- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One of the engineers on my team wants to be able to connect to an Intel EMA provisioned machine via IP address, i.e. 10.132.12.3:16992 like when we configured the machine via Client Control mode in the past.
Is this possible? I have/had tested and it doesn't work.
Is the only way you can connect to an AMT provisioned machine (via ema agent) via the ema web console?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jools86,
Thank you so much for contacting Intel customer support,
To provide you with the necessary assistance please provide the following information:
1-What EMA version are you currently using in your deployment?
2-How many endpoints your deployment currently has?
3-Are you trying to access the endpoint while using http or https?
4-What port are you trying when attempting to connect to the endpoint via its IP?
5-Please provide the following report from one of the endpoints you have tried to connect to via their IP.
Intel® EMA configuration tool
Installation:
Double-click the .msi file and follow the prompts.
Run:
a- Open a command prompt as administrator.
b- Navigate to the installation folder (default C:\Program Files (x86)\Intel\EMAConfigTool).
c- Run the command: EMAConfigTool.exe -filename XXXX --verbose
Best regards,
Victor G.
Intel Technical Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1-What EMA version are you currently using in your deployment?
1.10.1
2-How many endpoints your deployment currently has?
600
3-Are you trying to access the endpoint while using http or https?
Both, neither work
4-What port are you trying when attempting to connect to the endpoint via its IP?
16992/16993
Results of EMAConfigTool (replace DNS name and PC name for Data Protection)
Intel EMA Configuration Tool *** Host Computer Information *** *** ME Information *** *** ME Capabilities *** *** CIRA Information *** *** ME Wired Network Information *** *** ME Wireless Network Information *** *** Last AMT Provisioning Attempt Details *** |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jools86,
Thank you so much for your response.
To continue with our investigation we will need the following information:
1-Can you confirm whether or not the endpoint used for this test is fully updated (OS, drivers, and BIOS)?
2-You mentioned that this used to work when you had the machine configured in CCM, can you please confirm if that time happened before doing any recent updates or any changes to either the machine or the EMA server?
Best regards,
Victor G.
Intel Technical Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Machine fully updated, OS, Drivers and Hotfixes to May 23.
We could connect to a Client Control mode configured machine via IP address, i.e. 10.192.163.4:16992.
But since EMA, we can only connect to AMT via the ema console.
Is it possible to connect to a machine directly outside of ema console?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jools86,
Thank you so much for your response.
Have you tried re-provisioning an endpoint into CCM to see if it is reachable via its IP? Or in case you have some endpoints in CCM in your deployment already, would you be able to grab one of those and try to access them via IP?
Best regards,
Victor G.
Intel Technical Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We can access machines in CCM via IP address in our estate via: http://10.123.23.22:16992 or by using Mesh Commander.
Our only issue is how do we connect to an AMT chip that is configured as ACM via EMA.
Do you know if this is possible?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jools86,
Thank you for posting on the Intel® communities.
Please let me review this information internally, and kindly wait for an update.
Once we have more information to share, we will post it on this thread.
Regards,
Victor G.
Intel Technical Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jools86,
Thank you so much for your response.
After further investigation from our end, we have determined that this behavior is expected. You can see more information on it on the link below:
https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-admin-and-usage-guide.pdf (page 5 section 1.2.6 intel AMT CIRA that states the CIRA creates an encrypted tunnel and additional TLS is not needed)
Best regards,
Victor G.
Intel Technical Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot Victor.
For anyone else with the same issue:
- My question was, Can I connect via IP to an EMA provisioned machine's AMT chip?
The Answer is NO.
To confirm EMA provisioned AMT chip can only be connected via EMA console via CIRA or TLS relay.
You cannot connect directly via IP, like you may have done in the past.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The following AMT profile configuration (Enter your companies domain suffixes below), will get IP working:
However only 16992 works properly, mixed results with 16993 (Browser and Mesh Commander work - TLS untrusted), IMC fails:
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page