Configuring the embedded Agent Manager
Installing external Agent Managers
Understanding how the Agent Manager communicates with the Management Server
Deploying the Agent Manager cartridge
Downloading the Agent Manager installer
Installing the Agent Manager
Configuring the Agent Manager
Installing the Agent Manager using the installer interface
Installing the Agent Manager from the command line
Using the Agent Manager silent installer
Installing the Agent Manager as a Windows service
Starting or stopping the Agent Manager process
Frequently asked questions
How do I upgrade the Agent Manager?
How do I uninstall the Agent Manager?
Where can I find the Agent Manager installation log files?
Are the passwords that are stored in the configuration file, fglam.config.xml, encrypted?
How can I see what parameters are available for the silent installers?
Why are two URLs displayed for localhost when I search for HA peers?
I tested the connection between the Agent Manager and a Management Server, but the Management Server URL failed the connectivity test. Why did this happen?
Operating system patches
Launching the Agent Manager installation interface
Configuring the Agent Manager to run in FIPS-compliant mode
Configuring the Agent Manager from the command line
Configuring the Agent Manager to use SSL certificates
Configuring an Agent Manager instance as a Concentrator
Advanced system configuration and troubleshooting
Configuring the concentrator
Configuring downstream Instances
Creating a secure connection with downstream instances
Excluding SSL ciphers from upstream or downstream Connections
Excluding Specific SSL Protocols from Downstream Connections
Configuring the Agent Manager to accept connections from the Management Server
Configuring the Agent Manager to execute commands on remote hosts
Configuring multiple Agent Manager instances
Controlling the polling rate
Configuring the Agent Manager to work in HA mode
Assigning Agent Managers to HA partitions
Adding cartridges to the HA deployment whitelist
About agent fail-over
About non-HA deployments
Negotiating Agent Manager resources at runtime
Configuring credentials
Configuring anti-virus exclusion settings
Troubleshooting
Configuring Windows Management Instrumentation (WMI)
Monitoring the Agent Manager performance
WMI IPv6 connection support
Windows Firewall interference
Minimum requirements for Windows Management Instrumentation
Configuring Windows Remote Management (WinRM)
Promoting remote users to administrators on local machines through the Domain Controller
Granting required permissions to individual remote users
WMI access violation and OS connectivity verification failure
WMI and Quota Violation error
Known WMI issues in Windows Server 2008
Tuning WMI connections
Modifying registry key ownership on Windows Server 2008 R2
Configuring registry settings for Windows Server 2008 R2 and Windows 7
Resolving Access Denied errors when connecting to Windows XP Professional
OS collection fails with a Local_Limit_Exceeded error
Access to DCOM objects and registry is denied
Configuring registry settings for WinShell access through DCOM
Permissions on registry keys to configure DCOM command shell connection
Enabling agents to connect from UNIX machines
Enabling agents to connect locally on Windows
Releasing a locked MySQL process
WinRM IPv6 connection support
About WinRM authentication and the Agent Manager
Configuring the target (monitored) system
Configuring the Agent Manager (monitoring) system
Generating a configuration file required for WinRM Negotiate authentication
Configuring command-shell connection settings
About WinRM connection ports
Troubleshooting
UNIX- and Linux-specific configuration
Agent Manager service can't start automatically when the operating system restarts
SSH IPv6 connection support
About supported remote monitoring protocols
Configuring the Agent Manager to run as a daemon
Configuring Agent Manager agent privileges
Using sudo to configure secure launcher permissions
Using setuid_launcher to configure secure launcher permissions
Preventing Agent Manager core dumps on Linux
Investigating Agent Manager diagnostics
Deploying the Agent Manager to large-scale environments
Using Agent Manager silent installer Parameters
Example: Deploying the Agent Manager to multiple UNIX hosts
Example: Deploying the Agent Manager to multiple Windows hosts
Next steps
Configuring registry settings for WinShell access through DCOM
Any WindowsShell connection made to a non-local host requires DCOM access to that machine, regardless of whether the user establishing the connection is a local or third-party user.
Therefore, agents that connect to Windows® machines using the Agent Manager’s WindowsShellService need to make the following specific registry changes to allow the connection.
|
1 |
Ensure that the following two registry keys exist on the monitored host, in HKEY_CLASSES_ROOT\CLSID\: |
|
b |
Start regedit, and from the Edit menu, use Find to search for the following key: 72C24DD5-D70A-438B-8A42-98424B88AFB8. |
|
c |
|
d |
|
e |
|
f |
On the Owner tab, in the Change owner to area, select the account with which you are currently logged in. |
|
g |
Click OK. |
The Advanced Security Settings dialog box closes.
|
h |
|
i |
|
j |
Click OK. |
The Permissions dialog box closes.
Permissions on registry keys to configure DCOM command shell connection
A Windows® operating system user needs full control permissions on the following registry keys to monitor the operating system:
|
• |
76A64158-CB41-11D1-8B02-00600806D9B6 (WBEM Scripting Locator) |
|
• |
72C24DD5-D70A-438B-8A42-98424B88AFB8 (Windows Script Host Shell Object) |
|
• |
0D43FE01-F093-11CF-8940-00A0C9054228 (FileSystem Object) |
|
• |
HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank. |
|
• |
HKEY_CLASSES_ROOT\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}. |
|
• |
HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the |
|
• |
HKEY_CLASSES_ROOT\Wow6432Node\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank. |
|
• |
HKEY_CLASSES_ROOT\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}. |
|
• |
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}. |
|
NOTE: 1. If the keys under HKEY_CLASSES_ROOT\AppID do not exit, manually add the keys to the written value by default permission. 2. If the keys under HKEY_CLASSES_ROOT\CLSID and HKEY_CLASSES_ROOT\Wow6432Node\CLSID do not exit, and you do not have permission to add a new String Value or edit the Value data, change the Owner from TrustedInstaller to Administrators, then grant the Set Value permission first. |
|
• |
Manually write the values to those keys, and then remove the full control permission. If the full control permissions cannot be deselected, select Deny Permission entry to remove all the permissions, and keep permissions for the entries Query Value, Enumerate Subkeys, Notify, and Read control to Read only. To set deny permission, right click on the registry key and select Permissions. Click Advanced on the popup dialogue box, then double click on the FglAM user, and check Deny Permission entry. |
For FileLogMonitorAgent and WindowsEventLogMonitorAgent:
|
• |
76A64158-CB41-11D1-8B02-00600806D9B6 (For j-interop WMIJavaConnection) |
The key 76A64158-CB41-11D1-8B02-00600806D9B6 is used for the Agent Managers installed on Unix or Linux machine to establish the WMIJavaconnection, which requires the administrator privilege to monitor.
Enabling agents to connect from UNIX machines
When an agent connects to a monitored Windows® host from a UNIX® machine, you must make certain registry changes in order to allow the required COM services to run.
|
1 |
|
2 |
|
3 |
Add the following registry key to Windows if it does not exist: HKEY_CLASSES_ROOT\AppID{76A64158-CB41-11D1-8B02-00600806D9B6}. Create a new string value named DllSurrogate under that key and leave it blank. |
|
4 |
Add the following registry key to Windows if it does not exist: HKEY_CLASSES_ROOT\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}. Create a new string value named AppID under that key and modify the data to: {76A64158-CB41-11D1-8B02-00600806D9B6} |
Disabling UAC
This requirement affects: Windows Vista, Windows Server 2008, and Windows 7.
|
• |
Navigate to Control Panel > User Accounts and Family Safety > User Accounts > Change User Account Control Settings, and change the setting to Never Notify. |