Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2965 Discussions

Enhancement request : IP address assigned to AMT to respond to ping

VeeDub
New Contributor I
844 Views

Hello,

I have recently experienced a few issues with AMT.

I have noticed that the IP address assigned to AMT by DHCP does not respond to ping.

From a troubleshooting perspective it is better if an IP address does respond to ping.

Can you submit this as a request to the product development team?

Thank you.

VW

0 Kudos
9 Replies
vish1
Employee
778 Views

Hello VeeDub,


Greetings!!


Could you please share a screenshot of the issue for further investigation? This will help us better understand the situation and assist you more effectively.


Best Regards,

Vishal Shet P

Intel Customer Support Technician

intel.com/vpro


0 Kudos
VeeDub
New Contributor I
764 Views

Hello,

I am using MeshCentral to manage AMT endpoints in CIRA / Admin-mode.

Recently I have had endpoints going offline in MeshCentral (refer screenshot - latest example DR4-5).

According to the DHCP Server the endpoints have an IP address, but as the AMT endpoints do not respond to ping, it is impossible to know if the AMT endpoint's TCP/IP stack is responding.

Through trial-and-error I have established that if I perform a power-drain on the AMT endpoint this will resolve the behaviour (Perform a power cycle: Shut down the machine completely, disconnect the power cable for 1 minute).

However this is a very poor work-around.

All of the CIRA endpoints are remote to me and to perform a power drain I need to be on-site with the endpoint.

I want to troubleshoot why the AMT endpoints are going offline.

After further investigation in this latest instance DR4-5 has not obtained an IP address from the DHCP Server. What would cause this to occur?

And how can I force DR4-5 to try and refresh the IP address without a power drain?

I have also observed multiple examples where according to the DHCP Server, the AMT endpoint does have an IP address and in those examples so far the only "solution" is to perform a power drain on the endpoint.

For the reasons mentioned above, performing a power drain is a very poor work-around.

I need a way of resolving these issues that doesn't require a site visit or better still not have the issues occur in the first place.

I think the underlying problem may be a recent BIOS update. All of these systems were stable until the last 1 - 2 months when there have been a number of BIOS updates released.

Thanks

VW

0 Kudos
vish1
Employee
736 Views

Hello VeeDub,


Thank you for sharing the details.


We will review the details you have provided and look into the matter further. We will get back to you as soon as we have an update or additional information.


Best Regards,

Vishal Shet P

Intel Customer Support Technician

intel.com/vroc


0 Kudos
vish1
Employee
690 Views

Hello VeeDub,


Greetings!!


We would like to inform you that, for security purposes, Non-TLS ports will be disabled following the BIOS update on Gen 12 and Gen 13 processors.

As a result, TLS ports should be used for communication with the AMT on endpoints featuring Gen 12 and Gen 13 processors.


Please refer to the link below for further details on this update.

https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fintelamtandsecurityconsiderations1.htm


Please note that Non-TLS ports 16992, 16994, and 623 are no longer supported. Therefore, you should use the following TLS ports instead:16993, 16995, 664


We kindly request that you enable the TLS ports to establish a connection with the AMT on the endpoint. Once done, please share your observations with us.


Best Regards,

Vishal Shet P

Intel Customer Support Technician

intel.com/vpro


0 Kudos
VeeDub
New Contributor I
663 Views

Hello Vishal,

I can logon to the endpoint using port 16993, which I was doing previously.

However according to System Status, the reported IP address is 0.0.0.0

Which from a previous ticket I now know is "by design".

So when I'm trying to troubleshoot connectivity issues, if I can't use ping and the endpoint doesn't report it's IP address what am I supposed to do?

I need a method of being able to remotely troubleshoot and resolve connectivity issues.

Regards,

VW

0 Kudos
Arun_Intel1
Employee
605 Views

Hi VeeDub,


Greetings!


We see that you are able to login to the endpoint through the port 16993, however you are unable to ping the endpoint through the same port.


We would request you to try enabling the TLS port and try pinging the endpoint and share your observation.


Please feel free to reply sharing your observation for any further query, we are happy to assist you!


Best Regards

Arun_intel


0 Kudos
VeeDub
New Contributor I
584 Views

Hello,

 

I am going on-site next week to troubleshoot.

 

I'll provide an update then.

 

Thanks

0 Kudos
Arun_Intel1
Employee
583 Views

Hi VeeDub,


Sure, thanks for the update, we will wait for your response!


Best Regards

Arun_intel


0 Kudos
VeeDub
New Contributor I
299 Views

 

Hello,

I went to one of the sites today.

Over Xmas all the VPro/AMT systems were showing as offline in MeshCentral for this site.

Today around 90% of them were online when I arrived at site.

I know that all of these Windows systems were shutdown over Xmas, but from a CIRA perspective they should have had status as Hibernating or Soft-Off (so that they can be powered on by CIRA remotely if needed).

All the systems are in Admin Control Mode.

As I mentioned above, for some reason, none of these systems were accessible via CIRA.

At this stage I'm not sure if that is a MeshCentral issue or AMT. Time will tell, but the only thing that I can think of is that the Windows shutdown took these systems offline in AMT as well.

Of the remaining 4 systems that were showing as offline in MeshCentral today:

3 of the systems had lost all their settings in the MEBX (i.e. they had to be reconfigured). I'm assuming that this was caused by a BIOS update, as I've noticed that some of the BIOS updates include AMT updates. That's annoying, hopefully it won't happen again, but I'll check MeshCentral connectivity immediately after BIOS updates in future.

The 4th system, had not lost it's settings in MEBX, but after reviewing  the MEBX configuration and restarting the computer, AMT re-connected to MeshCentral. This was after AMT being offline for over 1 month prior.

All the AMT systems at this site are now accessible in MeshCentral.

At another site, where all the systems were also offline over Xmas, around 25% of systems remain offline. I expect the reasons for the remaining systems being offline will be the same as above. 

From my perspective AMT / MeshCentral is not as robust as I would like. But it's not clear whether the cause is AMT, MeshCentral or a combination of both - and I'm thinking this will be too hard to isolate for now.

This ticket can be closed.

Thank you.

0 Kudos
Reply