Before you start installing the Synthetic Private Agent, you may need to make changes to the host machine. You should first try using the recommended settings for your host machine and then follow the steps for preparing the host machine based on your Windows environment.
Recommended Settings for the Host Machine
These are the recommendations for the host machine of the Synthetic Private Agent:
- Do not install other software on the Synthetic Agent machine. The Synthetic Private Agent measures performance, so running other software on the same server may adversely affect the measurement results. Also, the configuration changes for the installation might, conversely, adversely affect the other programs running on the machine.
- The host machine should be a Windows Workgroup and not part of a Windows Host Domain. See Windows Domains Versus Workgroups for an explanation.
- Do not run anti-virus software on the host machine.
- Use a password specific to the host machine.
Steps for Preparing the Host Machine
The table below lists the steps you will need to take to prepare your host machine based on the Windows environment.
|Running Anti-Virus Software?
|Steps to Take
Windows Domains Versus Workgroups
The installer will create the user account
agent_user that will be used to run the Synthetic Private Agent. You should avoid applying a Group Policy (GPO) on the host machine that will affect the
Machines that belong to Windows Domains generally have GPOs applied to them. Because of this, you are recommended to use a standalone Workgroup for the host machine when possible. In addition, if the host machine is a member of a Windows Domain, you will need to be a Domain Administrator to modify the GPOs. See Configure Group Policies for Windows Domains to learn which policy settings to change.
Ideally, in an enterprise deployment where Active Directory is set up, the host machine should be part of an Organizational Unit (OU) that has no interactive logon GPOs. This makes using Workgroups ideal. In addition, for Workgroups, you only need to be a Local Administrator to configure the Local Policies.
Configure Local Policies for Workgroups
The sections below show you how to change the following settings for Local Policies on Workgroups.
Remove Maximum Password Age
If the settings are not the same, from a PowerShell, open the Local Security Policy window:
From the Local Security Policy window, navigate to Security Settings > Account Policies > Password Policy.
Double-click Maximum password age to open the Maximum password age Properties dialog.
Set the value to 0 for the expiration date, so that the password never expires.
- Click OK.
Add Users to the User Rights Assignment
- From the Local Security Policy window, navigate to Security Settings > Local Policies > User Rights Assignment.
- Double-click Allow log on locally.
- If you don't see Users in the text area, click Add User or Group.
- From the Select Users or Groups dialog, enter Users and click Check Names.
- Click OK.
Configure Group Policies for Windows Domains
If the machine is a member of a Windows Domain, do the following:
Check if the Group Policy settings are correct for installing the synthetic Private Agent.
|Standard User Account, Local Administrator User Account, Domain Administrator Account
Modify the Group Policy settings if needed.
|Domain Administrator Account
|Verify that the Group Policies for interactive logon are not applied.
|Domain Administrator Account
Check Group Policy Settings
From a PowerShell console, run the
gpresultcommand to save the applied group policies to an HTML file:
gpresult /H output.htmlPOWERSHELL
If one of the following is true, your Windows Domain is configured correctly:
output.htmlfile doesn't have any settings.
When you open
output.htmland navigate to Settings > Policies > Windows Settings > Security Settings, you see the policies and settings below.
Security Settings Policy Setting Account Policies/Password Policy Maximum password age 0 days Local Policies/User Rights Assignments Allow log on locally Users (should be one of the settings)
If your Windows Domain is not configured correctly:
Modify Group Policy Settings
Typically, the IT department will need to make GPO changes. The Domain Administrator in your IT department will need to change the following Group Policy settings that are applied to the host machine for the Synthetic Private Agent:
- No maximum password age is used for the Synthetic Private Agent account
- Permissions to log on have been granted to the
Confirm Interactive Logon Policies Are Not Applied
If you do apply Group Policies to the host machine, you will need to disable interactive logon Group Policies for autologon to work.
Verify that the Interactive logon policies below are not configured. If a policy has a setting, you will need to disable it.
|Interactive logon: Message text for users attempting to log on
|Interactive logon: Message title for users attempting to log on
|Interactive logon: Prompt user to change the password before expiration
Remove Internet Browsers from Dedicated Machine
Before installing the Synthetic Private Agent, remove all internet browsers except Internet Explorer because the agent requires specific versions of the browsers.
Prevent Anti-Virus Software from Affecting the Private Synthetic Agent
Running anti-virus software may disrupt the operation or affect the performance of Private Synthetic Agents. If you are running anti-virus software on the same machine hosting the Synthetic Private Agent, you should do the following:
- exclude the agent's installation directory (the default is
C:\appdynamics\) from virus scanning.
- do not allow your anti-virus software to quarantine the dynamic-link library
k9.dll, which is injected into running processes for the Synthetic Private Agent to function properly.
If you have taken these precautions and are still having difficulty running anti-virus software, report your issue to your AppDynamics account representative.