Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander

EMA Setup Help

diggergraves
Beginner
814 Views

Looking for a little help. I got the EMA server set up, bought a certificate, and tried connecting a client to it, but no clients show up in the server.

When I unplug the internet cable on a client PC where the agent is installed, I see an error mentioning dns lookup failed and the fqdn of my ema server (see error below) but that doesn't make sense since I can successfully ping the fqdn from the client PC.

The firewall is also completely opened to the IP address where the client is located.

EMA version 1.14 is installed on a VM hosted on GCP. It's a Windows Server 2022 Version 21H2 (OS Build 20348.2849) and Microsoft® SQL Server® 2022 Express is installed on the same server. I know that's only recommended for POC, and that's basically what I'm trying to accomplish.

Any help or tips are greatly appreciated.

\Agent\MeshManageability\agent\core\meshcore.c:1413 EMA Server DNS lookup failed: ema.mydomain.com No such host is known. . Last error: 11001

0 Kudos
11 Replies
Arun_Intel1
Employee
760 Views

Hi diggergraves,


Greetings!


We see that there is an error which says that the DNS lookup failed, however the firewall has also been open to confirm the Ping of the FQDN is resolved,


Please find the plan of action given below and share your observation:


1) Check Network Connectivity:

  • Ensure that the endpoint has a stable internet connection.
  • Try to access other websites to confirm that the network is working properly.

2) Verify DNS Settings:

  • Check the DNS settings on the endpoint to ensure they are correctly configured.
  • You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).

3) Flush DNS Cache:

  • Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this.
  • On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns

4) Test DNS Resolution:

  • Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach.
  • For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>

5) Check DNS Server Status:

  • If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.


And if the issue still persists, please collect the ECT logs from the Endpoint (Laptop) on which you are getting this error and share with your observation.


Please find the steps to collect the ECT logs:


Intel® EMA Configuration Tool (ECT) Logs:

  1. Download the tool from the following link: Intel® EMA Configuration Tool
  2. Installation:
  • Download and unzip the tool.
  • Double-click the .msi file and follow the installation prompts.
  1. Run the Tool:
  2. a. Open a command prompt as an administrator (or use Windows PowerShell*).
  3. b. Navigate to the installation folder (default: C:\Program Files (x86)\Intel\EMAConfigTool).
  4. c. Run the following command:
  5. EMAConfigTool.exe --verbose


Best Regards

Arun_intel







0 Kudos
diggergraves
Beginner
755 Views

Thanks for the speed reply Arun. I'm going to work down the troubleshooting list and reply as soon as I can today.

0 Kudos
diggergraves
Beginner
635 Views

I worked through this list and added my comments under each bullet point or number. After each change I made, I ran EmaAgent on the endpoint as Admin and then clicked Install/Update and then looked on the EMA Server in Managed Endpoints to see if the endpoint would show up. When I note ‘No change’ below, it indicates that I did this process and still didn’t see the endpoint show up in the server.

 

1) Check Network Connectivity:

  • Ensure that the endpoint has a stable internet connection.
    • I used PacketStats.com to evaluate stability and it rated the connection as “Great” showing an average ping of 18.2.
  • Try to access other websites to confirm that the network is working properly.
    • CNN.com, Spam.com, and Intel.com all load fine.

2) Verify DNS Settings:

  • Check the DNS settings on the endpoint to ensure they are correctly configured.
    • DNS looks good. Points to the router.
  • You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
    • Done. I manually set my DNS servers to 1.1.1.1 and 8.8.8.8. No change.

3) Flush DNS Cache:

  • Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this. On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
    • DNS was flushed. No change.

4) Test DNS Resolution:

  • Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach. For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
    • Ping and nslookup work on my fqdn. Ping resolves to the server IP and gets an average of 60ms. Nslookup shows that Cloudflare can resolve the domain to the server IP.

5) Check DNS Server Status:

  • If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
    • Already switched from the router to Cloudflare and Google. Resolving the fqdn doesn’t seem to be the problem. I will say, however, that I cannot load https://my-fqdn.com in a browser tab. Not sure if that matters.

 

And if the issue still persists, please collect the ECT logs from the Endpoint (Laptop) on which you are getting this error and share with your observation.

 

PS C:\Program Files (x86)\Intel\EMAConfigTool> .\EMAConfigTool.exe --verbose

 

Intel EMA Configuration Tool

Application Version: 1.1.0.183

Scan Date: 12/13/2024 10:58:01 AM

 

*** Host Computer Information ***

Computer Name: 3TGVW54

Manufacturer: Dell Inc.

Model: Precision 3280 Compact

Processor: Intel(R) Core(TM) i7-14700

Windows Version: Microsoft Windows 10 Enterprise LTSC

BIOS Version: 1.8.0

UUID: 4C4C4544-0054-4710-8056-B3C04F573534

 

*** SMBIOS Information ***

AMT Supported: True

AMT Enabled: True

SMBIOS ME SKU: Intel(R) Full AMT Manageability

SMBIOS ME Version: 16.1.32.2418

KVM Supported: True

SOL Supported: True

USB-R supported in BIOS: True

RSE Supported: False

 

*** ME Information ***

Version: 16.1.32.2418

SKU: Intel(R) Full AMT Manageability

State: Not Provisioned

Control Mode: None

Driver Installed: True

Driver Version: 2406.5.5.0

PKI DNS Suffix: Not Found

LMS State: Running

LMS Version: 2406.5.5.0

MicroLMS State: NotPresent

EHBC Enabled: False

 

*** ME Capabilities ***

AMT in Enterprise Mode: True

TLS Enabled: False

HW Crypto Enabled: True

Current Provisioning state: PRE_PROVISIONING_STATE

NetworkInterface Enabled: True

SOL Enabled: True

IDER Enabled: True

FWUpdate Enabled: False

LinkIsUp state: True

KVM Enabled: False

RSE Enabled: False

 

*** Power Management Capabilities ***

Supported Power States:

   5: PowerCycle_Off_Soft

   8: Off_Soft

   2: On

   10: Master_Bus_Reset

   11: NMI

   7: Hibernate

   12: Off_Soft_Graceful

   14: MasterBusReset_Graceful

Power Change Capabilities:

   2: On

   3: SleepLight

   4: SleepDeep

   7: Hibernate

   8: Off_Soft

 

*** CIRA Information ***

CIRA Server: Not Found

CIRA Connection Status: NOT_CONNECTED

CIRA Connection Trigger: USER_INITIATED

 

*** ME Wired Network Information ***

Wired Interface Enabled: True

Link Status: Up

IP Address: 0.0.0.0

MAC Address: C0:47:0E:FA:22:1F

DHCP Enabled: True

DHCP Mode: Passive

DNS Suffix (from OS): localdomain

 

*** ME Wireless Network Information ***

ME Wireless Interface Not Detected

 

*** Root Certificate Hash Entries ***

Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;

Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;

Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;

Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;

Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;

Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;

Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;

Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;

Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;

Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;

Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;

Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;

Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;

Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;

Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;

Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;

Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;

Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;

Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;

Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;

Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

 

Pausing before ending process in 3 sec.  The duration of this pause can be adjusted using the --delayterm option.               

0 Kudos
diggergraves
Beginner
635 Views

I worked through this list and added my comments under each bullet point or number. After each change I made, I ran EmaAgent on the endpoint as Admin and then clicked Install/Update and then looked on the EMA Server in Managed Endpoints to see if the endpoint would show up. When I note ‘No change’ below, it indicates that I did this process and still didn’t see the endpoint show up in the server.

 

1) Check Network Connectivity:

  • Ensure that the endpoint has a stable internet connection.
    • I used PacketStats.com to evaluate stability and it rated the connection as “Great” showing an average ping of 18.2.
  • Try to access other websites to confirm that the network is working properly.
    • CNN.com, Spam.com, and Intel.com all load fine.

2) Verify DNS Settings:

  • Check the DNS settings on the endpoint to ensure they are correctly configured.
    • DNS looks good. Points to the router.
  • You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
    • Done. I manually set my DNS servers to 1.1.1.1 and 8.8.8.8. No change.

3) Flush DNS Cache:

  • Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this. On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
    • DNS was flushed. No change.

4) Test DNS Resolution:

  • Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach. For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
    • Ping and nslookup work on my fqdn. Ping resolves to the server IP and gets an average of 60ms. Nslookup shows that Cloudflare can resolve the domain to the server IP.

5) Check DNS Server Status:

  • If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
    • Already switched from the router to Cloudflare and Google. Resolving the fqdn doesn’t seem to be the problem. I will say, however, that I cannot load https://my-fqdn.com in a browser tab. Not sure if that matters.

 

And if the issue still persists, please collect the ECT logs from the Endpoint (Laptop) on which you are getting this error and share with your observation.

 

PS C:\Program Files (x86)\Intel\EMAConfigTool> .\EMAConfigTool.exe --verbose

 

Intel EMA Configuration Tool

Application Version: 1.1.0.183

Scan Date: 12/13/2024 10:58:01 AM

 

*** Host Computer Information ***

Computer Name: 3TGVW54

Manufacturer: Dell Inc.

Model: Precision 3280 Compact

Processor: Intel(R) Core(TM) i7-14700

Windows Version: Microsoft Windows 10 Enterprise LTSC

BIOS Version: 1.8.0

UUID: 4C4C4544-0054-4710-8056-B3C04F573534

 

*** SMBIOS Information ***

AMT Supported: True

AMT Enabled: True

SMBIOS ME SKU: Intel(R) Full AMT Manageability

SMBIOS ME Version: 16.1.32.2418

KVM Supported: True

SOL Supported: True

USB-R supported in BIOS: True

RSE Supported: False

 

*** ME Information ***

Version: 16.1.32.2418

SKU: Intel(R) Full AMT Manageability

State: Not Provisioned

Control Mode: None

Driver Installed: True

Driver Version: 2406.5.5.0

PKI DNS Suffix: Not Found

LMS State: Running

LMS Version: 2406.5.5.0

MicroLMS State: NotPresent

EHBC Enabled: False

 

*** ME Capabilities ***

AMT in Enterprise Mode: True

TLS Enabled: False

HW Crypto Enabled: True

Current Provisioning state: PRE_PROVISIONING_STATE

NetworkInterface Enabled: True

SOL Enabled: True

IDER Enabled: True

FWUpdate Enabled: False

LinkIsUp state: True

KVM Enabled: False

RSE Enabled: False

 

*** Power Management Capabilities ***

Supported Power States:

   5: PowerCycle_Off_Soft

   8: Off_Soft

   2: On

   10: Master_Bus_Reset

   11: NMI

   7: Hibernate

   12: Off_Soft_Graceful

   14: MasterBusReset_Graceful

Power Change Capabilities:

   2: On

   3: SleepLight

   4: SleepDeep

   7: Hibernate

   8: Off_Soft

 

*** CIRA Information ***

CIRA Server: Not Found

CIRA Connection Status: NOT_CONNECTED

CIRA Connection Trigger: USER_INITIATED

 

*** ME Wired Network Information ***

Wired Interface Enabled: True

Link Status: Up

IP Address: 0.0.0.0

MAC Address: C0:47:0E:FA:22:1F

DHCP Enabled: True

DHCP Mode: Passive

DNS Suffix (from OS): localdomain

 

*** ME Wireless Network Information ***

ME Wireless Interface Not Detected

 

*** Root Certificate Hash Entries ***

Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;

Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;

Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;

Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;

Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;

Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;

Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;

Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;

Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;

Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;

Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;

Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;

Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;

Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;

Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;

Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;

Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;

Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;

Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;

Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;

Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

 

Pausing before ending process in 3 sec.  The duration of this pause can be adjusted using the --delayterm option. 

0 Kudos
diggergraves
Beginner
635 Views

I worked through this list and added my comments under each bullet point or number. After each change I made, I ran EmaAgent on the endpoint as Admin and then clicked Install/Update and then looked on the EMA Server in Managed Endpoints to see if the endpoint would show up. When I note ‘No change’ below, it indicates that I did this process and still didn’t see the endpoint show up in the server.

 

1) Check Network Connectivity:

  • Ensure that the endpoint has a stable internet connection.
    • I used PacketStats.com to evaluate stability and it rated the connection as “Great” showing an average ping of 18.2.
  • Try to access other websites to confirm that the network is working properly.
    • CNN.com, Spam.com, and Intel.com all load fine.

2) Verify DNS Settings:

  • Check the DNS settings on the endpoint to ensure they are correctly configured.
    • DNS looks good. Points to the router.
  • You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
    • Done. I manually set my DNS servers to 1.1.1.1 and 8.8.8.8. No change.

3) Flush DNS Cache:

  • Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this. On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
    • DNS was flushed. No change.

4) Test DNS Resolution:

  • Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach. For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
    • Ping and nslookup work on my fqdn. Ping resolves to the server IP and gets an average of 60ms. Nslookup shows that Cloudflare can resolve the domain to the server IP.

5) Check DNS Server Status:

  • If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
    • Already switched from the router to Cloudflare and Google. Resolving the fqdn doesn’t seem to be the problem. I will say, however, that I cannot load my fqdn in a browser tab. Not sure if that matters.

 

And if the issue still persists, please collect the ECT logs from the Endpoint (Laptop) on which you are getting this error and share with your observation.

 

PS C:\Program Files (x86)\Intel\EMAConfigTool> .\EMAConfigTool.exe --verbose

 

Intel EMA Configuration Tool

Application Version: 1.1.0.183

Scan Date: 12/13/2024 10:58:01 AM

 

*** Host Computer Information ***

Computer Name: 3TGVW54

Manufacturer: Dell Inc.

Model: Precision 3280 Compact

Processor: Intel(R) Core(TM) i7-14700

Windows Version: Microsoft Windows 10 Enterprise LTSC

BIOS Version: 1.8.0

UUID: 4C4C4544-0054-4710-8056-B3C04F573534

 

*** SMBIOS Information ***

AMT Supported: True

AMT Enabled: True

SMBIOS ME SKU: Intel(R) Full AMT Manageability

SMBIOS ME Version: 16.1.32.2418

KVM Supported: True

SOL Supported: True

USB-R supported in BIOS: True

RSE Supported: False

 

*** ME Information ***

Version: 16.1.32.2418

SKU: Intel(R) Full AMT Manageability

State: Not Provisioned

Control Mode: None

Driver Installed: True

Driver Version: 2406.5.5.0

PKI DNS Suffix: Not Found

LMS State: Running

LMS Version: 2406.5.5.0

MicroLMS State: NotPresent

EHBC Enabled: False

 

*** ME Capabilities ***

AMT in Enterprise Mode: True

TLS Enabled: False

HW Crypto Enabled: True

Current Provisioning state: PRE_PROVISIONING_STATE

NetworkInterface Enabled: True

SOL Enabled: True

IDER Enabled: True

FWUpdate Enabled: False

LinkIsUp state: True

KVM Enabled: False

RSE Enabled: False

 

*** Power Management Capabilities ***

Supported Power States:

   5: PowerCycle_Off_Soft

   8: Off_Soft

   2: On

   10: Master_Bus_Reset

   11: NMI

   7: Hibernate

   12: Off_Soft_Graceful

   14: MasterBusReset_Graceful

Power Change Capabilities:

   2: On

   3: SleepLight

   4: SleepDeep

   7: Hibernate

   8: Off_Soft

 

*** CIRA Information ***

CIRA Server: Not Found

CIRA Connection Status: NOT_CONNECTED

CIRA Connection Trigger: USER_INITIATED

 

*** ME Wired Network Information ***

Wired Interface Enabled: True

Link Status: Up

IP Address: 0.0.0.0

MAC Address: C0:47:0E:FA:22:1F

DHCP Enabled: True

DHCP Mode: Passive

DNS Suffix (from OS): localdomain

 

*** ME Wireless Network Information ***

ME Wireless Interface Not Detected

 

*** Root Certificate Hash Entries ***

Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;

Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;

Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;

Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;

Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;

Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;

Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;

Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;

Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;

Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;

Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;

Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;

Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;

Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;

Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;

Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;

Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;

Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;

Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;

Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;

Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

 

Pausing before ending process in 3 sec.  The duration of this pause can be adjusted using the --delayterm option. 

0 Kudos
diggergraves
Beginner
729 Views

I worked through this list and added my comments under each bullet point or number. After each change I made, I ran EmaAgent on the endpoint as Admin and then clicked Install/Update and then looked on the EMA Server in Managed Endpoints to see if the endpoint would show up. When I note ‘No change’ below, it indicates that I did this process and still didn’t see the endpoint show up in the server.

 

1) Check Network Connectivity:

Ensure that the endpoint has a stable internet connection.
I used PacketStats.com to evaluate stability and it rated the connection as “Great” showing an average ping of 18.2.
Try to access other websites to confirm that the network is working properly.
CNN.com, Spam.com, and Intel.com all load fine.
2) Verify DNS Settings:

Check the DNS settings on the endpoint to ensure they are correctly configured.
DNS looks good. Points to the router.
You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
Done. I manually set my DNS servers to 1.1.1.1 and 8.8.8.8. No change.
3) Flush DNS Cache:

Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this. On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
DNS was flushed. No change.
4) Test DNS Resolution:

Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach. For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
Ping and nslookup work on my fqdn. Ping resolves to the server IP and gets an average of 60ms. Nslookup shows that Cloudflare can resolve the domain to the server IP.
5) Check DNS Server Status:

If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
Already switched from the router to Cloudflare and Google. Resolving the fqdn doesn’t seem to be the problem. I will say, however, that I cannot load my fqdn in a browser tab. Not sure if that matters.


My next post will be the ECT logs from the Endpoint. I'm breaking this up into 2 posts because I can't seem to post the whole thing in a single shot.

0 Kudos
diggergraves
Beginner
635 Views

PS C:\Program Files (x86)\Intel\EMAConfigTool> .\EMAConfigTool.exe --verbose

 

Intel EMA Configuration Tool

Application Version: 1.1.0.183

Scan Date: 12/13/2024 10:58:01 AM

 

*** Host Computer Information ***

Computer Name: 3TGVW54

Manufacturer: Dell Inc.

Model: Precision 3280 Compact

Processor: Intel(R) Core(TM) i7-14700

Windows Version: Microsoft Windows 10 Enterprise LTSC

BIOS Version: 1.8.0

UUID: 4C4C4544-0054-4710-8056-B3C04F573534

 

*** SMBIOS Information ***

AMT Supported: True

AMT Enabled: True

SMBIOS ME SKU: Intel(R) Full AMT Manageability

SMBIOS ME Version: 16.1.32.2418

KVM Supported: True

SOL Supported: True

USB-R supported in BIOS: True

RSE Supported: False

 

*** ME Information ***

Version: 16.1.32.2418

SKU: Intel(R) Full AMT Manageability

State: Not Provisioned

Control Mode: None

Driver Installed: True

Driver Version: 2406.5.5.0

PKI DNS Suffix: Not Found

LMS State: Running

LMS Version: 2406.5.5.0

MicroLMS State: NotPresent

EHBC Enabled: False

 

*** ME Capabilities ***

AMT in Enterprise Mode: True

TLS Enabled: False

HW Crypto Enabled: True

Current Provisioning state: PRE_PROVISIONING_STATE

NetworkInterface Enabled: True

SOL Enabled: True

IDER Enabled: True

FWUpdate Enabled: False

LinkIsUp state: True

KVM Enabled: False

RSE Enabled: False

 

*** Power Management Capabilities ***

Supported Power States:

   5: PowerCycle_Off_Soft

   8: Off_Soft

   2: On

   10: Master_Bus_Reset

   11: NMI

   7: Hibernate

   12: Off_Soft_Graceful

   14: MasterBusReset_Graceful

Power Change Capabilities:

   2: On

   3: SleepLight

   4: SleepDeep

   7: Hibernate

   8: Off_Soft

 

*** CIRA Information ***

CIRA Server: Not Found

CIRA Connection Status: NOT_CONNECTED

CIRA Connection Trigger: USER_INITIATED

 

*** ME Wired Network Information ***

Wired Interface Enabled: True

Link Status: Up

IP Address: 0.0.0.0

MAC Address: C0:47:0E:FA:22:1F

DHCP Enabled: True

DHCP Mode: Passive

DNS Suffix (from OS): localdomain

 

*** ME Wireless Network Information ***

ME Wireless Interface Not Detected

 

*** Root Certificate Hash Entries ***

Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;

Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;

Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;

Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;

Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;

Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;

Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;

Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;

Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;

Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;

Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;

Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;

Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;

Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;

Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;

Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;

Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;

Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;

Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;

Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;

Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;

 

Pausing before ending process in 3 sec.  The duration of this pause can be adjusted using the --delayterm option. 

0 Kudos
diggergraves
Beginner
714 Views

I noticed 2 new errors in the EmaAgent log. I think these were created around the time I ran the EMA Config Tool.

 

[2024-12-13 10:40:59.589 AM] \Agent\MeshManageability\agent\core\meshctrl.c:4368 Failed creating random password wide string for WinCrypto. Last error: 0


[2024-12-13 10:41:01.596 AM] \Agent\MeshManageability\agent\core\meshctrl.c:444 Generating certificates, retry count = 2.. Last error: 183

0 Kudos
Arun_Intel1
Employee
629 Views

Hi diggergraves,


Greetings!


Thanks for sharing your observation after performing the plan of action shared, we would recommend you to provision the endpoint (Laptop) in Client Control Mode and then share your observation if you are able to see the endpoint in the Intel EMA console, in order to narrow down the issue.

And also let us know if the endpoint under consideration is with in the company domain or is it out of band?


Best Regards

Arun_intel


0 Kudos
Arun_Intel1
Employee
530 Views

Hi diggergraves,


Greetings!


Thank you for contacting Intel, please feel free to reply for any further query!


Best Regards

Arun_intel


0 Kudos
pujeeth
Employee
274 Views

Hi diggergraves,


Greetings!


Thank you for contacting Intel,

If further assistance is necessary, do not hesitate to reply.

 

Best Regards

Pujeeth_Intel


0 Kudos
Reply