Component-specific requirements
This topic provides information about the requirements that are specific to the various PATROL for Microsoft Windows Servers components.
- PATROL for Microsoft Hyper-V prerequisites
- PATROL for Microsoft Cluster Server prerequisites
- PATROL KM for Microsoft Windows Domain Services requirements
- PATROL KM for Microsoft Windows Operating System requirements
- PATROL KM for Microsoft Windows Active Directory requirements
- PATROL KM for Microsoft Windows Active Directory Remote Monitoring requirements
- PATROL KM for Windows remote monitoring prerequisites
- PATROL default account required permissions
PATROL for Microsoft Hyper-V prerequisites
The following requirements must be in place before beginning the installation.
Resource | Requirement |
|---|---|
WinRM | WinRM default ports must be open on PATROL Agent and Hyper-V Host The default HTTP port used by Winrm is 5985 The default HTTPS port used by Winrm is 5986 |
PowerShell | 3.0 and later versions are supported (required on the PATROL Agent) |
Microsoft .Net Framework | 4.0 and later versions are supported (required on the PATROL Agent) |
User | A valid domain or local user who is a member of the Administrators group (on Hyper-V host). |
PATROL for Microsoft Cluster Server prerequisites
- What are the pre-requisites for enabling remote monitoring of cluster?
- Requirements for host computers (PATROL Agent)
- Requirements for the remote nodes of the cluster
- WinRM configuration
What are the pre-requisites for enabling remote monitoring of cluster?
The PATROL Agent computer must be a dedicated server for remote monitoring. The WinRM client should be installed on the PATROL Agent computer to communicate with the remote cluster on which the WinRM server is installed. The WinRM server should be configured with an HTTP or HTTPS listener on all the remote nodes of the cluster before adding it into a PATROL Agent.
Requirements for host computers (PATROL Agent)
- WinRM version 2.0 or later must be installed.
- PATROL Agent and PATROL KM for Microsoft Cluster Server version 2.0.00 or later must be installed.
- Kerberos and Negotiate (NTLM) authentication should be true in the WinRM configuration.
Requirements for the remote nodes of the cluster
- WinRM version 1.1 or later must be installed and running.
- WinRM must be configured with a listener either on HTTP or HTTPS.
- Kerberos and Negotiate (NTLM) authentication should be true in WinRM’s configuration.
A valid domain or local user who is a member of the Administrators group. A local user must be created with same credentials on all the nodes.
The following figure illustrates a configuration with multiple clusters:
Monitoring configuration with multiple clusters
Introduced in Windows Vista and later versions of Windows, User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service.
To allow all accounts in the Administrators group to access the service, using the Regedit utility, set the value of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1.
WinRM configuration
For information about how to configure WinRM, see PATROL KM for Windows remote monitoring FAQs.
PATROL KM for Microsoft Windows Domain Services requirements
To monitor network protocols and to use the following domain monitoring parameters and management features, you must have the SNMP service installed :
- NT_DHCP parameters
- WpReplicationFailures parameter
- Executing the WINS Database Scavenging menu command
As a default, the SNMP service is configured to accept SNMP packets from any host. If the service is configured to accept packets from hosts, then the local host IP address or hostname must be added to the list of hosts. It is not sufficient to add "localhost" or the loopback address 127.0.0.1.
At a minimum, the SNMP community string must have READ permissions. To initiate the WINS Database Scavenging menu command, the community string must have WRITE permissions as well.
On Windows 2000 servers, the community string must be an ASCII character string. Microsoft Windows 2000 does not support non-ASCII characters in community strings.
For the NT_DHCP application class to work, the default PATROL Agent account must have full access to %PATROL_HOME% and all subdirectories. On Windows 2003 and later, the default PATROL Agent account must also be a member of the DHCP Users group.
PATROL KM for Microsoft Windows Operating System requirements
The following requirements are necessary for using PATROL KM for Microsoft Windows Operating System.
- Process monitoring: To monitor processes, the PATROL Agent must have access to this hive and all sub-keys: HKLM\SOFTWARE\Microsoft\WindowsNT\perflib
- Event log monitoring: To discover event logs, the PATROL Agent must have access to this hive and all sub-keys: HKLM\CurrentControlSet\Services\Eventlog\
(PATROL Agent 3.6 or later has access. No additional configuration is needed).
PATROL KM for Microsoft Windows Active Directory requirements
The following requirements are necessary for using PATROL KM for Microsoft Windows Active Directory:
- PATROL KM for Microsoft Windows Active Directory now requires the PATROL KM for Microsoft Windows Operating System 3.9.20 or later for full support. If you are running a release earlier than 3.9.20, the KM fails prediscovery and writes a message to the mwd.log file, as well as to the system output window (SOW). If you are running 3.9.x, the KM is discovered, but the Event Log parameters are not available.
- PATROL KM for Windows Active Directory requires that the Event Log component of PATROL KM for Microsoft Windows Servers is active. By default the Event Log component is active. For more information, see Configuring-Windows-events-monitoring.
- PATROL for Windows Servers monitors Microsoft Windows Active Directory only when Microsoft Windows Active Directory is running on domain controllers.
- PATROL KM for Microsoft Windows Active Directory supports the Read Only Domain Controller support on Microsoft Windows 2008.
PATROL KM for Microsoft Windows Active Directory Remote Monitoring requirements
The local node (or member server) provides a client view of the Active Directory objects. The data provided for each managed node is collected within the context of the domain of which the managed node is a member.
To display information about Active Directory objects, the managed node must meet the following requirements:
- PATROL Agent 3.6.00 or later must be installed.
- Default account for the PATROL Agent must be a domain user account.
PATROL KM for Windows remote monitoring prerequisites
- Which version of PATROL KM for Windows supports remote monitoring?
- What hardware do I need to monitor multiple Windows computers remotely?
- What are the pre-requisites for enabling remote monitoring?
- Requirements for host computers (PATROL Agent)
- Requirements for the remote host
- Which authentication mechanisms are used in remote monitoring?
- Kerberos authentication
- Negotiate authentication (NTLM)
- Can I use a Local account for monitoring event logs?
Which version of PATROL KM for Windows supports remote monitoring?
PATROL KM for Windows started supporting remote monitoring from version 4.3.00 onwards.
What hardware do I need to monitor multiple Windows computers remotely?
The following table lists the hardware requirements for a single PATROL Agent running on a dedicated computer and monitoring 125 remote hosts.
Resource | Minimum requirement | Recommended |
|---|---|---|
Processor | Dual processor, 32-bit | Quad processor, 64-bit |
Server memory | 4 GB | 8 GB |
Disk space | 600 MB | 1 GB |
What are the pre-requisites for enabling remote monitoring?
The PATROL Agent computer must be a dedicated server for remote monitoring. The WinRM client should be installed on the PATROL Agent computer to communicate with the remote host on which the WinRM server is installed. The WinRM server should be configured with an HTTP or HTTPS listener on the remote host before adding it into a PATROL Agent.
Requirements for host computers (PATROL Agent)
- WinRM version 1.1 or later must be installed.
- PATROL Agent and PATROL KM for Windows version 4.3.00 or later must be installed.
- Kerberos and negotiate (NTLM) authentication should be true in the WinRM configuration.
Requirements for the remote host
- WinRM version 1.1 or later must be installed and running.
- WinRM must be configured with a listener either on HTTP or HTTPS.
- Kerberos and negotiate (NTLM) authentication should be true in WinRM’s configuration.
A valid domain or local user who is a member of the Administrators group.
The following figure illustrates a configuration with multiple remote hosts:
Monitoring configuration with multiple remote hosts
Which authentication mechanisms are used in remote monitoring?
PATROL KM for Windows supports password based authentication for local and domain users. By default Negotiate Authentication will be done, and if specified using pconfig variable, it will authenticate depending on the flag set. The network authentication protocols supported are explained below:
Kerberos authentication
The client and server mutually authenticate each other using Kerberos tickets. Kerberos is used to authenticate a domain account. The user name must be specified in the following format for a domain user:
domain\username
Note: For using Kerberos authentication explicitly, set the pconfig variable /REMOTE/HOSTS/(Hostname)/authentication to 1.
Negotiate authentication (NTLM)
The client sends a request to the server to authenticate. NTLM is used to authenticate local computer accounts. The user name must be specified in the following format for a local user on a server computer:
username
Note: For using Negotiate authentication explicitly, set the pconfig variable /REMOTE/HOSTS/(Hostname)/authentication to 4.
Introduced in Windows Vista and later versions of Windows, User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service.
To allow all accounts in the Administrators group to access the service, using the Regedit utility, set the value of the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy registry key to 1.
Can I use a Local account for monitoring event logs?
No. You can only use a Domain account for monitoring event logs.
For information about how to configure WInRM, see PATROL KM for Windows remote monitoring FAQs.
PATROL default account required permissions
Monitoring replication within the configuration naming context requires that the PATROL Agent defaultAccount have sufficient Active Directory permissions to create a container object and child container objects in the configuration naming context of the forest in which the domain controller resides. The account must have full control of the created objects.
The PATROL Agent defaultAccount must be granted permission to Create Container Objects in the Configuration NC and to give Full Control to the created container object and its children.
Monitoring replication within the domain naming context requires that the PATROL Agent defaultAccount have sufficient Active Directory permissions to create a container object and child container objects in the domain naming context of the domain in which the domain controller resides. The account must have full control of the created objects.
The PATROL AgentdefaultAccount must be granted permission to Create Container Objects in each Domain NC and to give Full Control to the created container object and its children.
Lists the component-specific requirements and prerequisites