Troubleshooting Real-Time System Manager Remote Connection Failures (Port 16992 Closed)
search cancel

Troubleshooting Real-Time System Manager Remote Connection Failures (Port 16992 Closed)

book

Article ID: 417598

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

This article describes how to troubleshoot and resolve Real-Time System Manager (RTSM) remote connection issues where port 16992 is closed or unresponsive.
The issue typically occurs on systems with Intel® Active Management Technology (AMT) enabled but misconfigured, causing the Real-Time connection to fail even though the endpoint appears online in the Symantec Management Console.

Symptoms

  • Endpoint shows online in the Symantec Management Console.

  • Inventory and standard task communications succeed.

  • Real-Time remote connection fails or hangs when attempting to open the Real-Time tab.

  • Running a Port Check or Telnet test to port 16992 returns “connection failed.”

  • AMT appears enabled in BIOS, but Intel ME ports (16992–16995) remain closed.

  • In some cases, the “Software > Diagnostic Log” tab is missing from the Real-Time view.

Environment

Symantec IT Management Suite (ITMS)

Component: Real-Time System Manager (RTSM) / Real-Time Console Infrastructure (RTCI)

Applies To: ITMS 8.x and later

Operating System: Windows Server and Windows Client Systems

Cause

The issue occurs when the Intel Management Engine (ME) network stack is disabled or not bound to the network interface, even though AMT is enabled in BIOS.

When the Wired LAN IPv4 Configuration setting within Intel MEBx (Management Engine BIOS Extension) is set to Disabled, the Intel ME firmware does not listen on ports 16992–16995.

This prevents Real-Time System Manager from communicating through AMT’s out-of-band management channel.

Additional contributing factors may include:

  • Intel ME losing provisioning state after imaging or power resets.

  • SEP or third-party security tools blocking AMT or Real-Time client traffic.

  • BIOS-level differences between similar hardware models.

Resolution

Table of Contents



Verification Steps

  1. On the affected endpoint, check whether the Intel ME port is listening:

     
    netstat -an | find "16992"

    • If no listener appears, AMT is not active on the network.

  2. Verify Intel ME configuration:

    • Reboot the device and press Ctrl + P to enter Intel MEBx.

    • Navigate to:

      Intel AMT Configuration → Network Setup → TCP/IP Settings → Wired LAN Configuration

    • Confirm that Network Interface is set to Enabled.

  3. From another system, test network access to AMT:

     
    telnet <endpoint_IP> 16992

    or

    Open http://<endpoint_IP>:16992 in a browser.

    A login prompt indicates that AMT is properly listening.

 

 

Resolution

1. Enable Intel ME Network Interface

  1. Enter Intel MEBx (Ctrl + P during boot).

  2. Go to:

     
    Intel AMT Configuration → Network Setup → TCP/IP Settings → Wired LAN Configuration

  3. Set Network Interface = Enabled.

  4. Save and exit.

2. Re-provision AMT

To ensure Real-Time communication is re-established, re-provision Intel AMT using these steps:

Unprovision Existing Configuration

  • In Symantec Management Console:

    Manage → Computers → Right-click endpoint → Real-Time System Manager → Unprovision AMT → Full Unprovision

  • Alternatively, from MEBx:

    Intel AMT Configuration → Un-Provision → Full Unprovision

Re-enable ME Network Stack

  • After unprovisioning, confirm Wired LAN Configuration = Enabled in MEBx.

  • Assign static or DHCP IP as needed.

Re-provision from Console

  • In the console:

    Manage → Computers → Real-Time System Manager → Provision AMT

  • Choose the appropriate provisioning mode:

    • Admin Control Mode (ACM) for certificate-based configuration.

    • Client Control Mode (CCM) for OS-based provisioning.

  • Follow on-screen prompts and apply provisioning credentials.

Verify

  • Test the connection again:

    http://<endpoint_IP>:16992 → Login prompt should appear.

  • In the console, confirm AMT functions (Power Control, KVM, etc.) work as expected.

3. Check Security Software

If connectivity remains blocked:

  • In Symantec Endpoint Protection (SEP) or third-party endpoint protection:

    • Create exclusions for:

      TCP Ports: 16992–16995, 623, 664 Processes: AeXNSAgent.exe

  • Reboot and re-test connection.

 

Validation

After completing the steps:

  • netstat -an should show port 16992 in LISTENING state.

  • Real-Time System Manager should display full AMT capabilities.

  • AMT web interface (http://<IP>:16992) should prompt for login.

References

Summary Table

Issue Root Cause Resolution
RTSM connection fails, port 16992 closed Intel ME Wired LAN disabled or not provisioned Enable LAN, re-provision AMT
Endpoint online but no Real-Time response ME stack inactive Unprovision and re-provision AMT
Ports blocked Security policy Add exclusions for 16992–16995, 623, 664
Powered by Wolken Software