Hello SKubo,

Greetings of the day.

Could you please provide ECT logs from the suspected system.

Intel® EMA Configuration Tool (ECT)

https://www.intel.com/content/www/us/en/download/19805/30485/intel-endpoint-management-assistant-configuration-tool-intel-ema-configuration-tool.html

Installation:

Download and unzip the tool.

Double-click the .msi file and follow the prompts.

Run:

a-Open a command prompt as administrator (alternatively, you can run the tool from Windows PowerShell*).

b-Navigate to the installation folder (default C:\Program Files (x86)\Intel\EMAConfigTool).

c-Run the command: EMAConfigTool.exe --verbose

Additionally, could you describe your environment? Are you working with a PoC or a large production environment. It would also be helpful if you could provide a simple network description (flat, DMZ, NAT/FW, NLB).

What happens when you try to use CCM?

Finally, is this a single test system, or are you dealing with a fleet of systems that are not working.

Regards,

Suneesh

Hello SKubo,

Greetings of the day.

We appreciate that you are trying to check the operation of ACM on vPro terminal. But before that we would recommend you would try the same in the CCM, therefore we can surpass the PKI DNS suffices and the licensing that is required on an ACM henceforth we can narrow down the issue. 

Regards,

Suneesh

Hello SKubo,

Greetings of the day.

We are checking on this issue and will provide an update as soon as possible.

Regards,

Suneesh

Hello.

Suneesh

How about after that?

We look forward to your reply.

Best regards.

SKubo.

Hideo.

Hello Skubo,

Greetings of the day.

The issue for "Hardware Manageability is due to CIRA connectivity.

Please refer to the link below, follow the steps provided, and update us on your progress.

Link: https://www.intel.com/content/www/us/en/support/articles/000092506/software/manageability-products.html

Regards,

Suneesh

Hello, Suneesh

I have checked the following link but have not found a solution.
Link: https://www.intel.com/content/www/us/en/support/articles/000092506/software/management-products.html

How should I proceed with the response, including the content you sent the other day?

Regards,

Skubo

Hello Satoshi,

Greetings of the day.

Thank you for sharing the details.

Please share us the ECT logs for the endpoint having issue.

1. Intel® EMA Configuration Tool (ECT)

https://www.intel.com/content/www/us/en/download/19805/30485/intel-endpoint-management-assistant-configuration-tool-intel-ema-configuration-tool.html

Installation:

Download and unzip the tool.

Double-click the .msi file and follow the prompts.

Run:

a-Open a command prompt as administrator (alternatively, you can run the tool from Windows PowerShell*).

b-Navigate to the installation folder (default C:\Program Files (x86)\Intel\EMAConfigTool).

c-Run the command: EMAConfigTool.exe --verbose

Regards,

Suneesh

Hello, Suneesh

For some reason I was unable to attach the file for the ECT log you requested, so I will paste the log contents below.

***************************************************************************
Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 2024/08/01 10:33:01

*** Host Computer Information ***
Computer Name: LAPTOP-PQ1CORSE
Manufacturer: FUJITSU CLIENT COMPUTING LIMITED
Model: FMVU66061
Processor: 13th Gen Intel(R) Core(TM) i7-1370P
Windows Version: Microsoft Windows 11 Pro
BIOS Version: Version 2.11
UUID: 5068F769-239B-11EF-8B14-E8F766EB0F68

*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 16.1.27.2225
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False

*** ME Information ***
Version: 16.1.27.2225
SKU: Intel(R) Full AMT Manageability
State: Not Provisioned
Control Mode: None
Driver Installed: True
Driver Version: 2306.4.3.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2306.4.3.0
MicroLMS State: NotPresent
EHBC Enabled: False

*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: False
HW Crypto Enabled: True
Current Provisioning state: PRE_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: False
RSE Enabled: False

*** Power Management Capabilities ***
Supported Power States:
5: PowerCycle_Off_Soft
8: Off_Soft
2: On
10: Master_Bus_Reset
11: NMI
12: Off_Soft_Graceful
14: MasterBusReset_Graceful
Power Change Capabilities:
2: On
3: SleepLight
4: SleepDeep
7: Hibernate
8: Off_Soft

*** CIRA Information ***
CIRA Server: Not Found
CIRA Connection Status: NOT_CONNECTED
CIRA Connection Trigger: USER_INITIATED

*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 0.0.0.0
MAC Address: E4:46:B0:4D:F4:15
DHCP Enabled: True
DHCP Mode: Passive
DNS Suffix (from OS): ematest.com

*** ME Wireless Network Information ***
Wireless Interface Enabled: False
Link Status: Down
IP Address: 0.0.0.0
MAC Address: Information Unavailable
DHCP Enabled: True
DHCP Mode: Unknown

*** Last AMT Provisioning Attempt Details ***
Host Initiated: False
Provisioning TLS Mode: PKI
Provisioning Root Cert: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Provisioning Cert Hash Type: MD5
Provisioning Server FQDN: ema.ematest.com
Provisioning Server IP: Not Set
Secure DNS Mode: False
TLS Start Time: 2024/07/17 11:23:43

*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

Pausing before ending process in 3 sec. The duration of this pause can be adjusted using the --delayterm option.

***************************************************************************

Regards,

Skubo

Hi Skubo,

I hope you are doing well.

Thank you for sharing the ECT log.

After reviewing it and the previous posts, I understand the new integration is not working in Admin Control Mode and Client Control Mode either.

As per ECT log, the endpoint is not provisioned yet, even after creating a new EMA profile. Did you get an error while installing the new EMA agent file (CCM) into the endpoint? This process is manual for CCM; only the ACM can be accomplished remotely.

After EMA agent installation these fields should change:

State: Not Provisioned

Control Mode: None

I suggest restarting the endpoint after installing the EMA agent file.

In addition, as a test, please access the EMA web console, and look for the endpoint called LAPTOP-PQ1CORSE. Give 5 to 10 minutes, and check if Provision status changes. (Please share a screenshot of it and a new ECT log)

An alternative troubleshooting, click the actions button and select Provision AMT devices. In the next window, try Deleting the provisioned machine. I want to confirm if the endpoint was provisioned by the current EMA instance or by a previous instance.

Please include if the laptop is using a wired, wireless, or docking connection plus location; is it remote or in the same Server domain.

Regards,

Suneesh

Hello Satoshi,

Greetings of the day.

Please find the answers below:

1. To configure LAN-less endpoints, add the PKI DNS suffix in MEBx.

2. Endpoints must be powered on; if the system is off or powered down, it cannot connect.

3. If endpoints use a different domain or not the EMA server domain, add the PKI DNS suffix in MEBx. This is why remote provisioning is failing.

For more details, refer to the Intel® Endpoint Management Assistant documentation: [Intel EMA](https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html). Go to the right side and open the README text files, specifically "Configuring_LAN-less_Endpoints_to_ACM.pdf" on page 3.

Regards,  

Suneesh

Hi Suneesh,

From the information you have provided, am I correct in understanding that if the domains are different as in "3", the MEBx settings are also required for wired LAN? The manual itself seems to be for wireless LAN, though.

Regards,

Skubo

Hello Satoshi,

Greetings of the day.

Please share us ECT log from the wired connected endpoint and also from the wireless LAN end point for us to analyze and assist you further.

Thank you for your co-operation.

Regards,

Suneesh