Chat now with support
Chat with Support

Foglight Agent Manager 5.9.8 - Foglight Agent Manager Guide

Configuring the embedded Agent Manager Installing external Agent Managers
Understanding how the Agent Manager communicates with the Management Server Deploying the Agent Manager cartridge Downloading the Agent Manager installer Installing the Agent Manager Starting or stopping the Agent Manager process Frequently asked questions
Configuring the Agent Manager Advanced system configuration and troubleshooting
Configuring Windows Management Instrumentation (WMI) Configuring Windows Remote Management (WinRM) UNIX- and Linux-specific configuration
Monitoring the Agent Manager performance Deploying the Agent Manager to large-scale environments

Permissions on registry keys to configure DCOM command shell connection

A Windows® operating system user needs full control permissions on the following registry keys to monitor the operating system:

76A64158-CB41-11D1-8B02-00600806D9B6 (WBEM Scripting Locator)
72C24DD5-D70A-438B-8A42-98424B88AFB8 (Windows Script Host Shell Object)

According to the COM specification, the full control permission to the registry keys are required to write values to the registry keys. The values written to the registry key are as follows:

HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank.
HKEY_CLASSES_ROOT\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}.

For 64-bit Windows operating system, there might be two directories of AppID and CLSID, then the written values are:

HKEY_CLASSES_ROOT\AppID\{key}: Need to write the string value name to DllSurrogate and leave the

value to blank.

HKEY_CLASSES_ROOT\Wow6432Node\AppID\{key}: Need to write the string value name to DllSurrogate and leave the value to blank.
HKEY_CLASSES_ROOT\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}.
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{key}: Need to write the string value name to AppID and set the value to {key}.
NOTE:
1. If the keys under
HKEY_CLASSES_ROOT\AppID do not exit, manually add the keys to the written value by default permission.
2. If the keys under HKEY_CLASSES_ROOT\CLSID and HKEY_CLASSES_ROOT\Wow6432Node\CLSID do not exit, and you do not have permission to add a new String Value or edit the Value data, change the Owner from TrustedInstaller to Administrators, then grant the Set Value permission first.

Providing the full control permissions to a Foglight Agent Manager (FglAM) user is the most convenient way to write these values, which will be generated automatically. If you don’t want to provide the full control permissions to the FglAM user, do either of the following:

Manually write the values to those keys, and then remove the full control permission. If the full control permissions cannot be deselected, select Deny Permission entry to remove all the permissions, and keep permissions for the entries Query Value, Enumerate Subkeys, Notify, and Read control to Read only. To set deny permission, right click on the registry key and select Permissions. Click Advanced on the popup dialogue box, then double click on the FglAM user, and check Deny Permission entry.

For FileLogMonitorAgent and WindowsEventLogMonitorAgent:

76A64158-CB41-11D1-8B02-00600806D9B6 (For j-interop WMIJavaConnection)

The key 76A64158-CB41-11D1-8B02-00600806D9B6 is used for the Agent Managers installed on Unix or Linux machine to establish the WMIJavaconnection, which requires the administrator privilege to monitor.

Enabling agents to connect from UNIX machines

When an agent connects to a monitored Windows® host from a UNIX® machine, you must make certain registry changes in order to allow the required COM services to run.

1
Click Start > Run.
2
Input regedit in the dialog box and click OK.
3
Add the following registry key to Windows if it does not exist: HKEY_CLASSES_ROOT\AppID{76A64158-CB41-11D1-8B02-00600806D9B6}. Create a new string value named DllSurrogate under that key and leave it blank.
4
Add the following registry key to Windows if it does not exist: HKEY_CLASSES_ROOT\CLSID{76A64158-CB41-11D1-8B02-00600806D9B6}. Create a new string value named AppID under that key and modify the data to: {76A64158-CB41-11D1-8B02-00600806D9B6}

Disabling UAC

When an agent connects to a monitored Windows host from a UNIX machine, user access control (UAC) must also be disabled in order for WMI connections to succeed.

This requirement affects: Windows Vista, Windows Server 2008, and Windows 7.

Navigate to Control Panel > User Accounts and Family Safety > User Accounts > Change User Account Control Settings, and change the setting to Never Notify.

Granting access to dllhost.exe when Windows Firewall is enabled

Granting access to dllhost.exe when Windows Firewall is enabled

When an agent connects to a monitored Windows host from a UNIX machine, and the Windows firewall is enabled, access to dllhost.exe must be allowed through the firewall.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating