Quick note to say that lots more updates and fixes are going on with MeshCentral2. Updates are coming pretty much every day. Yesterday, I added server self-update capability. You can now update the server with just a few clicks on the web site (if you are administrator). Hopefully, we are getting close to Beta2 that will be quite usable for day-to-day use.

Also, at work this morning, I had MeshCentral2 cupcakes. Figured I share a picture since they look so yummy!

Ylian
http://www.meshcommander.com/meshcentral2

Hello everyone,

i use AMT to set a computers boot device before starting it. This worked without and problems for about a week.

Now whenever i do this the Hardware alocates about 60 to 80% of the RAM. Whenever i boot normaly (by switching it on via the power Switch) it does not do that and the RAM usage is normal.

Normal booting:

Booting with AMT:

Does anyone know how to fix this issue?

Hi

I have a mesh configured in Meshcentral, I have added several devices, I created the "Setup CIRA tunnel" and provisioned it on the devices. I have also configured the environment detection. Until that, everything is OK, but when the devices try to stablish the tunnel with the meshcentral server, the are not able to stablish it.

I have tried with devices with different versions of AMT, but the result is the same.

Is Meshcentral server working as a MPS or not now? Is that the problem?

I have installed locally a meshcentral2 server. In this case, the CIRA tunnel is stablished, but the remote management is not working fine, I suppose because it is still a beta

Regards and thanks in advaance

Fernando

I am using the latest version of Mesh Commander and I can connect to my system remotely and view all the information available about the system.  I am able to remotely control the system as well (i.e. power cycle, power off, power on, boot to bios, etc.).

I am able to use KVM Remote Control during boot up and to view the BIOS.  Once Windows 10 loads, I immediately lose the remote control connection.  When I try to re-establish a KVM Remote Control connection, it connects and then immediately disconnects.

I am able to remotely connect to the Windows 10 session using regular VNC server/viewer.

MeshCentral² is a free open source web-based remote computer management solution allowing administrators to setup new servers in minutes and start remotely controlling computers using both software agent and Intel® AMT. The server works both in a LAN environment and over the Internet in a WAN setup. Now, I just released a new version with support for server-to-server peering allowing for improved fail-over robustness and scaling. Some technical details:

• Servers connect to each-other using secure web sockets on port 443. This is just like browsers and Mesh agents, so you can setup a fully working peered server installation with only port 443 being open.
• Server peering and mesh agent connections use a secondary authentication certificate allowing the server HTTPS public certificate (presented to browser) to be changed. This allows MeshCentral2 peer servers to be setup with different HTTPS certificates. As a result, MeshCentral2 can be setup in a multi-geo configuration.
• All of the peering is real-time. As servers peer together and devices connect to the servers, users see a real-time view on the web page of what devices are available for management. No page refresh required.
• MeshCentral2 supports TLS-offload hardware for all connections including Intel® AMT CIRA even when peering. So, MeshCentral2 servers can benefit from the added scaling of TLS offload accelerators.
• Fully support server peering for Browsers, Mesh Agents and Intel® AMT connections.
• The server peering system does not use the database at all to exchange state data. This boosts the efficiency of the servers because the database is only used for long term data storage, not real time state.
• There is no limit to how many servers you can peer, however I currently only tested a two server configuration.

Note that MeshCentral2 is still in beta and not yet suitable for production use. If you want to try the new server, check out our main MeshCentral2 web site and our NodeJS NPM portal.

Enjoy!
Ylian Saint-Hilaire
http://meshcommander.com/meshcentral2

MeshCentral2 now fully supports server peering. You can now setup two or more servers and
split the MeshAgent/Browser/Intel® AMT connections between the servers.

Because of the new peering design, new connection protocols and authentication architecture,
MeshCentral2 can support a wider range of configurations and fully support TLS accelerators.

Hi Team,

We have deploy the Mesh Server internally and install the Mesh Agent on different machine to connect remotely. Everything was working good till last day. From today, when we try to connect our machine, it throw an exception : "Disconnected - Remote disconnect."

I tried several workaround..like stop and start Mesh Agent also restart the Mesh Server where it is deploy, but failed to connect with machine.

Please help me to resolve this issue, if anything required please let me know.. Thanks in Advance.

Deepak

MeshCommander is a web-based Intel® AMT management console that you can downloads, install and use to connect to and manage your Intel® AMT computers. MeshCommander is closing in on being two years old. Development in ongoing every week, more improvements & bug fixes keep being published on the web site.

This week is notable for a release of v0.5.3 and new features around MeshCommander’s handling of certificates and TLS connections.

• Improved certificate manager. MeshCommander comes with its own built-in certificate management tool. Certificates are an important part of working with Intel AMT, and this new version includes the ability to create certificates for different usages.
• Mutual-Authentication Support. MeshCommander now fully supports setting up Intel AMT for mutual-authentication TLS connections and connecting in this mode with console authentication. In addition to normal connections: remote desktop, terminal and IDE-R all support mutual-auth TLS. Check out the YouTube video demonstration on how to get this quickly setup.
• IDE Redirect over TLS. Also new in this version is, finally, support for IDE-R over TLS. This may seem like a trivial feature, but it’s much more complicated because MeshCommander takes over all network read/write from IMRSDK.dll using its own TLS connection for all network traffic. This makes IDE-R TLS using MeshCommander a lot more flexible than it otherwise would be.

There are many more improvements and bug fixes, but want to keep it short… if you use Intel® AMT, check of the latest version and other tools at http://meshcommander.com. This latest version of MeshCommander is also built-into MeshCentral2.

Enjoy!
Ylian

Check out the new YouTube demonstration on how to setup Intel® AMT with
TLS and Mutual-Authentication TLS using MeshCommander.

Today, MeshCentral2 has an even easier and faster way to get setup with a new Microsoft Windows MSI installer. Now, you can download and install MeshCentral2 in a few minutes even if you know nothing about NodeJS, NPM or installing a server. Just download the MSI installer, launch it and answer a few questions. MeshCentral2 will run in the background and turns into your own personal web based remote management solution. It’s never been easier. Because MeshCentral2 supports LAN mode, you don’t even need a fixed IP address or DNS name to run your own server and manage computers on your local network. Here are the highlights this week:

• New Windows MSI installer, makes MeshCentral2 super easy to install. Once installed, you have the option to keep the server always updated to the latest version. To show this off, we have a new YouTube demonstration video. Goes into details of how the installer works and each of the configuration options. Thanks to Ariel Silverman for his help and expect knowledge on installers that made this possible.
• Improved MeshAgent2 with child process support. MeshAgent2 runs JavaScript code sent to it by the server. Starting with this version, Bryan Roe added a new system where you can launch a child process that runs JavaScript and have the child and parent communicate using named pipes. This new system is very easy to develop against and causes the parent to be isolated from the child in the event of a crash. This feature will be used in the future to get platform telemetry.
• Improved MeshAgent2 stability. Lots of work has been done this week to improve the stability of the MeshAgent. Bryan Roe addressed a bunch of critical memory corruption bugs that make this version of the MeshAgent2 the most stable it’s ever been.
• Set device locations on the map. Thanks to Ganesh Raikhelkar, you can now right click on the MeshCentral2 map view and set one or more device positions manually. This improves that map view considerably by allowing users to set the positions to known devices.

Lots more bug fixes have been included. MeshCentral2 is still marked at “Beta 1”, however, we are nearing a more stable release and expect to move to “Beta 2” shortly. MeshCentral2 should not be used in production environments.

Enjoy!
Ylian
http://www.meshcommander.com/meshcentral2

MSI installer demonstration: https://www.youtube.com/watch?v=dtROYareYRI

Just a quick note to mention that likely within the next week or so, I will be posting MeshCentral2 Beta 2. The latest version of the web based remote management web site. I have not posted an update in a while because Beta 2 has some core changes that make it incompatible with Beta 1 and so, servers and agents will need to be completely re-installed when the new version comes out. In order not to break any existing Beta 1 server right now until the Beta 2, I am holding off on releasing any updates on NPM. However, you can see the latest code changes on Github.

As you will see, there are some security improvements that have been made and so, the way certificates are created and some of the data in the database are stored completely differently. Watch for an update about this within the next week or so.

Thanks,
Ylian
meshcommander.com

Today, MeshCentral2 is going Beta2 with many more improvements, new features and improved stability. MeshCentral2 is a light weight open source remote computer management web site. In marking this version as Beta2, it broke compatibly with Beta1 and so, everyone will need to create new user accounts, create new meshes and re-install MeshAgents. The compatibly break is going to be annoying for existing users, but was necessary to move MeshCentral2 to the latest cryptographic algorithms. With improvements in both general computing and possibly quantum computers in the years to come, it’s important that any product that will be used in the long term use strong cryptography.

Starting with MeshCentral2 Beta2, all hashing is done using SHA384 instead of SHA256. This means that all node identifiers, certificate signatures, binary update hashes, password hashing and more are all using the new longer and stronger hashing function. This has a wide ranging impact on MeshCentral2, pretty much everything in the database is now different and so, it’s best to make a clean break. In addition to hashing, certificates created by MeshCentral2 now use RSA3072 instead of RSA2048. You will notice a longer time starting the server and agent for the first time as these new stronger certificates take much longer to create. Lastly, browser cookies are now encrypted and integrity checked using AES256-GCM instead of AES128-CBC/HMAC-SHA256. Long term, these updates make today’s MeshCentral2 likely more resistance against computers of the future.

Also this week, MeshCentral2 now has Microsoft ClickOnce support for RDP, Putty and WinSCP. Using this new feature, you can under the right situation, launch a native application on your computer and connect to another computer over the Internet. MeshCentral2 relays all the traffic, even thru routers and proxies. For example, when you click on the new “RDP” link on the web site, a ClickOnce routing application is installed and launched. That routing application will act as a relay between the RDP client and MeshCentral2 that will then relay the traffic to the right agent. Take a look at the new YouTube demonstration video on this topic.

Many thanks to Bryan Roe this week that been working like crazy on the MeshAgent2, the changes are impressive and significant. MeshCentral2 is still in beta and should not be used in production environments.

Enjoy!
Ylian
http://www.meshcommander.com/meshcentral2

Microsoft ClickOnce demonstration: https://www.youtube.com/watch?v=--RCkWqJ-gI

MeshCommander is a web-based Intel® AMT management console that is available in many versions including as a standalone tool, as part of MicroLMS and built into MeshCentral2. However, one of the most intriguing versions of MeshCommander is the one that can be loaded directly into Intel® AMT 11.6 and higher flash storage. This version of MeshCommander allows remote hardware management of a computer with nothing else but a browser, making it super convenient for many applications. Never as it been easier to make use of Intel® AMT when you need it.

Today, I just released the new MeshCommander firmware loader that comes as a single Windows executable. You can get it on MeshCommander.com, it super easy to use and in less than a minute your Intel® AMT 11.6+ will be upgraded with a powerful management console built right into the computer. Just login using your favorite browser and start remotely managing your computer.

As if it could not already be easier, I have a YouTube video demonstration of this new tool. You can download the new tool here.

Enjoy!
Ylian

MeshCommander firmware loader is an easy to use Windows application.
It’s a single executable and in a few steps, you are done.

Using the MeshCommander firmware loader, you can replace the basic
Intel® AMT default web page with the powerful MeshCommander web application.

Even if it’s less than 60k, MeshCommander loaded into Intel® AMT packs quite a punch.
From hardware remote desktop to power control, all the basic features are present.

MeshCentral2 is an open source web based remote computer management web site. It provides many features on the web page including remote desktop, files access, remote terminal and much more. However, MeshCentral2 is also a powerful server for connecting any TCP connections over the Internet. This is super useful when doing RDP, SSH, SCP or running any custom tools. Imagine using MeshCentral2 to port map any port on your local computer to any TCP port on any managed computer anywhere on the Internet. This works across proxies, NAT’s and firewalls.

Today, I am announcing MeshCentral2 v0.1.0-f on NPM with the new MeshCommand (MeshCmd) tool. The first feature of the new tool is TCP port mapping, and it is multi-OS running on Windows and many variants of Linux. We have a new demonstration video showing how the tool works. The MeshCmd can be downloaded from an installed MeshCentral2 web site, and used to freely route TCP connections. It’s easy to use and has plenty of interesting applications.

While MeshCommand is interesting, it hide something even more amazing: The way it was built. The MeshAgent2 executable used to manage computers with MeshCentral2 is in reality a light agent with a JavaScript hosting environment. All the smarts is pushed from the server in the form of a JavaScript file. This is already a game changer for computer management. But, there is the additional secret… if you append JavaScript to the MeshAgent2 executable, the agent will run it like a local tool. So, creating new cross platform tools in MeshCentral2 is just a question of appending the right JavaScript to the MeshAgent2 executable. All OS’s that MeshAgent2 is compiled on can also run the new MeshCmd and much more in the future. In fact, MeshCentral2 appends the JavaScript on the fly when you download MeshCmd.exe.

MeshCentral2 is pretty sweet since it’s coded in JavaScript on the browser, server, agent and in tools. Except the agent itself, it’s one language across all components. Fully cross-platform in all cases. Many thanks to Bryan Roe that been working like crazy on the MeshAgent2 and making all of this possible. MeshCentral2 is still in beta and should not be used in production environments.

Enjoy!
Ylian
Previous blogs: http://www.intel.com/software/ylian
MeshCentral2: http://www.meshcommander.com/meshcentral2

MeshCommand demonstration: https://www.youtube.com/watch?v=S38mg_BPe-M

Hi,

We found an issue while working on remote machine which is connected through Mesh.

• Double clicking on an item opens the properties window, rather than opening that window itself.
• Backspace works as Ctrl + Z.

This is creating issue to work on the machine. Due to above issue, lots of important file deleted from remote machine.

If you need any more information then please let me know.

Thanks

Deepak 

Hi Team,

We have deployed mesh central server and apply certificate to support TLS1.0, TLS1.1 and TLS1.2. But for some securty reason we want to disable TLS1.0 from the mesh central server. But when we disable TLS1.0 at server, we are unable to connect our machine.

Can you please guide me, how can we enforce TLS1.2 at our mesh central server to avoid TLS1.0 cerificate.

Please let me know, if you need any more information.

Waiting for your response.

Regards

Deepak

It’s a new year and MeshCentral2 is moving forward with plenty of new features with the goal of having the first non-Beta version in the first half of this year. MeshCentral is an open source web based remote computer management web site. In the last month, many significant new features where added and an all new User’s Guide packed with installation and configuration help. New updates are released on NPM at a regular cadence (more than once a week). For this last month, here are the big improvements:

• Email support, verification and account reset capability. This is one of these features that you wish you had implemented years ago. MeshCentral2 can now be configured with a SMTP mail server allowing it to send email messages. Then, we implemented email verification so that when you create an account, the server will send you an email to verify the account is attached to a correct email address. We also added account password reset support. Forgot your password? No longer a problem.
• Multi-Tenancy support using DNS names. MeshCentral2 can be configured to act like many different server instances at once. This last month, we build on this with domain access using DNS names. You can setup two or more DNS names to point to the same IP address of MeshCentral. Depending on what name you use to access the server, you will see a different server instance with different TLS certificate, administrators, users and managed computers. Makes it easy for a single server to handle many customers.
• Domain Controller Login. MeshCentral2 now supports user login using domain credentials. For this to work, the server must be installed on a Windows machine. Then, users never see the login page and are automatically logged in using their browser’s domain credentials. Makes MeshCentral2 perfect for intranet deployments.
• All new MicroLMS re-implementation. As you may know already, MeshCentral2 makes heavy use of JavaScript in MeshAgent2 to sandbox and dynamically program and change the agent’s behavior. Bryan Roe last month re-implemented an Intel® AMT LMS clone in JavaScript to run in the MeshAgent almost completely without any native code (only MEI access is native). It made the new MicroLMS a lot smaller and simpler to change. More to come on this later…
• All new MeshCmd. MeshCentral2 comes with its own command line tool that runs on Windows and Linux and performs many actions such as traffic routing, Intel AMT information gathering and Intel AMT MicroLMS. MeshCmd is now built-into MeshCentral2. The server uses the JavaScript runtime of MeshAgent2 to build MeshCmd on-the-fly as it’s being downloaded. So, MeshCmd will run on all platforms the MeshAgent2 runs on and offers a bunch of useful services that can be easily changed on the server.

MeshCentral2 is pretty sweet since it’s coded in JavaScript on the browser, server, agent and in tools. Except the agent itself, it’s one language across all components. Fully cross-platform in all cases. Many thanks to Bryan Roe that been working like crazy on the MeshAgent2 and making this possible. MeshCentral2 is still in beta and should not be used in production environments.

Enjoy.
Ylian
Blog: http://www.intel.com/software/ylian
MeshCentral2: http://www.meshcommander.com/meshcentral2

All new MeshCentral2 SMTP  server support for account verification and password reset.

You can point two or more DNS names to the same MeshCentral2 server and run many
separate instances of the server. Super useful for handling traffic for many customers.

All new MeshCentral2 User’s Guide. All you need to get a server installed, configured and running.
Plenty of configuration options including TLS offload, multi-tenancy, security settings and more.
http://info.meshcentral.com/downloads/meshcentral2/MeshCentral2UserGuide.pdf

I am working with AMT on NUC7i5DNH using MeshCommander 0.5.7. Currently, exploring the system defense part and network filtering.

The current issue is that I have a filter which could not be removed (see attached screenshots). I can the filter to profile, and then it is visible in the profile. However even if the profile is deselected and removed, and seemingly there is nothing else refering to the filter it still could not be removed (the error is that there is some kind of reference to it still.

Can you help to see how this filter could be removed?? Unfortunately I cannot de-configure AMT as the system is remote and physically very far.

Thanks in advance.

Chris

MeshCommander is a web-based Intel® AMT management console that you can download, install and use to connect to and manage your Intel® AMT computers. MeshCommander is over two years old, turning out to be a popular tool. A few days back I published MeshCommander on NPM for easy installation on Linux, OSX and Windows. Most people familiar with NodeJS will know exactly what this means. Enter a new folder and type:

npm install meshcommander
node ./node_module/meshcommander

This will start a small MeshCommander web server on any operating system with NodeJS and NPM installed. Then point your browser to http://localhost:3000 which is the default location and you are good to go. Never has it been easier and run MeshCommander on Linux or OSX. I think this is perfect for people using Intel® AMT for IoT and wanting to have a high quality Intel® AMT console. If you want to update to the latest version of MeshCommander, just run the first list again and the latest version will get installed over the previous one. My latest YouTube demonstration video here: https://youtu.be/nCB160Neub4.

Enjoy,
Ylian
Blog: http://www.intel.com/software/ylian
MeshCommander: http://www.meshcommander.com/meshcommander
MeshCentral2: http://www.meshcommander.com/meshcentral2

MeshCommander for NPM tutorial video: https://youtu.be/nCB160Neub4

MeshCentral is an open source web based remote computer management web site. Because it’s web based and deals with lots of administrative information, it’s important that all traffic be authenticated and encrypted using HTTPS. However, for people setting up their own MeshCentral2 server, obtaining a trusted TLS/HTTPS certificate can be a problem and cost money. Well, this week, the problem is solved by building-in Let’s Encrypt support right into MeshCentral2. With this latest version (Currently v0.1.2-s), you can configure MeshCentral to automatically obtain, use and renew its HTTPS certificate.

To use this new feature, you need to have your own MeshCentral2 server setup with a domain name pointing to it. You also need the MeshCentral HTTP server to be accessible over the Internet on port 80 - mapping it to a different port will not work. You can find out how to configure automatic TLS certificates in the latest version of the MeshCentral User’s Guide, we added a new section on Let’s Encrypt.

Once setup correctly, MeshCentral will automatically contact Let’s Encrypt and use the HTTP:80 server to prove it controls the domain. It then obtains a trusted certificate from Let’s Encrypt and restarts the server to use the new certificate. MeshCentral will automatically renew the certificate approximately every 90 days, before the certificate expires. If Let’s Encrypt works for you, please consider donating to them as they provide a critical service to the Internet community.

The end result is a professional web based remote management server that is installed in minutes. In the last week, Bryan Roe released a new MeshAgent² that is a lot more stable and so, MeshCentral2 is starting to be quite usable. However, it’s still in Beta and not recommended for production use.

Enjoy!
Ylian
Blog: http://www.intel.com/software/ylian
MeshCentral2: http://www.meshcommander.com/meshcentral2

All new MeshCentral2 built-in support for Let’s Encrypt: https://letsencrypt.org/
Get free trusted HTTPS certificate that MeshCentral2 will auto-review every 90 days.

Once active, you get a valid certificate that is trusted by all major browsers. No more HTTPS warnings.
This is what the Let’s Encrypt certificate looks like in FireFox.

Hi!

I have just received the new NUC7i5DNHE, enabled AMT and started playing with MeshCommander. What I have quickly found is that on this platform it is not possible to add wireless profiles using MeshCommander (it fails silently), but it is possible to do so using default AMT web interface.

Since I have not found any other way of reporting the issue i am reporting it here.

Kind regards,

Chris

Hi Team,

We have implement Mesh Central server and authenticate user from AD to connect our server. We have requirement to auto login to server after connect. 

Earlier we are using :

echo "Connecting to 192.168.104.69"
$Server="192.168.104.69"
$User="Administrator"
$Password="1234"
cmdkey /generic:TERMSRV/$Server /user:$User /pass:$Password

for auto login. But we want to auto login through Mesh Central. We block the rdp port on our server.

Any help will be highly appreciated. 

Regards

Deepak