- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I get issues trying to setup devices in host based provisioning mode.
Error "The remote certificate is invalid according to the validation procedure" always showing in EMALog-ManageabilityServer.txt:
============================
Failed host based provisioning : (TESTPC,825F801C).
Error:Unable to connect to a Swarm Server, user=SYSTEM : (TESTPC,825F801C).
Warning:Received stop remote configuration status from: 825F801C, status: INVALID_PT_MODE (3)
The remote certificate is invalid according to the validation procedure.
Message:Connecting to Swarm Server : (TESTPC,825F801C).
Message:Sending Agent Stop Remote Configuration Message : (TESTPC,825F801C).
Attempting phase 1 host based provisioning : (TESTPC,825F801C).
============================
Tested on two devices with AMT version 12.0.6 and 16.0.15.1662.
Devices are wired connected. Non firewall between them and EMA server.
EMA Server and agent updated to latest version 1.10.1.
Tried PKI provisioning with a certificate purchased from Entrust, same result.
What could be wrong?
As I understand, no PKI certificate is necessary in HPB mode, so which certificate is involved in the server logs?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Stef_L,
The Certificate is necessary for the Admin Control Mode (ACM), this option brings the opportunity to access the endpoint machine without the User-consent, access the BIOS (Out-of-Band), turn the system On and Off, and provision the machines remotely from the first time.
Machines with Intel® vPRO come with pre-installed Certificate hashes in the BIOS firmware from the authorized Certificate vendors; this feature allows the validation of the Certificate and provisioning of the new machines.
Please review to EMA agent profile, maybe the settings were configured for Admin mode and EMA is asking for the Certificate.
In your original post, you got the error below:
Error: Unable to connect to a Swarm Server, user= SYSTEM: (TESTPC,825F801C).
Did you already install the EMA agent file to the endpoint?
Please perform the test below:
Open a command line as Administrator in the endpoint.
Go to the default path \c:\Program Files\Intel\Ema Agent\
Run the command: emaagent.exe -swarmserver
The test should resolve the FQDN and the port it is trying to connect to.
I look forward to hearing from you.
Regards,
Miguel C.
Intel Customer Support Technician
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you doing HB setup to Client Control Mode or Admin Control Mode?
Host-Based Setup to Admin Control Mode
- This method has a series of prerequisites, the same as the prerequisites for Remote Configuration:
- This method requires a certificate that traces to one of the root certificates built into Intel AMT (see Root Certificate Hashes).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm doing HB setup to client control mode within Intel EMA.
In that situation, I cannot choose a PKI certificate, so why EMA complaint about invalid certificate?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Stef_L,
The Certificate is necessary for the Admin Control Mode (ACM), this option brings the opportunity to access the endpoint machine without the User-consent, access the BIOS (Out-of-Band), turn the system On and Off, and provision the machines remotely from the first time.
Machines with Intel® vPRO come with pre-installed Certificate hashes in the BIOS firmware from the authorized Certificate vendors; this feature allows the validation of the Certificate and provisioning of the new machines.
Please review to EMA agent profile, maybe the settings were configured for Admin mode and EMA is asking for the Certificate.
In your original post, you got the error below:
Error: Unable to connect to a Swarm Server, user= SYSTEM: (TESTPC,825F801C).
Did you already install the EMA agent file to the endpoint?
Please perform the test below:
Open a command line as Administrator in the endpoint.
Go to the default path \c:\Program Files\Intel\Ema Agent\
Run the command: emaagent.exe -swarmserver
The test should resolve the FQDN and the port it is trying to connect to.
I look forward to hearing from you.
Regards,
Miguel C.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I've found de problem with swarm server.
Making some debugging on swarm server as you mentionned pointed me to the issue.
Splunk is installed on the EMA server for monitoring and is listening on port 8089, wich is a port also used by swarm server.
I stopped de Splunk service and everything is working now.
I'm able to provision AMT.
Thanks Miguel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Stef_L,
I am glad to know EMA is working now.
Regarding the port issue for the Swarm Server. Intel® EMA allows to change the port number for the Swarmserver. Open the EMA web console with the Global account, in the settings tab you will see the option to change the Swarm server port.
Regards,
Miguel C.
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page