Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Foglight Agent Manager 5.9.8 - Foglight Agent Manager Guide

Table of Contents

Configuring the embedded Agent Manager

Getting started Interacting with the embedded Agent Manager

Automatic configuration of the Management Server host name and port number

Installing external Agent Managers

Understanding how the Agent Manager communicates with the Management Server

Syntax conventions

Deploying the Agent Manager cartridge Downloading the Agent Manager installer Installing the Agent Manager

Installing the Agent Manager using the installer interface

Configuring Management Server URLs using the installer interface

Installing the Agent Manager from the command line

Configuring Management Server URLs from the command line

Using the Agent Manager silent installer Installing the Agent Manager as a Windows service

Starting or stopping the Agent Manager process

Identifying the Agent Manager process About platform-specific identification

Frequently asked questions

How do I upgrade the Agent Manager? How do I uninstall the Agent Manager? Where can I find the Agent Manager installation log files? Why does the message "Created system preferences directory in java.home" appear after I finish installing the Agent Manager on AIX? Are the passwords that are stored in the configuration file, fglam.config.xml, encrypted? How can I see what parameters are available for the silent installers? Why are two URLs displayed for localhost when I search for HA peers? I tested the connection between the Agent Manager and a Management Server, but the Management Server URL failed the connectivity test. Why did this happen? When I try to install the Agent Manager using the installer interface on Solaris x86 VMware, it fails and a warning message related to fonts appears. Why does this occur? Why does an AIX compatibility warning appear when I run the Agent Manager installer?

Configuring the Agent Manager

Operating system patches Launching the Agent Manager installation interface Configuring the Agent Manager to run in FIPS-compliant mode Configuring the Agent Manager from the command line Configuring the Agent Manager to use SSL certificates Configuring an Agent Manager instance as a Concentrator

Configuring the concentrator Configuring downstream Instances Creating a secure connection with downstream instances Excluding SSL ciphers from upstream or downstream Connections Excluding Specific SSL Protocols from Downstream Connections

Configuring the Agent Manager to accept connections from the Management Server Configuring the Agent Manager to execute commands on remote hosts Configuring multiple Agent Manager instances

Example: Running multiple instances in a cluster environment

Controlling the polling rate Configuring the Agent Manager to work in HA mode

Assigning Agent Managers to HA partitions Adding cartridges to the HA deployment whitelist About agent fail-over About non-HA deployments

Negotiating Agent Manager resources at runtime

Disabling runtime resource negotiation

Disabling agent-specific changes to the upstream queue

Configuring credentials

Managing lockboxes Releasing lockboxes to the Agent Manager

Configuring anti-virus exclusion settings Troubleshooting

Errors related to Windows WMI and DCOM configuration Resolving DATA_COLLECTION_FAILED errors Adjusting the maximum polling interval

Advanced system configuration and troubleshooting

Configuring Windows Management Instrumentation (WMI)

WMI IPv6 connection support Windows Firewall interference Minimum requirements for Windows Management Instrumentation

Promoting remote users to administrators on local machines through the Domain Controller Granting required permissions to individual remote users

WMI access violation and OS connectivity verification failure WMI and Quota Violation error Known WMI issues in Windows Server 2008 Tuning WMI connections Modifying registry key ownership on Windows Server 2008 R2 Configuring registry settings for Windows Server 2008 R2 and Windows 7 Resolving Access Denied errors when connecting to Windows XP Professional OS collection fails with a Local_Limit_Exceeded error Access to DCOM objects and registry is denied Configuring registry settings for WinShell access through DCOM Permissions on registry keys to configure DCOM command shell connection Enabling agents to connect from UNIX machines

Disabling UAC Granting access to dllhost.exe when Windows Firewall is enabled

Enabling agents to connect locally on Windows Releasing a locked MySQL process

Configuring Windows Remote Management (WinRM)

WinRM IPv6 connection support

About the cross-realm negotiate authentication behavior Enable DNS reverse lookup

About WinRM authentication and the Agent Manager Configuring the target (monitored) system Configuring the Agent Manager (monitoring) system Generating a configuration file required for WinRM Negotiate authentication Configuring command-shell connection settings About WinRM connection ports Troubleshooting

Enabling specific TLS protocols Verifying setup Identifying common causes of WinRM failures Reviewing application event logs Enabling connection type debugging

UNIX- and Linux-specific configuration

Agent Manager service can't start automatically when the operating system restarts SSH IPv6 connection support About supported remote monitoring protocols Configuring the Agent Manager to run as a daemon

Locating the init.d script Obtaining the Agent Manager daemon status

Configuring Agent Manager agent privileges

Using sudo to configure secure launcher permissions Using setuid_launcher to configure secure launcher permissions

Using the HP patch checking tool About Agent Manager installations on AIX Preventing Agent Manager core dumps on Linux

Monitoring the Agent Manager performance

Investigating Agent Manager diagnostics

Exploring the Adapter Details tab

Message Processing tab XML Serialization tab Servlets tab

Exploring the Client Details tab

Agent Manager Clients view Message Processing tab Clock Skew tab Bandwidth tab Misbehaving Clients tab XML Serialization tab CPU Usage tab Memory Usage tab CDT Submission tab Queue Utilization tab

Deploying the Agent Manager to large-scale environments

Using Agent Manager silent installer Parameters Example: Deploying the Agent Manager to multiple UNIX hosts

Working with this example

Before you begin

Example: Creating and running an Agent Manager deployment script

Part 1: Create the working directory and script file Part 2: Create a list of hosts Part 3: Add the script parameters Part 4: Specify the script commands Part 5: Run the script

Example: Deploying the Agent Manager to multiple Windows hosts

Example: Using a software deployment tool and silent installer parameters

Part 1: Provide the silent installer parameters Part 2: Make the Agent Manager installers accessible Part 3: Run the software deployment tool

Promoting remote users to administrators on local machines through the Domain Controller

The recommended way of making users the administrators of their local machines is through Active Directory on the domain controller. Using the Domain Controller, you can:

•

Set up local administrators for specific machines in the domain

•

Promote local users to administrators for specific machines in the domain

•

Make domain users administrators of all machines in the domain by adding them to the Domain Admins group

•

Make domain users administrators of specific machines in the domain by adding them to the Domain Admins group

To promote a user to an administrator on a local machine using the Domain Controller:

1

Choose Control Panel > Administrative Tools > Active Directory Users and Computers.

2

In the Active Directory Users and Computers window that appears, in the left pane, under the domain node, click Computers.

3

In the right pane, right-click the machine whose local user you want to promote to an administrator, and choose Manage.

4

In the Computer Management window that appears, choose System Tools > Local Users and Groups.

5

You can now do any of the following:

•

Using the Users node in the right pane, make an existing or a new user an Administrator.

•

Using the Groups node, add an existing user to the Administrators group.

Granting required permissions to individual remote users

When making users the administrators of their local machines is not possible, you can grant required permissions to individual remote users using the following procedures.

To grant DCOM permissions to a user:

1

Add the local user to the "Distributed COM Users" group and the "Performance Monitor Users" group.

2

If the Agent Manager is installed on a UNIX® machine:

a

On the monitored host machine, at the Windows® Run prompt, type DCOMCNFG and press Enter.

b

In the Component Services window that appears, navigate to Component Services > Computers > My Computer.

c

Right-click My Computer and click Properties.

d

In the My Computer Properties dialog box that appears, open the COM Security tab.

e

In the Access Permissions area, click Edit Defaults.

f

In the Access Permission dialog box that appears, add the Distributed COM Users group to the list and grant it all permissions.

g

Click OK to save your changes and close the Access Permission dialog box.

h

In the Launch and Activation Permissions area, click Edit Defaults.

i

In the Launch and Activation Permissions dialog box that appears, add the Distributed COM Users group to the list and grant it all permissions

j

Click OK to save your changes and close the Launch and Activation Permissions dialog box.

k

In the My Computer Properties dialog box, click OK to close it.

l

Close the Component Services window.

To grant minimum WMI permissions to a remote user:

1

On the monitored host machine, right-click My Computer, and navigate to Manage > Services and Applications > WMI Control.

2

Right-click WMI Control and click Properties.

3

In the WMI Control Properties dialog box, open the Security tab.

4

Expand the Root node and select CIMV2, then click Security.

5

In the Security for ROOT\CIMV2 dialog box, add the Distributed COM Users group

6

Grant the required permissions to the remote user by enabling the following check boxes in the Allow column:

•

Execute Methods

•

•

•

7

Click Apply and then click OK.

To add subsequent users, they only need to be added to the two groups, Distributed COM Users and Performance Monitor Users, since these groups are already granted the required permissions.

Even though the local user is now granted access to WMI with the above configuration, not all performance monitoring classes allow non-administrative users to access their instances. Some performance classes need special permission to enable non-administrative users to perform queries or execute methods on their object instances. Some of these queries can fail clearly with an error code (for example, by the Agent Manager service throwing a Java exception), but some of them can fail without returning any data or error codes. Therefore, this setup must be used carefully, as query results can be unpredictable. From the system security perspective, there is still only so much a non-administrative user can do.

WMI access violation and OS connectivity verification failure

Access to WMI is required for both OS verification while creating an agent, and for collecting OS metrics from the monitored host. In some cases, an access violation on the WMI namespace (error 0x00000005) may occur when the agent connectivity verification fails. The access violation error can occur when the permissions or credentials used to access WMI, and specifically the root\cimv2 namespace and Root\MSCluster (if the machine is included in a cluster), are changed or invalid.

In order to view and change namespace security, the user must have Read Security and Edit Security permissions. Administrator accounts have these permissions by default, and can assign them to other users if necessary.

To grant namespace permissions to a user:

1

Log in to the monitored host machine.

2

Right-click My Computer and click Manage.

3

In the Computer Management dialog box that appears, expand the Services and Applications node.

4

Right-click WMI Control, and click Properties.

5

In the WMI Control Properties dialog box that appears, open the Security tab.

6

Expand the Root node and select CIMV2, then click Security.

7

In the Security for ROOT\CIMV2 dialog box that appears, modify or assign permissions as necessary.


	IMPORTANT: If the user accesses the namespace remotely, you must select the Remote Enable permissions check box.

8

Click OK on each of the dialog boxes to close them.

9

If the machine is part of a cluster, repeat the procedure for the ROOT\MSCluster namespace.


	NOTE: User permissions set on a namespace apply only to the namespace and not to any sub-namespaces. If the user also needs to access sub-namespaces, you can enable access from the Advanced Security Settings dialog box (accessible by clicking Advanced on the Security for [namespace] dialog box).

WMI and Quota Violation error

In some cases, when the agent queries WMI to collect metrics on the monitored host, the host’s performance may be affected. When this occurs, the agent log includes the message: Quota violation [SWbemServicesEx]. This error stems from WMI rather than the agent, and has been identified by Microsoft® as a known issue in Windows® Server 2003.

To correct this error:

1

Ensure that the following hotfix, available from Microsoft in KB 828653, is applied:

http://support.microsoft.com/kb/828653

2

Restart the WMI service on the monitored host.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center