Updating the PATROL Agent registry files

Once you run the set_unset_tls command to enable the TLS mode, perform the following steps to update the registry files.

To update the PATROL Agent's identity information into the registry files

Perform the following sequence of steps to update PATROL Agent's details into its registry files.

  1. Log on to the host computer where you have installed the PATROL Agent, and have generated the certificates and certificate stores.

  2. Navigate to the <ROOT_INSTALL_DIR>\common\security\bin_v3.0\Windows-x86-64\nss directory location and list the contents of the PatrolAsServer_DB certificate store by running the following command: 

    certutil-L -d sql:PatrolAsServer_DB

    This command displays the PATROL Agent's identity information as shown in the following figure: 

  3. Perform the following sequence of steps to update the identity information in the PATROL Agent:

    • Microsoft Windows
      1. Go to Start > Run and type regedit. The registry editor dialog box is displayed as shown the following figure:

      2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\BMC Software\Patrol\SecurityPolicy_v3.0\agent\server directory location, and update the value of identity parameter with the PATROL Agent's identity information as shown in the following figure: 
    • Unix
      1. Navigate to the <ROOT_INSTALL_DIR>/etc/patrol.d/</security_policy_v3.0 directory location.

      2. Using a text editor open the site.plc file.
      3. Locate the identity parameter and assign the PATROL Agent's identity information to this parameter.

To update the PATROL Agent's encoded password information into its registry files

The default password for the PatrolAsServer_DB is password. If you change the password of the server DB store, then update this encoded password value into its registry files.

  1. Log on to the host computer where you have installed the PATROL Agent, and have generated the certificates and certificate stores.

  2. Navigate to the <ROOT_INSTALL_DIR>\common\security\bin_v3.0\Windows-x86-64 directory location and execute the bmcryptpw.exe command as shown in the following example code. This command prompts you to type the password for the PATROL Agent's client DB store. 

    bmcryptpw.exe -m <ROOT_INSTALL_DIR>\common\security\keys\sample.bin –e

  3. Perform the following sequence of steps to update the encoded password information in the PATROL Agent:

    • Microsoft Windows
      1. Go to Start > Run and type regedit. The registry editor dialog box is displayed as shown the following figure: 
      2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\BMC Software\Patrol\SecurityPolicy_v3.0\agent\server directory location, and update the value of password parameter with the PATROL Agent's encoded password information as shown in the following figure:  

        Update only the encoded password information, and keep the special character comma and the text sample.bin unchanged.

    • Unix
      1. Navigate to the <ROOT_INSTALL_DIR>/etc/patrol.d/security_policy_v3.0 directory location.

      2. Using a text editor open the site.plc file.
      3. Locate the password parameter and update the PATROL Agent's encoded password information.

Where to go from here

Once you update the PATROL Agent's registry files, verify the workflow diagram to ensure all the relevant tasks to enable TLS mode are performed.

Was this page helpful? Yes No Submitting... Thank you


  1. Anthony Yon

    Once you run the set_unset_tls command to enable the TLS mode, is there a way to validate it IS set? Is there a command, such as PatrolAgent -v, that shows the Agent is set to TLS?

    Feb 19, 2019 08:04