Prepare the Host Machine for the Synthetic Private Agent

Before you start installing the Synthetic Private Agent, you may need to make changes to the host machine. You should first try using the recommended settings for your host machine and then follow the steps for preparing the host machine based on your Windows environment.

Recommended Settings for the Host Machine

These are the recommendations for the host machine of the Synthetic Private Agent:

• Do not install other software on the Synthetic Agent machine. The Synthetic Private Agent measures performance, so running other software on the same server may adversely affect the measurement results. Also, the configuration changes for the installation might, conversely, adversely affect the other programs running on the machine.
• The host machine should be a Windows Workgroup and not part of a Windows Host Domain. See Windows Domains Versus Workgroups for an explanation.
• Do not run anti-virus software on the host machine.
• Use a password specific to the host machine.

Steps for Preparing the Host Machine

The table below lists the steps you will need to take to prepare your host machine based on the Windows environment.

Windows Domains Versus Workgroups

The installer will create the user account agent_user that will be used to run the Synthetic Private Agent. You should avoid applying a Group Policy (GPO) on the host machine that will affect the agent_user account.

Machines that belong to Windows Domains generally have GPOs applied to them. Because of this, you are recommended to use a standalone Workgroup for the host machine when possible. In addition, if the host machine is a member of a Windows Domain, you will need to be a Domain Administrator to modify the GPOs. See Configure Group Policies for Windows Domains to learn which policy settings to change.

Ideally, in an enterprise deployment where Active Directory is set up, the host machine should be part of an Organizational Unit (OU) that has no interactive logon GPOs. This makes using Workgroups ideal. In addition, for Workgroups, you only need to be a Local Administrator to configure the Local Policies.

Configure Local Policies for Workgroups

The sections below show you how to change the following settings for Local Policies on Workgroups.

Remove Maximum Password Age

1. If the settings are not the same, from a PowerShell, open the Local Security Policy window:

   > secpol.msc

   POWERSHELL

2. From the Local Security Policy window, navigate to Security Settings > Account Policies > Password Policy.

3. Double-click Maximum password age to open the Maximum password age Properties dialog.

4. Set the value to 0 for the expiration date, so that the password never expires.

5. Click OK.

Add Users to the User Rights Assignment

1. From the Local Security Policy window, navigate to Security Settings > Local Policies > User Rights Assignment.
2. Double-click Allow log on locally.
3. If you don't see Users in the text area, click Add User or Group.
4. From the Select Users or Groups dialog, enter Users and click Check Names.
5. Click OK.

Configure Group Policies for Windows Domains

If the machine is a member of a Windows Domain, do the following:

Check Group Policy Settings

1. From a PowerShell console, run the gpresult command to save the applied group policies to an HTML file:

   gpresult /H output.html

   POWERSHELL

2. If one of the following is true, your Windows Domain is configured correctly:

   • The output.html file doesn't have any settings.

   • When you open output.html and navigate to Settings > Policies > Windows Settings > Security Settings, you see the policies and settings below. 

     Security Settings	Policy	Setting
     Account Policies/Password Policy	Maximum password age	0 days
     Local Policies/User Rights Assignments	Allow log on locally	Users (should be one of the settings)

3. If your Windows Domain is not configured correctly:

   1. Modify the relevant GPO settings

   2. Confirm that the interactive logon policies are not applied

Modify Group Policy Settings

Typically, the IT department will need to make GPO changes. The Domain Administrator in your IT department will need to change the following Group Policy settings that are applied to the host machine for the Synthetic Private Agent:

• No maximum password age is used for the Synthetic Private Agent account agent_user
• Permissions to log on have been granted to the agent_user

Confirm Interactive Logon Policies Are Not Applied

If you do apply Group Policies to the host machine, you will need to disable interactive logon Group Policies for autologon to work.

Verify that the Interactive logon policies below are not configured. If a policy has a setting, you will need to disable it.

Remove Internet Browsers from Dedicated Machine

Before installing the Synthetic Private Agent, remove all internet browsers except Internet Explorer because the agent requires specific versions of the browsers.

Prevent Anti-Virus Software from Affecting the Private Synthetic Agent

Running anti-virus software may disrupt the operation or affect the performance of Private Synthetic Agents. If you are running anti-virus software on the same machine hosting the Synthetic Private Agent, you should do the following:

• exclude the agent's installation directory (the default is C:\appdynamics\) from virus scanning.
• do not allow your anti-virus software to quarantine the dynamic-link library k9.dll, which is injected into running processes for the Synthetic Private Agent to function properly.

If you have taken these precautions and are still having difficulty running anti-virus software, report your issue to your AppDynamics account representative.