Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2995 Discussions

Provisioning AMT clients using WiFi with 802.1x authentication in Intel EMA

AndrewChan
Novice
‎08-27-2024 02:29 AM
1,531 Views
Solved Jump to solution

after successfully provision the desktop computer in Intel EMA, the next target is to management laptops that have WiFi only.

So when the laptops are in office, they connect to the Corporation WiFi which uses 802.1x authentication through certificate.

I've created 802.1x profile, entering a dedicated AD OU to create objects to consume the certificate, then I created a new AMT profile that uses it.

After installing the agent along with the new configuration file. it stays on Intel® AMT setup status: Pending Configuration

While looking into the log files

The manageability server log had an error

"Add computer to organization unit in Active Directory failed. Error = Access is denied."

 

 

The question is, how do I control which account is used when putting objects into the OU (which configured on the 802.1x profiles)

 

Thanks

0 Kudos
1 Solution
AndrewChan
Novice
‎09-08-2024 11:05 PM
1,162 Views
Solved Jump to solution
In response to vij1

I've added the server account to the OU's security and allowed it to create objects, now the "Add computer to organization unit in Active Directory failed. Error = Access is denied" error gone.

 

Thanks.

View solution in original post

In response to vij1
0 Kudos
Copy link

Link Copied

9 Replies
Arun_Intel1
Employee
‎08-27-2024 01:29 PM
1,495 Views
Solved Jump to solution

Hi AndrewChan,


Greetings!


Before we proceed, please share the environmental details asked below, for us to analyze and share our findings:


EMA Version

AMT Version

Number of Endpoints

BIOS version

OS on the server and on the Endpoints

ACM or CCM mode

Endpoint model

And please specify the Error that you are getting in the Manageability server logs


Best Regards

Arun_Intel


0 Kudos
Copy link
AndrewChan
Novice
‎09-02-2024 12:37 AM
1,360 Views
Solved Jump to solution
In response to Arun_Intel1

EMA 1.13.1.0

AMT 15.x

Number of Endpoints :1 (in its respective Endpoint Group)

BIOS Version (Lenovo X1 Carbon Yoga Gen 6 BIOS 1.69)

OS server running on WIndows 10 22H2 (it's a PoC)

ACM

Endpoint (Lenovo X1 Carbon Yoga Gen 6 )

Logs attached.

 

The specified error was "Add computer to organization unit in Active Directory failed. Error = Access is denied." which I think it is caused by the credential being used had insufficient permission, and thus my question :  How may I manage the credential being used to create objects in AD OUs?

In response to Arun_Intel1
EMALog.zip
0 Kudos
Copy link
Arun_Intel1
Employee
‎08-30-2024 04:48 PM
1,422 Views
Solved Jump to solution

Hi AndrewChan,


Greetings!


This is the first follow up, please share the environmental details asked.


Best Regards

Arun_Intel


0 Kudos
Copy link
vij1
Employee
‎09-02-2024 03:15 PM
1,332 Views
Solved Jump to solution

Hello AndrewChan,


Greetings!


Please note that Intel® Endpoint Management Assistant (EMA) must be installed on either Windows Server 2019 or Windows Server 2022. These are the only supported operating systems for the installation of EMA.


If you have any questions or need further assistance, feel free to reach out.


Best regards,

Vijay N.



0 Kudos
Copy link
AndrewChan
Novice
‎09-04-2024 01:06 AM
1,294 Views
Solved Jump to solution
In response to vij1

Hello,

 

I've spend the last few days installing the EMA on a Windows Server now and still giving out same error, basically cannot create objects in AD. So:

What credential was used to access the AD? and 
how may I modify this credential?

 

Thanks

Andrew

In response to vij1
0 Kudos
Copy link
Arun_Intel1
Employee
‎09-04-2024 10:21 AM
1,286 Views
Solved Jump to solution

Hi Andrewchan,


Greetings!


We see that you have got the same error even after installing the Windows server OS, kindly confirm which version of the server OS has been in installed (windows server 2022 or 2019)

And please share the error screen shot that you are getting and the latest Swarm and the Manageability logs as well for us to further analyze.


Best Regards

Arun_Intel


0 Kudos
Copy link
vij1
Employee
‎09-06-2024 03:58 PM
1,234 Views
Solved Jump to solution

Hello Andrewchan,


Greetings for the day!

 

We are following up to find out if you were able to find the information we provided. Please reply to confirm, so we can continue helping on a resolution. Looking forward to receiving your reply.

 

Regards,

Vijay N


0 Kudos
Copy link
AndrewChan
Novice
‎09-08-2024 11:05 PM
1,163 Views
Solved Jump to solution
In response to vij1

I've added the server account to the OU's security and allowed it to create objects, now the "Add computer to organization unit in Active Directory failed. Error = Access is denied" error gone.

 

Thanks.

In response to vij1
0 Kudos
Copy link
Arun_Intel1
Employee
‎09-09-2024 03:20 PM
1,132 Views
Solved Jump to solution

Hello AndrewChan,


Greetings!


We are glad to hear that the issue has been resolved.


Please feel free to contact us for any further assistance, we are more than happy to assist you.


Best Regards,

Arun_Intel


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.