Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2849 Discussions

W480 AMT accessible via MEBx but isn't reachable via IP and n/a in Windows

GenuineJakob
New Contributor II
2,356 Views

Dear Intel,

I have a Gigabyte motherboard with a W480 chipset with AMT was configured and was working properly. At some point this changed:

It can be accessed via Ctrl+P and it changes for example the Hostname. These change are locally visible on the machine, but the network access doesn't work. On both LAN ports, the I219 and I225 the machine cannot be reached on port 16992 and 16993.

Every information related to ME is not available in the official "Intel Management and Security Status" tool. However, it is possible to access and see changes made in the ME from Windows through meshcmd. Also, the Intel CSME tool gets the current ME firmware version.

Unfortunately, the Gigabyte support was far from helpful. Maybe someone here at Intel knows if my AMT chip is busted or if I can reset it somehow.

What I have tried so far:

  • Reinstalled Windows
  • Reflashed the BIOS of the motherboard
  • Removed the CMOS battery to clear BIOS and AMT settings
  • Reflashed ME 14.1.67.2046 firmware

 

Kind regards,

Jakob

 

.nfo since you can't upload XML.txt anymore

 

 

<?xml version="1.0" encoding="utf-8"?>
<MsInfo>
  <Metadata>
    <Version>1.0</Version>
    <CreationUTC>
    </CreationUTC>
  </Metadata>
  <Category name="Intel(R) ME - System Report">
    <Data>
      <Item>Intel manageability system information</Item>
      <Value>Generated by IMSS at 4/22/2023 6:36 PM</Value>
    </Data>
    <Category name="Host Information">
      <Data>
        <Item>Operating System Name</Item>
        <Value>Microsoft Windows 11 Pro</Value>
      </Data>
      <Data>
        <Item>Operating System Version</Item>
        <Value>10.0.22621 Build 22621</Value>
      </Data>
      <Data>
        <Item>System Manufacturer</Item>
        <Value>Gigabyte Technology Co., Ltd.</Value>
      </Data>
      <Data>
        <Item>System Name</Item>
        <Value>JAKOBS-PC</Value>
      </Data>
      <Data>
        <Item>System Model</Item>
        <Value>W480 VISION D</Value>
      </Data>
      <Data>
        <Item>Processor</Item>
        <Value>Intel(R) Core(TM) i9-10900K CPU @ 3.70GHz, 3,70 GHz, 10 Core(s), 20 Logical Processor(s)</Value>
      </Data>
      <Data>
        <Item>BIOS Version</Item>
        <Value>American Megatrends Inc. F22a</Value>
      </Data>
      <Data>
        <Item>LAN DeviceID</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>LAN Driver</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>WLAN DeviceID</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>WLAN Driver</Item>
        <Value>NA</Value>
      </Data>
    </Category>
    <Category name="Intel(R) ME Information">
      <Data>
        <Item>ME Control Mode</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>Provisioning Mode</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>BIOS boot</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>Last ME reset reason</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>System UUID</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>Local FWUpdate</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>Power Policy</Item>
        <Value>NA</Value>
      </Data>
      <Data>
        <Item>Cryptography Support</Item>
        <Value>NA</Value>
      </Data>
      <Category name="FW Capabilities">
        <Data>
          <Item>Intel(R) Capability Licensing Service</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>Intel(R) Dynamic Application Loader</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>Intel(R) Protected Audio Video Path</Item>
          <Value>NA</Value>
        </Data>
      </Category>
      <Category name="Components Information">
        <Data>
          <Item>MEBx Version</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>FW Version</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>LMS Version</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>MEI Driver Version</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>MEI DeviceID</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>SOL Driver Version</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>SOL DeviceID</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>PMC Version</Item>
          <Value>NA</Value>
        </Data>
      </Category>
      <Category name="Network information">
        <Data>
          <Item>LAN MAC Address</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>LAN Configuration state</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>LAN Link Status</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>LAN IPv4 Address</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>LAN IPv6 Enablement</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>WLAN MAC Address</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>WLAN Configuration state</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>WLAN Link Status</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>WLAN IPv4 Address</Item>
          <Value>NA</Value>
        </Data>
        <Data>
          <Item>WLAN IPv6 Enablement</Item>
          <Value>NA</Value>
        </Data>
      </Category>
    </Category>
  </Category>
</MsInfo>

 

 

 

0 Kudos
1 Solution
Victor_G_Intel
Employee
1,994 Views

Hello GenuineJakob,

 

Thank you for your patience.


To continue with our investigation can you please confirm if the affected system has a vPro sticker on it? Also would you mind checking your BIOS to see if the ME is disabled?

 

We are going to need you to run our Intel® EMA configuration tool and send us the log.


https://www.intel.com/content/www/us/en/download/19805/30485/intel-endpoint-management-assistant-configuration-tool-intel-ema-configuration-tool.html


Installation:


Double-click the .msi file and follow the prompts.

 

Run:


a- Open a command prompt as administrator.

b- Navigate to the installation folder (default C:\Program Files (x86)\Intel\EMAConfigTool).

c- Run the command: EMAConfigTool.exe -filename XXXX --verbose


Additionally, based on our investigation you need to use i219 ethernet adapter instead of the i225. The i225 according to our records doesn't support vPro.


Lastly, make sure when testing ports 16992 and 16993 that it is on the host using the localhost interface. This will circumvent any possible NIC issues.

 

Best regards,

 

Victor G.

Intel Technical Support Technician


View solution in original post

0 Kudos
13 Replies
Victor_G_Intel
Employee
2,290 Views

Hello GenuineJakob,

 

Thank you for posting on the Intel® communities.


To further assist can you please provide the following:


  1. What tool are you using for remote connection?
  2. You mentioned your system was working fine, can you share with us any changes done to the system before the issue occurred?
  3. Please share with us the steps you followed to configure AMT.


Just so you know, we don’t provide ways to reset AMT, that should be seen with the manufacturer of your board.

 

Best regards,

 

Victor G.

Intel Technical Support Technician


0 Kudos
GenuineJakob
New Contributor II
2,272 Views

Hi Victor,

 

What tool are you using for remote connection?

I use MeshCentral, this shouldn't be the issue because the machine isn't reachable on its self hosted WebGUI. There is no response on port 16992 and 16993.

 


You mentioned your system was working fine, can you share with us any changes done to the system before the issue occurred?


 

Unfortunately, I didn't recognise it directly and therefore didn't know what caused the issue.

 

Please share with us the steps you followed to configure AMT
  1.  Unplugged the CMOS battery to reset all settings
  2. Ctrl+P to access MEBx
  3. Changed password
  4. Set a Hostname (shouldn't be required)
  5. Activated Network Access

 

0 Kudos
Victor_G_Intel
Employee
2,265 Views

Hello GenuineJakob,

 

Thank you for your response.

 

Please let me review this information internally, and kindly wait for an update.

 

Once we have more information to share, we will post it on this thread.

 

Regards,

 

Victor G.

Intel Technical Support Technician 


0 Kudos
Victor_G_Intel
Employee
2,252 Views

Hello GenuineJakob,

 

Thank you for your patience.


To continue with our investigation, please respond the following questions:


  1. Is the affected computer inside your network or in a different one?
  2. Are you using a VPN while trying to access this system?

 

Best regards,

 

Victor G.

Intel Technical Support Technician


0 Kudos
Victor_G_Intel
Employee
2,214 Views

Hello GenuineJakob,


Were you able to check the previous post?  


Please let me know if you need further assistance.  

 

Regards,


Victor G. 

Intel Technical Support Technician  


0 Kudos
GenuineJakob
New Contributor II
2,211 Views

Hi,

yes the AMT computer is in my own network.

There is no VPN involved, I am trying to access the AMT machine from the same network.

 

I already tried moving the AMT machine and client to another location and therefore a different network, same issue as before.

 

Kind regards,

jakob

0 Kudos
Victor_G_Intel
Employee
2,192 Views

Hello GenuineJakob,

 

Thank you for posting on the Intel® communities.

 

Please let me review this information internally, and kindly wait for an update.

 

Once we have more information to share, we will post it on this thread.

 

Regards,

 

Victor G.

Intel Technical Support Technician 


0 Kudos
Victor_G_Intel
Employee
2,186 Views

Hello GenuineJakob,

 

Thank you so much for your response.


We were looking into your motherboard details, and we noticed that they have newer versions than the one you currently have. Can you try to update the BIOS?


Additionally, please make sure you are running the latest ME driver (this should be provided by your motherboard’s OEM).


Also, do you have other systems that can be reached with the 16992 and 16993 ports? If yes, would you be able to share some pictures of the working system and the nonworking system?

 

Best regards,

 

Victor G.

Intel Technical Support Technician


0 Kudos
GenuineJakob
New Contributor II
2,155 Views

Hi, 

 

I updated the BIOS but this didn't help.

Windows automatically installs newer ME drivers than what the OEM provides:

ME driver.png

 

Going through the same procedure (CMOS reset, Ctrl+P, change password, activate Network Access) with an Intel NUC:

 

jakobmueller@Jakobs-MacBook-Pro ~ % nmap -Pn -p 623,664,5900,9971,16992-16995 192.168.1.157

Starting Nmap 7.94 ( https://nmap.org ) at 2023-06-07 14:47 CEST
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 0 undergoing Host Discovery
Parallel DNS resolution of 1 host. Timing: About 0.00% done
Nmap scan report for 192.168.1.157
Host is up (0.16s latency).

PORT      STATE    SERVICE
623/tcp   open     oob-ws-http
664/tcp   filtered secure-aux-bus
5900/tcp  filtered vnc
9971/tcp  filtered unknown
16992/tcp open     amt-soap-http
16993/tcp filtered amt-soap-https
16994/tcp filtered amt-redir-tcp
16995/tcp filtered amt-redir-tls

Nmap done: 1 IP address (1 host up) scanned in 4.99 seconds

 

The NUC is reachable and configurable on its hosted web interface

NUC is reachable.png

When I do the same on my W480 motherboard all ports are "filtered" and it isn't reachable. Do you have any tools that I can run in Windows that can diagnose troubles in the local AMT chip?

 

0 Kudos
Victor_G_Intel
Employee
2,124 Views

Hello GenuineJakob,

 

Thank you for your response.

 

Please allow us some time to investigate this further and kindly wait for our response. Once we have more information to share, we will post it on this thread.

 

Regards,

 

Victor G.

Intel Technical Support Technician


0 Kudos
Victor_G_Intel
Employee
1,995 Views

Hello GenuineJakob,

 

Thank you for your patience.


To continue with our investigation can you please confirm if the affected system has a vPro sticker on it? Also would you mind checking your BIOS to see if the ME is disabled?

 

We are going to need you to run our Intel® EMA configuration tool and send us the log.


https://www.intel.com/content/www/us/en/download/19805/30485/intel-endpoint-management-assistant-configuration-tool-intel-ema-configuration-tool.html


Installation:


Double-click the .msi file and follow the prompts.

 

Run:


a- Open a command prompt as administrator.

b- Navigate to the installation folder (default C:\Program Files (x86)\Intel\EMAConfigTool).

c- Run the command: EMAConfigTool.exe -filename XXXX --verbose


Additionally, based on our investigation you need to use i219 ethernet adapter instead of the i225. The i225 according to our records doesn't support vPro.


Lastly, make sure when testing ports 16992 and 16993 that it is on the host using the localhost interface. This will circumvent any possible NIC issues.

 

Best regards,

 

Victor G.

Intel Technical Support Technician


0 Kudos
Victor_G_Intel
Employee
1,907 Views

Hello GenuineJakob,


Were you able to check the previous message we sent?  


Please let us know if you need further assistance.  

 

Regards,


Victor G. 

Intel Technical Support Technician  


GenuineJakob
New Contributor II
1,882 Views

Hi Victor,

 

I ran the EMA config tool and it errored with a System.NullReferenceException.

NullReferenceException.png

 

I cleared CMOS, changed password, activated Network Access again, but this time I only plugged in a network cable to the i219-LM.

Thanks to this lead, I finally restored the AMT web interface. Although it seems kind of strange that the i225-LM doesn't work and even "crashes" the AMT chip in way that it cannot be accessed from the correct NIC.

AMT is back.png

 

"Lastly, make sure when testing ports 16992 and 16993 that it is on the host using the localhost interface. This will circumvent any possible NIC issues." 

This should not work, as far as I know AMT isn't reachable from the local machine.

 

Thank you so much for your patient help, I am glad this functionality has been restored!

 

Kind regards,

Jakob

0 Kudos
Reply