The agent uses Windows® authentication to Negotiate the monitored instance. In some cases, the negotiation can fail if there is a mismatch between the authentication types used by the client and the server.
The following symptoms indicate an authentication issue:
To resolve these issues, you may need to disable the NTLMv2 authentication.
1 |
Run regedit to edit the registry. |
2 |
Locate the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa |
3 |
Locate the value named LMCompatibilityLevel, and change the DWORD value to 2 (send NTLM authentication only). |
4 |
Close regedit and restart the machine. |
When the agent attempts to access the Windows® registry and enter the Windows Management Instrumentation (WMI) component, the attempt can fail if the agent user does not have the required permissions.
The following symptoms indicate a permissions issue:
• |
1 |
Ensure that the following two registry keys exist on the monitored host, in HKEY_CLASSES_ROOT\CLSID\: |
• |
• |
b |
Start regedit, and from the Edit menu, use Find to search for the following key: 76A6415B‑CB41‑11d1‑8B02‑00600806D9B6. |
c |
d |
e |
f |
On the Owner tab, in the Change owner to area, select the account with which you are currently logged in. |
g |
Click OK. |
h |
i |
j |
Any WindowsShell connection made to a non-local host requires DCOM access to that machine, regardless of whether the user establishing the connection is a local or third-party user.
Therefore, agents that connect to Windows® machines using the Agent Manager’s WindowsShellService need to make the following specific registry changes to allow the connection.
1 |
Ensure that the following two registry keys exist on the monitored host, in HKEY_CLASSES_ROOT\CLSID\: |
b |
Start regedit, and from the Edit menu, use Find to search for the following key: 72C24DD5-D70A-438B-8A42-98424B88AFB8. |
c |
d |
e |
f |
On the Owner tab, in the Change owner to area, select the account with which you are currently logged in. |
g |
Click OK. |
h |
i |
j |
Click OK. |
A Windows® operating system user needs full control permissions on the following registry keys to monitor the operating system:
• |
76A64158-CB41-11D1-8B02-00600806D9B6 (WBEM Scripting Locator) |
• |
72C24DD5-D70A-438B-8A42-98424B88AFB8 (Windows Script Host Shell Object) |
• |
0D43FE01-F093-11CF-8940-00A0C9054228 (FileSystem Object) |
• |
HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank. |
• |
HKEY_CLASSES_ROOT\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}. |
• |
HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the |
• |
HKEY_CLASSES_ROOT\Wow6432Node\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank. |
• |
HKEY_CLASSES_ROOT\Wow6432Node\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank. |
• |
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}. |
NOTE: 1. If the keys under HKEY_CLASSES_ROOT\AppID do not exit, manually add the keys to the written value by default permission. 2. If the keys under HKEY_CLASSES_ROOT\CLSID and HKEY_CLASSES_ROOT\Wow6432Node\CLSID do not exit, and you do not have permission to add a new String Value or edit the Value data, change the Owner from TrustedInstaller to Administrators, then grant the Set Value permission first. |
• |
Manually write the values to those keys, and then remove the full control permission. If the full control permissions cannot be deselected, select Deny Permission entry to remove all the permissions, and keep permissions for the entries Query Value, Enumerate Subkeys, Notify, and Read control to Read only. To set deny permission, right click on the registry key and select Permissions. Click Advanced on the popup dialogue box, then double click on the FglAM user, and check Deny Permission entry. |
For FileLogMonitorAgent and WindowsEventLogMonitorAgent:
• |
76A64158-CB41-11D1-8B02-00600806D9B6 (For j-interop WMIJavaConnection) |
The key 76A64158-CB41-11D1-8B02-00600806D9B6 is used for the Agent Managers installed on Unix or Linux machine to establish the WMIJavaconnection, which requires the administrator privilege to monitor.
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center