Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
3049 Discussions

EMA_API_RemoveEndpoint (403) Forbidden

KevSchu
Beginner
‎09-25-2025 01:11 PM
125 Views

I had this working before, however recently, I can no longer use this API script to remove devices in masse from Intel EMA platform.

 

Retrieving Endpoint ID for Hostname: ComputerName
Invoke-RestMethod : The remote server returned an error: (403) Forbidden.
At line:7 char:18
+ ... endpoints = Invoke-RestMethod -Uri "$emaServerURL/api/$emaAPIVersion/ ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

 

I was on 1.14.3, updated to 1.14.4, have tried several accounts with admin access.  I tried from the App server itself as well.  Everything results in the above error. 

0 Kudos

Link Copied

2 Replies
vij1
Employee
‎09-25-2025 04:30 PM
97 Views

Hi KevSchu,


Greetings!


To help us investigate the issue you're facing with the Intel EMA API, could you please provide the following information:


1.     Script Details: Kindly share the full script being used, including the specific API name or endpoint being called.

2.     Network Environment: Have there been any recent changes to your network setup, such as updates to firewall rules, proxy configurations, or server access policies?

3.     API Permissions: Have there been any modifications to the API roles or permissions assigned to the account(s) being used for these operations?


Looking forward to your response.


Best regards,

Vijay N.

Intel Customer Support

 

 


0 Kudos
Copy link
KevSchu
Beginner
‎09-26-2025 07:26 AM
59 Views

1. script snippet EMA_API-RemoveEndpoint.ps1

<#

This snippet removes an Intel EMA Endpoint from Intel EMA. This snippet should be run on the 
endpoint that intended to be removed, as Intel EMA agent uninstallation is executed locally.

The snippet unprovisions Intel AMT by calling the REST API on the Intel EMA server.  Then it 
uninstalls the Intel EMA agent on the local system on which the script is run.  It calls the REST 
API again to have Intel EMA stop managing the endpoint.

See Javascript examples for a similar snippet that uninstalls the Intel EMA agent remotely.

###################################################################################################

Copyright 2024 Intel Corporation.

This software and the related documents are Intel copyrighted materials, and your use of them is 
governed by the express license under which they were provided to you ("License"). Unless the 
License provides otherwise, you may not use, modify, copy, publish, distribute, disclose or 
transmit this software or the related documents without Intel's prior written permission.

This software and the related documents are provided as is, with no express or implied warranties, 
other than those that are expressly stated in the License.

#>

$emaServerURL      = "https://Server.domain.com"
$emaAPIVersion     = "latest" # 'latest' API version supported by EMA 1.4.0 and beyond
$hostname          = Get-Content c:\temp\input.txt
$localEMAAgentPath = #"C:\Program Files\Intel\EMA Agent\EMAAgent.exe" # default install path of Intel EMA agent
$getMEBXPassword   = $FALSE # attempt to retrieve MEBX password if it was randomized by EMA before removing endpoint from EMA
$useADAuth         = $True
$emaUsername       = "<>"
$emaPassword       = "<>"

Write-Host "Target Intel(R) EMA Server = $emaServerURL"

# Get authentication token ########################################################################

if($useADAuth) {
    if ($emaUsername -and $emaPassword) {
        # Retrieve token using provided AD username and password
        $emaPasswordSecure = ConvertTo-SecureString $emaPassword -AsPlainText -Force
        $psCreds = New-Object System.Management.Automation.PSCredential -ArgumentList $emaUsername, $emaPasswordSecure
        $creds = @{upn = $emaUsername; password = $psCreds.GetNetworkCredential().Password }
        $token = Invoke-RestMethod -Uri "$emaServerURL/api/$emaAPIVersion/accessTokens/getUsingWindowsCredentials" -Method Post -Body $creds        
    } else { 
        # Retrieve token using AD credentials of user running this script
        $token = Invoke-RestMethod -Uri "$emaServerURL/api/$emaAPIVersion/accessTokens/getUsingWindowsCredentials" -Method Get -UseDefaultCredentials
    }
}else {
    # Use normal username/password to get token
    $emaPasswordSecure = ConvertTo-SecureString $emaPassword -AsPlainText -Force
    $psCreds = New-Object System.Management.Automation.PSCredential -ArgumentList $emaUsername, $emaPasswordSecure
    $creds = @{username = $emaUsername; password = $psCreds.GetNetworkCredential().Password; grant_type = "password" }
    $token = Invoke-RestMethod -Uri "$emaServerURL/api/token" -Method Post -Body $creds
}

if($token) {
    Write-Host "Received authentication token."
}else {
    Write-Host "Error retrieving authentication token."
    return
}

$headers = @{ }
$headers.Add("Authorization", "$($token.token_type) $($token.access_token)")



#Start removing records from EMA server
$hostname | Foreach-object {
    # Get endpoint ID using hostname ##################################################################

    Write-Host("Retrieving Endpoint ID for Hostname: " + $_)

    $endpoints = $NULL
    $endpoints = Invoke-RestMethod -Uri "$emaServerURL/api/$emaAPIVersion/endpoints?computerName=$_" -Method Get -Headers $headers

    if ($endpoints.count -eq 0) {
        #Write-Host("Unable to find Endpoint ID for hostname: $_")
        return
    } elseif ($endpoints.count -eq 1) {
        # Return first (and only) endpoint ID in array
        Write-Host("EndpointID for $_ is $($endpoints[0].EndpointId)")
        $emaEndpointID = $endpoints[0].EndpointId

        # Stop managing endpoint on Intel EMA server ######################################################
        Write-Host "Stop managing endpoint on Intel EMA server: $emaEndpointID..."
        Invoke-RestMethod -Uri "$emaServerURL/api/$emaAPIVersion/endpoints/$emaEndpointID" -Method Delete -Headers $headers -ErrorVariable respError
        if (!$respError) {
            Write-Host "Endpoint removed."
        } else {
            Write-Host "Stop management request failed: " $respError
            return
        }

    } elseif ($endpoints.count -gt 1) {
        Write-Host("More than one match found for hostname: $_")
        $endpoints | Foreach-object {
            #Write-Host "EndpointID for $_ is $_.EndpointId.endpointid"
            Write-Host "EndpointID for" $_.ComputerName "is" $_.EndpointID
            $emaEndpointID = $_.EndpointId

            # Stop managing endpoint on Intel EMA server ######################################################
            Write-Host "Stop managing endpoint on Intel EMA server: $emaEndpointID..."
            Invoke-RestMethod -Uri "$emaServerURL/api/$emaAPIVersion/endpoints/$emaEndpointID" -Method Delete -Headers $headers -ErrorVariable respError
            if (!$respError) {
                Write-Host "Endpoint removed."
            } else {
                Write-Host "Stop management request failed: " $respError
                return
            }
        }
    }    
}

2. no changes

3. no changes 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.