Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
Announcements
FPGA community forums and blogs have moved to the Altera Community. Existing Intel Community members can sign in with their current credentials.
3051 Discussions

Updating vpro password in Intel EMA

CSVHolyWar
Beginner
4,024 Views

I can KVM into machines we have connected to our EMA server just fine from within the Managemant assistant website, but when i try to use Manageability commander or our 3rd party software that has vPro integration, the password doesn't work. 

 

How can I update the password for all machines on our tenant?  Do I need to re-push the agent files out to all the machines again?

 

I've been pushing out the files several times to the same machines using a script whether they are provisioned or not.  Does that have any negative effect?

 

Thanks

 

 

0 Kudos
14 Replies
JoseH_Intel
Moderator
3,999 Views

Hello CSVHolyWar,

 

Welcome back to the Intel community.

 

The Intel Manageability Commander can be used locally with EMA. The EMA server comes integrated with its own management console and doesn't require any extra software to manage the endpoints. It is possible to use a 3rd party software like MeshCentral 

 

Hope this helps

 

Jose A.

Intel Customer Support Technician

 

0 Kudos
CSVHolyWar
Beginner
3,973 Views

Hi Jose,

That is fine - I don't need Manageability Commander, just the ability to use 3rd party software.  We are using BeyondTrust BOMGAR which has vPro built in.  You just need the admin password.  I thought I had it working with BOMGAR but now when I try to remote in with the password it doesn't work.  So I think I may need to change the vPro password.  Can I set this in EMA and then send it out to all the machines on my endpoint?

 

 

0 Kudos
Jimmy_Wai_Intel
Employee
3,931 Views

Hi CSVHolyWar,

 

If you want to connect to the remote PCs with AMT using a 3rd party software like BOMGAR, in addition to using a common AMT admin password for all PCs, you should also configure AMT to use TLS Relay in the AMT profile. If CIRA is chosen in the AMT profile, AMT network ports are closed. AMT will not accept a remote connection from the 3rd party software. 

 

Regards,

Jimmy Wai

Intel Technical Sales Specialist

0 Kudos
CSVHolyWar
Beginner
3,918 Views

Hey, this is something I didn't know.  I had everything running CIRA so I will have to fix that. Thanks

0 Kudos
CSVHolyWar
Beginner
3,915 Views

I switched the setting to TLS in the AMT profile.  How long does it take to update?  I tried connecting to a machine and it still didn't work.

0 Kudos
CSVHolyWar
Beginner
3,889 Views

I updated the AMT settings to use TLS relay.  It still wasn't working with Bomgar (3rd party software).  However today I went in to the vPro settings for bomgar and there's an option to use TLS.  Once I turned on this setting I was notified that I needed a root certificate for this to work.

 

My understanding was I only needed a root certificate for admin control mode - not client control mode.  What am I missing here?  Does my 3rd party software need to be set to use TLS in order to vPro into machines?

0 Kudos
Jimmy_Wai_Intel
Employee
3,841 Views

You can try exporting the self-signed EMA root cert from the Local Machine\Personal certificate store on the EMA server and use that in the Bomgar setup. You can find the reference to this certificate in the EMA server installation guide section 1.4.1. The name of the root cert should be MeshRoot-XXXXXXXX.

 

The certificate for admin control mode is a different certificate.

0 Kudos
CSVHolyWar
Beginner
3,734 Views

Hi Jimmy, I think this is the solution I'm looking for!  One thing - I'm having trouble finding the certificate.  The instruction manual says the location is local machine /personal certificate store.  I did a search thru the EMA files location on the C drive but didn't find it.  I'm not sure where to look.

0 Kudos
Jimmy_Wai_Intel
Employee
3,725 Views

Hi CSVHolyWar,

You need to use the Certificate Management Console to access and export certificates. You can run 'certlm.msc' at the EMA server.

0 Kudos
CSVHolyWar
Beginner
3,021 Views

@Jimmy_Wai_Intel Did the recent version of Intel EMA force TLS for using 3rd party software?  It was working on version 17.  When I upgraded to the latest version it stopped working with BOMGAR without TLS enabled.

0 Kudos
JoseH_Intel
Moderator
3,964 Views

Hello CSVHolyWar,


It is possible to update the endpoint password from EMA server> Group > Intel AMT Autosetup > uncheck randomize password. After performing this you need to push the updates to the endpoints.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
CSVHolyWar
Beginner
3,952 Views

What am i pushing out to the endpoints?  Is it those 2 files that you download after you set up a endpoint group?  Do I need to run those again?

0 Kudos
JoseH_Intel
Moderator
3,943 Views

Hello CSVHolyWar,


Well, the whole process will need you to access the endpoint from the EMA server in order to be able to modify their password. Once you have done that you can try to access the endpoint directly from the EMA server just to confirm if the new password was properly set.


If this doesn't work you can always access the target system MEBx (Ctrl+P during POST) and change the password this way.


By pushing I meant to save the changes and confirm, not really reinstalling the EMAagent again, it is not necessary.


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
JoseH_Intel
Moderator
3,858 Views

Hi CSVHolyWar,


In this situation the best option is to contact Bomgar support directly. If you need assistance with the AMT provisioning procedure we will be more than glad to assist, but currently the Intel official software are Intel Manageability Commander and EMA console


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
Reply