Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2955 Discussions

AD Groups Authentication not working

wosat666
Beginner
716 Views

Hello

i setup a Intel EMA server on prem on a Windows Server 2025

if i create a local user with web console i can log on

but if i create a AD group with distinguished name, and add a user to the group the logon is not possible

 

in the log file i found the information "C:\Program Files (x86)\Intel\Platform Manager\EMALogs\EmaWebApiLogs\Ema-Global\2024-12-12.log"

2024-12-12 17:11:05.3586 [ERROR], Message: Can not find a match between AD Groups in EMA database & Active Directory

 

how can i fix this?

 

 

 

0 Kudos
8 Replies
Suneesh
Employee
677 Views

Hello wosat666,


Good day,


Please share us the below given details:


SQL version 

Location of SQL and EMA server; (physical, virtual) 

Will they be on the same server machine? 

Authentication mode: Local, Azure AD, or Windows AD 

Intel® EMA software version: 


Regards,

Suneesh_intel


0 Kudos
wosat666
Beginner
665 Views

SQL version 

15.0.2000.5

 

Location of SQL and EMA server; (physical, virtual) 

all on the same server, virtual server

 

Will they be on the same server machine? 

yes

 

Authentication mode: Local, Azure AD, or Windows AD 

Windows AD

 

Intel® EMA software version: 

ema1.14.1.0

 

0 Kudos
wosat666
Beginner
663 Views

hello

now i try the role "endpoint group creator" and it works

i do not understand the for what is "endpoint group user"

 

thanks

 

0 Kudos
Suneesh
Employee
629 Views

Hello wosat666,


Good day,


Glad to hear the issue is resolved.


For further details on End point group user and creator.


Endpoint Group Creator: This role is specific to a particular tenant. It can perform endpoint management, as well as create new endpoint groups and manage Intel AMT Profiles. An Endpoint Group Creator can be a member of multiple user groups and can manage all groups to which they belong. Endpoint Group Creators cannot perform user management. However, they can see the list of all user groups and the list of all Endpoint Group Creators and Endpoint Group Users in that tenant (i.e., user roles in that tenant that are equal or lower in the user role hierarchy; they cannot see Account Managers, Tenant Administrators, or Global Administrators).


Endpoint Group User: This role is specific to a particular tenant, and can perform endpoint management only. Endpoint Group Users can be members of multiple user groups, but they cannot perform user management, and can only view their own user information. 


Please refer the link for more details on User Roles under section 1.2.2. https://www.intel.com/content/dam/support/us/en/documents/software/intel_ema_admin_and_usage_guide.pdf


Regards,

Suneesh_intel


0 Kudos
wosat666
Beginner
264 Views

sorry but today i have still the problem, that i can not login, if i use an account from the domain which is in a AD GROUP.

i have not changed anything in the IIS config

if i add user in the EMA web server under Users i can login

how can i troubleshoot this?

 

 

0 Kudos
Suneesh
Employee
551 Views

Hello wosat666,


Good day.


We are following up on this case. If further assistance is necessary, please do not hesitate to reply.


Regards,

Suneesh_intel


0 Kudos
Suneesh
Employee
519 Views

Hello wosat666,


Good day.


We are following up on this case. If further assistance is necessary, please do not hesitate to reply.


Regards,

Suneesh_intel


0 Kudos
wosat666
Beginner
231 Views

Hello Suneesh

 

after silvester

i try to login with an account in an AD group

but i have still no luck

 

i add some pics to show my config

can you please help me?

 

 

0 Kudos
Reply