Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2949 Discussions

CIRA. Connection Status: Outside versus Disconnect

VeeDub
New Contributor I
‎11-06-2024 06:47 PM
1,219 Views

Hello,

I'm using MeshCentral to manage AMT endpoints.

I have a number of endpoints that are connecting fine.

However, I have some endpoints that appear to make an initial connection to MeshCentral, but don't continue the connection.

From an AMT standpoint here is an endpoint that is working versus an endpoint that is not.

Working

C:\ZEN\MeshCentral>meshcmd amtinfo
Intel AMT v16.1.30, activated in Admin Control Mode (ACM).
Wired Enabled, DHCP, CC:96:E5:37:4A:7F
DNS suffix: alleanza.local
Connection Status: Outside, CIRA: Connected to mc1.zen.net.au, Periodic.

 

Not working

C:\ZEN\MeshCentral\ZEN>meshcmd amtconfig --url wss://mc1.zen.net.au/apf.ashx --id --serverhttpshash
(I have hidden some of the info in case it is sensitive)
Setting up MEI...
Starting Intel AMT configuration...
Started APF tunnel...
Checking Intel AMT state...
Intel AMT connected.
Performing Commit...
Enabled TLS, holding 10 seconds...
Intel AMT connected.
Added server root certificate.
Created new MPS server.
Created new MPS policy.
Environment detection set.
Enabled redirection features.
Enabled KVM.
Fetching hardware inventory.
Done.

C:\ZEN\MeshCentral\ZEN>meshcmd amtinfo
Intel AMT v12.0.94, activated in Admin Control Mode (ACM).
Wired Enabled, Static, E4:54:E8:92:A7:FB, 10.254.242.100
Connection Status: Direct, CIRA: Disconnected.

 

I'm looking for some information about Connection Status. Outside versus Direct.

 

Can you provide an explanation or refer me to some documentation where I can learn about the differences?

Thank you.

0 Kudos

Link Copied

16 Replies
Suneesh
Employee
‎11-07-2024 04:30 PM
1,146 Views

Hello VeeDub,


Good day.


Thank you for sharing the initial details. Before we proceed, could you please provide the following information:


  • Are the working and non-working endpoints within the domain or are they out-of-band.
  • Could you also share details of these endpoints. You may retrieve this information from the ECT logs of both the working and non-working endpoints. And share us the ECT logs.


Intel® EMA Configuration Tool (ECT) Logs:


-Download the tool from the following link: Intel® EMA Configuration Tool

-Installation:

  • Download and unzip the tool.
  • Double-click the .msi file and follow the installation prompts.

-Run the Tool:

a. Open a command prompt as an administrator (or use Windows PowerShell*).

b. Navigate to the installation folder (default: C:\Program Files (x86)\Intel\EMAConfigTool).

c. Run the following command:

EMAConfigTool.exe --verbose


Looking forward to your response.


Regards,

Suneesh_Intel


0 Kudos
Copy link
VeeDub
New Contributor I
‎11-07-2024 04:45 PM
800 Views

Hello Suneesh,

Are the working and non-working endpoints within the domain or are they out-of-band?

I don't understand this question. You may need to provide additional information.

The endpoints are at different physical locations.

However all PC's are part of Windows Active Directory domains (but they're different AD domains).

 

This is from the Endpoint that is NOT connecting via CIRA.

C:\Program Files (x86)\Intel\EMAConfigTool>EMAConfigTool.exe --verbose

Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 8/11/2024 11:38:25 AM

*** Host Computer Information ***
Computer Name: BBOX4
Manufacturer: Dell Inc.
Model: OptiPlex 7070
Processor: Intel(R) Core(TM) i5-9500 CPU @ 3.00GHz
Windows Version: Microsoft Windows Server 2019 Datacenter
BIOS Version: 1.28.0
UUID: 4C4C4544-004D-4810-8030-B8C04F523133

*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 12.0.94.2380
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False

*** ME Information ***
Version: 12.0.94.2380
SKU: Intel(R) Full AMT Manageability
State: Provisioned
Control Mode: Admin
Driver Installed: True
Driver Version: 2336.5.2.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2336.5.2.0
MicroLMS State: NotPresent
EHBC Enabled: False

*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: True
HW Crypto Enabled: True
Current Provisioning state: POST_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: True
RSE Enabled: False

*** Power Management Capabilities ***
Supported Power States:
5: PowerCycle_Off_Soft
8: Off_Soft
2: On
10: Master_Bus_Reset
11: NMI
4: SleepDeep
12: Off_Soft_Graceful
14: MasterBusReset_Graceful
Power Change Capabilities:
2: On
3: SleepLight
4: SleepDeep
7: Hibernate
8: Off_Soft

*** CIRA Information ***
CIRA Server: Not Found
CIRA Connection Status: NOT_CONNECTED
CIRA Connection Trigger: USER_INITIATED

*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 10.254.242.100
MAC Address: E4:54:E8:92:A7:FB
DHCP Enabled: False
DHCP Mode: Unknown
DNS Suffix (from OS): Not Found

*** ME Wireless Network Information ***
ME Wireless Interface Not Detected

*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA - G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA - G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: Cybertrust Global Root, SHA256, 96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA - G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign NP RSA CA 2018, SHA256, 67:54:0A:47:AA:5B:9F:34:57:0A:99:72:3C:FE:FA:96:A9:6E:E3:F0:D9:B8:BF:4D:EF:94:40:B8:06:5D:66:5D, Active, Default;
Root Cert 20: GlobalSign NP ECC CA 2018, SHA256, 72:24:39:52:22:CD:58:8C:4F:26:83:71:69:22:AD:DB:41:E3:9B:58:1A:C3:4F:A8:7B:39:EF:A8:96:FB:B3:9E, Active, Default;
Root Cert 21: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 22: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 23: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

Pausing before ending process in 3 sec. The duration of this pause can be adjusted using the --delayterm option.

C:\Program Files (x86)\Intel\EMAConfigTool>

 

The "working" endpoints are currently in use and I will provide the diagnostics later when I can access the system.

Thank you.

Vaughan

0 Kudos
Copy link
VeeDub
New Contributor I
‎11-07-2024 06:44 PM
800 Views

Here is the information from a "working" endpoint.

C:\ZEN\MeshCentral\Newcastle>meshcmd amtinfo
Intel AMT v12.0.95, activated in Admin Control Mode (ACM).
Wired Enabled, DHCP, 00:4E:01:A9:2E:75
Connection Status: Outside, CIRA: Connected to mc1.zen.net.au, Periodic.

The key is that the Connection Status for a working endpoint is always: 'Outside'

And a broken endpoint is always: 'Direct'.

 

C:\Program Files (x86)\Intel\EMAConfigTool>EMAConfigTool.exe --verbose

Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 8/11/2024 1:43:55 PM

*** Host Computer Information ***
Computer Name: HOTDESK2
Manufacturer: Dell Inc.
Model: Precision 3630 Tower
Processor: Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz
Windows Version: Microsoft Windows 10 Pro
BIOS Version: 2.30.0
UUID: 4C4C4544-0056-5710-8046-C6C04F525A32

*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 12.0.95.2489
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False

*** ME Information ***
Version: 12.0.95.2489
SKU: Intel(R) Full AMT Manageability
State: Provisioned
Control Mode: Admin
Driver Installed: True
Driver Version: 2406.5.5.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2406.5.5.0
MicroLMS State: NotPresent
EHBC Enabled: False

*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: True
HW Crypto Enabled: True
Current Provisioning state: POST_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: True
RSE Enabled: False

*** Power Management Capabilities ***
Supported Power States:
5: PowerCycle_Off_Soft
8: Off_Soft
2: On
10: Master_Bus_Reset
11: NMI
4: SleepDeep
7: Hibernate
12: Off_Soft_Graceful
14: MasterBusReset_Graceful
Power Change Capabilities:
2: On
3: SleepLight
4: SleepDeep
7: Hibernate
8: Off_Soft

*** CIRA Information ***
CIRA Server: mc1.zen.net.au
CIRA Connection Status: CONNECTED
CIRA Connection Trigger: TRIGGER_PERIODIC

*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 0.0.0.0
MAC Address: 00:4E:01:A9:2E:75
DHCP Enabled: True
DHCP Mode: Passive
DNS Suffix (from OS): Not Found

*** ME Wireless Network Information ***
ME Wireless Interface Not Detected

*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA - G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA - G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: Cybertrust Global Root, SHA256, 96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA - G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign NP RSA CA 2018, SHA256, 67:54:0A:47:AA:5B:9F:34:57:0A:99:72:3C:FE:FA:96:A9:6E:E3:F0:D9:B8:BF:4D:EF:94:40:B8:06:5D:66:5D, Active, Default;
Root Cert 20: GlobalSign NP ECC CA 2018, SHA256, 72:24:39:52:22:CD:58:8C:4F:26:83:71:69:22:AD:DB:41:E3:9B:58:1A:C3:4F:A8:7B:39:EF:A8:96:FB:B3:9E, Active, Default;
Root Cert 21: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 22: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 23: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

Pausing before ending process in 3 sec. The duration of this pause can be adjusted using the --delayterm option.

C:\Program Files (x86)\Intel\EMAConfigTool>

 

0 Kudos
Copy link
VeeDub
New Contributor I
‎11-07-2024 06:49 PM
1,136 Views

Hello,

I have posted two replies and neither of them are showing?

0 Kudos
Copy link
VeeDub
New Contributor I
‎11-07-2024 08:26 PM
800 Views

Hello,

I am going to try again.

Here is the meshcmd information from a "working" endpoint.

C:\ZEN\MeshCentral\Newcastle>meshcmd amtinfo
Intel AMT v12.0.95, activated in Admin Control Mode (ACM).
Wired Enabled, DHCP, 00:4E:01:A9:2E:75
Connection Status: Outside, CIRA: Connected to mc1.zen.net.au, Periodic.

The key is that the Connection Status for a working endpoint is always: 'Outside'

And a broken endpoint is always: 'Direct'.

Here is the EMAConfigTool information.

C:\Program Files (x86)\Intel\EMAConfigTool>EMAConfigTool.exe --verbose

Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 8/11/2024 2:01:16 PM

*** Host Computer Information ***
Computer Name: HOTDESK2
Manufacturer: Dell Inc.
Model: Precision 3630 Tower
Processor: Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz
Windows Version: Microsoft Windows 10 Pro
BIOS Version: 2.30.0
UUID: 4C4C4544-0056-5710-8046-C6C04F525A32

*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 12.0.95.2489
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False

*** ME Information ***
Version: 12.0.95.2489
SKU: Intel(R) Full AMT Manageability
State: Provisioned
Control Mode: Admin
Driver Installed: True
Driver Version: 2406.5.5.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2406.5.5.0
MicroLMS State: NotPresent
EHBC Enabled: False

*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: True
HW Crypto Enabled: True
Current Provisioning state: POST_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: True
RSE Enabled: False

*** Power Management Capabilities ***
Supported Power States:
   5: PowerCycle_Off_Soft
   8: Off_Soft
   2: On
   10: Master_Bus_Reset
   11: NMI
   4: SleepDeep
   7: Hibernate
   12: Off_Soft_Graceful
   14: MasterBusReset_Graceful
Power Change Capabilities:
   2: On
   3: SleepLight
   4: SleepDeep
   7: Hibernate
   8: Off_Soft

*** CIRA Information ***
CIRA Server: mc1.zen.net.au
CIRA Connection Status: CONNECTED
CIRA Connection Trigger: TRIGGER_PERIODIC

*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 0.0.0.0
MAC Address: 00:4E:01:A9:2E:75
DHCP Enabled: True
DHCP Mode: Passive
DNS Suffix (from OS): Not Found

*** ME Wireless Network Information ***
ME Wireless Interface Not Detected

*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA - G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA - G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: Cybertrust Global Root, SHA256, 96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA - G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign NP RSA CA 2018, SHA256, 67:54:0A:47:AA:5B:9F:34:57:0A:99:72:3C:FE:FA:96:A9:6E:E3:F0:D9:B8:BF:4D:EF:94:40:B8:06:5D:66:5D, Active, Default;
Root Cert 20: GlobalSign NP ECC CA 2018, SHA256, 72:24:39:52:22:CD:58:8C:4F:26:83:71:69:22:AD:DB:41:E3:9B:58:1A:C3:4F:A8:7B:39:EF:A8:96:FB:B3:9E, Active, Default;
Root Cert 21: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 22: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 23: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

Pausing before ending process in 3 sec.  The duration of this pause can be adjusted using the --delayterm option.

C:\Program Files (x86)\Intel\EMAConfigTool>

 

0 Kudos
Copy link
VeeDub
New Contributor I
‎11-07-2024 08:28 PM
800 Views

Here is the EMAConfigTool info from a broken endpoint

C:\Program Files (x86)\Intel\EMAConfigTool>EMAConfigTool.exe --verbose

Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 8/11/2024 11:38:25 AM

*** Host Computer Information ***
Computer Name: BBOX4
Manufacturer: Dell Inc.
Model: OptiPlex 7070
Processor: Intel(R) Core(TM) i5-9500 CPU @ 3.00GHz
Windows Version: Microsoft Windows Server 2019 Datacenter
BIOS Version: 1.28.0
UUID: 4C4C4544-004D-4810-8030-B8C04F523133

*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 12.0.94.2380
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False

*** ME Information ***
Version: 12.0.94.2380
SKU: Intel(R) Full AMT Manageability
State: Provisioned
Control Mode: Admin
Driver Installed: True
Driver Version: 2336.5.2.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2336.5.2.0
MicroLMS State: NotPresent
EHBC Enabled: False

*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: True
HW Crypto Enabled: True
Current Provisioning state: POST_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: True
RSE Enabled: False

*** Power Management Capabilities ***
Supported Power States:
   5: PowerCycle_Off_Soft
   8: Off_Soft
   2: On
   10: Master_Bus_Reset
   11: NMI
   4: SleepDeep
   12: Off_Soft_Graceful
   14: MasterBusReset_Graceful
Power Change Capabilities:
   2: On
   3: SleepLight
   4: SleepDeep
   7: Hibernate
   8: Off_Soft

*** CIRA Information ***
CIRA Server: Not Found
CIRA Connection Status: NOT_CONNECTED
CIRA Connection Trigger: USER_INITIATED

*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 10.254.242.100
MAC Address: E4:54:E8:92:A7:FB
DHCP Enabled: False
DHCP Mode: Unknown
DNS Suffix (from OS): Not Found

*** ME Wireless Network Information ***
ME Wireless Interface Not Detected

*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA - G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA - G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: Cybertrust Global Root, SHA256, 96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA - G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign NP RSA CA 2018, SHA256, 67:54:0A:47:AA:5B:9F:34:57:0A:99:72:3C:FE:FA:96:A9:6E:E3:F0:D9:B8:BF:4D:EF:94:40:B8:06:5D:66:5D, Active, Default;
Root Cert 20: GlobalSign NP ECC CA 2018, SHA256, 72:24:39:52:22:CD:58:8C:4F:26:83:71:69:22:AD:DB:41:E3:9B:58:1A:C3:4F:A8:7B:39:EF:A8:96:FB:B3:9E, Active, Default;
Root Cert 21: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 22: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 23: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

Pausing before ending process in 3 sec.  The duration of this pause can be adjusted using the --delayterm option.

C:\Program Files (x86)\Intel\EMAConfigTool>
0 Kudos
Copy link
VeeDub
New Contributor I
‎11-07-2024 08:30 PM
1,117 Views

You also asked this question:

  • Are the working and non-working endpoints within the domain or are they out-of-band.

 

I'm not sure exactly what you're asking here.

Both computers are in Windows Active Directory domains.

The computers are at different sites, so the PC's are in different AD domains.

0 Kudos
Copy link
VeeDub
New Contributor I
‎11-07-2024 08:40 PM
1,115 Views

There is a problem with my replies that contain info from diagnostic tools.

I'm trying again.

This is info from an AMT endpoint that is connected.

Preview file
7 KB
0 Kudos
Copy link
VeeDub
New Contributor I
‎11-07-2024 08:43 PM
1,114 Views

Broken Endpoint / Not connected.

Preview file
6 KB
0 Kudos
Copy link
Suneesh
Employee
‎11-08-2024 03:56 PM
1,066 Views

Hello VeeDub,


Good day.


Thank you for sharing the details.


Please run the following commands from the non-working endpoint and share us the output.


 - Open a PowerShell window as an administrator and verify the status for ports 16992, and 16993, and 443.

 - Run the command: `Test-NetConnection -ComputerName <FQDN> -port 16xx`

 - Run the command: `Test-NetConnection -ComputerName <FQDN> -port 443


Regards,

Suneesh



0 Kudos
Copy link
VeeDub
New Contributor I
‎11-08-2024 04:04 PM
1,065 Views
In response to Suneesh

Output

PS C:\Windows\System32\WindowsPowerShell\v1.0> test-netconnection -computername bbox4.cyberx1.local -port 16992


ComputerName : bbox4.cyberx1.local
RemoteAddress : fe80::1bb9:ca5:8813:2bad%6
RemotePort : 16992
InterfaceAlias : Ethernet 4
SourceAddress : fe80::1bb9:ca5:8813:2bad%6
TcpTestSucceeded : True

 

PS C:\Windows\System32\WindowsPowerShell\v1.0> test-netconnection -computername bbox4.cyberx1.local -port 16993


ComputerName : bbox4.cyberx1.local
RemoteAddress : fe80::1bb9:ca5:8813:2bad%6
RemotePort : 16993
InterfaceAlias : Ethernet 4
SourceAddress : fe80::1bb9:ca5:8813:2bad%6
TcpTestSucceeded : True

 

PS C:\Windows\System32\WindowsPowerShell\v1.0> test-netconnection -computername bbox4.cyberx1.local -port 443
WARNING: TCP connect to (fe80::1bb9:ca5:8813:2bad%6 : 443) failed
WARNING: TCP connect to (10.254.242.100 : 443) failed


ComputerName : bbox4.cyberx1.local
RemoteAddress : fe80::1bb9:ca5:8813:2bad%6
RemotePort : 443
InterfaceAlias : Ethernet 4
SourceAddress : fe80::1bb9:ca5:8813:2bad%6
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False

 

PS C:\Windows\System32\WindowsPowerShell\v1.0>

In response to Suneesh
0 Kudos
Copy link
Suneesh
Employee
‎11-08-2024 04:51 PM
1,057 Views

Hello VeeDub,


Good day.


Thank you for sharing the details.


To clarify, CIRA is a software part on the EMA server side, and is activated while 

installing the EMA software

According to the ECT logs, we see that the OS of the non-working endpoint shows windows server 2019 which is the server OS, and for the endpoint, the OS should be either windows 10 or windows 11. 

 

And we also see that the CIRA server has been disconnected where the endpoint is trying to see the EMA server but unable to reach or connect. 

 

Hence please install windows 10 or 11 on the non-working endpoint according to the prerequisite and also follow the trouble shooting steps given below:

 

1)Check the network configuration (firewalls, routing, DNS).

2)Verify the endpoint configuration in both EMA and CIRA server.

3)Test connectivity using tools like ping, telnet to confirm that the servers can reach each other on the required ports.

 

Kindly share your observation once done.

 

Thanks & Regards

Suneesh_Intel


0 Kudos
Copy link
VeeDub
New Contributor I
‎11-09-2024 03:36 PM
967 Views
In response to Suneesh

Hello Sunnesh,

 

W11 Pro has the same behaviour.

 

With Admin Control Mode, can you explain the difference between Connection Status:

Outside

versus Direct? 

In response to Suneesh
Preview file
8 KB
0 Kudos
Copy link
Suneesh
Employee
‎11-11-2024 05:14 PM
898 Views

Hello VeeDub,


Good day.


The Connection Status terms "Outside" and "Direct" are related to Mesh Central (a third-party tool) and not Intel AMT or EMA. Could you kindly share a screenshot of where you are seeing this message, so we can analyze it and assist you further.


Please note that Mesh Central is a third-party tool. You can find more information about it here: https://www.meshcommander.com/meshcentral2


Regards,

Suneesh_Intel


0 Kudos
Copy link
VeeDub
New Contributor I
‎11-11-2024 05:20 PM
896 Views
In response to Suneesh

Hello Suneesh,

 

There are details in the attachment W11_Pro.txt

In response to Suneesh
0 Kudos
Copy link
Suneesh
Employee
‎11-12-2024 03:09 PM
836 Views

Hello VeeDub,


Good day.


Thank you for sharing the logs.


From the logs provided:


C:\ZEN\MeshCentral\ZEN>meshcmd amtinfo

Intel AMT v12.0.94, activated in Admin Control Mode (ACM).

Wired Enabled, Static, E4:54:E8:B5:80:95, 10.254.242.110

Connection Status: Direct, CIRA: Disconnected.


The "Connection Status: Direct" is reported by MeshCentral. Please note that MeshCentral is a third-party tool, and we recommend contacting their support team for further assistance with this issue. You can find additional information here: https://www.meshcommanderom/meshcentral2


If further assistance is necessary, do not hesitate to reply.


Best Regards,

Suneesh_Intel


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.