Unsure what this is

[Matt-CyberGuy]

Hey all... I've got a weird random one,

I've noticed for a few sites we occasionally see these odd/random systems appear that are CIRA connections. Any idreas? I can't seem to do anything with them. If I remove them, they eventually come back. Should I turn off the AMT 'Fully Automatic' option in the groups?

[PathfinderNetworks]

I am pretty certain these are routers. I'm guessing they must be based on Intel chipsets or have some sort of CIRA/Intel AMT functionality. I also am seeing these and they started showing up a few versions back. For me, many of them are Comcast Business routers. It is a bit annoying to be sure. Or at least I'm assuming they are routers. No clue what else they could be?

[PathfinderNetworks]

Also, I just saw this issue posted for the same thing. https://github.com/Ylianst/MeshCentral/issues/3436

[PathfinderNetworks]

Now that I look at it closer, and based on what the other discussion mentioned, it's not routers showing up. It is devices that were previously showing up as CIRA connected devices. I verified that by looking at devices I know where showing a CIRA connection in the past (and that were working properly with the AMT tab) that now no longer show the CIRA connection. Instead, there are those weird looking reverse IP entries that you can't do anything with.

[Matt-CyberGuy]

Are you saying in my case it's a system/systems that is no longer connected in our portal, but once upon a time had a CIRA connection to it?

[PathfinderNetworks]

Not exactly. After digging in to it a bit deeper after seeing that other discussion (#3436) I realized what it is. They are systems that are CIRA capable. However, instead of the CIRA connection showing up on the device itself, Mesh is now adding those new 'devices' you are seeing. The device itself, at least in my case, is still there (using the MeshAgent).
In other words, before this bug I may have had 5 devices for a group. If all 5 of those devices are also CIRA capable I am now seeing a total of 10 devices in that group (the original 5 devices plus 5 of these new 'devices' that are named with a reverse DNS naming convention). The bad thing is that this is breaking Intel AMT functionality. Previously I could use Intel AMT to control the power state of those devices (for example). Now I can no longer do that.
Hopefully that makes more sense.
Hopefully Ylian will be able to get this straightened out.

[Ylianst]

When MeshCentral gets a CIRA connection, it gets the Intel AMT unique identifier (UUID) and uses that as the identifier to show the connection on the web site. Normally, the Intel AMT UUID should not change and should be unique for each device. However, I have seen rare cases where this is not the case.

You can get the Intel AMT UUID using meshcmd.exe amtuuid or by typing amt in the agent console.

I should have put the identifier in the "details" tab too so it's easy to see.

My question is, does this identifier change each time you get a duplicate CIRA connection? If so, I would first suggest to update your firmware (BIOS) on the remote computer. If that does not fix it, that will be a problem since I use that identifier to route the connection.

[Ylianst]

I think this is a duplicate of #3436, also the title is terrible.