- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi - im trying to get a proof of concept set up for my workplace. I think its a great platform for RDP and remote access. Ive had some limited wins so far with regards to setup but far from getting something that i can present....ive got quite a few issues and, questions also. If anyone could help that'd be great. I might jump around a bit but please bear with me!
1. Im using Mesh commander from a client/connection point of view. Is there anything better? ( i know of the real vnc viewer that has the AMT connection.
2. Initially ive got my desktop machine (on domain) and a test laptop (a precision 3551) which is in workgroup. ME software is installed. However in the network connection status is show as dhcp connected (but no ip address - there is an ip address and i can ping it but mesh commander doesnt want to know...!
3. I did have another laptop which i was using (an old latitude) but i dont have access to that all of the time....its set up no different (that i know of) but it does appear in Mesh Commander? (not sure why) that i used to be able to get a connection to but while experimenting have lost connection but, when i did get connection it was asking for some sort of number (which ive never been able to find where to configure....
As i say im new to this but very eager to learn as i think its a great platform....if anyone can point me to some walk through's/software to use that'd be great.
Thanks to anyone that takes a punt at it....
Link Copied
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here's a snip.
Thats all i see (only the 3 options)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Comfy, you are not seeing the options to create Endpoint Groups, create AMT Profiles and manage PCs because you have logged in as the global administrator. To see the other options, you need to login as a tenant administrator.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Brilliant - got it - thanks very much. I will have more questions im sure but ive got enough to be on with for the moment. Thanks so much for your help.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok - next question....im creating an 802.1x profile.....
In the AD part it wants the Organizational unit and the security group...?
Which are these....is the OU group where the server is located or where the laptop is located and which is the security group...is that an IT security group for example?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Comfy,
The Organization Unit is the AD syntax.
For the security groups, the AD object created for the Intel(R) AMT device by default is automatically added to the AD Security group named "Domain Computers" if necessary, it is also possible to define additional security groups to which the object will be added in case the RADIUS server requires objects to be members of the specific security group.
If you do not have a Radius server you can skip that part.
Best regards,
Sergio S.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK- well, we have multiple OU's with computers in each one (different sites). So, do i create different AMT profiles for the different OU's?
Another question is regarding the PKI cert.
1. Is this cert a specific cert for the job (ie do i have to go to a cert provider to get a "PKI" cert)
2. If the above is the case the way i read it is that i bundle that pki cert into the amt profile which gets applied to all of our laptops and in turn we can then remote control them without need for user interaction?
Again - thanks for the help so far...im more of a doing type person when it comes to learning these things!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi - Another PKI cert question.
Does the cert csr have to be created on the ema server itself? one of the admins created one on another server but when i create the cert request on the EMA server and load it on i dont get the option to "export"
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Comfy,
In order to upload a certificate, you have to be logged in as a Tenant Administrator.
AMT PKI certificates.
To upload a certificate:
1. From the navigation pane at the left, click Settings, then select Server Settings > Certificates. A list of certificates
available for use is displayed.
2. Click Upload.
3. The Certificate dialog is displayed.
4. Enter the Entry Name then click Choose File. Certificate files ending in .CER do not require a Password. Certificate files ending in .PFX requires a Password. Note that the certificate file to be uploaded must be less than 1MB.
5. In the Certificate dialog, click Upload.
The certificate is stored in the Intel EMA database and loaded into memory for optimal performance. If an updated
certificate file (which includes any of the certificates in the certificate chain) is re-uploaded with a change, it may take
up to 15 minutes for the change to be processed and reflected for usage.
You can also download and delete certificates. Note that if the certificate is still used by another certificate (in the
certificate chain), or if it is used in an Intel AMT Profile or Intel AMT setup, it cannot be deleted.
If you are performing an initial Tenant setup, proceed to section 3.6 to enable Intel AMT autosetup.
You can find more information on page 26 of the following link:
Best Regards.
Sergio S.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sergio,
Ive got the PKI cert uploaded/installed. Im trying to now do an auto provision but im not getting the pull down option (im only seeing Host Based Provisioning)
Im stuck a little bit at the moment. I can use the mesh commander to auto connect to the Latitdue 7480 and the precision 3551 but it always prompts for authorization (needing the 6 digit code)
Both of the above only connect using the mesh commander with the Digest/TLS turned off (cant get a connection with intel EMA)
Cheers.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Comfy,
If you are getting the user consent at the remote machine is because it is provisioned in Client Control Mode (CCM). The whole purpose of the provisioning cert is to have the systems provisioned in Admin Control Mode (ACM) and get rid of the user consent when attempting to remote. If you are using your own generated certificate then you need to upload it to the system MEBx before running the EMAagent.exe so it will provision in ACM. Alternatively, you can use a commercial CA like GoDaddy, Comodo, Entrust, Sectigo, and DigiCert since their root hash is already preloaded to the ME.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there Jose
Thanks for the reply. First and foremost yes, weve got an PKi cert from GoDaddy installed on the server. As you say if my laptop is stuck in CCM mode how do i switch to ACM mode, and, how do i get the cert from the server installed on the laptop. Im presuming that once the cert is on the laptop it then switches to CCM mode?
Just to add to this ( as i think we're in different timezones ) i started again and removed the endpoints, currently using a laptop on our domain. ive created an msi which on initial installation showed the trusted policy and the trusted hash. That installed but now, when i try to provision the laptop remotely the AMT profile is greyed out so i cant proceed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Comfy,
Please allow us to check on your question and we will get back to you.
Regards
Sergio S
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks very much, sorry for the multitude of questions....its how i tend to learn!
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Comfy,
Thank you for waiting for our updates,
If you are planning to create Self-Certificate we do recommend checking the How to Create a Self-Certificate Hash for Intel® Active Management Technology (Intel® AMT) Version 14 site
https://www.intel.com/content/www/us/en/support/articles/000059996/software.html
If you already created the certificate please send us pictures of the enhanced key usage the OID the certification path and details tab for the certs in the certification path.
Looking forward to your updates
Regards
Sergio S
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Comfy,
We are following your thread and would like to know if you need further assistance or if we can close it.
Regards
Sergio S
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Comfy,
We are following up on a thead that is still open, we know that this is important for you to get it resolved and it is also equally important for us to get you the right solution. Since we have not seen an update for several days, the thread will automatically close after 2 business days.
Regards
Sergio S
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there - no, not had a reply yet...maybe now ive got the server installed start a thread for each issue that ive got going forward? (might be better!)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Comfy,
Absolutely, you can contact us in the future in case you found any more issues or if you have any more questions.
Please let us know if you agree to close this thread.
Regards
Sergio S
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- « Previous
-
- 1
- 2
- Next »