Upgrade Intel EMA from 1.6 to 1.11 - Page 3

George71 · ‎08-18-2023

Hello,

we are trying to upgrade our Intel EMA from 1.6.0.0 to 1.11.0.0.

The installation ends with an error: "This target recovery cert cannot be saved in cert store. The thumbprint:78...." .

How can I solve the problem?

BTW, where can be downloaded Intel EMA 1.10 or 1.9?

Thanks

George71 · ‎10-06-2023

Hello, Miguel,

1) I am sending you a private message with EMALog-Intel®EMAInstaller.txt.

2) Yes, the table exists. Both before and after.

3) All endpoints have this status. HP from 800 G2 to 800 G8 + Lenovo 11U4 ..... most have current BIOS + AMT FW.

Regards
George71

MIGUEL_C_Intel · ‎10-06-2023

Hello, George71,

Thank you for sharing the installer log.

The installer log is showing the Recovery Cert as installed and saved in the certificate store.

2023-09-29 10:22:51.2533|INFO||7552|1|DisplayEvent - MeshServerInstaller.MainForm, EMAServerInstaller, Version=1.11.1.0, Culture=neutral, PublicKeyToken=57d11e903ea1ca2c - EVENT: Information, Start creating Recovery server TLS certificate and saving to database.

2023-09-29 10:22:56.3663|INFO||7552|1|DisplayEvent - MeshServerInstaller.MainForm, EMAServerInstaller, Version=1.11.1.0, Culture=neutral, PublicKeyToken=57d11e903ea1ca2c - EVENT: Information, Finish creating Recovery server TLS certificate and saving to database.

2023-09-29 10:22:56.4893|INFO||7552|1|DisplayEvent - MeshServerInstaller.MainForm, EMAServerInstaller, Version=1.11.1.0, Culture=neutral, PublicKeyToken=57d11e903ea1ca2c - EVENT: Information, This target recovery cert is saved in cert store. The thumbprint:75FCCCDF261AE3934FFF59243765C139F1670E0E

2023-09-29 10:22:56.7758|INFO||7552|1|DisplayEvent - MeshServerInstaller.MainForm, EMAServerInstaller, Version=1.11.1.0, Culture=neutral, PublicKeyToken=57d11e903ea1ca2c - EVENT: Information, Recovery cert is bound to the target recovery port:8085

We have found issues with EMA instances after doing upgrades from older EMA versions (i.e. 1.6 or older) to newer versions like 1.11.1.

After the upgrade, the table dbo.EndpointHistory in the EMA SQL DB disappears. We are suggesting to manually add the table and copy the following SQL script into the table.

Note: It is always necessary to back up their EMA SQL DB outlined in the EMA installation in section 1.4.1 prior to doing any manual configuration changes.

USE [EMADatabase]

GO

/****** Object: Table [dbo].[EndpointHistory] Script Date: 10/4/2023 10:23:37 AM ******/

SET ANSI_NULLS ON

GO

SET QUOTED_IDENTIFIER ON

GO

CREATE TABLE [dbo].[EndpointHistory](

[Time] [datetime] NOT NULL,

[EndpointId] [nvarchar](128) NOT NULL,

[Message] [nvarchar](1000) NOT NULL,

[Source] [int] NULL,

[Entity] [uniqueidentifier] NULL,

[Action] [int] NULL,

[Argument] [int] NULL,

[ArgumentId] [binary](32) NULL,

[ArgExtra] [nvarchar](500) NULL,

[TenantId] [uniqueidentifier] NULL,

[EndpointHistoryId] [bigint] IDENTITY(1,1) NOT NULL,

[Uri] [nvarchar](256) NULL,

[ResourceType] [nvarchar](64) NULL,

[ResourceName] [nvarchar](128) NULL,

[CallerId] [uniqueidentifier] NULL,

[CallerName] [nvarchar](128) NULL,

[CallerIpAddress] [nvarchar](64) NULL,

[CallerUserAgent] [nvarchar](128) NULL,

[ExecutionTime] [datetime] NULL,

[ExecutionDuration] [int] NULL

) ON [PRIMARY]

GO

I look forward to your outcome.

Regards,

Miguel C.

Intel Customer Support Technician

George71 · ‎10-09-2023

Hello, Miguel,

I do not understand. I wrote that table "dbo.EndpointHistory" exists. As before the upgrade. So after the upgrade.

If the problem is a big difference between versions 1.6 vs 1.11, then you can send me a private message with intermediate versions (EMA_Installer1.7.exe + EMA_Installer1.8.exe + EMA_Installer1.9.exe + EMA_Installer1.10.exe). And I will gradually upgrade with small differences in versions. It will most likely help, right?

Regards
George71

MIGUEL_C_Intel · ‎10-09-2023

Hello, George71,

We are reviewing your case; I will provide an update shortly.

Regards,

Miguel C.

Intel Customer Support Technician

MIGUEL_C_Intel · ‎10-10-2023

Hello, George71,

I hope this post finds you well.

Do you mind accessing the EMA database, open the table called dbo.IntelAMT, and review the status of the endpoints from the column Provisioning State (adding a picture as an example? Please share a screenshot of what you see.

We are wondering if you are willing to create a backup of your database. Our idea is to synchronize the EMA instance to the new database (example: EMA_DB_NEW).

We want to point your EMA server to the new database and make modifications. Please don't point EMA yet, we just want to have a replica of the DB to test against.

Regards,

Miguel C.

Intel Customer Support Technician

George71 · ‎10-11-2023

Hello, Miguel,

It's interesting. The status data in table "dbo.IntelAmt" is the same.

Example of a station in version 1.6:
NodeID Version ProvisioningMode ProvisioningState HostMac DedicatedMac PlatformID TlsEnabled MeshUser AdminUser SuperUser MonitorUser AuditorUser LastUpdated ExtraInfo FwBuildNumber AmtControlMode
0x60C09682324F84963488A4D4DF0CB4442A6BB75AA58F7F5A51A0BA2C746702D6 v11.8.86 1 2 0x000000000000 0x000000000000 0x00000000000000000000000000000000 1 0 1 1 1 1 2023-10-11 09:11:49.567 {"LastUpdated":"2023-10-11T09:11:32.4849885Z","HECIDriver":{"Name":"Intel(R) Management Engine Interface #1","Status":true,"Details":"OK"},"CorporateDNS":{"Name":"<div><div>MAC: FC:3F:DB:11:04:D1 Domain: plzen-edu.cz DHCP Enabled: Yes</div></div>","Status":true,"Details":"[{\"Description\":\"Intel(R) Ethernet Connection (2) I219-LM\",\"DHCPEnabled\":\"True\",\"DNSDomain\":\"plzen-edu.cz\",\"IPAddress\":\"\",\"MACAddress\":\"FC:3F:DB:11:04:D1\"}]"},"CorporateVPN":{"Name":null,"Status":false,"Details":"No response received, either no VPN device is active or there are connectivity issues"},"IntelNic":{"Name":null,"Status":false,"Details":null}} 3909 132

Example of a station in version 1.11.1:
NodeID Version ProvisioningMode ProvisioningState HostMac DedicatedMac PlatformID TlsEnabled MeshUser AdminUser SuperUser MonitorUser AuditorUser LastUpdated ExtraInfo FwBuildNumber AmtControlMode
0x60C09682324F84963488A4D4DF0CB4442A6BB75AA58F7F5A51A0BA2C746702D6 v11.8.86 1 2 0x000000000000 0x000000000000 0x00000000000000000000000000000000 1 0 1 1 1 1 2023-09-29 11:13:06.803 {"LastUpdated":"2023-09-29T11:12:46.8080478Z","HECIDriver":{"Name":"[\"Intel(R) Management Engine Interface #1\"]","Status":true,"Details":"OK"},"CorporateDNS":{"Name":"[\"MAC: FC:3F:DB:11:04:D1 Domain: plzen-edu.cz DHCP Enabled: Yes\"]","Status":true,"Details":"[{\"Description\":\"Intel(R) Ethernet Connection (2) I219-LM\",\"DHCPEnabled\":\"True\",\"DNSDomain\":\"plzen-edu.cz\",\"IPAddress\":\"\",\"MACAddress\":\"FC:3F:DB:11:04:D1\"}]"},"CorporateVPN":{"Name":null,"Status":false,"Details":"No response received, either no VPN device is active or there are connectivity issues"},"IntelNic":{"Name":null,"Status":false,"Details":null}} 3909 132

It corresponds to the behavior that all functions is work, but only the status is displayed incorrectly. Some idea?

I still think the simple solution is gradually upgrade with small differences in versions.

A have a database backup.

Regards
George71

MIGUEL_C_Intel · ‎10-11-2023

Hello, George71,

Thank you for your reply.

According to your comments, the endpoints showed up in the EMA database>table dbo.IntelAMT> column Provisioning State with number 2.

Meaning, it is possible to see the hardware manageability of the endpoints and the remote access is working.

I am sending a private email to set up the web meeting.

Regards,

Miguel C.

Intel Customer Support Technician

MIGUEL_C_Intel · ‎12-18-2023

Hello, George71,

We are glad to know the 802.1x Certificate issue was fixed.

Thank you for using Intel products and our support services.

Regards,

Miguel C.

Intel Customer Support Technician