UNS "Failed to subscribe to local Intel AMT" Error Messages and how to fix them (Intel AMT SW, 7th part)

This post continues the previous installment in the Intel AMT software series.
You may be interested in reading what is the UNS and how it works before proceeding.

We learned about the inner flow of the User Notification Service and his use of SOAP protocol and HTTP...

Being HTTP based has big advantages :) :

    • It uses a well known and tested interface/protocol.

    • It makes possible to use intuitive and well known security features, such as digest authentication or TLS encryption.

    • It makes for a unified interface between local and remote agents - no need to learn two methods.

    • It makes possible for an ISV to mimic the UNS behavior



But being HTTP based has its disadvantages too :( :

    • A lot of factors can interfere with the normal and easy flow of networking -- correct performance depends on the correct configuration of many parameters, and any error will lead to a "Failed to subscribe to local Intel AMT" message in the Event Viewer.



Let's see some examples:
In a simple connection, UNS will send the HTTP packets to LMS who will in turn translate and redirect them to the HECI (Intel MEI) interface. If either LMS or HECI is not working, the subscription will fail.
In more complex setups other parameters can affect the connection: If TLS is configured, the certificates must be configured correctly. If anonymous access is disabled in AMT, a user must be configured. And so on.

Any of these errors will cause a "Failed to subscribe to local Intel AMT" message in the Event Viewer.
To make it easier to troubleshoot, here is an exhaustive list of causes to this error (in the order they're likely to happen), and how to fix each one:























































Possible cause


Explanation


Fix


Less than 3 minutes since previous subscription


In order to protect the Intel AMT flash part in the board from continuous write instructions, Intel AMT accepts only one local subscription every 3 minutes.


Wait at least three minutes before re-starting UNS.


Note: When this error appears, UNS will retry to connect automatically after a few minutes. There is no need to restart it manually.


TLS is not correctly configured


As you can see from the explanation above, UNS will not be able to use TLS certificates unless they're located at the computer account storage.


Install the certificates in the computer account storage using the "mmc" tool, as is specified in step 4 of http://support.microsoft.com/kb/901183/


Bad credentials


If the username and/or password used are not existent or correct, Intel AMT will refuse the subscription.


Clear the configuration (with the "-clear" argument or entered correct existent credentials.


LMS Stopped


LMS is stopped or not started.This only happens if you manually stop the service or remove it from the service lists.You can check if this is the case by running "sc query LMS" from a command line.


Either restart the LMS service ("sc start LMS") and/or reinstall the LMS software.


HECI disabled or uninstalled


This happens when the HECI (Intel MEI) device is disabled (see device manager) or uninstalled.The Intel MEI device can additionally be disabled or enabled in the BIOS, but that depends on your platform vendor.


Enable Intel MEI in the device manager, and/or re-install the driver.In case you have disabled Intel MEI in the BIOS, re-enable it.


Ports 16992 or 16993 are occupied by another app


Ports 16992 and 16993 are registered with IANA to Intel .However, that doesn't mean that another application can't use these ports inadvertently.You can check with "netstat -oba" if this is the case


Stop/kill the other application and re-start LMS and UNS.


Anonymous access is disabled


In case anonymous access to Intel AMT is disabled, UNS will not be able to connect unless credentials are provided.


Use the "-unsUser" and "-unsPass" to configure credentials, as explained in the previous article.


Intel AMT unconfigured or disabled


In some of the early platforms of 2.5 version, this error may appear in event viewer when Intel AMT is disabled or unconfigured on the platform.


Update the software version, by installing a new LMS/SOL software pack.


Maximum subscriptions reached


There is a maximum to the number of concurrent local subscriptions, the number varies between projects. If the max was reached, no additional subscriptions are allowed.


This situation is very unlikely to happen, as UNS deletes all the local subscriptions he's got access to before adding his own. This fact, and the fact that you probably have no other service subscribing locally make it almost impossible to happen in the field. However, we list it in order to keep the list complete.


I hope the list above is useful.
If you encounter anything that can be fixed, please let know in the comments!


Articles in the Intel® AMT software series:




    1. The software bundled with Intel AMT

    1. The notification area icon - understanding the pop-up

    1. Configuring the notification area icon & app

    1. More configurations (disabling) of the Intel AMT icon

    1. Detailed information to the user with the User Notification Service

    1. How the UNS works

    1. UNS Error Messages and how to fix them

    1. Newfangled Intel Management and Security Status

    1. Intel Management and Security Status (IMSS), advanced configurations

    1. Intel AMT software: LMS, HECI, MEI... why do I need those?

    1. Wrapping all Intel AMT software together
For more complete information about compiler optimizations, see our Optimization Notice.

Comments




Hello Shmuel,

I just finished to read all the 7 parts of the series and I learned a lot.
You know, everybody usually close the notification pop-ups and don't know that there are many possibilities to customize and troubleshoot the service working in the background.

=)


You read all the 7 parts? I'm flattered! :)
And happy that you found them interesting.

Yes, there is a lot more to these software than it seems at first glance. All of them have configurations and customizations to improve the user experience.
Please let know if there is anything else that you want to know, I'll try to address them in the future posts of the series.