1 Reply Latest reply on Jul 25, 2008 4:38 PM by Trevor.Sullivan

    How does vPro repair a remote operating system?

    TerryCutler

      (Note: Similar discussion raised on Altiris Juice - http://juice.altiris.com/node/4739 - open to inputs on either site)

       

      With the many enabling features of vPro for out-of-band management - one that causes some additional questions is "how does vPro repair a remote operating system?"

       

      I'm interested to here from the community on how others are using the capabilities of vPro\AMT along with their software solution of choice to help realize real-world examples of remote diagnostics and repairs.  Anyone willing to share?

       

      At the core - vPro by itself doesn't directly repair an OS, just as it doesn't remotely power a system, invoke system defense filters, or other items often broadcasted. The key is the supporting software which has been enabled to take advantage of the vPro management technology. In addressing remote diagnostic and repair, the first question might be "what is it you are trying to do?".

       

      First - I suggest a brief pre-reading of other posts and materials. The material focuses on Altiris - yet the concepts could also apply to SMS, SCCM, HP OOBM, LANDesk, SupportSoft, BigFix, or other vendors enabled to support vPro

       

       

      A common theme with remote diagnostic\repair is the redirection functionality.  A quick review what this enables:

       

      • Serial-over-LAN at the core provides an ANSI or VT100 terminal - no GUI.  Great for accessing the BIOS or a Command Prompt.  However, there are some ideas on how to further utilize and benefit from Serial-over-LAN with in-band agents (see http://softwarecommunity.intel.com/articles/eng/1222.htm)

      • IDE-Redirect overrides the BIOS boot order - it CANNOT specify a partition, yet CAN specify a target drive or device noted in BIOS (optical, floppy, PXE LAN Boot)

      • IDE-Redirect can be used to specify a remote boot device (the optical or floppy drive of the system initiating the request; this is NOT an ISO/IMG file, yet the actual bootable disk)

      • IDE-Redirect can be used to specific a remote boot image - ISO or IMG - based on requesting console user's file access rights (unc path recommended)

      • A combined Serial-over-LAN and IDE-Redirect could be used to provide a remote terminal while also redirecting the boot device

       

      What could be possible by combining those capabilities with remote diagnostic\repair software, boot images, etc?

       

      • Remote system network or security configuration prevents OS from connecting to corporate\production environment. User is unable to function - thus the "OS is down". Using idea posted at http://softwarecommunity.intel.com/articles/eng/1222.htm, an out-of-band session can be used to access the Windows interface.

      • System affected by virus\worm - thus OS is down and remote scan\repair needed.  Any early idea was demonstrated by Symantec at http://www.youtube.com/watch?v=dwScvM3bW3E.  Other ideas are expected to come forward very soon.  (and open to hear if community member has accomplished something similar)

      • Need to obtain Windows memory dump for further analysis due to blue screen.  See article http://www.networkworld.com/news/2005/041105-windows-crash.html as example of how to configure Windows OS to produce a memory dump, along with where the dump is located.  Create bootable ISO\IMG for vPro\AMT.  If IMG - have it get target client IP stack up\running and map to network share to run utilities.  If ISO - have an NTFS driver embedded to enable access to the partition and grab the DMP file.  For DOS environment - something like NTFS4DOS, for Linux environment something like http://www.ntfs-3g.org/ or http://www.ntfs-linux.com/

      • Crashed OS environment is due to registry setting or mis-configured driver\application.  To understand what happened - first need some data on last patch, memory dump report, and so forth.  Determine the faulting application.  Once that is done - support team better prepared to either run IDER session or visit desk for repair.... Or, they might choose to just reimage the system remotely which could be initiated via IDER session

       

      The one I'm not as familiar with - yet am sure someone in the community has an answer or pointer to an answer - Remotely modifying a registry value or file based on mounted NTFS partition.  There have been demonstrations of renaming\replacing the hall.dll as an example.  

       

       

      Other's out there asking these questions, contemplating these ideas... Better yet - willing to tell your story or provide tips\insights?  Pls do - looking forward to it.

        • 1. Re: How does vPro repair a remote operating system?
          Trevor.Sullivan

           

          Hi Terry,

           

           

          I successfully integrated VNC onto WinPE 2.0 (from the Windows AIK version 1.1). This bootable, offline, servicing environment is excellent for remote diagnostics and troubleshooting. Due to the extensible nature of WinPE 2.0, it makes it an ideal choice for these types of scenarios. A few examples of utilities that I have successfully added to a customized WinPE 2.0 disc are:

           

          • nu2menu from BartPE

          • Firefox

          • Testdisk

          • A43 File Manager

          • UltraVNC

          • etc?

           

          Combined with Microsoft WDS, or using the IDE-R functionality of vPro, WinPE 2.0 makes for a powerful diagnostic and remediation platform. The ability to access network resources including file shares, FTP servers, web servers, and so on, is invaluable.

           

           

          Since Intel vPro does not provide a full KVM interface, VNC on WinPE has to fill that gap to allow for remote controlling of the GUI. In scenarios where remote support needs to be facilitated, in theory, a custom script that runs upon boot up of WinPE could write an entry to a database to basically "report in" that a new machine is available to be controlled by your IT support staff. I have not yet implemented this for our support departments, but once we get the infrastructure in place to make it possible, I really want to.

           

           

          Look for a future blog post from me about running VNC on WinPE.

           

           

          --Trevor