Intel vPro® Platform
Intel Manageability Forum (Intel® EMA, AMT & Manageability Commander)
2662 Discussions

Intel EMA 1.9.0.0 not allowing me to save AzureAD tenant details

neilbrin
Novice
742 Views

I have recently upgrade my TEST Intel EMA environment from 1.8.1.0 to 1.9.0.0 so I can take advantage of the new AzureAD authentication solution. The upgrade seemed to go OK and I was able to successfully run the command to switch over the Azure AD auth ie;
EMAServerInstaller SWITCHTOAZUREAD --guser=<UserName> --gpass=<UserPassword> -c -v

However, when logged in as GA and I attempt to enter and save the AzureAD required fields in the Web Server settings I initially received the following error; "Unable to successfully validate Azure AD settings"

I then decided to reboot both my IIS servers (web x 2/Ajax x 2/Swarm x 2/Recovery x 2/ Manageability x 1) and now when I enter the same vales and hiot the 'Save and Sync Web Settings' it just has the spinning wheel and if I refersh the screen (after 5 mins) itr hasn't saved anything

Where do I start looking to find (and hopefully remediate) the root cause?

Thanks,

Neil...

 

0 Kudos
12 Replies
SergioS_Intel
Moderator
718 Views

Hello Neilbrin,


Thank you for contacting Intel Customer Support.

 

 We understand that Intel EMA 1.9.0.0 not allowing me to save Azure AD tenant details. I will be more than glad to help you today.


We do recommend checking the Pre-installation Instructions for Microsoft Azure AD Environments here 


https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-...

 

 Pages 9 and 10

 

 Also, can you please let us know how many systems are you getting this issue?

 

 We will be looking forward to your updates.


 Best regards,

 Sergio S.

 Intel Customer Support Technician

 


neilbrin
Novice
699 Views

Hi Sergio,

 

I had followed all of the Steps outline on Pages 9-10 of the document listed below.

 

I used my AzureAD SME within he company to setup the Azure application and he provided me with the Tenant ID, Application ID and Client Secret and he setup the account as advised in this documentation.

When you say “How many systems are you getting this issue?”, I’m not sure I understand what you are asking. It basically means that we no longer have any authentication to our TEST Intel EMA platform, so therefore any systems enrolled and being managed by our TEST Intel EMA environment are impacted, which currently is about 10-20. If you are asking how many systems in our current configuration then we have 2 x AWS EC2 instances, hosting the IIS component (as per Distributed Server configuration) and the database being used is an AWS based MS SQL RDS DB.

I’m not sure of the network communications from/to Intel EMA <-> AzureAD during this initial setup and was wondering how we can troubleshoot whether the Intel EMA server can actually contact the AzureAD endpoint? It may be an issue whereby our Intel EMA systems

 

Regards,
Neil...

SergioS_Intel
Moderator
674 Views

Hello Neilbrin,


We appreciate the additional information, please allow us to check it and we will get back to you.


Best regards,

Sergio S.

Intel Customer Support Technician



neilbrin
Novice
669 Views

Thanks Sergio.

I'm not yet convinced if it's an Intel EMA issue as I'm checking with our Azure AD SME and network teams to see if it's a connectivity/config issue on our end. What I initially wanted to know is if there is any logging to provide more information than just the error; 'Unable to successfully validate Azure AD settings' or whether there is the ability to turn on logging to assist with resolution of the problem or to at least trace as to where the authentication got to?

neilbrin
Novice
664 Views

I have enabled Devloper mode on the browser and can see that the error seems to stem from a Status Code '400' being returned when it attempts to do the sync of the web settings ie; when the 'Save and Sync Web Settings' button is pressed (see graphic)

SergioS_Intel
Moderator
628 Views

Hello neilbrin,


Thank you for waiting for our updates.


In order to continue assisting you with your problem, can you please provide us with the steps and documents used to run the commands?


Are you having this issue only with the global admin or with tenants too?


Are you able to manually log in?


We will be looking forward to your updates.

  

 

 Best regards,

 Sergio S.

 Intel Customer Support Technician


neilbrin
Novice
620 Views

Steps to re-create;
NOTE: This is after I have upgraded all Ajax, Web, Swarm, Recovery and Manageability servers  to v1.9.0.0 using provided documentation and following all pre-requisites. Thius includes the running of the command line (as Administrator to uplift authentication to Azure AD) ie;
"EMAServerInstaller SWITCHTOAZUREAD --guser=<UserName> --gpass=<UserPassword> -c -v"

  1. Launch Browser and navigate to Intel EMA website URL
  2. Prompted with new 'Log In' child window and I select "Login With Intel EMA Crdentials"
  3. Logged in as Root GA account
  4. Navigated to the Settings, Web server screen and input the Azure AD Application ID, Azure AD Tenant ID and Azure AD Client (as per document sections 1.3.4 and 2.2.1.12 (these variables were provided by my Azure AD SME that also read these sections)
  5. I then attempted to save these settings using the 'Save and Sync Web Settings' button
  6. I then received the following error; 'Unable to successfully validate Azure AD settings'

Please refer all graphics (and excuse the order as trying to arrange them in this browser editor is almost impossible).
I also enabled Developer mode in the browser and you can see that after I press the 'Save and Sync Web Settings' button it completes a successful 'GET' , but the 'PUT' command fails

NOTE: I also completed the same upgrade and Azure AD connection configuration on our Prrof of Concept environment - which is a completely stand-alone virtual single server running IIS and MS SQL 2019 Express and got the exact same error/result

PicPickCapture-20221207-150423.jpg

PicPickCapture-20221207-150615.jpg

PicPickCapture-20221207-151544.jpg

 

PicPickCapture-20221207-151612.jpg

PicPickCapture-20221207-151327.jpg

PicPickCapture-20221207-150736.jpg

 

 

       

 

SergioS_Intel
Moderator
601 Views

Hello Neilbrin,


We appreciate the additional information, please allow us to check it and we will get back to you.


Best regards,

Sergio S.

Intel Customer Support Technician


Jori
Beginner
487 Views

Hi Sergio,

Going to chime in here any also say I'm unable to save my Azure AD details.  I'm currently doing a POC and installed it according to the directions on a single server.  I setup the Azure AD app registration (as I have for many other apps)..  Sadly, I get "Unable to successfully validate Azure AD settings".

Jori
Beginner
124 Views

Any update on this?  I can only evaluate the product while I cannot get Azure AD Authentication to work (and thus MFA).

Tristan_T_Intel
Employee
120 Views

I experienced this same issue and I had to go and check the Azure API Permissions and make sure that Delegated and Application Permissions were selected correctly and granted.

 

Tristan_T_Intel_0-1673979081776.png

 

JMay
Beginner
116 Views

We just experienced this same behavior on a new installation -  "Unable to successfully validate Azure AD settings" and then from the inetpub log files discovering it was encountering error 400.  As Tristan mentioned above, we checked our Azure API Permissions and we had incorrectly added User.Read.All with type Delegated instead of Application.  Once we made the change to the type back to Application, we were able to save the settings successfully and continue with our setup.

Reply