Component-specific requirements

This topic provides information about the requirements that are specific to the various PATROL for Microsoft Windows Servers components.

PATROL for Microsoft Hyper-V prerequisites

The following requirements must be in place before beginning the installation.

ResourceRequirement
WinRM

WinRM default ports must be open on PATROL Agent and Hyper-V Host

The default HTTP port used by Winrm is 5985

The default HTTPS port used by Winrm is 5986

PowerShell3.0 and later versions are supported (required on the PATROL Agent)
Microsoft .Net Framework4.0 and later versions are supported (required on the PATROL Agent)
User

A valid domain or local user who is a member of the Administrators group (on Hyper-V host).

PATROL for Microsoft Cluster Server prerequisites

What are the pre-requisites for enabling remote monitoring of cluster?

The PATROL Agent computer must be a dedicated server for remote monitoring. The WinRM client should be installed on the PATROL Agent computer to communicate with the remote cluster on which the WinRM server is installed. The WinRM server should be configured with an HTTP or HTTPS listener on all the remote nodes of the cluster before adding it into a PATROL Agent.

Requirements for host computers (PATROL Agent)

  • WinRM version 2.0 or later must be installed.
  • PATROL Agent and PATROL KM for Microsoft Cluster Server version 2.0.00 or later must be installed.
  • Kerberos and Negotiate (NTLM) authentication should be true in the WinRM configuration.

Note

If you encounter Visual Studio 2015 redistributable error on the computer where you have installed the PATROL for Microsoft Cluster Server KM, ensure that your computer contains the latest operating system updates.

Requirements for the remote nodes of the cluster

  • WinRM version 1.1 or later must be installed and running.
  • WinRM must be configured with a listener either on HTTP or HTTPS.
  • Kerberos and Negotiate (NTLM) authentication should be true in WinRM’s configuration.

A valid domain or local user who is a member of the Administrators group. A local user must be created with same credentials on all the nodes.

The following figure illustrates a configuration with multiple clusters:

Monitoring configuration with multiple clusters

Introduced in Windows Vista and later versions of Windows, User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service.

To allow all accounts in the Administrators group to access the service, using the Regedit utility, set the value of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1.

WinRM configuration

For information about how to configure WinRM, see PATROL KM for Windows remote monitoring FAQs.

PATROL KM for Microsoft Windows Domain Services requirements

To monitor network protocols and to use the following domain monitoring parameters and management features, you must have the SNMP service installed :

  • NT_DHCP parameters
  • WpReplicationFailures parameter
  • Executing the WINS Database Scavenging menu command

As a default, the SNMP service is configured to accept SNMP packets from any host. If the service is configured to accept packets from hosts, then the local host IP address or hostname must be added to the list of hosts. It is not sufficient to add "localhost" or the loopback address 127.0.0.1. 

At a minimum, the SNMP community string must have READ permissions. To initiate the WINS Database Scavenging menu command, the community string must have WRITE permissions as well. 

On Windows 2000 servers, the community string must be an ASCII character string. Microsoft Windows 2000 does not support non-ASCII characters in community strings. 

For the NT_DHCP application class to work, the default PATROL Agent account must have full access to %PATROL_HOME% and all subdirectories. On Windows 2003 and later, the default PATROL Agent account must also be a member of the DHCP Users group.

PATROL KM for Microsoft Windows Operating System requirements

The following requirements are necessary for using PATROL KM for Microsoft Windows Operating System.

  • Process monitoring: To monitor processes, the PATROL Agent must have access to this hive and all sub-keys: HKLM\SOFTWARE\Microsoft\WindowsNT\perflib
  • Event log monitoring: To discover event logs, the PATROL Agent must have access to this hive and all sub-keys: HKLM\CurrentControlSet\Services\Eventlog\ 
    (PATROL Agent 3.6 or later has access. No additional configuration is needed).

PATROL KM for Microsoft Windows Active Directory requirements

The following requirements are necessary for using PATROL KM for Microsoft Windows Active Directory:

  • PATROL KM for Microsoft Windows Active Directory now requires the PATROL KM for Microsoft Windows Operating System 3.9.20 or later for full support. If you are running a release earlier than 3.9.20, the KM fails prediscovery and writes a message to the mwd.log file, as well as to the system output window (SOW). If you are running 3.9.x, the KM is discovered, but the Event Log parameters are not available.
  • PATROL KM for Windows Active Directory requires that the Event Log component of PATROL KM for Microsoft Windows Servers is active. By default the Event Log component is active. For more information, see Configuring Windows events monitoring.
  • PATROL for Windows Servers monitors Microsoft Windows Active Directory only when Microsoft Windows Active Directory is running on domain controllers.
  • PATROL KM for Microsoft Windows Active Directory supports the Read Only Domain Controller support on Microsoft Windows 2008.

PATROL KM for Microsoft Windows Active Directory Remote Monitoring requirements

The local node (or member server) provides a client view of the Active Directory objects. The data provided for each managed node is collected within the context of the domain of which the managed node is a member. 

To display information about Active Directory objects, the managed node must meet the following requirements:

  • PATROL Agent 3.6.00 or later must be installed.
  • Default account for the PATROL Agent must be a domain user account.

PATROL KM for Windows remote monitoring prerequisites

Which version of PATROL KM for Windows supports remote monitoring?

PATROL KM for Windows started supporting remote monitoring from version 4.3.00 onwards.

What hardware do I need to monitor multiple Windows computers remotely?

The following table lists the hardware requirements for a single PATROL Agent running on a dedicated computer and monitoring 125 remote hosts.

ResourceMinimum requirementRecommended
ProcessorDual processor, 32-bitQuad processor, 64-bit
Server memory4 GB8 GB
Disk space600 MB1 GB

What are the pre-requisites for enabling remote monitoring?

The PATROL Agent computer must be a dedicated server for remote monitoring. The WinRM client should be installed on the PATROL Agent computer to communicate with the remote host on which the WinRM server is installed. The WinRM server should be configured with an HTTP or HTTPS listener on the remote host before adding it into a PATROL Agent.

Requirements for host computers (PATROL Agent)

  • WinRM version 1.1 or later must be installed.
  • PATROL Agent and PATROL KM for Windows version 4.3.00 or later must be installed.
  • Kerberos and negotiate (NTLM) authentication should be true in the WinRM configuration.

Requirements for the remote host

  • WinRM version 1.1 or later must be installed and running.
  • WinRM must be configured with a listener either on HTTP or HTTPS.
  • Kerberos and negotiate (NTLM) authentication should be true in WinRM’s configuration.

A valid domain or local user who is a member of the Administrators group.

The following figure illustrates a configuration with multiple remote hosts:

Monitoring configuration with multiple remote hosts

Monitoring_configuration

Which authentication mechanisms are used in remote monitoring?

PATROL KM for Windows supports password based authentication for local and domain users. By default Negotiate Authentication will be done, and if specified using pconfig variable, it will authenticate depending on the flag set. The network authentication protocols supported are explained below:

Kerberos authentication

The client and server mutually authenticate each other using Kerberos tickets. Kerberos is used to authenticate a domain account. The user name must be specified in the following format for a domain user:

domain\username

Note: For using Kerberos authentication explicitly, set the pconfig variable /REMOTE/HOSTS/(Hostname)/authentication to 1.

Negotiate authentication (NTLM)

The client sends a request to the server to authenticate. NTLM is used to authenticate local computer accounts. The user name must be specified in the following format for a local user on a server computer:

username

Note: For using Negotiate authentication explicitly, set the pconfig variable /REMOTE/HOSTS/(Hostname)/authentication to 4.

Introduced in Windows Vista and later versions of Windows, User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service.

To allow all accounts in the Administrators group to access the service, using the Regedit utility, set the value of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1.

Can I use a Local account for monitoring event logs?

No. You can only use a Domain account for monitoring event logs.

For information about how to configure WInRM, see PATROL KM for Windows remote monitoring FAQs.

PATROL default account required permissions

Monitoring replication within the configuration naming context requires that the PATROL Agent defaultAccount have sufficient Active Directory permissions to create a container object and child container objects in the configuration naming context of the forest in which the domain controller resides. The account must have full control of the created objects. 

The PATROL Agent defaultAccount must be granted permission to Create Container Objects in the Configuration NC and to give Full Control to the created container object and its children. 

Monitoring replication within the domain naming context requires that the PATROL Agent defaultAccount have sufficient Active Directory permissions to create a container object and child container objects in the domain naming context of the domain in which the domain controller resides. The account must have full control of the created objects. 

The PATROL AgentdefaultAccount must be granted permission to Create Container Objects in each Domain NC and to give Full Control to the created container object and its children.

Lists the component-specific requirements and prerequisites

Was this page helpful? Yes No Submitting... Thank you

Comments