being used
- Are you using Intel EMA to manage these devices
- Are the devices provisioned in Admin Control Mode (ACM) or Client Control Mode (CCM)
Looking forward to your response.
Regards,
Suneesh_intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suneesh, thanks for your fast reply.
- Which DNS is being used -> These PCs are in the second domain (in this example correct.domain.com) and have two DNS records configured, one for the first domain and another for the second domain, which is the correct one. It's the standard configuration for all our PCs, included those which are not managed by vPRO. We don't have these duplicate dns records when we ping them.
- Are you using Intel EMA to manage these devices -> Yes, we use Intel EMA Agent.
- Are the devices provisioned in Admin Control Mode (ACM) or Client Control Mode (CCM) -> Admin Control Mode
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here's some screenshots so you can understand better the problem:
- When we try to ping a device managed by vPRO without specify the domain extension, we get a response from a DNS record which is from the other domain:
This is the wrong DNS record. When we try to ping the same hostname but with the domain extension, we get the correct response with the right DNS record:
Let's move on the VPRO console, we can check from the device page the wrong Network Settings. As you can see here from the screenshot, it is set to get a dynamic IP, but that's wrong. The Vpro shold get the IP set on the PC and update on the console, not set it into DHCP.
This setting is wrong, it should have the same IP configured on the PC. And if you look the General tab of the device you can notice that something is wrong:
Then, let's try to ping a device that is in the same domain but not managed by vPRO:
As you can see here, we get the correct DNS from the domain NEG, where these example devices are all into.
If you need other screenshots or informations, just let me know.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello NoName2,
Good day.
We see that there are issues with the trusted AD domain where the complex domain support would be addressed in the next release of EMA (1.14.2.0) or we can have a workaround by only supporting a single domain.
And the AMT does not seem to be reflecting the static IP address that it is being assigned. So please confirm if you have set the static option in the AMT profile of intel EMA console. Also please share the screenshot of the AMT profile under IP address tab.
Regards,
Suneesh_intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suneesh,
thanks for all of your information. I checked the AMTProfile that we have on the EMA Console and as you can see from this screenshot, the IP Address is set to DHCP and not static IP from host.
If we change this setting to static, does it works immediately and or/ requires a reboot? Can this operation temporarily compromise client reachability on the network?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello NoName2,
Good day.
Please set or enable the static IP in the IP settings shown in the screenshot. Once the changes are made, we should be able to notice the difference else you may restart and then share your observations.
Regards,
Suneesh_Intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suneesh,
thank you.
Since these PCs are in our stores, we would not want to compromise their network accessibility by making modifications that could impact them from this perspective. Could you confirm that there is no client-side impact?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi NoName2,
Any changes in the Intel AMT profile on Intel EMA server will trigger an AMT re-configuration of all endpoints using that Intel AMT profile. Since you are changing the Intel AMT network settings, it should not have any impact to the PC operation at the OS level. However, if you are concerned, you can create a new Intel AMT profile using static IP address but keeping other AMT settings as before, and a new endpoint group with the same settings but using the new Intel AMT profile. You can then migrate a PC to this new endpoint group to check if the new Intel AMT profile is working fine. To migrate the PC to the new endpoint group, you just need to download the new set of Intel EMA agent files, install them on the PC, and wait for Intel AMT to be re-configured with the new Intel AMT profile. If you are using random passwords for Intel AMT Administrator and MEBx, a safer way is to unprovision AMT on the PC immediately before installing the new agent files. (This is to safe guard any error in the migration process that prevents you from retrieving the passwords in future.)
Once you are satisfy with the result, you can make the change in the original Intel AMT profile and let the all PCs in the corresponding endpoint groups to re-configure automatically to the new Intel AMT settings.
Regards,
Jimmy Wai
Technical Sales Specialist, Intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jimmy and Suneesh,
thank you both for all of your suggestions and explainations. We'll make some test the next week changing the settings in the AMT Profile and we'll let you know.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello NoName2,
Good day.
Regarding your first question about trust AD domains (complex AD forests), this feature is currently in the developer’s backlog and is expected to be released in EMA 1.14.2, the next EMA release. At present, trust AD domains do not work as EMA logic does not read right to left like DNS, but this is being addressed and should be available around March.
For your second question, I checked with my colleagues, and we don’t believe there is a way to set static IP addresses in bulk for endpoints via EMA. However, we are conducting further research. You are on the right track this functionality will likely need to be implemented through a custom PowerShell script using the Intel vPro Module for PowerShell.
Best regards,
Suneesh_intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello NoName2,
Thank you for joining the community.
I am following up on the case. Could you please provide an update?
Best regards,
Vijay N
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello NoName2,
Thank you for joining the community.
I am following up on the case. Could you please provide an update.
Best regards,
Suneesh_intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone,
thanks for your updates. We'll apply this fix following your instruction in the next weeks.
Thanks.

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page