6 Replies Latest reply on Apr 20, 2018 6:08 AM by Intel Corporation

    Static IP address in SCS console while client's IPv4 Ethernet addresses keep changing

    marebe

      I'm a system admin and had the task to configure the MEBx PW of our vPro clients.

      Using SCS on a W2012R2 VM in DB mode (SQL2014 Express), all my clients are configured in 'Admin Control Mode'.

      For newly configured clients, the remote admin PW can be retrieved from the DB. All of this works very well indeed.

       

      Now I want to find out how I can take advantage of the AMT features.

       

      My problem at this point: as the (internal) IP address of my clients changes, the console's 'Get configured password' function becomes a bit of a lottery. Typically it fails and the client's 'Connection Status' changes to 'Disconnected'.

      My question: I suspect that my SCS console's inability to keep up with the ever changing IPv4 Ethernet port addresses of my clients is part of the problem?

      Can anybody confirm this?

       

      The (Lenovo) clients:
      -  Win10 x64 1703, BitLocker=ON

      - The BIOS is up to date

      - The IntelME firmware is up to date

      - We have a disjoint DNS name space. I.e. the SCS server's name space is different from the client's.

      - DNS resolution from SCS server to client and client to server works

      - The errors I'm getting:

      Finishing Get configured password for UUID:E8DD1901-5472-11CB-9746-BD924F82E988, With returned status: Initial connection to the Intel(R) AMT device failed.   (0xc00007d2). A TCP error occurred. Make sure that the destination settings are correct and that a network connection exists to the target.  (0xc000521c).

       

      If there's anybody out there who can give me a hint, I'd be very grateful.

       

      Martin

        • 1. Re: Static IP address in SCS console while client's IPv4 Ethernet addresses keep changing
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hello Martin Ebell(marebe),

          Are you using a Dedicated IP?

          Do you get a specific error code like  “91”


          On an Intel AMT system, the host platform and the Intel AMT device both have an IP address. These IP addresses are usually the same, but they can be different. Intel SCS configures the IP address of the Intel AMT device. By default, Intel SCS configures the Intel AMT device to get the IP address from a DHCP server. If this default is not correct for your network, change the setting in the configuration profile. For information about the available settings, see Defining IP and FQDN Settings on page 127.

          Please take into consideration the RCS communicates with the Intel AMT device using the Transmission Control Protocol (TCP).

          During communication, if the device does not answer within a specified time the RCS cancels the communication. This default “Timeout” setting is 10 seconds.

          This is usually enough time for the device to respond. To change this default, enter a new value (between 10 and 80 seconds) in this field: Timeout for connection with systems (in seconds).


          Additionally, reconfiguration can fail when all these conditions are true:

          1. The Intel AMT device was configured with an FQDN and IP different from the host operating system (for example, by using a dedicated network settings file).

          2. The dedicated network settings file contains FQDN and IP values different from those currently defined in the Intel AMT device.

          3. Intel SCS needs to reconfigure the device using the new values in the dedicated network settings file.

          If this is the case make sure you supply the current IP address or FQDN of the Intel AMT device in the tag of the dedicated network settings file.

          For more information refer to Intel® Setup and Configuration Software (Intel® SCS) - User Guide https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf on page 232.

          Please let me know if you have any more questions. 

          Best regards,

          Caesar B_Intel.

          • 2. Re: Static IP address in SCS console while client's IPv4 Ethernet addresses keep changing
            marebe

            Thank you for your response.

             

            To answer your questions:

             

            We use DHCP for our clients. (Only the servers have a fixed IP.)

             

            I don't see an error code 91 in the log.

             

            We don't use a dedicated network file as described in the three scenarios you list above.

             

            The two errors that keep showing up are always the same:

            - "A TCP error occurred. Make sure that the destination settings are correct and that a network connection exists to the target.  (0xc000521c). "

            - "Finish operation with Error (0xc00007d2) - Initial connection to the Intel(R) AMT device failed.   (0xc00007d2). A TCP error occurred."

             

            The network IP Settings section of my configuration Profile is identical to the one shown on page 127 of the 'User Guide'.

            Consequently, one would expect it to be the same between Host and AMT device.

            That said - and I want to thank you for the hint - it most likely isn't. Because, if for testing's sake, I create a Reservation in DHCP, so that a "lost" client is guided back to the IP address the SCS console holds, password retrieval works and the 'Connection Status' returns to 'Connected'.

            For now, I'll try to find out why Host IP address and AMT Device IP address are not aligned and might have further questions.

             

            ...in the meantime:

            The log of an .\acuconfig.exe systemdiscovery attempt:

            PS C:\> .\ACUConfig.exe /output console systemdiscovery

            Starting log 2018-04-09 17:30:21

            ACUConfig 11.2.0.35

            [ClientFQDN]: Starting to discover the system information...

            Wire support:************** 1

             

            System Discovery failed to get data from some of the interfaces on this system.

            Failed to get data from the GetDNSLookupName interface.

            Failed to get the FQDN.

            Call to function failed.

            DNS server failure.

            ***********

            Exit with code 32.

            Details: Intel(R) AMT operation completed with warnings:

            System Discovery failed to get data from some of the interfaces on this system.

            Failed to get data from the GetDNSLookupName interface.

            Failed to get the FQDN.

            Call to function failed.

            DNS server failure.

             

            What I notice, .\acuconfig.exe systemdiscovery does correct the IP address stamped into the registry of the client

            Disappointingly, .\acuconfig.exe systemdiscovery /ReportToRCS /RCSaddress [FQDN of RCServer] make no impression on the connection status in the SCS console. 

             

            Again, thanks for your help.

            Martin

            • 3. Re: Static IP address in SCS console while client's IPv4 Ethernet addresses keep changing
              Intel Corporation
              This message was posted on behalf of Intel Corporation

                          

                

              Hello Martin Ebell(marebe),
                
                 Let me check into this situation and as soon as I have an update I will let you know.
                
                 Please let me know if you have any more questions. 
                
                 Best regards,
                
                 Caesar B_Intel.

                

              • 4. Re: Static IP address in SCS console while client's IPv4 Ethernet addresses keep changing
                marebe

                I start to understand this a little better.

                 

                The 'Intel AMT IPv4' value in the 'List of Systems' in the 'SCS' console is irrelevant.

                 

                The 'Get configured Password' function will come up with the remote admin password even if there's a mismatch between IPv4 shown in the SCS and the actual IP address of the client.

                Important is that the 'IP' string value in:

                HKLM\SOFTWARE\Intel\Setup and Configuration Software\SystemDiscovery\ConfigurationInfo\AMTNetworkSettings\AMTWiredNetworkAdapter\IPv4IPSettings

                ...is kept up to date.

                 

                Questions:

                - Isn't it the job of the LMS service to stamp the current IP address of a client into its registry?

                - If so, at what interval is this supposed to happen?

                - If not, what service/component is responsible to keep above 'IP' string value up to date?

                 

                Best regards,

                Martin

                • 5. Re: Static IP address in SCS console while client's IPv4 Ethernet addresses keep changing
                  Intel Corporation
                  This message was posted on behalf of Intel Corporation

                  Hello marebe ,
                   
                  You can use Intel SCS to configure Intel AMT on systems that have Intel AMT 6.2 and higher. Each system that you want to configure using Intel SCS must have these drivers and services installed and   running in the operating system:
                  • Intel MEI – The Intel® Management Engine Interface (Intel® MEI) driver, also known as HECI, is the software interface to the Intel AMT device. This driver is usually located under “System devices”.
                  • LMS – The Local Manageability Service (LMS.exe) enables local applications to send requests and receive responses to and from the device. The LMS listens for and intercepts requests directed to the Intel AMT local host, and routes them to the device via the Intel MEI.
                  The Intel MEI driver is usually installed by the manufacturer or by running Windows Update on a system, but often the LMS service is not installed. If they are missing, or you need to reinstall them, contact the manufacturer of your system to get the correct versions for your system.
                  Note: Support for versions of Intel AMT earlier than 10.0 is deprecated. You can still use Intel SCS 11.2 to configure Intel AMT 9.x and earlier, though the support agreements for Intel SCS 11.2 do not include support for issues related to the above.

                  Let me look for more information on how the LMS accomplishes its tasks related to the IP.

                  Best regards,

                  CaesarB _Intel
                   

                  • 6. Re: Static IP address in SCS console while client's IPv4 Ethernet addresses keep changing
                    Intel Corporation
                    This message was posted on behalf of Intel Corporation

                    Hello marebe 
                     
                    We would like to know if there is anything else we could help out with?

                    Best regards, 

                    CaesarB _Intel