Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

FQDN for clients switching between wifi and ethernet

JRüeg
New Contributor I
1,148 Views

A lot of our clients switch more than once a day between wifi and ethernet (eg. for meetings, when they change their workspace, ...). This leads to the DNS record often not containing the correct ip-address. Then clients cannot be reached via AMT even though they are connected via ethernet.

We worked around this issue by changing the DNS suffix on all wifi-scopes (which led to other difficulties but solved the AMT reachability for ethernet).

Because we now would like to use AMT also via wifi this no longer seems a good solution.

 

Do you have any experience on how to work around DNS issues to enable AMT on devices which regularly switch between wifi and ethernet?

Could changing the setting (Use the following as the FQDN) be an option for us and does Kerberos authentication still work the host fqdn and amt fqdn differ?

0 Kudos
9 Replies
JoseH_Intel
Moderator
959 Views

Hello JRüeg,

 

Thank you for joining the community

 

I assume you have AMT integrated with Active Directory, if not please correct me. When this is the case AD creates 2 entities for every system, one for the regular connection and one for the AMT connection (the one that is available when the system is out of band). I will need to double check but I am wondering what would happen if there would be 3 entities created for every system, one for regular connection, one for AMT-ethernet and one for AMT-wifi. By any chance have you tried something similar?

 

Will look forward for your updates

 

Jose A.

0 Kudos
JRüeg
New Contributor I
959 Views

Yes, AMT is Active Directory integrated.

 

You mean changing the FQDN-settings in the Profile would lead to more Computeraccounts being created in AD? After all the AD account is created during configuration which is always with ethernet connection.

 

Do you at Intel also experience problems with DNS records and therefore AMT when users switch between ethernet and wifi regularly? How do you work around those issues?

0 Kudos
JoseH_Intel
Moderator
959 Views

Hello JRüeg,

 

We have no record for this particular issue with systems switching between ethernet to wifi connections. We know AMT will create a new object for every provisioned system within a new OU.

 

We will research on this an will let you know as soon as I am able to get some news.

 

Regards

 

Jose A.

0 Kudos
JoseH_Intel
Moderator
959 Views

Hello JRüeg,

 

We asked our engineering team and this is what they replied:

 

"Unfortunately, this is the nature of DNS and the way Microsoft OS handles changing of IP addresses and the latency that is involved. We have many customers that have to work-around this issue. The consistent thing is that eventually, the IP address get’s replicated to DNS and updates all of the information. If they are having issues connecting to an affected system through AMT, just wait for DNS replication of that particular systems IP address and they will eventually be able to connect without having to do anything."

 

Regards

 

Jose A.

 

0 Kudos
JRüeg
New Contributor I
959 Views

I'm aware that this is the nature of DNS. But it is not a temporary problem. It takes a long time for the DNS record to be correct and with clients switching regularly the entry may never be consistent.

This does not allow us to do regular maintenance of AMT configuration (to ensure the AMT clock is synchronized) and it poses a problem when trying to wake clients.

I was just hoping that others have the same problems and found a way to work around those issues. Or are willing to share their DNS-Settings which minimize the time it will take to update the DNS record.

 

 

0 Kudos
JoseH_Intel
Moderator
959 Views

Hello JRüeg,

 

Thanks for your updates. Let me check if there is any workaround that we can provide you since it has been seen before.

 

Will talk to you soon

 

Jose A.

Intel Customer Support

0 Kudos
JoseH_Intel
Moderator
959 Views

Hello JRüeg,

 

We got the following from our engineering team:

 

"We are not aware of any customers that have implemented any “workarounds” to this issue. There are a couple of things that we came up with. The first, unfortunately, is to open a case with Microsoft as they are responsible for the behavior of DNS in Windows. The second would be to let you know about Endpoint Management Assistant (EMA) which does not rely on DNS. A good place to get familiar with EMA would be to take a look at the video’s posted on the support site, which introduce the product. The videos are located here:

 

https://www.intel.com/content/www/us/en/support/articles/000056028/software/manageability-products.html?productId=123804&localeCode=us_en

 

Hope this might be somehow useful.

 

Regards

 

Jose A.

Intel Customer Support

 

0 Kudos
JoseH_Intel
Moderator
959 Views

Hello JRüeg,

 

I am just following up to double check if you found the provided information useful. If you have further questions please don't hesitate to ask. If you consider the issue to be completed please let us know so we can proceed to mark this thread as resolved. This support interaction will be marked as resolved automatically in the next 72 hours if no activity is received.

 

Regards

 

Jose A.

Intel Customer Support Technician

0 Kudos
JoseH_Intel
Moderator
959 Views

Hello JRüeg,

 

We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and create a new topic.

 

Jose A.

Intel Customer Support Technician

0 Kudos
Reply