Certainly! Here’s an improved, comprehensive answer that combines both explanations into a detailed and actionable guide:
Testing if Intel EMA Server is Reachable from TCP Port 8080
Step 1: Verify Server Reachability Using PowerShell
The simplest and most efficient way to test connectivity is by using the Test-NetConnection command in PowerShell:
1. Open a command prompt or PowerShell window on the client machine.
2. Run the following command:
powershell.exe test-netconnection -computername emea1cira.mappcmanager.com -port 8080
3. Interpret the results:
• Example (Success):
ComputerName : emea1cira.mappcmanager.com
RemoteAddress : 20.73.216.149
RemotePort : 8080
InterfaceAlias : Wi-Fi
SourceAddress : 192.168.1.5
TcpTestSucceeded: True
• TcpTestSucceeded: True confirms that the EMA server is reachable on Port 8080.
• Example (Failure):
ComputerName : emea1cira.mappcmanager.com
RemoteAddress : 20.73.216.149
RemotePort : 8080
InterfaceAlias : Wi-Fi
SourceAddress : 192.168.1.5
TcpTestSucceeded: False
• TcpTestSucceeded: False indicates a connectivity issue (e.g., server not reachable, firewall blocking the port, or network misconfiguration).
Step 2: Verify Agent Connection with netstat
After installing the Intel EMA agent, you can check if it has successfully established a connection to the EMA server:
1. Open a command prompt on the client machine.
2. Run the following command:
netstat -nao | find "8080"
3. Review the output:
• Example (Success):
TCP 192.168.0.220:57714 20.73.216.149:8080 ESTABLISHED 4568
• Local IP and Port: 192.168.0.220:57714 represents the client machine’s IP and dynamically assigned port.
• Remote IP and Port: 20.73.216.149:8080 indicates the server’s IP and listening port.
• Example (Failure):
• If no connection exists, the command will return an empty result, indicating the agent could not connect to the server.
Troubleshooting Tips
1. Check Firewall Rules:
• Ensure that both the server and client firewalls allow traffic on TCP Port 8080.
2. Verify Server Configuration:
• Confirm the Intel EMA server is operational and listening on Port 8080.
3. Network Connectivity:
• Test basic connectivity using ping emea1cira.mappcmanager.com. While ping may not guarantee reachability for Port 8080, it can confirm DNS resolution and general network access.
4. Restart Services:
• If the agent fails to connect, restart the EMA services on the server and the agent on the client machine.
5. Logs and Diagnostics:
• Check server and agent logs for error messages or connectivity issues.
Optional: Browser Test
If the Intel EMA server is configured to accept HTTP traffic on Port 8080:
1. Open a browser and enter the following URL:
http://emea1cira.mappcmanager.com:8080
2. If the server is reachable, you may see a default web page or a login screen.
By following these steps, you can efficiently test both the server reachability and the agent connection, ensuring a smooth deployment of Intel EMA. This approach also integrates troubleshooting guidance to resolve any issues promptly.
What´s the difference?
Intel vPro is a platform designed to provide advanced features for business PCs, such as remote management, enhanced security, and increased performance. It is available in two tiers:
1. Intel vPro Enterprise: Offers advanced management, security, and productivity features, ideal for larger enterprises with complex IT needs.
2. Intel vPro Essential: Provides foundational security and manageability, suited for small to medium-sized businesses.
How to Determine if Your PCs Have Intel vPro?
1. Check PC Specifications
• Look at the technical documentation for your PC models.
• Check for an Intel vPro badge or branding in the product description. This is typically displayed in product manuals or on the manufacturer’s website.
2. Use Intel’s Processor Identification Utility
Download and run the Intel Processor Identification Utility to verify whether the installed processor supports Intel vPro.
• Steps:
1. Install the utility on your PC.
2. Run the program and check the “Technologies” section for Intel vPro support.
3. Check BIOS/UEFI Settings
• Restart the PC and enter the BIOS/UEFI settings (commonly done by pressing F2, Del, or Esc during boot).
• Look for options related to Intel vPro or Intel AMT (Active Management Technology). These features indicate vPro compatibility.
4. Use the Intel EMA Configuration Tool (If Installed)
The Intel EMA Configuration Tool can be used to quickly determine whether a PC is Intel vPro-enabled and identify its specific SKU, which reveals whether it belongs to the Enterprise or Essential tier. Follow these steps:
1. Install the Tool:
• Download and install the Intel EMA Configuration Tool on the PC.
• By default, it is installed in the directory:
C:\Program Files (x86)\Intel\EMAConfigTool
2. Run the Tool:
• Open a Command Prompt window with local administrator rights in the directory where the tool is installed.
• Execute the following command:
EMAConfigTool.exe –writexml
3. View the Output:
• The tool will generate output on the console and save an XML file in the same directory.
• The XML file is named based on the host (computer) name of the PC.
4. Check the SKU Value:
• Locate the SKU value in the output or XML file. It will indicate the type of vPro manageability:
• Intel Full AMT Manageability: Indicates a vPro Enterprise PC.
• Intel Standard Manageability: Indicates a vPro Essentials PC.
• None, Unknown, or Consumer: Indicates that the PC is not vPro-compatible.
5. Windows Command Line Check
Run the following command in Command Prompt to confirm the system’s vPro status:
wmic path Win32_Processor get Name
• Look for the processor name and compare it with Intel’s list of vPro-supported processors.
6. Cross-Reference the Processor Model
Check your processor’s model number against the Intel Processor ARK Database:
1. Search for your processor model.
2. Under “Essentials,” check if “Intel vPro Technology” is listed as supported.
3. The database may also specify whether the processor is part of the Enterprise or Essential vPro tier.
If you say no, then another question appears:
We need to know if your processors are 6th generation or higher because only these processors support Intel AMT provisioning and remote management features.
8th generation or higher: Fully supported for the latest features.
6th/7th generation: Still provisionable but with limited validation.
Below 6th generation: Not compatible with MAP provisioning tools.
How to Identify the Processor Generation
Intel processor generations can be identified from the processor name. Here’s how:
1. Check the Processor Name:
• Example: Intel Core i7-8650U
• The first digit of the 4-digit number (8650U) represents the generation:
• 8: 8th generation.
• 9: 9th generation.
• 10 or higher: 10th generation or newer.
2. Using Windows Command Prompt:
• Open Command Prompt and type:
wmic cpu get name
• This will display the processor names of all CPUs in the system.
3. System Information:
• On Windows:
• Press Windows + R, type msinfo32, and press Enter.
• Look for the “Processor” field to find the CPU name and generation.
• On Linux:
• Use the command:
cat /proc/cpuinfo | grep "model name"
4. Centralized Inventory Tools:
• If you manage a large fleet, use tools like Intel EMA, SCCM, or similar IT management software to generate a report of CPU models across all PCs.
If you say no, then another question appears:
Intel AMT provides out-of-band management capabilities that allow IT teams to remotely manage devices even if the operating system is down or the device is powered off. If you want to use these capabilities over Wi-Fi, additional considerations are required compared to wired networks.
Key Requirements for AMT Over Wi-Fi
1. Wi-Fi Profiles:
• Wi-Fi settings must be configured in Intel AMT to allow devices to maintain connectivity even outside the OS. This includes SSID, authentication, and encryption details.
2. Intel vPro® PCs:
• The devices must support Intel vPro and be provisioned for Intel AMT functionality.
3. Management Engine (ME) Firmware:
• The Intel Management Engine firmware on the devices must support Wi-Fi AMT operations.
4. Infrastructure Support:
• Access points and network configurations should allow for seamless connectivity, even during power-off or OS failure scenarios.
Intel AMT can be used over WiFi in MAP when simple WiFi based on a SSID and Passphrase is used.
The use of 802.1x in the enterprise environment limits the Intel AMT functionality in MAP.
If 802.1x is used in your environment, you will be contacted by MAP support to discuss the consequences.
Topic: Use of Docking Stations
The use of Intel AMT is limited with most of the USB-C docking stations. In most cases Intel AMT cannot be used when the wired connection of a USB-C docking station is used to connect the PC to the intranet/internet. It means that you need to rely on AMT over WiFi in that situation.
If you use USB-C docking stations in your environment, and you believe it will have a big impact on the usability of Intel AMT, you will be contacted by MAP support to discuss the consequences.
If you say no, then another question appears:
Topic: Provisioning method
Provisioning is the process of setting up Intel AMT on devices so they can be remotely managed using tools like MAP and Intel EMA.
The provisioning method determines how Intel AMT is activated and configured on your devices. Different methods offer varying levels of security, automation, and complexity.
There are 2 provisioning methods:
• Host-Based Provisioning (HBP): The simplest and default provisioning method. A vPro PC is provisioned in client control mode. User consent is enforced for Intel AMT functionalities such as Intel AMT Hardware KVM and Advanced Boot Options (e.g., Boot to BIOS, Boot to PXE, etc.).
• Certificate Provisioning (TLS-PKI): A vPro PC is provisioned in admin control mode. User consent can be configured for Intel AMT functionalities such as Intel AMT Hardware KVM and Advanced Boot Options (e.g., Boot to BIOS, Boot to PXE, etc.).
• For successful provisioning with Certificate Provisioning, certain conditions on the network or vPro PC need to be fulfilled.
• This option is only available if an AMT Provisioning Certificate is uploaded to the tenant.
If you need Certificate Provisioning to Admin Control mode and you are not sure if your environment or your Intel vPro® PCs fulfill the requirements, you will be contacted by MAP support to discuss the needs for Certificate Provisioning.
