Failed to Set Agent Presence Expiration Action

Failed to Set Agent Presence Expiration Action

Hello,

I am trying to trigger a reboot when an agent stops pinging the Agent Presence service (Watchdog functionality). I am using an i5-6500 CPU with firmware version 11.0.12 (above 11). I am trying to set an expiry action on the agent using the HLAPI (from the 11.6.0.7 AMT SDK). I am running the sample provided: AgentPresenceRemoteSample. When trying to setup the expiration action it fails with the message:

"Set expiration action failed with exception: Failed to set expiration action"

All the rest works:

  • Create Agent
  • Create second Agent
  • Get all Agents
  • Get Agent Presence capabilities
  • Get Agent by name
  • Set the policy for agent presence
  • Get the policy from agent presence
  • Remove the policy from agent presence
  • Delete specific agent
  • Delete specific agent
  • Delete all agents

What am I missing?

A

 

Thread Topic: 

Help Me
17 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hey Alexis

The exception you are encountered is part of Intel  AMT HLAPI in the the AgentPresenceWSMAN.cs file

Here is a copy and paste from the Intel AMT SDK starting on line 818

            try
            {
                IManagedInstance watchDogActionIn = watchDogActionRef.Get();
                //set expiration action properties
                watchDogActionIn.SetProperty("HeciWatchDogExpirationAction", ((ushort)watchDogExpirationAction.HeciWatchDogExpirationAction).ToString());
                watchDogActionIn.SetProperty("AgentPresenceWatchDogExpirationAction", ((ushort)watchDogExpirationAction.AgentPresenceWatchDogExpirationAction).ToString());
                if (watchDogExpirationAction.TimeoutInterval != null)
                    watchDogActionIn.SetProperty("Timeout", ((uint)watchDogExpirationAction.TimeoutInterval).ToString());
                if (watchDogExpirationAction.ReArmReset != null)
                    watchDogActionIn.SetProperty("ReArmReset", watchDogExpirationAction.ReArmReset.ToString().ToLower());
                watchDogActionRef.Put(watchDogActionIn);
            }
            catch (Exception ex)
            {
                throw new AgentPresenceManageabilityException("Failed to set expiration action", "SetExpirationAction", machineOrigin, AgentPresenceFailure.GeneralError, "", ex);
            }

To me it looks like you may not be setting the TimeOutInterval or ReArmReset

Joe

Thanks Joe,

You are entirely correct, the error is coming from that code 

I ran the HLAPI in the debugger and the exception is thrown because

IManagedInstance watchDogActionIn = watchDogActionRef.Get();

returns null and all the following member calls dereference a null pointer. 

I should mention I also tried using the WS interface through Powershell and couldn't get a concrete object off of the reference. 

Alexis

Also, 

I am using the sample from the HLAPI which sets the parameters. They are set to 60 and true  

To me it looks like you may not be setting the TimeOutInterval or ReArmReset

The sample code is located in AMT_SDK_11.6.0.7\Windows\High Level API\Src\HLAPI_Samples\AgentPresenceRemoteSample. The calling code is:

AgentPresenceRemoteFunctionality.SetExpirationActionOnAgentPresenceWatchDog(amt, "Agent1");

Which then calls:

       public static void SetExpirationActionOnAgentPresenceWatchDog(IAMTInstance amt,string agentName)
       {
           try
           {
               //set expiration action properties
               WatchDogExpirationAction expirationAction = new WatchDogExpirationAction(ExpirationAction.Reboot, ExpirationAction.Reboot, 60, true);
               amt.AgentPresence.Remote.SetExpirationAction(expirationAction);
               //apply expiration action on specific agent
               amt.AgentPresence.Remote.ApplyActionOnWatchDog(agentName, true);
               Console.WriteLine("Set expiration action completed successfully.");
           }
           catch (ManageabilityException ex)
           {
               Console.WriteLine("Set expiration action failed with exception: " + ex.Message);
           }
       }

As you can see both TimeOutInterval or ReArmReset are set to 60 and true. BTW, this is not my code, I am just trying the samples provided with the SDK.

Because the Get() function returned a null pointer, I tried creating an instance using WS Management in PowerShell. I used the following code:

$wsmanConnectionObject = new-object 'Intel.Management.Wsman.WsmanConnection'
$wsmanConnectionObject.Username = $user
$wsmanConnectionObject.Password = $password
$wsmanConnectionObject.Address = "http://" + $hostname + ":16992/wsman"

$watchDogActionRef =$wsmanConnectionObject.NewReference("SELECT * FROM IPS_WatchDogAction WHERE InstanceID='Intel (r) AMT Watch Dog Action'")
$watchDogActionInstance =$wsmanConnectionObject.NewInstance("IPS_WatchDogAction")
$watchDogActionInstance.SetProperty("InstanceID","Intel (r) AMT Watch Dog Action")
$watchDogActionInstance.SetProperty("HeciWatchDogExpirationAction","1")
$watchDogActionInstance.SetProperty("AgentPresenceWatchDogExpirationAction","1")
$watchDogActionInstance.SetProperty("Timeout","60")
$watchDogActionInstance.SetProperty("ReArmReset","true")
$watchDogActionRef.Put($watchDogActionInstance)

I got the following error:

Exception calling "Put" with "1" argument(s): "No route can be determined to reach the destination role defined by the WSAddressing To."
At D:\Development\AMTWatchdog.ps1:36 char:1
+ $watchDogActionRef.Put($watchDogActionInstance)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WsmanUnreachableException

It almost looks like the system has no idea what an IPS_WatchDogAction is.

Hey Alexis

What OEM, BIOS version and model of the device in question?

I would try updating the BIOS, which usually updates the ME firmware as well. This feature was first Introduced for ME 11 and you might just have an early BIOS that the OEM didn't enable the option within.

Let me know the BIOS version and your results

Joe

Hi Joe,

It's a Dell Optiplex 7040

BIOS is 1.4.9

There is a new BIOS version of 1.5.7. I will try and report back. Do I need to update the ME Drivers as well?

Alexis

Hey Alexis

You shouldn't need to, but if it is still failing after the BIOS update, I would go ahead and update the chipset drivers and test again.

Joe

Hi Joe,

Still no dice. Upgraded BIOS to latest version: 1.5.7 which upgraded the ME Firmware from 11.0.12 to 11.0.18.

Still getting the error message: "Set expiration action failed with exception: Failed to set expiration action"

Trying to update the chipset firmware but from my understanding, this is for Windows to talk to ME but what we are trying to do is one level lower than the OS (even lower than the BIOS if I understand well).

Is there a known version of the ME firmware that works? Can I upgrade the ME firmware independently of the BIOS? Where would I download the updated firmware and how would I install it?

Alexis

Hi Joe,

Correct me if I'm wrong but I already have the proper firmware version? 11.0.18 should support the the expiration action.

Is it the processor that doesn't support it?

Alexis

Hey Alexis,

Yes AMT 11.0.x should be compliant, however depending on how the OEM set up the firmware image things can be enabled or disabled.

As for the Drivers you are also correct in that you are remotely communicating to the firmware, however the firmware needs to talk up the driver stack to identify the application, then the driver sends a HB to the firmware dependent on the settings you make for Agent presence.

I am in talks with the developers, so please stay tuned

Joe

Quote:

Joseph O. (Intel) wrote:

Yes AMT 11.0.x should be compliant, however depending on how the OEM set up the firmware image things can be enabled or disabled.

Wow, I didn't know the OEM could customize the Intel ME Firmware.

Quote:

Joseph O. (Intel) wrote:

As for the Drivers you are also correct in that you are remotely communicating to the firmware, however the firmware needs to talk up the driver stack to identify the application, then the driver sends a HB to the firmware dependent on the settings you make for Agent presence.

Not sure this makes sense as the part where I fail is not the application sending the heartbeat to the firmware, it's setting up the behavior when there is no heartbeat and this is done on a remote computer.

Quote:

Joseph O. (Intel) wrote:

I am in talks with the developers, so please stay tuned

That's great news, thanks for escalating this.

Alexis

Hey Alexis,

The OEM can manipulate the firmware image prior to burning the CSME image, which seems to be the case here. Your only option is to put a ticket in with OEM for this issue.

Joe 

 

 

Hey Joe,

Quote:

Joseph O. (Intel) wrote:

Your only option is to put a ticket in with OEM for this issue.

Is that the verdict after talking to the developers? Is there any way I can load a CSME image with the features enabled?

Alexis

My goal is to have a watchdog for my process that will reboot the machine if the process does not ping it within a certain time. I was reading of an old TCO WDT on the PCH that could accomplish this. Do you know anything about it? Is it still available on new chipsets? Is there a better forum to ask this question? Is there an SDK for it? Does it depend on some BIOS settings too?

Hey Alexis

Basically we have confirmed the tool is working as designed on our test systems. So this specific issue is then a platform related issue and as such any new firmware images would need to come from the OEM. As to flashing with a new CSME image, that is up to the OEM to provide.

I am not familiar with any firmware level watchdog timers outside of the AMT sphere for typical client devices.. 

Depending on your requirements you might want to look at embedded or IoT forums for details on watchdogs in those environments,

 

OK,

Thanks for all the help.

Alexis

Leave a Comment

Please sign in to add a comment. Not a member? Join today