Updating vpro password in Intel EMA

CSVHolyWar · ‎09-23-2022

I can KVM into machines we have connected to our EMA server just fine from within the Managemant assistant website, but when i try to use Manageability commander or our 3rd party software that has vPro integration, the password doesn't work.

How can I update the password for all machines on our tenant? Do I need to re-push the agent files out to all the machines again?

I've been pushing out the files several times to the same machines using a script whether they are provisioned or not. Does that have any negative effect?

Thanks

JoseH_Intel · ‎09-25-2022

Hello CSVHolyWar,

Welcome back to the Intel community.

The Intel Manageability Commander can be used locally with EMA. The EMA server comes integrated with its own management console and doesn't require any extra software to manage the endpoints. It is possible to use a 3rd party software like MeshCentral

Hope this helps

Jose A.

Intel Customer Support Technician

CSVHolyWar · ‎09-27-2022

Hi Jose,

That is fine - I don't need Manageability Commander, just the ability to use 3rd party software. We are using BeyondTrust BOMGAR which has vPro built in. You just need the admin password. I thought I had it working with BOMGAR but now when I try to remote in with the password it doesn't work. So I think I may need to change the vPro password. Can I set this in EMA and then send it out to all the machines on my endpoint?

Jimmy_Wai_Intel · ‎09-29-2022

Hi CSVHolyWar,

If you want to connect to the remote PCs with AMT using a 3rd party software like BOMGAR, in addition to using a common AMT admin password for all PCs, you should also configure AMT to use TLS Relay in the AMT profile. If CIRA is chosen in the AMT profile, AMT network ports are closed. AMT will not accept a remote connection from the 3rd party software.

Regards,

Jimmy Wai

Intel Technical Sales Specialist

CSVHolyWar · ‎09-30-2022

Hey, this is something I didn't know. I had everything running CIRA so I will have to fix that. Thanks

CSVHolyWar · ‎09-30-2022

I switched the setting to TLS in the AMT profile. How long does it take to update? I tried connecting to a machine and it still didn't work.

CSVHolyWar · ‎10-03-2022

I updated the AMT settings to use TLS relay. It still wasn't working with Bomgar (3rd party software). However today I went in to the vPro settings for bomgar and there's an option to use TLS. Once I turned on this setting I was notified that I needed a root certificate for this to work.

My understanding was I only needed a root certificate for admin control mode - not client control mode. What am I missing here? Does my 3rd party software need to be set to use TLS in order to vPro into machines?

Jimmy_Wai_Intel · ‎10-07-2022

You can try exporting the self-signed EMA root cert from the Local Machine\Personal certificate store on the EMA server and use that in the Bomgar setup. You can find the reference to this certificate in the EMA server installation guide section 1.4.1. The name of the root cert should be MeshRoot-XXXXXXXX.

The certificate for admin control mode is a different certificate.

CSVHolyWar · ‎10-11-2022

Hi Jimmy, I think this is the solution I'm looking for! One thing - I'm having trouble finding the certificate. The instruction manual says the location is local machine /personal certificate store. I did a search thru the EMA files location on the C drive but didn't find it. I'm not sure where to look.

Jimmy_Wai_Intel · ‎10-11-2022

Hi CSVHolyWar,

You need to use the Certificate Management Console to access and export certificates. You can run 'certlm.msc' at the EMA server.

CSVHolyWar · ‎11-21-2022

@Jimmy_Wai_Intel Did the recent version of Intel EMA force TLS for using 3rd party software? It was working on version 17. When I upgraded to the latest version it stopped working with BOMGAR without TLS enabled.

JoseH_Intel · ‎09-27-2022

Hello CSVHolyWar,

It is possible to update the endpoint password from EMA server> Group > Intel AMT Autosetup > uncheck randomize password. After performing this you need to push the updates to the endpoints.

Regards

Jose A.

Intel Customer Support Technician

CSVHolyWar · ‎09-28-2022

What am i pushing out to the endpoints? Is it those 2 files that you download after you set up a endpoint group? Do I need to run those again?

JoseH_Intel · ‎09-28-2022

Hello CSVHolyWar,

Well, the whole process will need you to access the endpoint from the EMA server in order to be able to modify their password. Once you have done that you can try to access the endpoint directly from the EMA server just to confirm if the new password was properly set.

If this doesn't work you can always access the target system MEBx (Ctrl+P during POST) and change the password this way.

By pushing I meant to save the changes and confirm, not really reinstalling the EMAagent again, it is not necessary.

Regards

Jose A.

Intel Customer Support Technician

JoseH_Intel · ‎10-06-2022

Hi CSVHolyWar,

In this situation the best option is to contact Bomgar support directly. If you need assistance with the AMT provisioning procedure we will be more than glad to assist, but currently the Intel official software are Intel Manageability Commander and EMA console

Regards

Jose A.

Intel Customer Support Technician