Chat now with support
Chat with Support

The Quest and One Identity Support Portals will be unavailable on Friday July 10, 2020 from 5:30 PM to 6:30 PM for website maintenance.

Foglight Agent Manager 5.9.1 - Foglight Agent Manager Guide

Configuring the embedded Agent Manager Installing external Agent Managers
Understanding how the Agent Manager communicates with the Management Server Deploying the Agent Manager cartridge Downloading the Agent Manager installer Installing the Agent Manager Starting or stopping the Agent Manager process Frequently asked questions
Configuring the Agent Manager Advanced system configuration and troubleshooting
Configuring Windows Management Instrumentation (WMI) Configuring Windows Remote Management (WinRM) UNIX- and Linux-specific configuration
Monitoring the Agent Manager performance Deploying the Agent Manager to large-scale environments

Configuring command-shell connection settings

WinRM relies on a set of configuration parameters that establish the level of system resources the WinRM service needs to address incoming requests. In certain cases, some parameter values do not provide sufficient configuration levels which can lead to run-time errors.

Depending on how WinRM is used, some parameter values may not provide sufficient configuration levels which can lead to connection issues. The Agent Manager makes an attempt to diagnose some of these situations and communicate appropriate recommendations using Warning messages. The configuration levels that the Agent Manager attempts to diagnose are:

MaxConcurrentOperationsPerUser: This parameter specifies the maximum number of concurrent Enumeration operations allowed by an individual user. The value must be in the range of 1 to 4294967295.
TIP: WinRM parameters can also be edited using the Group Policy Object Editor. To start the editor, type gpedit.msc at the command line, and then navigate to Local Computer Policy > Computer Configuration > Administrative templates > Windows Components > Windows Remote Management (WinRM) and Windows Remote Shell.
MaxConcurrentOperations: This parameter specifies the maximum number of concurrent shells any user can remotely open on the same system. Any number from 1 to 4294967295 can be used. For more information about this parameter, you can visit the following Web page: http://msdn.microsoft.com/en-us/library/cc251426.aspx.
MaxShellsPerUser: This parameter specifies the maximum number of concurrent shells any user can remotely open on the same system. Any number from 0 to 2147483647 can be used, where 0 means unlimited number of shells. If this policy setting is enabled, the user cannot to open new remote shells if the count exceeds the specified limit.
AllowRemoteShellAccess: This parameter controls access to the remote shell. It must be set to true.
To set this parameter to true, issue the following command:

For additional information, visit the following Web page:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384372%28v=vs.85%29.aspx

About WinRM connection ports

WinRM uses a set of default ports for communication. Depending on the WinRM version, the following port numbers are used:

WinRM 1.1 and earlier: The default HTTP port is 80, and the default HTTPS port is 443.
WinRM 2.0 and later: The default HTTP port is 5985, and the default HTTPS port is 5986.

After issuing the winrm quickconfig command, the listener port number can be determined using the winrm enum winrm/config/listener command. For example:

Troubleshooting

If you have verified all of the WinRM configuration information and are still experiencing connection issues, the following techniques may be helpful for diagnosing the problem.

Verifying setup

To check whether a listener is configured for WinRM, you can issue the following command and observe its output:

The Port and Transport elements contain important information. The above command output identifies an HTTP listener on port 5985.

To see a full list of WinRM configuration values for the WinRM service that the Agent Manager is to use on the remote machine, you can issue the following command and observe its output:

The important properties are AllowUnencrypted (it indicates whether HTTP is allowed or not), and the Auth values that are set to true (enabled), namely Basic and Negotiate. In this example, both authentication types are enabled.

For more information on setting up for HTTPS, see About WinRM authentication and the Agent Manager .

Related Documents