Remote KVM no longer working thorugh MDTK

Remote KVM no longer working thorugh MDTK

Hi,

I had Remote KVM working great through the MDTK. I documented the setup here. I don't use it often and recently discovered that UltraVNC gives me the message "Connection failed - End of Stream" no matter which machine I try to control.

Details:

- Running MDTK 1.35. (The latest version listed at http://www.meshcommander.com/open-manageability is 1.34, but when you install it, it says it is 1.35.) Also tried 1.31 with the same results.

- Remote test machines are running AMT 9.0.2 or 9.1.0.

- Security is set up as described in the first link above. Remote Desktop is "Enabled using redirection port."

- I get the connection to the remote with no problem. I can see all the Hardware Asset info, Event Log, etc. I can even see in the Audit Log that I had a successful KVM session in April 2016.

- When I click on "Launch Viewer," the connection fails with the "End of Stream" message.

- When I click on "Take Control, I get "Unable to connect to serial-over-lan port (IMR_RES_TIMEOUT) before the black window opens. It shows "TLS Secured, Serial-over-LAN - Disconnected."

This happens on multiple machines at different sites, whether connecting over the Internet or through a site-to-site VPN.

What could cause the remote control functions to stop working?

Thanks,

Mark Berry
MCB Systems

Zone: 

Thread Topic: 

Question
26 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hey Mark,

The first thing I would check is the KVM Settings and the path to the KVM viewer.

The KVM settings can be found on the Remote Control Tab, all the settings in the "Remote Control" Section should all show enabled, as well as the label for "Remote Desktop Settings".

By default Mesh Commander doesn't have a integrated viewer, but has the option to name a viewer and where it is installed, So the path to the KVM application can be inspected by selecting the down arrow on the remote Control Tab for Remote Desktop Viewer. If that path and viewer is correct, I would try manually launching the viewer, instead of directly through Mesh Commander.

Joe

 

Joe,

Thanks for your reply. The UNCViewer,exe is there and registered.

The error message is coming from the viewer:

I'm relying on the MDTK to establish the connection via the redirection port. As you can see, the viewer connects to 127.0.0.1 on a random port. I'm not aware of how to run the viewer over the redirection port without the MDTK (the paid version of RealVNC may have that option).

Mark Berry
MCB Systems

Hi. I have not been on the forums for a while. First off, the MDTK is getting old and being replaced with Mesh Commander. You can find it at http://meshcommander.com. It has a built-in KVM viewer that I wrote completely from the ground up and works with the redirection port. So, you don't need to activate port 5900 or setup a different password. It also supports Intel AMT tile compression, etc. Basically, it's a KVM viewer that is built from the ground up for Intel AMT. As an added bonus, I just released Mesh Commander 0.2.4 about an hour ago with IDER support and improved KVM full screen mode. Let me know if that works for you.

As for the MDTK, I am slowly going to try to get rid of it if possible. It seems to be calling UltraVNC incorrectly, but I would have to check.

Thanks,
Ylian
 

Thanks, Ylian.

So I installed Mesh Commander 0.2.4. Pretty slick tool! When I tried to use Remote Desktop on one of the machines, I got this message:

I checked the "KVM Remote Desktop" option and was in fact able to control the remote machine again.

Then I disconnected from Mesh and went back to the MDTK. I still could not get in to KVM with Launch Viewer.

Seems strange that this used to work in MDTK, then stopped. I don't see an option in MDTK to enable KVM Remote Desktop beyond what I've already done (State = Enabled).

A little Mesh feedback:

  • Would be nice if I could drag computers.xml exported from MDTK over to Mesh.
  • I miss the tree view that lets me see/manage multiple computer connections at once.
  • Saw "Authentication Error" a few times--when a session times out?

In any case, thanks for an option that restores KVM functionality!

Mark Berry
MCB Systems

 

So it looks like Mesh is unable to connect to machines running older AMT like 5.0, 5.2?

You should be able to establish a connection to the older devices for most things, however a KVM connection will not be available.

Intel AMT KVM started with AMT 6.0, for these older systems (Pre AMT 6) you will need to make a SOL connection, which is a non graphical connection similar to telnet.

Joe

 

 

Joe,

Yes I know there's no KVM to old machines; mostly I would just be doing power up/down on old machines.

Connections to older machines work fine from MDTK but in Mesh Commander, it just hangs on "Loading..."

Mark Berry
MCB Systems
 

Hey Mark,

I believe that the Mesh Commander tool is written for wsman only as using SOAP was deprecated as of AMT 9.

Using the MDTK, make the connection and then go to the Management Engine Tab. There will be a value for the Interaction type, what is that value?

If the value is SOAP, Switch it so that wsman can also be used. 

Let me know what you find

Joe

Thanks Joe.

The old 5.2.x machines all show "EIO (SOAP) + WS-MAN". SOAP only is not an option. I changed them to WS-MAN only but Mesh Commander still gets stuck "Loading...". Eventually it shows a Timeout Error.

Mark Berry
MCB Systems

Hey Mark

There is a new version of Mesh Commander (v0.2.8), This version is suppose to fix your issue.

let me know your results please.

Joe

I have 0.2.5 installed. When I try to install 0.2.8, it says that a new version is already installed and refuses to install:

Hey Mark,

The issue has been reported to the Mesh team for review, so an update should occur soon.

In the mean time, you can try an uninstall of the App, just make sure to export your computer list first. Then install 0.2.8.

Let me know your results

Joe 

I uninstalled 0.2.5, then downloaded and installed 0.2.9.

I am now able to connect to machines running Management Engine 5.2.0 and 5.2.40. Even if I specify "Digest/TLS", it is able to connect to a machine that does not support TLS.

MDTK says it can establish a Serial-over-LAN connection to the old machines. Mesh says it cannot. However, Mesh shows more stuff on the Status page, in particular Power options, which is pretty much the only reason I ever used the "Take Control" button on MDTK.

Suggestions:

1. Mesh should suppress or gray out Power Actions based on teh current Power state, e.g. Power up when it is already on doesn't make sense and is potentially confusing.

2. Mesh needs a way to generate and install TLS certificates on machines that support them. I'll keep MDTK around for that for now.

3. I miss the ability to manage multiple connections at once.

4. Would it be possible to code-sign installers? It's a bit nerve-wracking to install unsigned code especially when it supposedly originates at Intel.

Thanks for your help on this. I think we can consider the original issue closed.

Regards,

Mark Berry
MCB Systems

 

Hey Mark,

Thanks for the feedback on getting the solution to work. I have also forwarded your concerns and suggestions on to Ylian and the Mesh team for review.

Joe

 

Hey Mark

On 08/09/2016 you stated "I miss the ability to manage multiple connections at once." in regards to Mesh Commander functionality. The developers heard about your request and as of Mesh Commander version 0.2.9 that feature is now available!

To use this feature simply hold down the the shift key and select connect. This will open a new Mesh Commander window and connect to the selected computer.

Joe 

 

 

Joe,

I'm not sure I understand how to get that to work. In 0.2.9, if f I hold Shift while connecting, the screen just changes to the management UI for the machine. There is no popup or second window. Also I'd prefer not to have a bunch of windows. Maybe to keep with the new look-and-feel, they could use tabs like a browser:  put the computer list on a permanent first tab and then open each new connection in a new tab.

Mark Berry
MCB Systems

Hi Mark. I often update MeshCommander without changing the version number (Sometimes a few times a day), so I added the "shift" with the standalone executable (.exe) version of MeshCommander on v0.2.9 a few days back. If it does not work, re-download and install the latest v0.2.9 and try again. Holding shift while hitting the "Connect" button on a machine should open a new window.

If you are running MeshCommander within IIS or NodeJS web servers, I did not do the shift key yet, but I am thinking I can open a new browser tab and do kinda the same thing.

Hope it helps,
Ylian

Hi Ylian,

Thanks, the newer version of 0.2.9 does open a new window if I press Shift before clicking on Connect. Unfortunately, the master window disappears by default--I often won't know that I want to see machine 2 until I am already connected to machine 1. Also, as mentioned, I don't really want a bunch of windows on the screen. Besides the MDTK, mRemoteNG is a nice example of a free app for managing connections to multiple computers (via RDP) in a single window.

Would it be too much trouble to use different version numbers for different program versions? It's frustrating and confusing to hear "this feature is in 0.2.9" but find out later that there are multiple editions of version 0.2.9. Maybe add a build number if you don't want to bump the version? And code signing, please! I used https://cheapsslsecurity.com/ to buy my cert for about $75/year. It takes some work to add it to the build process but after that, it's automatic. I know this is free/beta/demo software but it has the potential to be a powerful sysadmin tool--and to drive sales. (I for one always look for vPro/AMT when buying machines.) I hope Intel will increase its support of your project.

Regards,

Mark Berry
MCB Systems

Hey Mark

The Mesh team has informed me that a new version of Mesh Commander (0.3.1) will be made available shortly that will address your previous concerns.

 

Joe

The GUI of Intel Manageability Commander looks nearly the same as Mesh Commander. What's the difference of those nearly similar products?

Thorsten,

Thanks for that link to the current Manageability Commander, which is quite different from what I was using in 2016 (see screenshots above).

From the screenshot on page 7 of the Manageability Commander User's Guide, it does indeed look like this "official" product has now adopted the unofficial Mesh Commander UI and presumably functionality. I too would like to know what this means. Are they now equivalent? Will Mesh Commander stay around as the beta/testing platform for Manageability Commander, or will there only be one product going forward?

Mark Berry

Hey guys,

Intel Manageability Commander (IMC) is a branch off of Mesh Commander. Basically if you want an Intel branded tool with support use Intel Manageability Commander. If you like Open Source tools that may or may not have bugs, but potentially (it does) may have features not available in IMC, then use Mesh Commander.

Mesh Commander also can be installed as a Web App, so that might be another reason to go with Mesh Commander

Joe

Thanks Joe. What features besides the Web App does Mesh offer that IMC does not? Or maybe it would be simpler to say what version Mesh was at when IMC was branched? The main thing I need that was a recent addition to Mesh was certificate management. Is that in IMC?

Hey Mark,

Certificate Management feature of Mesh Central is not currently a part of Intel Manageability Commander (IMC),

Joe

Thanks Joe. I'd like to have the "branded tool with support" but certificate management is core functionality for setting up AMT. Hopefully they'll add that to IMC soon.

Leave a Comment

Please sign in to add a comment. Not a member? Join today