AMT is not able to stablish CIRA tunnel with Meschcentral

AMT is not able to stablish CIRA tunnel with Meschcentral

Hi

I have a mesh configured in Meshcentral, I have added several devices, I created the "Setup CIRA tunnel" and provisioned it on the devices. I have also configured the environment detection. Until that, everything is OK, but when the devices try to stablish the tunnel with the meshcentral server, the are not able to stablish it.

I have tried with devices with different versions of AMT, but the result is the same.

Is Meshcentral server working as a MPS or not now? Is that the problem?

I have installed locally a meshcentral2 server. In this case, the CIRA tunnel is stablished, but the remote management is not working fine, I suppose because it is still a beta

Regards and thanks in advaance

Fernando

4 帖子 / 0 全新
最新文章
如需更全面地了解编译器优化,请参阅优化注意事项

Hi. Sorry for the delayed response. Not sure if you tried both MeshCentral1 and MeshCentral2, but right now, I am working only on MeshCentral2 (http://www.meshcommander.com/meshcentral2). I don't support version 1 anymore. So, yes, MeshCentral2 does act as an MPS and will receive CIRA connections coming from Intel AMT. By default, it will receive CIRA on port 4433 but you can change that using command line options.

As for it not connecting, there are many things to check. I have the same issue sometimes, so it's not surprising. Try this:

  • Check that you can access port 4433 on the server from the Intel AMT computer. Not that the two must be different computer. You can't run the MPS server on the same computer that has Intel AMT. You can check using a browser: https://yourserver:4433/. You will get a certificate the browser will not understand, but ignore that.
  • The name of your server must be an IPv4 address like 1.2.3.4, or a fully qualified domain name, like "myserver.test.com". You can't use short netbios/wins name like "myserver". Intel AMT can't resolve that, but be a real DNS. If you don't have a real DNS, set your server to  an IP address. On MeshCentral2, use "--cert 1.2.3.4".
  • Make sure the Intel AMT Ethernet port is plugged in, use wired first. Don't try wireless to start, it's more complex to setup. You can't use a VPN or have a HTTP proxy between Intel AMT and the server. Must be a clear path between the Intel AMT Ethernet port and the server.
  • You can run MeshCentral2 with "--mpsdebug". This will show you all the traffic between MeshCentral2 and Intel AMT.
  • For environment detection must be set to a different domain suffix then your current domain. MeshCentral2 will set it to a long random value, so should be ok.

I have a YouTube video on how to setup CIRA with MeshCentral2 here: https://www.youtube.com/watch?v=WgBbViz5fsQ

Last note, there are some computers where CIRA is broken. If you run MeshCentral2 with "--mpsdebug" you will see that as soon as the server sends data to Intel AMT, Intel AMT will disconnect. Does not seem like there is anything I can do if you have one of these older computers. However, it should clearly connect.

If MeshCentral2 CIRA is working, the KVM, Terminal and Intel AMT tab should all work, if not, let me know.

Hope it helps,
Ylian

Hi Ylian 

​Thanks a lot for your answer.

​I have tried both. With Meshcentral1 there is no way to stablish the CIRA connection. With a Meschentral 2 server, the CIRA connection is stablished. What happens it that it doesn´t work totally fine yet (I suppose because it is still a beta versión); For example, when using remote desktop (using AMT HW, not the agent), some times mouse stops working or, when using the Intel AMT tab, it usually disconnects and it is difficult to use

​Just one last question: if I am using a meshcentral server 2, and iI want to use a PC with Mesh Commander to connect to remote equipments throuhg CIRA instead of the own WEB portal of the server, how should I configure the proxy in the PC when I am running the Mesh Commander? Is it possible?

​Best regards and thanks in advance

​Fernando

 

 

 

 

Hi Fernando.

There are cases where AMT KVM is self disconnecting. It you are able to reach to AMT tab , please check at the System Status -> Remote Desktop, change the session timeout to 0 (never timeout).

The other situation you may need to be aware of is that AMT KVM runs on RFB protocol thus screen refresh is affected by any event sent to the server. Wiggling mouse pointer on the KVM scree typically trigger the AMT KVM server to send update.

On the last question, here are what you need to do:

- You need to host Meshcentral 2 at a publickly accessible IP address. It could be port forwarded  behind a router (cable modem/DSL) with dynamic DNS.

- Configure Meshcentral 2 certificate to use your FQDN so that clients can reach back.

Regards,

 

 

Joko

 

发表评论

登录添加评论。还不是成员?立即加入