Issues and Solutions

Startup problems:

Most startup problems are due to configuration issues – port numbers, or IP addresses do not match; the necessary certificates are not available or are not in the proper directory, or there are other errors in the configuration files (see below).

First, start with the basic configuration files, changing the minimum number of parameters. Then add a more complex setup where necessary.

Watch the messages displayed to the command window for reasons why the MPS did not start. The messages will indicate the file (or other issue) with the problem, but will probably not specify the exact problem.

Disk Space:

Check the free space on the drive where the MPS is installed. Lack of space might result In problems opening log files. Delete or archive older log files to free up space.

Problems Establishing a Connection between Intel AMT and the MPS:

If the connection does not open:

1.  Check the values used to configure the Intel AMT device. Make sure the MPS IP address and port are the same values used to configure Stunnel.

2.  Configure Stunnel to generate a log: Add output=stunnel.log to the stunnel config and restart the Stunnel service

3.  Check that the connection shows up in the Stunnel log.  If the connection shows, then check IP address and port in Stunnel.config and mps.config match.

4.  Check MPS log. It may show an authentication problem or other issue related to the connection.

Also, Apache has by default both an error log and an access log. It may be necessary to check both.

Problems Establishing a Connection between a Management Console and an Intel AMT device:

The Management console receives a 502 error (HTTP Bad Gateway error): Check that the whole path to the Intel AMT device is running: Apache–>MPS–>Stunnel–>Intel AMT platform.

404 Not Found error – Check the Apache configuration, especially ProxySocksAuth parameter. This parameter must be set to “On” when the MPS requires SOCKS authentication and “Off” when there is no SOCKS authentication.

Try changing Proxy *: Check that the Management Console domain is in the “allow from” list.

Temporarily remove Deny from all and add Allow from all.

Logging Problems:

The log file is empty: Check that the log file is not configured as “read-only”.

Check that the TraceLevels parameter has been set (“INFO|ERROR|WARNING”)

The current MPS log file cannot be deleted while the MPS is running.

MPS does not allow a connection to take place:

The MPS limits the number of connections that it can make to 1000. Any connection attempts beyond that will be refused.

MPS fails to forward Intel AMT PET alerts to Management Consoles:

1.  Make sure the Intel AMT subscriber address is accessible to the MPS – This is the IP address used when configuring the alert in the Intel AMT platform. The MPS attempts to forward an alert to that address.

2.  If the Filtering flag in the mps.config file is set to “true”, then the MPS checks that the NotificationList.config contains the target address of the alert. IF id does not, then the alert will be dropped. Make sure that the alert target address is in this file.

3.  Check that the corporate firewall does not block the destination ports used in alerts (UDP – 162 / TCP – per configuration).

Management Consoles do not receive Connecting/Disconnecting notifications from the MPS:

1.  Include the FQDN or IP address of any consoles that should be notified in the NotificationList.config file.

2.  Make sure that the corporate Firewall does not block the destination ports in the notification messages.

3.  NotifiationList accepts up to 8 entries – make sure that the list does not exceed this limit.

4.  Does the server receiving the notification message server require authentication? Enable the NeedNotificationAuthentication flag in mps.config and provide the relevant credentials.

For Apache troubleshooting visit - http://www.apache.org/.

For stunnel troubleshooting visit - http://www.stunnel.org/faq/troubleshooting.html

Copyright © 2006-2022, Intel Corporation. All rights reserved.