Getting vPro remote KVM working on Minisforum MS-01

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

jic

New Member
Jul 22, 2024
3
2
3
You can install MeshCommander in a LXC in prox and connect to the host it is running on but ONLY if the traffic goes out a port other than the i226LM port (i.e. out one of the 10G nics and back into the I226LM) due to the way AMT works on the NIC, obviously not very useful for BIOS level access but if you have a cluster of MS-01's setting it up on each means you can control one from another (Installing it on another machine works fine too). I have the I226LM connected and set to manual in prox, configuring an IP on that port in prox makes AMT stop working after prox boots. For reference the I226LM port is the one next to the SFP ports in prox this shows up as enp0s89 (i9-12900H model) or enp0s90 (i5-12600H).
I have pretty much the exact same setup you mentioned (MeshCommander in LXC in HA on a 2 Node + QDevice cluster), but while the remote actions (power up/down, reset, etc) work perfectly, I never got the KVM or Remote Terminal (I only see a black screen).

I managed to get KVM to work once, when one of the server was booted in the Bios menu (which was slow as hell as you mentioned).

Do you know if a screen actually needs to be connected to the HDMI port for KVM/Terminal to work from MeshCommander, as it is the only difference I can see from the one time I got it to work from my usual headless setup ? (If so I might try to get some HDMI headless dongle)
 
Last edited:

Mastema

New Member
Dec 11, 2013
7
3
3
I have pretty much the exact same setup you mentioned (MeshCommander in LXC in HA on a 2 Node + QDevice cluster), but while the remote actions (power up/down, reset, etc) work perfectly, I never got the KVM or Remote Terminal (I only see a black screen).

I managed to get KVM to work once, when one of the server was booted in the Bios menu (which was slow as hell as you mentioned).

Do you know if a screen actually needs to be connected to the HDMI port for KVM/Terminal to work from MeshCommander, as it is the only difference I can see from the one time I got it to work from my usual headless setup ? (If so I might try to get some HDMI headless dongle)
Yes you must have video output for it to work (in this context a hdmi dummy plug counts). The way AMT works is that it takes the existing output and copies that output to a VNC session that your client connects too while adding a sprite to show someone is connected to the output of both the locally attached display and the remote VNC session. Intel did this to address privacy concerns with connections to users laptops/desktops.

I use some cheap HDMI dummy plugs on mine, I would try to get as short of a dummy plug as you can as the ones I have do stick out a bit. Three of ones I have (Woleyeks brand) also have a bright blue LED that lights up on them when connected which I find annoying but a 3 pack of them was about the same price as the single one (DTECH brand) I picked up first that does not (it is also slightly shorter).
 

dennings

New Member
Jul 26, 2024
1
0
1
Hi all,

After reading this post, I finally make that AMT with MeshCentral work, with remote wakeup and remote access. But I fround out some limitation on MS01 for vPro (AMT).

1) Seem to be not all LAN port can connect for AMT. Only 1 port can be use for AMT in my case, that from left to right, the 3rd one . Also that port with have the MAC addr. list in UEFI BIOS addon as I226-LM.

2) althought that port is a 2.5G port. I can not make it work if I connect that port as 1G port. I have try only 1 10G multi speed switch, it will run on 2.5G but AMT don't work. I have to add a 1G non management switch in between to make the AMT work again.

3) as post #11, it need a monitor and the monitor need to be on for remote access to be work. I am waiting for that HDMI headless plug too.

I hope the above information will help. Thanks
made my day!! accurate Info. Thanks! My headless HDMI Adapter arrives today.
What BIOS Version do you have? I have 2 nodes but just one working ;(

by accident i connected my 3rd port to my 1G Switch, so AMT worked, but now a connected the left 10GbE port to same VLAN and now AMT loops back with TTL expired ;((
any suggestions?
 

jic

New Member
Jul 22, 2024
3
2
3
Yes you must have video output for it to work (in this context a hdmi dummy plug counts). The way AMT works is that it takes the existing output and copies that output to a VNC session that your client connects too while adding a sprite to show someone is connected to the output of both the locally attached display and the remote VNC session. Intel did this to address privacy concerns with connections to users laptops/desktops.

I use some cheap HDMI dummy plugs on mine, I would try to get as short of a dummy plug as you can as the ones I have do stick out a bit. Three of ones I have (Woleyeks brand) also have a bright blue LED that lights up on them when connected which I find annoying but a 3 pack of them was about the same price as the single one (DTECH brand) I picked up first that does not (it is also slightly shorter).
I ordered some HDMI Headless dongles, and KVM is now working perfectly via MeshCentral ! Thanks for the confirmation
 
  • Like
Reactions: Mastema

michaltill

New Member
Aug 2, 2024
4
1
3
I manage to get KVM to work with MeshCentral, but every time I power off the machine both network ports die completely, no diods have any light. Therefore it can't be powered back up, neither via Wake On Lan (bios enabled), nor through MeshCentral UI. I'm running Proxmox VE on it. Any suggestions if the LAN ports without power are issue of bios or of the underlying system? How do I fix it?
 

michaltill

New Member
Aug 2, 2024
4
1
3
I manage to get KVM to work with MeshCentral, but every time I power off the machine both network ports die completely, no diods have any light. Therefore it can't be powered back up, neither via Wake On Lan (bios enabled), nor through MeshCentral UI. I'm running Proxmox VE on it. Any suggestions if the LAN ports without power are issue of bios or of the underlying system? How do I fix it?
SOLVED:
In BIOS: Advanced > Onboard Devices Settings > Scroll Down to PCH-PCIE Port
I226-V NIC ASPM is the second option. Change from Auto to Disabled

ASPM is some power management feature that turns off the LAN ports.

Correspondingly for the other port.
 

BrokenIceLight

New Member
Aug 11, 2024
1
0
1
I was in the same boat as you I only needed vPro for powering off and on and occasional bios upgrade. I could never get the power on/off to work with vPro or WOL on the MS-01. I am using Unraid and it only seems to freeze or lock up. I went with a very simplistic approach with SwichBot. The device can be controlled remotely to press the power switch. vPro was never reliable for me even seeing the screen getting into the bios etc. PiKVM on the other hand worked flawlessly. If you get the PiKVM v4 Plus you can pair it with a kvm switch to control multiple devices from a single PiKVM v4 plus. PiKVM also supports GPIO. With vPro you need software to control it so you need meshcommander. All the software for vPro is old and not updated. VPro was just never adopted so trying to use it you are forced to use neglected software.

If you get vPRO to work powering on/off please let me know it would make things a lot simpler for me :p

Hey i have 2 MS-01 and i had the same Problem. One AMT was working even when powered off and the other only if powered on.
The Solution for me was that i`ve must have turn on "Deep S5".

So in BIOS go to Advanced -> Onboard Device settings -> Scroll Down and there is the option "Deep S5" and that must be disabled for AMT to work if the device is off.

Try this and tell me your results. :)
 

F99

New Member
Aug 22, 2024
1
0
1
If you're not using a qwerty keyboard make sure to type 'admin' as if it was on a qwerty kb, as there is not keymapping done in the MS-01 BIOS.
I made an account solely to thank you for this. I have been struggling with AMT for days (not even on a minisforum) not being able to log in, just for it to be due to keymapping not inputting the password I thought I created.

THANK YOU!
 

Darin

New Member
Oct 7, 2018
1
1
1
I tried the same thing as https://forums.servethehome.com/ind...working-on-minisforum-ms-01.43269/post-423440
Downloaded the firmware update from this page
Firmware (meshcommander.com)
When ran, it shows a prompt for the AMT IP, username and password. Once these are entered, it gives a choice to upload simple version of mesh commander, advanced version of mesh commander or restore the original index.htm. The advanced version has few more links to mount images etc.
Turns out also that on Windows 11 at least, trying to do TLS connection to the AMT IP doesn't work because the AMT tries TLS renegotiation which isn't allowed by default. The easiest thing that I was able to do to fix it, was downloading an old version of stunnel (5.0), installing it and then adding this as a config:

[vpro]
client = yes
accept = 127.0.0.1:16992
connect = <AMT IP>:16993
verify = 0
sslVersion = TLSv1.2

With that, the firmware updater was able to connect to 127.0.0.1 and upload the index.htm

Turns out also that if the LM port is connected to a 10gbe port on my switch, the MS-01 doesn't boot. The power led stays on, the nic lights don't blink and the bios messages don't show up. As soon as I connected it to 1gbe port, everything worked. Including WOL.
 
Last edited:
  • Like
Reactions: rinseaid

caplam

Member
Dec 12, 2018
63
15
8
I also had hard time with amt.
I had the best result with meshcentral. I had it installed with docker on my two servers and, in case both are down, on my macbook with node (each time i forget the command line to launch it :rolleyes:).
This week my backup server is down due to a hba failure (waiting for the replacement). I had to upgrade the main server and so launched meshcentral from my macbook. All was working good until the reboot. IP of amt (dedicated usage) was down.
I left it aside as my server was running ok and i had other more urgent things to do.
2 days later i tried again with the meshcentral instance on the server itself. amt was still offline.
The switch port was marked as connected but still no amt connection.
Then i pinged that ip continuously and after 2 or 3 min i had an answer and amt came back on.
I recently heard about nanokvm and seriously considering it.
Do you know if you can wire the atx powerboard to ms01 with provided dupont wires?
 

hh1599

New Member
Aug 30, 2024
1
0
1
I tried the same thing as https://forums.servethehome.com/ind...working-on-minisforum-ms-01.43269/post-423440
Downloaded the firmware update from this page
Firmware (meshcommander.com)
When ran, it shows a prompt for the AMT IP, username and password. Once these are entered, it gives a choice to upload simple version of mesh commander, advanced version of mesh commander or restore the original index.htm. The advanced version has few more links to mount images etc.
Turns out also that on Windows 11 at least, trying to do TLS connection to the AMT IP doesn't work because the AMT tries TLS renegotiation which isn't allowed by default. The easiest thing that I was able to do to fix it, was downloading an old version of stunnel (5.0), installing it and then adding this as a config:

[vpro]
client = yes
accept = 127.0.0.1:16992
connect = <AMT IP>:16993
verify = 0
sslVersion = TLSv1.2

With that, the firmware updater was able to connect to 127.0.0.1 and upload the index.htm

Turns out also that if the LM port is connected to a 10gbe port on my switch, the MS-01 doesn't boot. The power led stays on, the nic lights don't blink and the bios messages don't show up. As soon as I connected it to 1gbe port, everything worked. Including WOL.
Thats a very clever solution. Its hard to know whats going wrong with the firmware updater tool since it doesn't give you any information when it fails. After fiddling around with stunnel for a while and many failures i finally got it to work after installing the stunnel service. Just curious btw, why use an old version of stunnel?

Now im trying to figure out if there is a way to use the LM interface for proxmox management as well as AMT. I hate the idea of losing it to something i will hardly use. When I create a bridge in proxmox for enp91s0 (the lm port) i get a ton of "received packet on enp91s0 with own address as source address" in the TTY. It does technically work but those TTY messages are concerning. I've tried it with a static ip in the bridge (both the same as AMT and different) and blank. Does anyone whos smarter than me know how to make these two play nice, or is it not possible?
 

Vlou

New Member
May 5, 2024
2
3
1
OK, will partially answer myself :)
to separate linux (have no idea about windows) and vPro NIC, I configured to load pci-stub module before igc module, and added PCI ID of vPro nic to pci-stub. So, now intel driver does not touch nic, interface is not present in the system etc.
As result, once after boot vPro configured this nic at 100Mb/s, it stays there as commanded by vPro. (before it would go off one intel modules are loaded, and go on again only if I would bring interface up in the os, and then it would go full 2.5Gbps). So, separation is here, but....

it still goes of when I power down system, which makes whole vPro senseless :)
But, this part might be due to ill BIOS or something.
Although, would love to hear is someone have it working after powering system off.
Hello,
Can you please share how you "load pci-stub module before igc module, and added PCI ID of vPro nic to pci-stub". I'm also trying to do that, but no matter what, igc driver is always taking the I226-LM NIC back :/
 

ZokiZ

New Member
Sep 12, 2024
1
0
1
Hi,

Does anyone have the same issue as I do when connecting to AMT, regardless of using the web or Mesh Commander?
The issue I'm referring to is that if I connect the Ethernet interface to a 2.5Gbps switch, I'm unable to connect. However, if I switch to one running only 1Gbps, everything works as expected.

So, is there a fix for this?
 

Vlou

New Member
May 5, 2024
2
3
1
Hello,
Can you please share how you "load pci-stub module before igc module, and added PCI ID of vPro nic to pci-stub". I'm also trying to do that, but no matter what, igc driver is always taking the I226-LM NIC back :/
Anyway, I finally found the solution. I load vfio and put igc as a softdep. As a consequence, igc waits for vfio to load first, but vfio takes ownership of the NIC and never relase it to igc ! I could not blacklist igc driver as it is also used by the main Ethernet NIC.

1. Add this in /etc/modules to load vfio :
Code:
vfio
vfio_iommu_type1
vfio_pci
2. Add this in /etc/modprobe.d/vfio.conf to configure the softdep and the ID of the NIC for vfio :
Code:
options vfio-pci ids=8086:125b
# 8086:125b = Intel Corporation Ethernet Controller I226-LM ) = vPRO NIC
softdep igc pre: vfio-pci
# The softdep forces tgc driver to first load vfio-pci, which keeps the device and never release it to igc
3. Be sure that the following is present in /etc/kernel/cmdline (to enable vfio) :
Code:
intel_iommu=on iommu=pt
4. Refresh Proxmox boot files : proxmox-boot-tool refresh

5. Regenerate initramfs to include vfio and igc changes : update-initramfs -k all -u

And since that, my vPRO has been working for multiple days without issue, it does not get grabbed by igc driver !
 

AlexHK

New Member
Dec 11, 2024
2
0
1
Here's a good writeup on the vPro setup process from Isaac Blum...

I followed this guide to setup vPro on my MS-01, but using the recommended docker image with MeshCommander 0.9.5 it wouldn't connect (timeout).

After that I installed MeshCommander 0.9.6 for Windows from meshcommander.com and it's working now.