- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looking for a little help. I got the EMA server set up, bought a certificate, and tried connecting a client to it, but no clients show up in the server.
When I unplug the internet cable on a client PC where the agent is installed, I see an error mentioning dns lookup failed and the fqdn of my ema server (see error below) but that doesn't make sense since I can successfully ping the fqdn from the client PC.
The firewall is also completely opened to the IP address where the client is located.
EMA version 1.14 is installed on a VM hosted on GCP. It's a Windows Server 2022 Version 21H2 (OS Build 20348.2849) and Microsoft® SQL Server® 2022 Express is installed on the same server. I know that's only recommended for POC, and that's basically what I'm trying to accomplish.
Any help or tips are greatly appreciated.
\Agent\MeshManageability\agent\core\meshcore.c:1413 EMA Server DNS lookup failed: ema.mydomain.com No such host is known. . Last error: 11001
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi diggergraves,
Greetings!
We see that there is an error which says that the DNS lookup failed, however the firewall has also been open to confirm the Ping of the FQDN is resolved,
Please find the plan of action given below and share your observation:
1) Check Network Connectivity:
- Ensure that the endpoint has a stable internet connection.
- Try to access other websites to confirm that the network is working properly.
2) Verify DNS Settings:
- Check the DNS settings on the endpoint to ensure they are correctly configured.
- You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
3) Flush DNS Cache:
- Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this.
- On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
4) Test DNS Resolution:
- Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach.
- For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
5) Check DNS Server Status:
- If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
And if the issue still persists, please collect the ECT logs from the Endpoint (Laptop) on which you are getting this error and share with your observation.
Please find the steps to collect the ECT logs:
Intel® EMA Configuration Tool (ECT) Logs:
- Download the tool from the following link: Intel® EMA Configuration Tool
- Installation:
- Download and unzip the tool.
- Double-click the .msi file and follow the installation prompts.
- Run the Tool:
- a. Open a command prompt as an administrator (or use Windows PowerShell*).
- b. Navigate to the installation folder (default: C:\Program Files (x86)\Intel\EMAConfigTool).
- c. Run the following command:
- EMAConfigTool.exe --verbose
Best Regards
Arun_intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the speed reply Arun. I'm going to work down the troubleshooting list and reply as soon as I can today.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I worked through this list and added my comments under each bullet point or number. After each change I made, I ran EmaAgent on the endpoint as Admin and then clicked Install/Update and then looked on the EMA Server in Managed Endpoints to see if the endpoint would show up. When I note ‘No change’ below, it indicates that I did this process and still didn’t see the endpoint show up in the server.
1) Check Network Connectivity:
- Ensure that the endpoint has a stable internet connection.
- I used PacketStats.com to evaluate stability and it rated the connection as “Great” showing an average ping of 18.2.
- Try to access other websites to confirm that the network is working properly.
- CNN.com, Spam.com, and Intel.com all load fine.
2) Verify DNS Settings:
- Check the DNS settings on the endpoint to ensure they are correctly configured.
- DNS looks good. Points to the router.
- You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
- Done. I manually set my DNS servers to 1.1.1.1 and 8.8.8.8. No change.
3) Flush DNS Cache:
- Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this. On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
- DNS was flushed. No change.
4) Test DNS Resolution:
- Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach. For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
- Ping and nslookup work on my fqdn. Ping resolves to the server IP and gets an average of 60ms. Nslookup shows that Cloudflare can resolve the domain to the server IP.
5) Check DNS Server Status:
- If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
- Already switched from the router to Cloudflare and Google. Resolving the fqdn doesn’t seem to be the problem. I will say, however, that I cannot load https://my-fqdn.com in a browser tab. Not sure if that matters.
And if the issue still persists, please collect the ECT logs from the Endpoint (Laptop) on which you are getting this error and share with your observation.
PS C:\Program Files (x86)\Intel\EMAConfigTool> .\EMAConfigTool.exe --verbose
Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 12/13/2024 10:58:01 AM
*** Host Computer Information ***
Computer Name: 3TGVW54
Manufacturer: Dell Inc.
Model: Precision 3280 Compact
Processor: Intel(R) Core(TM) i7-14700
Windows Version: Microsoft Windows 10 Enterprise LTSC
BIOS Version: 1.8.0
UUID: 4C4C4544-0054-4710-8056-B3C04F573534
*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 16.1.32.2418
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False
*** ME Information ***
Version: 16.1.32.2418
SKU: Intel(R) Full AMT Manageability
State: Not Provisioned
Control Mode: None
Driver Installed: True
Driver Version: 2406.5.5.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2406.5.5.0
MicroLMS State: NotPresent
EHBC Enabled: False
*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: False
HW Crypto Enabled: True
Current Provisioning state: PRE_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: False
RSE Enabled: False
*** Power Management Capabilities ***
Supported Power States:
5: PowerCycle_Off_Soft
8: Off_Soft
2: On
10: Master_Bus_Reset
11: NMI
7: Hibernate
12: Off_Soft_Graceful
14: MasterBusReset_Graceful
Power Change Capabilities:
2: On
3: SleepLight
4: SleepDeep
7: Hibernate
8: Off_Soft
*** CIRA Information ***
CIRA Server: Not Found
CIRA Connection Status: NOT_CONNECTED
CIRA Connection Trigger: USER_INITIATED
*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 0.0.0.0
MAC Address: C0:47:0E:FA:22:1F
DHCP Enabled: True
DHCP Mode: Passive
DNS Suffix (from OS): localdomain
*** ME Wireless Network Information ***
ME Wireless Interface Not Detected
*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;
Pausing before ending process in 3 sec. The duration of this pause can be adjusted using the --delayterm option.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I worked through this list and added my comments under each bullet point or number. After each change I made, I ran EmaAgent on the endpoint as Admin and then clicked Install/Update and then looked on the EMA Server in Managed Endpoints to see if the endpoint would show up. When I note ‘No change’ below, it indicates that I did this process and still didn’t see the endpoint show up in the server.
1) Check Network Connectivity:
- Ensure that the endpoint has a stable internet connection.
- I used PacketStats.com to evaluate stability and it rated the connection as “Great” showing an average ping of 18.2.
- Try to access other websites to confirm that the network is working properly.
- CNN.com, Spam.com, and Intel.com all load fine.
2) Verify DNS Settings:
- Check the DNS settings on the endpoint to ensure they are correctly configured.
- DNS looks good. Points to the router.
- You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
- Done. I manually set my DNS servers to 1.1.1.1 and 8.8.8.8. No change.
3) Flush DNS Cache:
- Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this. On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
- DNS was flushed. No change.
4) Test DNS Resolution:
- Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach. For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
- Ping and nslookup work on my fqdn. Ping resolves to the server IP and gets an average of 60ms. Nslookup shows that Cloudflare can resolve the domain to the server IP.
5) Check DNS Server Status:
- If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
- Already switched from the router to Cloudflare and Google. Resolving the fqdn doesn’t seem to be the problem. I will say, however, that I cannot load https://my-fqdn.com in a browser tab. Not sure if that matters.
And if the issue still persists, please collect the ECT logs from the Endpoint (Laptop) on which you are getting this error and share with your observation.
PS C:\Program Files (x86)\Intel\EMAConfigTool> .\EMAConfigTool.exe --verbose
Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 12/13/2024 10:58:01 AM
*** Host Computer Information ***
Computer Name: 3TGVW54
Manufacturer: Dell Inc.
Model: Precision 3280 Compact
Processor: Intel(R) Core(TM) i7-14700
Windows Version: Microsoft Windows 10 Enterprise LTSC
BIOS Version: 1.8.0
UUID: 4C4C4544-0054-4710-8056-B3C04F573534
*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 16.1.32.2418
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False
*** ME Information ***
Version: 16.1.32.2418
SKU: Intel(R) Full AMT Manageability
State: Not Provisioned
Control Mode: None
Driver Installed: True
Driver Version: 2406.5.5.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2406.5.5.0
MicroLMS State: NotPresent
EHBC Enabled: False
*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: False
HW Crypto Enabled: True
Current Provisioning state: PRE_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: False
RSE Enabled: False
*** Power Management Capabilities ***
Supported Power States:
5: PowerCycle_Off_Soft
8: Off_Soft
2: On
10: Master_Bus_Reset
11: NMI
7: Hibernate
12: Off_Soft_Graceful
14: MasterBusReset_Graceful
Power Change Capabilities:
2: On
3: SleepLight
4: SleepDeep
7: Hibernate
8: Off_Soft
*** CIRA Information ***
CIRA Server: Not Found
CIRA Connection Status: NOT_CONNECTED
CIRA Connection Trigger: USER_INITIATED
*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 0.0.0.0
MAC Address: C0:47:0E:FA:22:1F
DHCP Enabled: True
DHCP Mode: Passive
DNS Suffix (from OS): localdomain
*** ME Wireless Network Information ***
ME Wireless Interface Not Detected
*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;
Pausing before ending process in 3 sec. The duration of this pause can be adjusted using the --delayterm option.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I worked through this list and added my comments under each bullet point or number. After each change I made, I ran EmaAgent on the endpoint as Admin and then clicked Install/Update and then looked on the EMA Server in Managed Endpoints to see if the endpoint would show up. When I note ‘No change’ below, it indicates that I did this process and still didn’t see the endpoint show up in the server.
1) Check Network Connectivity:
- Ensure that the endpoint has a stable internet connection.
- I used PacketStats.com to evaluate stability and it rated the connection as “Great” showing an average ping of 18.2.
- Try to access other websites to confirm that the network is working properly.
- CNN.com, Spam.com, and Intel.com all load fine.
2) Verify DNS Settings:
- Check the DNS settings on the endpoint to ensure they are correctly configured.
- DNS looks good. Points to the router.
- You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
- Done. I manually set my DNS servers to 1.1.1.1 and 8.8.8.8. No change.
3) Flush DNS Cache:
- Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this. On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
- DNS was flushed. No change.
4) Test DNS Resolution:
- Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach. For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
- Ping and nslookup work on my fqdn. Ping resolves to the server IP and gets an average of 60ms. Nslookup shows that Cloudflare can resolve the domain to the server IP.
5) Check DNS Server Status:
- If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
- Already switched from the router to Cloudflare and Google. Resolving the fqdn doesn’t seem to be the problem. I will say, however, that I cannot load my fqdn in a browser tab. Not sure if that matters.
And if the issue still persists, please collect the ECT logs from the Endpoint (Laptop) on which you are getting this error and share with your observation.
PS C:\Program Files (x86)\Intel\EMAConfigTool> .\EMAConfigTool.exe --verbose
Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 12/13/2024 10:58:01 AM
*** Host Computer Information ***
Computer Name: 3TGVW54
Manufacturer: Dell Inc.
Model: Precision 3280 Compact
Processor: Intel(R) Core(TM) i7-14700
Windows Version: Microsoft Windows 10 Enterprise LTSC
BIOS Version: 1.8.0
UUID: 4C4C4544-0054-4710-8056-B3C04F573534
*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 16.1.32.2418
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False
*** ME Information ***
Version: 16.1.32.2418
SKU: Intel(R) Full AMT Manageability
State: Not Provisioned
Control Mode: None
Driver Installed: True
Driver Version: 2406.5.5.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2406.5.5.0
MicroLMS State: NotPresent
EHBC Enabled: False
*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: False
HW Crypto Enabled: True
Current Provisioning state: PRE_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: False
RSE Enabled: False
*** Power Management Capabilities ***
Supported Power States:
5: PowerCycle_Off_Soft
8: Off_Soft
2: On
10: Master_Bus_Reset
11: NMI
7: Hibernate
12: Off_Soft_Graceful
14: MasterBusReset_Graceful
Power Change Capabilities:
2: On
3: SleepLight
4: SleepDeep
7: Hibernate
8: Off_Soft
*** CIRA Information ***
CIRA Server: Not Found
CIRA Connection Status: NOT_CONNECTED
CIRA Connection Trigger: USER_INITIATED
*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 0.0.0.0
MAC Address: C0:47:0E:FA:22:1F
DHCP Enabled: True
DHCP Mode: Passive
DNS Suffix (from OS): localdomain
*** ME Wireless Network Information ***
ME Wireless Interface Not Detected
*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;
Pausing before ending process in 3 sec. The duration of this pause can be adjusted using the --delayterm option.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I worked through this list and added my comments under each bullet point or number. After each change I made, I ran EmaAgent on the endpoint as Admin and then clicked Install/Update and then looked on the EMA Server in Managed Endpoints to see if the endpoint would show up. When I note ‘No change’ below, it indicates that I did this process and still didn’t see the endpoint show up in the server.
1) Check Network Connectivity:
Ensure that the endpoint has a stable internet connection.
I used PacketStats.com to evaluate stability and it rated the connection as “Great” showing an average ping of 18.2.
Try to access other websites to confirm that the network is working properly.
CNN.com, Spam.com, and Intel.com all load fine.
2) Verify DNS Settings:
Check the DNS settings on the endpoint to ensure they are correctly configured.
DNS looks good. Points to the router.
You can use public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1).
Done. I manually set my DNS servers to 1.1.1.1 and 8.8.8.8. No change.
3) Flush DNS Cache:
Sometimes, the DNS cache may contain outdated or incorrect information. Flushing the DNS cache can help resolve this. On Windows, open Command Prompt as an administrator and run the following command: ipconfig /flushdns
DNS was flushed. No change.
4) Test DNS Resolution:
Use the nslookup or ping command to test DNS resolution for the domain you are trying to reach. For example, open Command Prompt and run: nslookup <domain_name> ping <domain_name>
Ping and nslookup work on my fqdn. Ping resolves to the server IP and gets an average of 60ms. Nslookup shows that Cloudflare can resolve the domain to the server IP.
5) Check DNS Server Status:
If you are using a specific DNS server, check its status to ensure it is operational. You can try switching to a different DNS server to see if it resolves the issue.
Already switched from the router to Cloudflare and Google. Resolving the fqdn doesn’t seem to be the problem. I will say, however, that I cannot load my fqdn in a browser tab. Not sure if that matters.
My next post will be the ECT logs from the Endpoint. I'm breaking this up into 2 posts because I can't seem to post the whole thing in a single shot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PS C:\Program Files (x86)\Intel\EMAConfigTool> .\EMAConfigTool.exe --verbose
Intel EMA Configuration Tool
Application Version: 1.1.0.183
Scan Date: 12/13/2024 10:58:01 AM
*** Host Computer Information ***
Computer Name: 3TGVW54
Manufacturer: Dell Inc.
Model: Precision 3280 Compact
Processor: Intel(R) Core(TM) i7-14700
Windows Version: Microsoft Windows 10 Enterprise LTSC
BIOS Version: 1.8.0
UUID: 4C4C4544-0054-4710-8056-B3C04F573534
*** SMBIOS Information ***
AMT Supported: True
AMT Enabled: True
SMBIOS ME SKU: Intel(R) Full AMT Manageability
SMBIOS ME Version: 16.1.32.2418
KVM Supported: True
SOL Supported: True
USB-R supported in BIOS: True
RSE Supported: False
*** ME Information ***
Version: 16.1.32.2418
SKU: Intel(R) Full AMT Manageability
State: Not Provisioned
Control Mode: None
Driver Installed: True
Driver Version: 2406.5.5.0
PKI DNS Suffix: Not Found
LMS State: Running
LMS Version: 2406.5.5.0
MicroLMS State: NotPresent
EHBC Enabled: False
*** ME Capabilities ***
AMT in Enterprise Mode: True
TLS Enabled: False
HW Crypto Enabled: True
Current Provisioning state: PRE_PROVISIONING_STATE
NetworkInterface Enabled: True
SOL Enabled: True
IDER Enabled: True
FWUpdate Enabled: False
LinkIsUp state: True
KVM Enabled: False
RSE Enabled: False
*** Power Management Capabilities ***
Supported Power States:
5: PowerCycle_Off_Soft
8: Off_Soft
2: On
10: Master_Bus_Reset
11: NMI
7: Hibernate
12: Off_Soft_Graceful
14: MasterBusReset_Graceful
Power Change Capabilities:
2: On
3: SleepLight
4: SleepDeep
7: Hibernate
8: Off_Soft
*** CIRA Information ***
CIRA Server: Not Found
CIRA Connection Status: NOT_CONNECTED
CIRA Connection Trigger: USER_INITIATED
*** ME Wired Network Information ***
Wired Interface Enabled: True
Link Status: Up
IP Address: 0.0.0.0
MAC Address: C0:47:0E:FA:22:1F
DHCP Enabled: True
DHCP Mode: Passive
DNS Suffix (from OS): localdomain
*** ME Wireless Network Information ***
ME Wireless Interface Not Detected
*** Root Certificate Hash Entries ***
Root Cert 1: Go Daddy Class 2 CA, SHA256, C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4, Active, Default;
Root Cert 2: Go Daddy Root CA-G2, SHA256, 45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA, Active, Default;
Root Cert 3: Comodo AAA CA, SHA256, D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4, Active, Default;
Root Cert 4: Starfield Class 2 CA, SHA256, 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58, Active, Default;
Root Cert 5: Starfield Root CA-G2, SHA256, 2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5, Active, Default;
Root Cert 6: VeriSign Class 3 Primary CA-G5, SHA256, 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF, Active, Default;
Root Cert 7: Baltimore CyberTrust Root, SHA256, 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB, Active, Default;
Root Cert 8: USERTrust RSA CA, SHA256, E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2, Active, Default;
Root Cert 9: Verizon Global Root, SHA256, 68:AD:50:90:9B:04:36:3C:60:5E:F1:35:81:A9:39:FF:2C:96:37:2E:3F:12:32:5B:0A:68:61:E1:D5:9F:66:03, Active, Default;
Root Cert 10: Entrust.net CA (2048), SHA256, 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77, Active, Default;
Root Cert 11: Entrust Root CA, SHA256, 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C, Active, Default;
Root Cert 12: Entrust Root CA-G2, SHA256, 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39, Active, Default;
Root Cert 13: VeriSign Universal Root CA, SHA256, 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C, Active, Default;
Root Cert 14: Affirm Trust Premium, SHA256, 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A, Active, Default;
Root Cert 15: DigiCert Global Root CA, SHA256, 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61, Active, Default;
Root Cert 16: DigiCert Global Root G2, SHA256, CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F, Active, Default;
Root Cert 17: DigiCert Global Root G3, SHA256, 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0, Active, Default;
Root Cert 18: DigiCert Trusted Root G4, SHA256, 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88, Active, Default;
Root Cert 19: GlobalSign Root CA - R3, SHA256, CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B, Active, Default;
Root Cert 20: GlobalSign ECC Root CA - R5, SHA256, 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24, Active, Default;
Root Cert 21: GlobalSign Root CA - R6, SHA256, 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69, Active, Default;
Pausing before ending process in 3 sec. The duration of this pause can be adjusted using the --delayterm option.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I noticed 2 new errors in the EmaAgent log. I think these were created around the time I ran the EMA Config Tool.
[2024-12-13 10:40:59.589 AM] \Agent\MeshManageability\agent\core\meshctrl.c:4368 Failed creating random password wide string for WinCrypto. Last error: 0
[2024-12-13 10:41:01.596 AM] \Agent\MeshManageability\agent\core\meshctrl.c:444 Generating certificates, retry count = 2.. Last error: 183
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi diggergraves,
Greetings!
Thanks for sharing your observation after performing the plan of action shared, we would recommend you to provision the endpoint (Laptop) in Client Control Mode and then share your observation if you are able to see the endpoint in the Intel EMA console, in order to narrow down the issue.
And also let us know if the endpoint under consideration is with in the company domain or is it out of band?
Best Regards
Arun_intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi diggergraves,
Greetings!
Thank you for contacting Intel, please feel free to reply for any further query!
Best Regards
Arun_intel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi diggergraves,
Greetings!
Thank you for contacting Intel,
If further assistance is necessary, do not hesitate to reply.
Best Regards
Pujeeth_Intel
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page