Replies: 1 comment 8 replies
-
|
Beta Was this translation helpful? Give feedback.
8 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am running the latest MeshCentral, which is in hybrid mode.
Server Setup:
Initially, on localhost (when I run MeshCentral on my laptop), everything works fine. Intel AMT CIRA is activated, and I can use the AMT functionality.
Issue with Remote Server:
We are running the MeshCentral server behind an Nginx ingress. Ports 443 and 4433 are accessible on the MeshCentral server. We are doing all of this with Kubernetes pod settings. All remote sessions, remote, backstage, and all functionalities work fine.
I am trying to activate and configure Intel AMT CIRA with CCM for my devices and need your help.
As we are using MeshCentral as part of our main web application, we have set MeshCentral on a subpath (route) of our main server. For example:
https://mainserver.com/remote/ (this will simply redirect to our login page)
We have written services in Kubernetes to forward this route with port to the MeshCentral pod/server but were unable to write a rule for 4433 due to its limitations.
So, we have created one public IP http://amtserver.com:4433 which redirects to meshcentral_server:4433 and it is working fine.
When we access http://amtserver.com:4433, it simply shows:
MeshCentral MPS server.
Intel® AMT computers should connect here.
In config.JSON, we are using mainserver.certificate in settings (using mainserver.com as a cert and certUrl) and set amtserver.com to mpsaliashost in the config.
json
Environment info
Node.js: v20.12.1
MeshCentral: 1.1.22
Nginx: We have Nginx before the MeshCentral server. We have also created a public IP [http://amtserver.com:4433] to redirect to MeshCentral:4433.
AMT Version: 11.0.18
AMT info
{
"core-ver": 1,
"OsHostname": "LAP-55",
"Flags": 4,
"MeiVersion": "100.0.0.5124",
"Versions": {
"Flash": "11.0.18",
"Netstack": "11.0.18",
"AMTApps": "11.0.18",
"AMT": "11.0.18",
"Sku": "16392",
"VendorID": "8086",
"Build Number": "1002",
"Recovery Version": "11.0.18",
"Recovery Build Num": "1002",
"Legacy Mode": "False"
},
"UUID": "MY UID",
"ProvisioningMode": 1,
"ProvisioningState": 2,
"net0": {
"enabled": 1,
"dhcpEnabled": 1,
"dhcpMode": "PASSIVE",
"mac": "D4:81:D7:A4:94:5A",
"address": "0.0.0.0"
},
"net1": {
"enabled": 1,
"dhcpEnabled": 1,
"dhcpMode": "PASSIVE",
"mac": "28:16:AD:8A:1E:1B",
"address": "0.0.0.0"
},
"DnsSuffix": "xyz.com"
}
Issue:
I am unable to activate Intel AMT and CIRA on my remote server. I am running the MeshCentral server with mpsdebug and getting the following logs in the console:
Logs under MyServer menu -> Trace tab -> CIRA SERVER AND CIRA COMMANDS CHECKED
Server Logs:
"mps","New CIRA connection"
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
CIRA connection error: {"errno":-104,"code":"ECONNRESET","syscall":"read"}
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
"mps","New CIRA connection"
"mps","CIRA connection closed"
Console Logs:
MPS <-- (5):6100000004
MPS --> (5):6100000004
MPS --> (55):5a0000000f666f727761726465642d74637069700000000500008000ffffffff000000000000426000000007312e322e332e3400000401
MPS <-- (17):5b000000050000000500008000ffffffff
MPS <-- (5):6100000005
MPS --> (5):6100000005
MPS --> (55):5a0000000f666f727761726465642d74637069700000000600008000ffffffff000000000000426000000007312e322e332e3400000402
MPS <-- (17):5b000000060000000600008000ffffffff
MPS <-- (5):6100000006
MPS --> (5):6100000006
MPS --> (55):5a0000000f666f727761726465642d74637069700000000700008000ffffffff000000000000426000000007312e322e332e3400000403
MPS <-- (17):5b000000070000000700008000ffffffff
MPS <-- (5):d0000000ff
MPS --> (5):d1000000ff
MPS <-- (5):6100000007
MPS --> (5):6100000007
MPS --> (55):5a0000000f666f727761726465642d74637069700000000800008000ffffffff000000000000426000000007312e322e332e3400000404
MPS <-- (17):5b000000080000000800008000ffffffff
MPS <-- (5):6100000008
MPS --> (5):6100000008
MPS --> (64):fa0000003b7b22616374696f6e223a22636f6e736f6c65222c226d7367223a224661696c656420746f2067657420496e74656c20414d542073746174652e227d
MPS --> (23):fa000000127b22616374696f6e223a22636c6f7365227d
I have some questions:
Do we need some certificate to activate AMT CIRA?
Do we need my machine in some specific network setup to activate CIRA? If yes, then what are those requirements?
How can I check if my machine is set up with the proper network and Intel BIOS settings?
What is the role of reverse proxy, DnsSuffix, certificates and DHCP ?
If this existing setup does not support CIRA, please suggest steps I can follow to check and resolve the issue.
Beta Was this translation helpful? Give feedback.
All reactions