search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.72k stars 512 forks source link

intel amt CIRA activating but not connecting #6049

Open amoljagdalepucsd opened 2 months ago

amoljagdalepucsd commented 2 months ago

Hi Community ,

I am running a MeshCentral public server on the internet and trying to activate Intel AMT. So far, I have successfully activated Intel AMT on a remote system with a TLS certificate. However, based on my understanding, to enable AMT on a public server, we need to enable/activate CIRA. For that purpose, I've set the policy to fully automatic at the group level, so it should automatically configure CIRA and establish a connection to the MeshCentral Intel AMT server. However, CIRA is not activating, and Intel AMT is not connected. The 'Intel AMT connected' status should be displayed under the general tab once AMT is connected, and the connect button under the Intel AMT tab should also become enabled. But nothing is happening. Can anyone please help me with this?

Additionally, I'm wondering if I missed any configurations that could be causing the issue. Could someone please advise on what configurations might be necessary? Furthermore, I'd appreciate any guidance on how to debug this issue effectively. Thank you.

intelamt1 0 intelamt2 0
si458 commented 2 months ago

YOU HAVENT FOLLOWED THE BUG TEMPLATE REPORT WHICH HAS INFORMATION WE NEED TO HELP YOU what nodejs version are you using? what meshcentral version are you using? are you using a reverse proxy (like traefik/nginx)? what intel AMT version is the remote device?

what is the outputs from running the following commands from the console tab of the device? amt amtevents amtconfig - this will config amt again, give it a few mins to run and display output

amoljagdalepucsd commented 2 months ago

Sorry @si458 for not following BUG template report. Nodejs : v20.12.1 , MeshCentral : 1.0.85 , reverse proxy : We have nginx to before MeshCentral server , amt version : 11.0.18 ,

amt { core-ver: 1 OsHostname: "LAP-084" Flags: 4 MeiVersion: "100.0.0.5124" Versions: { Flash: "11.0.18" Netstack: "11.0.18" AMTApps: "11.0.18" AMT: "11.0.18" Sku: "16392" VendorID: "8086" Build Number: "1002" Recovery Version: "11.0.18" Recovery Build Num: "1002" Legacy Mode: "False" } UUID: "MY UID" ProvisioningMode: 1 ProvisioningState: 2 net0: { enabled: 1 dhcpEnabled: 1 dhcpMode: "PASSIVE" mac: "D4:81:D7:A4:94:5A" address: "0.0.0.0" } net1: { enabled: 1 dhcpEnabled: 1 dhcpMode: "PASSIVE" mac: "28:16:AD:8A:1E:1B" address: "0.0.0.0" } DnsSuffix: "abc.com" }

amtevents 04:13:00, LMS tunnel start. 04:13:03, Checking Intel AMT state... 04:13:12, Intel AMT connected. 04:13:42, Removing CIRA periodic trigger. 04:13:42, Removing MPS server. 04:13:45, Created new MPS server. 04:13:46, Created new MPS policy. 04:13:55, Done. 04:13:55, LMS tunnel closed.

amtconfig 05:07:02, LMS tunnel start. handleApfJsonControl 1.0 :{"action":"console","msg":"Checking Intel AMT state..."} 05:07:04, Checking Intel AMT state... handleApfJsonControl 1.0 :{"action":"console","msg":"Intel AMT connected."} 05:07:13, Intel AMT connected.

si458 commented 2 months ago

you are still using an old version of meshcentral, you need to update, 1.1.22 is the latest which has AMT fixes in place

amoljagdalepucsd commented 2 months ago

I am planning to update it, but as it is hosted on a server with some changes, it will take time to update. CIRA should work with this version as well, I guess, because I saw @Ylianst s videos, and he was able to activate CIRA with an older version.

si458 commented 2 months ago

yes but the was amt issues using node 16 or above, which was only recently fixed in like 1.1.20 if i remember? so you need to update first, then report back if your still having issues

amoljagdalepucsd commented 2 months ago

To update it to version 1.1.22, I need to clone the repository and then host it on the server. Is there any other way to update it for AMT fixes

si458 commented 2 months ago

i believe this commit is the fix for the AMT connecting issue https://github.com/Ylianst/MeshCentral/commit/a5efc5e899b8809293b297df045cff5ec0eb448b but again the has been SO many amt fixes over the past 4 months, ive lost track

amoljagdalepucsd commented 2 months ago

Thanks @si458 . However, today I reviewed Intel AMT fixes from the 1.0.85 to 1.1.21 releases and incorporated all changed files into version 1.0.85, but its still not connecting with CIRA. I think it might be different issue as well.

si458 commented 2 months ago

that commit is just 1 fix out of about 50 you need to update to 1.1.22 and then re-test and report back, applying patches MIGHT not work

amoljagdalepucsd commented 2 months ago

@si458 , Thanks for suggestions. I will update and report back. With current version [1.0.85] I am now able to activate CIRA, and Intel AMT is also connected to my development server and able to see all info in Intel AMT tab. I tried initiating a remote desktop session from the Intel AMT tab, but it's not connecting. Additionally, I noticed that CIRA gets disconnected after some time.

AMT TAB AMT connect
si458 commented 2 months ago

@amoljagdalepucsd, so ur one step closer, I'm guessing u hand patched rather than updating? again, update to the latest version and then try again. Or restart meshcentral and power cycle the remote device (unplug its power, wait 5 secs, plug it bk in)