On this page:

Your Rating:
Results:
PatheticBadOKGoodOutstanding!
6 rates
Before you start installing the Synthetic Private Agent, you may need to make changes to the host machine. You should first try using the recommended settings for your host machine and then follow the steps for preparing the host machine based on your Windows environment.

These are the recommendations for the host machine of the Synthetic Private Agent:

  • Do not install other software on the Synthetic Agent machine. The Synthetic Private Agent measures performance, so running other software on the same server may adversely affect the measurement results. Also, the configuration changes for the installation might, conversely, adversely affect the other programs running on the machine.
  • The host machine should be a Windows Workgroup and not part of a Windows Host Domain. See Windows Domains Versus Workgroups for an explanation.
  • Do not run anti-virus software on the host machine.
  • Use a password specific to the host machine.

Steps for Preparing the Host Machine

The table below lists the steps you will need to take to prepare your host machine based on the Windows environment.

Windows Domains Versus Workgroups

The installer will create the user account agent_user that will be used to run the Synthetic Private Agent. You should avoid applying a Group Policy (GPO) on the host machine that will affect the agent_user account.

Machines that belong to Windows Domains generally have GPOs applied to them. Because of this, you are recommended to use a standalone Workgroup for the host machine when possible. In addition, if the host machine is a member of a Windows Domain, you will need to be a Domain Administrator to modify the GPOs. See Configure Group Policies for Windows Domains to learn which policy settings to change.

Ideally, in an enterprise deployment where Active Directory is set up, the host machine should be part of an Organizational Unit (OU) that has no interactive logon GPOs. This makes using Workgroups ideal. In addition, for Workgroups, you only need to be a Local Administrator to configure the Local Policies.

Configure Local Policies for Workgroups

The sections below show you how to change the following settings for Local Policies on Workgroups.

Remove Maximum Password Age

  1. If the settings are not the same, from a PowerShell, open the Local Security Policy window:

    > secpol.msc
  2. From the Local Security Policy window, navigate to Security Settings > Account Policies > Password Policy.

  3. Double-click Maximum password age to open the Maximum password age Properties dialog.

  4. Set the value to 0 for the expiration date, so that the password never expires.

  5. Click OK.

Add Users to the User Rights Assignment

  1. From the Local Security Policy window, navigate to Security Settings > Local Policies > User Rights Assignment.
  2. Double-click Allow log on locally.
  3. If you don't see Users in the text area, click Add User or Group.
  4. From the Select Users or Groups dialog, enter Users and click Check Names.
  5. Click OK.

Disable User Access Control

  1. From the Local Security Policy window, navigate to Security Settings > Local Policies > Security Options.
  2. For all the User Account Control: * policies shown below, you will need to change the Security Setting to Disabled.
  3. To change the Security Setting for the User Account Control (UAC) policies:
    1.  Double-click each policy and check the Disabled radio button.
    2. Click OK.

Configure Group Policies for Windows Domains

If the machine is a member of a Windows Domain, do the following:

StepsPersona/User
1.

Check if the Group Policy settings are correct for installing the synthetic Private Agent.

Standard User Account, Local Administrator User Account, Domain Administrator Account
2.

Modify the Group Policy settings if needed.

Domain Administrator Account
3.Verify that the Group Policies for interactive logon are not applied.Domain Administrator Account

Check Group Policy Settings

  1. From a PowerShell console, run the gpresult command to save the applied group policies to an HTML file:

    gpresult /H output.html
  2. If one of the following is true, your Windows Domain is configured correctly:

    • The output.html file doesn't have any settings.
    • When you open output.html and navigate to Settings > Policies > Windows Settings > Security Settings, you see the policies and settings below. 

      Security SettingsPolicySetting
      Account Policies/Password PolicyMaximum password age0 days
      Local Policies/User Rights AssignmentsAllow log on locallyUsers (should be one of the settings)
      Local Policies/Security OptionsUser Account Control * (all of the policies)Disabled
  3. If your Windows Domain is not configured correctly:

    1. Modify the relevant GPO settings

    2. Confirm that the interactive logon policies are not applied

Modify Group Policy Settings

Typically, the IT department will need to make GPO changes. The Domain Administrator in your IT department will need to change the following Group Policy settings that are applied to the host machine for the Synthetic Private Agent:

  • No maximum password age is used for the Synthetic Private Agent account agent_user
  • Permissions to log on have been granted to the agent_user
  • All User Access Control (UAC) settings are disabled for the group policy

Confirm Interactive Logon Policies Are Not Applied

If you do apply Group Policies to the host machine, you will need to disable interactive logon Group Policies for autologon to work.

Verify that the Interactive logon policies below are not configured. If a policy has a setting, you will need to disable it.

Policy
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Prompt user to change password before expiration

Remove Internet Browsers from Dedicated Machine

Before installing the Synthetic Private Agent, remove all internet browsers except Internet Explorer because the agent requires specific versions of the browsers.

Prevent Anti-Virus Software from Affecting the Private Synthetic Agent

Running anti-virus software may disrupt the operation or affect the performance of Private Synthetic Agents. If you are running anti-virus software on the same machine hosting the Synthetic Private Agent, you should do the following:

  • exclude the agent's installation directory (the default is C:\appdynamics\) from virus scanning.
  • do not allow your anti-virus software to quarantine the dynamic-link library k9.dll, which is injected into running processes for the Synthetic Private Agent to function properly.

If you have taken these precautions and are still having difficulty running anti-virus software, report your issue to your AppDynamics account representative. 

 

  • No labels