Chatta subito con l'assistenza
Chat con il supporto

Foglight Agent Manager 5.9.5 - Foglight Agent Manager Guide

Configuring the embedded Agent Manager Installing external Agent Managers
Understanding how the Agent Manager communicates with the Management Server Deploying the Agent Manager cartridge Downloading the Agent Manager installer Installing the Agent Manager Starting or stopping the Agent Manager process Frequently asked questions
Configuring the Agent Manager Advanced system configuration and troubleshooting
Configuring Windows Management Instrumentation (WMI) Configuring Windows Remote Management (WinRM) UNIX- and Linux-specific configuration
Monitoring the Agent Manager performance Deploying the Agent Manager to large-scale environments

OS collection fails with a Local_Limit_Exceeded error

OS collection fails with a Local_Limit_Exceeded error

The agent uses Windows® authentication to Negotiate the monitored instance. In some cases, the negotiation can fail if there is a mismatch between the authentication types used by the client and the server.

The following symptoms indicate an authentication issue:

To resolve these issues, you may need to disable the NTLMv2 authentication.

1
Run regedit to edit the registry.
2
Locate the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
3
Locate the value named LMCompatibilityLevel, and change the DWORD value to 2 (send NTLM authentication only).
4
Close regedit and restart the machine.

Access to DCOM objects and registry is denied

When the agent attempts to access the Windows® registry and enter the Windows Management Instrumentation (WMI) component, the attempt can fail if the agent user does not have the required permissions.

The following symptoms indicate a permissions issue:

The agent log includes the error WMIConnection.Access is denied and error code 0x00000005.
76A6415B-CB41-11d1-8B02-00600806D9B6
76a64158-cb41-11d1-8b02-00600806d9b6
b
Start regedit, and from the Edit menu, use Find to search for the following key: 76A6415B‑CB41‑11d1‑8B02‑00600806D9B6.
c
Right-click the Class ID, and click Permissions.
d
In the Permissions dialog box, click Advanced.
e
In the Advanced Security Settings dialog box, open the Owner tab.
f
On the Owner tab, in the Change owner to area, select the account with which you are currently logged in.
g
The Advanced Security Settings dialog box closes.
h
In the Permissions dialog box, select the Administrators group.
i
In the Permissions for Administrators area, in the Allow column, select the Full Control check box.
j
Click OK. The Permissions dialog box closes.
k
Repeat Step a through Step j for the second key: 76a64158‑cb41‑11d1‑8b02‑00600806d9b6

Configuring registry settings for WinShell access through DCOM

Any WindowsShell connection made to a non-local host requires DCOM access to that machine, regardless of whether the user establishing the connection is a local or third-party user.

Therefore, agents that connect to Windows® machines using the Agent Manager’s WindowsShellService need to make the following specific registry changes to allow the connection.

b
Start regedit, and from the Edit menu, use Find to search for the following key: 72C24DD5-D70A-438B-8A42-98424B88AFB8.
c
Right-click Class ID, and click Permissions.
d
In the Permissions dialog box that appears, click Advanced.
e
In the Advanced Security Settings dialog box, open the Owner tab.
f
On the Owner tab, in the Change owner to area, select the account with which you are currently logged in.
g
The Advanced Security Settings dialog box closes.
h
In the Permissions dialog box, select the Administrators group.
i
In the Permissions for Administrators area, in the Allow column, enable the Full Control check box.
j
The Permissions dialog box closes.
k
Repeat Step a through Step j for the second key:
0D43FE01-F093-11CF-8940-00A0C9054228.

Permissions on registry keys to configure DCOM command shell connection

A Windows® operating system user needs full control permissions on the following registry keys to monitor the operating system:

76A64158-CB41-11D1-8B02-00600806D9B6 (WBEM Scripting Locator)
72C24DD5-D70A-438B-8A42-98424B88AFB8 (Windows Script Host Shell Object)

According to the COM specification, the full control permission to the registry keys are required to write values to the registry keys. The values written to the registry key are as follows:

HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank.
HKEY_CLASSES_ROOT\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}.

For 64-bit Windows operating system, there might be two directories of AppID and CLSID, then the written values are:

HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the

value to blank.

HKEY_CLASSES_ROOT\Wow6432Node\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank.
HKEY_CLASSES_ROOT\Wow6432Node\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank.
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}.
NOTE:
1. If the keys under
HKEY_CLASSES_ROOT\AppID do not exit, manually add the keys to the written value by default permission.
2. If the keys under HKEY_CLASSES_ROOT\CLSID and HKEY_CLASSES_ROOT\Wow6432Node\CLSID do not exit, and you do not have permission to add a new String Value or edit the Value data, change the Owner from TrustedInstaller to Administrators, then grant the Set Value permission first.

Providing the full control permissions to a Foglight Agent Manager (FglAM) user is the most convenient way to write these values, which will be generated automatically. If you don’t want to provide the full control permissions to the FglAM user, do either of the following:

Manually write the values to those keys, and then remove the full control permission. If the full control permissions cannot be deselected, select Deny Permission entry to remove all the permissions, and keep permissions for the entries Query Value, Enumerate Subkeys, Notify, and Read control to Read only. To set deny permission, right click on the registry key and select Permissions. Click Advanced on the popup dialogue box, then double click on the FglAM user, and check Deny Permission entry.

For FileLogMonitorAgent and WindowsEventLogMonitorAgent:

76A64158-CB41-11D1-8B02-00600806D9B6 (For j-interop WMIJavaConnection)

The key 76A64158-CB41-11D1-8B02-00600806D9B6 is used for the Agent Managers installed on Unix or Linux machine to establish the WMIJavaconnection, which requires the administrator privilege to monitor.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione