si458
commented
3 months ago What's the group settings like? Have u activated the intel amt feature?
Open Silejonu opened 3 months ago
si458
commented
3 months ago What's the group settings like? Have u activated the intel amt feature?
si458
commented
3 months ago Also if you know what the intel amt credentials are, you can click the blue download icon next to Trying credentials and then enter them manually and wait 5 mins while it tries the credentials
Silejonu
commented
3 months ago What's the group settings like? Have u activated the intel amt feature?
I've tried all policies, none of them made a difference. Right now it's on "Simple Admin Control (ACM)", "Randomize Password", "Deactivate CCM if setup" & "CIRA setup: do nothing".
Also if you know what the intel amt credentials are, you can click the blue download icon next to Trying credentials and then enter them manually and wait 5 mins while it tries the credentials
I did, hence the "Trying Credentials".
One thing I forgot to mention in my initial report: if I try to add my device via "Add Local", nothing happens. The pop-up asking for the machine to add just disappears. The only way to add my machine was to use the "Scan Network" function.
si458
commented
3 months ago try going into the console tab and typing amt and see what info comes out
Also try amtconfig and watch the output
Silejonu
commented
3 months ago I was not using the agent, so when installing it I realised there was an error in my config.json, that I fixed. After playing around a bit, I've been able to successfully register my machine by importing a json file into my group, with credentials now confirmed as "Known".
So, my original issue is fixed, thanks for the assistance. However, adding my machine via "Add Local" still results in nothing happening. Adding it via "Scan Network" finds it and allows me to add it, however it still stays stuck on "Trying Credentials". Is this expected behaviour? If not, and that's something you're interested in understanding/fixing, is there anything I can do to help you diagnose it?
si458
commented
3 months ago @Silejonu when you add an AMT device, meshcentral doesnt know any credentials about the machine apart from the default admin,admin so it will always show Trying Credentials until you specify what credentials to use for that machine
(i have this problem with 1 AMT machine which is connected to my development server, BUT i also have a production agent installed which always shows Trying Credentials but thats expected because its connected to a different meshcentral server!)
BUT
you can specify a user,pass in your config.json for it to try in addition to admin,admin if you use the same one for multiple machines for example (example below, and screenshot of schema file section)
ALSO
you can run amtpasswords from the console tab of the My Server page,
which will list the last 3 passwords meshcentral is trying to use for that machine to login with
(this is handy to verify you have set the password correctly)
{
"domains" : {
"": {
"amtmanager": {
"adminaccounts": [
{ "user": "admin", "pass": "admin" },
{ "user": "admin1", "pass": "admin1" },
{ "user": "admin2", "pass": "admin2" }
]
}
}
}
}@si458 Maybe I am not understanding things correctly, but when adding a device to MeshCentral (via the Local Scan wizard), Intel ME first shows up as having "No Credentials". When clicking on it and adding my credentials, it then changes to "Trying Credentials". And nothing happens.
Note that I have not setup anything regarding password in config.json.
My domains section looks like this:
{
"domains": {
"": {
"_title": "MyServer",
"_title2": "Servername",
"minify": true,
"NewAccounts": true,
"localSessionRecording": false,
"_userNameIsEmail": true,
"certUrl": "https://meshcentral.mydomain.com:443"
}
}you can run
amtpasswordsfrom theconsoletab of theMy Serverpage
This command returns nothing (literally, not even an error message) for me.
si458
commented
3 months ago What nodejs version are u using? Is it 18 or above?
Silejonu
commented
3 months ago I'm using the Docker image ghcr.io/ylianst/meshcentral:latest, which runs Node.js v20.11.1.
si458
commented
3 months ago Hmmm weird? So try the following, delete device and group, create new group, add device manually, wait for it to say no credentials, add credentials, then go into the Console tab under My Server and type amtpasswords, is the amtpassword listed in the output?
One other thing u can try is visiting http://IPOFREMOTEDEVICE:16992 and try logging in with the amt credentials you have, if u can't login, then the details are incorrect, if u can then it's something else I'm missing?
Silejonu
commented
3 months ago So try the following, delete device and group, create new group, add device manually, wait for it to say no credentials, add credentials, then go into the Console tab under My Server and type amtpasswords, is the amtpassword listed in the output?
Still exact same result:
One other thing u can try is visiting http://ipofremotedevice:16992/ and try logging in with the amt credentials you have, if u can't login, then the details are incorrect, if u can then it's something else I'm missing?
I can login with the credentials, no problem. They're also accepted by MeshCentral, but the only way I can get it to even try them is via the JSON import functionality. After purging everything to retry from scratch as you asked me, I re-added my device via the JSON import, and it's working just fine: I can access the Intel AMT tab, Admin Credentials are marked as "Known", etc. But amtpasswords still shows not output.
si458
commented
3 months ago What about importing from the json, logging into the intel amt panel at least once from within meshcentral, then running the amtpasswords? Does it show anything? I have a feeling its not saving the credentials correctly?
Edit. Cud be related to a bug we found before with it not saving ssh/rdp credentials
Silejonu
commented
3 months ago Still nothing. I can use the Intel AMT tab normally, same for the Desktop tab, but nothing is returned by amtpasswords.
si458
commented
3 months ago Hmmm... very weird? Leave it with me. I have an amt 7 device in the office, so I'll reset it and try it later this week and see if I can find out what's wrong
Silejonu
commented
3 months ago Alright, let me know when/if you'd like me to test a few things.
crltc
commented
4 weeks ago I was not using the agent, so when installing it I realised there was an error in my
config.json, that I fixed. After playing around a bit, I've been able to successfully register my machine by importing a json file into my group, with credentials now confirmed as "Known".So, my original issue is fixed, thanks for the assistance. However, adding my machine via "Add Local" still results in nothing happening. Adding it via "Scan Network" finds it and allows me to add it, however it still stays stuck on "Trying Credentials". Is this expected behaviour? If not, and that's something you're interested in understanding/fixing, is there anything I can do to help you diagnose it?
I am having a similar problem where using "Add Local" under a group does not do anything and the device is not added (no error or anything, just nothing happens) but when I select "Scan Network" I can discover and add the device. Likewise after I do that entering the credentials it gets stuck on "trying credentials" but if I click the tabs it works and I can use the KVM and see all info.
I am using a fresh install deployed with official docker image version 1.1.24 - haven't customized anything just my reverse proxy options set.
pcmike
commented
1 week ago Same issue here. Always just says Trying Credentials despite everything seeming to work just fine. 🤷🏻♂️
EDIT: By the way this is on a 6th gen i7-6700t and Intel® ME reports: Activated, v11.8.50, Trying Credentials. Also when you click on details it doesn't display all the information that I get on my 12th gen i7-12700t which Intel® ME reports: v16.1.30, Activated, Admin Control Mode (ACM), Secured using TLS, Admin Credentials: Known. Hopefully this extra information may help. I'm willing to try anything needed..
EDIT2: I think this is a function of the various versions of AMT. I think the older versions don't implement https on 16993 and therefore don't populate the details tab in mesh central and also don't "appear" to save credentials, even though they do actually save them. I can't be certain if this is truly the case or why.. but maybe the developers can look into this? My 12th gen machine only responds on https:16993 and DOES NOT respond on http:16992; this is the reverse for the 6th gen machine.
Describe the bug The general tab of my device shows that it's "Trying Credentials", and it hasn't updated for days.
To Reproduce Steps to reproduce the behavior:
Expected behavior The credentials should be accepted, and the device should be manageable from the MeshCentral UI.
Screenshots
Server Software (please complete the following information):
Remote Device (please complete the following information):
Additional context I can control my device without issues when using the "Intel AMT" tab, but all the other tabs don't work until I go into it first.
It seems MeshCentral does not even attempt to connect, as if I try to enter wrong credentials, it doesn't show up in the AMT logs (if I manually try to log in with wrong credentials, it's reported).
Your config.json file