Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2846 Discussions

Issues installing EMA

SteveEECV
Beginner
‎09-18-2023 02:29 AM
1,596 Views

Hi,


Previously we were using MeshCentral, but since it's no longer being actively updating we are looking for alternatives. Today I've attempted to install EMA v1.11.1.0. During the installation I got the error message: " savingcertificateinmachinestore unauthorized". The installation cancelled and I was unable to take any next steps.

 

Right now I'm stuck installing the software, whenever I try to start the install procedure I get the error message: "Missing, invalid or multiple MeshSettingsCertificates found in cert store. Add or replace certificate in cert store from backup"

image.png

When I try to uninstall it says it cannot connect to the database with the following error:

image.png

I don't really know what to do next, I can't seem to figure out where the EMA files are located either.

0 Kudos

Link Copied

7 Replies
SteveEECV
Beginner
‎09-18-2023 05:09 AM
1,566 Views

I managed to get the installer going again, but it failed with the same error:

"SavingCertificateInMachineStore|GrantKeyPermission: System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at System.Security.Cryptography.Utils.SetKeySetSecurityInfo(SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at MeshServersCommon.CertificateOperations.AddCertificateInMachineStore(X509Certificate2 cert, Boolean addIISAccount, Boolean checkPrivatekey)"

 

image.png

0 Kudos
Copy link
JRüeg
New Contributor I
‎04-30-2024 12:49 AM
330 Views
In response to SteveEECV

Hi SteveEECV

Probably, you already solved this error. But since I had the same problem and would have appreciated a solution, this was the reason in our environtment:

Trellix Endpoint Security blocked the process from accessing the certificate files in the filesystem because some default rule "Malware Behavior: Windows EFS abuse" judges this as harmful. 

Sorry for the german text in the printscreen, but I summarized the message above. 

In response to SteveEECV
Preview file
113 KB
0 Kudos
Copy link
MIGUEL_C_Intel
Employee
‎09-18-2023 01:45 PM
1,537 Views

Hello, SteveEECV,


We are glad to know you are interested in Intel® EMA.


I noticed there is a communication issue between the EMA server and the EMA database.  Please bring me more details to understand your configuration.


  1. Which operating system will handle the Intel® EMA server?
  2. Will the EMA server and EMA database in the same machine? (Physical or virtual)
  3. Did you let Intel® EMA software create the EMA database, or you are using an existing one?
  4. Which is the SQL version of the EMA database, and the OS of the machine?
  5. Is the EMA database admin the same as the SQL database? (db owner)
  6. Will you authenticate the endpoints with EMA, Windows AD, or Azure AD?


7. Finally, will you provision the endpoints in client control mode or admin? If it is Admin, please include if you created a self-certificate or bought an Intel® AMT Certificate from our authorized vendors.

Bottom of the webpage: https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/active-management-technology/implementation.html


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Copy link
SteveEECV
Beginner
‎09-19-2023 01:27 AM
1,521 Views
  1. Which operating system will handle the Intel® EMA server?

    Windows Server 2022

  2. Will the EMA server and EMA database in the same machine? (Physical or virtual)

    The EMA server and database will be on the same virtual machine

  3. Did you let Intel® EMA software create the EMA database, or you are using an existing one?

    I let the EMA software create the database

  4. Which is the SQL version of the EMA database, and the OS of the machine?

    Microsoft SQL Server 2019 (64-bit)
    Windows Server 2022

  5. Is the EMA database admin the same as the SQL database? (db owner)

    I'm using AD authentication, I'm running the software as Domain Admin.

  6. Will you authenticate the endpoints with EMA, Windows AD, or Azure AD?

    Windows AD.
0 Kudos
Copy link
MIGUEL_C_Intel
Employee
‎09-19-2023 03:01 PM
1,499 Views

Hello, SteveEECV,


Thank you for sharing the information requested.


The issue seems to be with the communication between the EMA server and the EMA database. 


  • Did you log into Windows Server with the Admin User of the Active Directory?
  • Is the EMA installer the same Admin User of the Active Directory?
  • Does the Admin User of the Active Directory have access to the SQL database?
  • Please remember to run EMA software with Administrator rights.


For reference, review section 1.3.3 Database of the Intel(R) EMA Server Installation and Maintenance Guide.pdf version 1.11.0 (latest) included in the EMA software zip file.

https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Copy link
MIGUEL_C_Intel
Employee
‎09-22-2023 03:28 PM
1,446 Views

Hello, SteveEECV,


I hope this email finds you well.


By any chance, have you been able to work on our last troubleshooting?


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Copy link
MIGUEL_C_Intel
Employee
‎09-26-2023 10:07 AM
1,241 Views

Hello, SteveEECV,


I haven’t received any updates from you.


Do not hesitate to reply if we can help you with anything else.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.