Solved: Server installation: which hostname to enter

HaraldBecherer · ‎01-16-2024

Hi guys

I'm trying to setup Intel EMA server 1.12.1 and I'm struggling to understand the documentation.
As an example, I have the following virtual server in the in Microsoft Entra, up and running with proper routing:

Visible from the Intranet, from where I want to do the administration:
vpro.insidedomain.org
11.22.33.44
Visible from outside, for the endpoints to connect:
vpro.outsidedomain.org
44.33.22.11

It is the first EMA server with all 4 components that I want to install and later 2 others.
We have potentially 8000 endpoints in Client Control Mode.
The clients have different AMT versions from 12 to 16 and behave the same, concerning the problem.

During the installation I'm asked to provide the server name
and I don't know for each component, if I need to enter the inside or the outside hostname.

After the generation of the Windows Agent files and the installation, I have the following behaviour:

===If I enter the inside hostname during the setup:
1)a client connected from outside cannot resolve the hostname, so there is no CIRA connection.

===If I enter the outside hostname during the setup:
1)when starting the platform manager on the EMA server, with vpro.insidedomain.org:8000 the platform manager does not connect, telling that Windows Authentication is not available on this machine.
2)To manage my tenant, when connecting from inside to
https://vpro.insidedomain.org
I get "The current URL used in login does not match the URL entered in Intel EMA Settings. Cross origin requests may get blocked..."
3)When opening the device page of an endpoint, I get:
vpro.insidedomain.org says: AJAX cookie is not valid, and I don't get the device page.

Then If, as Global Admin, I go to the settings and change:
Web Server, Ajax Server Host = vpro.insidedomain.org
Web Server, Swarm Server Host = vpro.insidedomain.org
I get at least rid of the errors 2) and 3) but not 1)

Because there are 4 server addresses to be entered, it would take ages to test all the combinations.
So, I would be very grateful if somebody could tell what hostnames I need to enter during the setup.

Many thanks in advance

Greetings

MIGUEL_C_Intel · ‎01-16-2024

Hello, HaraldBecherer,

It is our pleasure to assist you.

There are 2 EMA configurations, in other words, we have 2 Fully Qualify Domain Names: vpro.insidedomain.org and vpro.outsidedomain.org. According to picture URLnotMatchingAnon.png, it is necessary to use vpro.outsidedomain.org.

Endpoints can be provisioned by only 1 EMA configuration at a time. The EMA configuration can be authenticated by Azure AD (Entra)

You can validate this by accessing the Platform Manager settings file. It is in the Server machine.

Go to Program Files x86\Intel\Platform Manager\Platform Manager Server and open the “settings.txt” file.

Look near the top of the file for this section:

# hostname for Intel(R) EMA instance

emahostname=ematest.intel.com (vpro.outsidedomain.org)

The “emahostname” should be the name of the EMA instance and not the physical hostname of the server.

If you haven’t validated the EMA website htts://vpro.outsidedomain.org with a TLS SSL Certificate in IIS, add an extra line after emahostname with the following:

emahostname=localhost

Copy the first file, Edit the second file, and replace the original file.

This step will provide you the option to review the EMA configuration from the Platform Manager without having the TLS SSL Certificate. Use the Global administrator account.

Regards,

Miguel C.

Intel Customer Support Technician

View solution in original post

MIGUEL_C_Intel · ‎01-16-2024

Hello, HaraldBecherer,

It is our pleasure to assist you.

There are 2 EMA configurations, in other words, we have 2 Fully Qualify Domain Names: vpro.insidedomain.org and vpro.outsidedomain.org. According to picture URLnotMatchingAnon.png, it is necessary to use vpro.outsidedomain.org.

Endpoints can be provisioned by only 1 EMA configuration at a time. The EMA configuration can be authenticated by Azure AD (Entra)

You can validate this by accessing the Platform Manager settings file. It is in the Server machine.

Go to Program Files x86\Intel\Platform Manager\Platform Manager Server and open the “settings.txt” file.

Look near the top of the file for this section:

# hostname for Intel(R) EMA instance

emahostname=ematest.intel.com (vpro.outsidedomain.org)

The “emahostname” should be the name of the EMA instance and not the physical hostname of the server.

If you haven’t validated the EMA website htts://vpro.outsidedomain.org with a TLS SSL Certificate in IIS, add an extra line after emahostname with the following:

emahostname=localhost

Copy the first file, Edit the second file, and replace the original file.

This step will provide you the option to review the EMA configuration from the Platform Manager without having the TLS SSL Certificate. Use the Global administrator account.

Regards,

Miguel C.

Intel Customer Support Technician

MIGUEL_C_Intel · ‎01-19-2024

Hello, HaraldBecherer,

I hope you are doing fine.

Please let me know if I can help you with anything else.

Accessing the Platform Manager with localhost is possible without adding the extra line in the settings tab. It is optional, in case something is blocking the connection.

HaraldBecherer · ‎01-22-2024

Thank you very much Miguel.

It did work with emahostname=localhost

I can now use the Platform Manager to do some diagnostics...

Greetings,

Harald

Victor_G_Intel · ‎01-22-2024

Hello HaraldBecherer,

Thank your for your response.

We are glad to know that the information provided has been helpful. Since the thread is now solved, we will proceed to close it.

If you need any additional information, please submit a new question as this thread will no longer be monitored.

Best regards,

Victor G.

Intel Technical Support Technician