Follow

Setup Instructions and Troubleshooting

Getting Ready

This guide will walk you through setting up and troubleshooting the Cloudamize Agentless Data Collector. 

 

Minimum System Requirements

  • 64-bit Windows Server 2008 SP2

  • Microsoft .NET Framework Version 4.0

  • 4 Core CPU

  • 5 GB RAM

  • 2 GB Persistent Storage

  

Prior to Installation

  • Setup a new Windows instance to host the agentless data collector

  • When using multiple data collectors, ensure that each individual data collector’s scope of IP ranges is unique 

  • Each data collector can assess up to a maximum of 500 instances

  • Exclude the data collectors IP address when adding hosts

 

Firewall requirements

 

Please note the following rules for each class of machine:

Machine with Cloudamize Agentless Data Collector installed

  • TCP port 445 open inbound
  • TCP ports 443 and a proxy server port if a proxy is being used (e.g., 8080,80) open outbound to our servers at 104.197.11.97

 Each Windows endpoint 

  • TCP ports 135 and the range 1025-65535 open inbound
  • TCP port 445 open outbound to the machine with the Agentless Data Collector installed

 Each Linux endpoint

  • TCP port 22 open inbound

The table below lists the relevant ports for machine discovery and communication to the Cloudamize servers:

 

Protocol

Port

Usage

TCP

22

SSH to access Linux servers

TCP

135

Windows RPC

TCP

445

Microsoft-DS Active Directory and SMB, Windows shares

TCP

1025 - 65535

RPC dynamic port range

TCP

443

SSL to communicate with the Cloudamize servers

Ports relevant to the Cloudamize Agentless Data Collector

 

 

Windows Agentless Data Collector GUI Installation

The latest version of the Cloudamize Agentless Data Collector can be downloaded here:

https://agentmanager1.cloudamize.com/cxf/downloadFile/cloudamizeAgentlessDC.msi

 

After downloading: Run the MSI file by double-clicking it and click "Next"

mceclip0.png

 

Accept the End-User License Agreement and click “Next”

agentless-2.png

 

Enter the customer key that was generated for the assessment. The customer key is available on the Cloudamize Agent Installation webpage. It is located by going to the Partner Dashboard here and navigating to Settings > Agent Setup > Access

mceclip1.png

 

To use a proxy server, enable "Use proxy" and type in HTTPS proxy and port. If your proxy server needs user credentials, enable "Use proxy credential" and enter the Username and Password. Click "Next". Click Install to begin the Cloudamize Agentless Data Collector installation

mceclip2.png

 

Once the installation completes, click Finish to close the installer

mceclip3.png

 

Add and Configure Hosts

Continue on to our guide for next steps on how to Add and Configure Hosts with the Cloudamize Agentless Data Collector

 

Windows Troubleshooting

Account Credentials

mceclip4.png

This error occurs when a Domain name is not specified. The format for username is DomainName\Administrator

 

Unable to resolve a node

mceclip5.png

  1. The host [IP Address] is down
  2. The account name and password are incorrect or the account does not have sufficient privileges
    • If the server is domain joined the domain controller itself may not be running
    • The Active Directory administrator group may not include the domain administrator group.
    • The user account provided may not be in the domain admin group or it may not be the local administrator account
  3. A local account on the server in use and it is a member of the administrators group but not the administrator account itself. 

 

Entry Key to disable UAC:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio n\Policies\system\LocalAccountTokenFilterPolicy

Note: If the file path does not exist a new registry key will be required. Please note that this will require administrative privileges

 

Open Regedit, right click on the System folder and select “New” and “DWORD (32-bit)”

mceclip6.png

Change the name of the new registry entry to: LocalAccountTokenFilterPolicy

mceclip7.png

Right click on the registry entry and select “Modify”

mceclip8.png 

 Change the value from 0 to 1 and select “OK”

mceclip9.png

 

5. WMI traffic is not enabled. Run the following command in an elevated command prompt:

  • netsh advfirewall set rule group=“windows management instrumentation (wmi) new enable=yes

mceclip10.png

6, 7, 8, 9, 10. Windows Firewall issues. Refer to the Firewall requirements section Under Window Agentless Data Collector Setup.

 

Linux Troubleshooting

Creating a user

To create a new user:

  • sudo useradd [username]

mceclip11.png

Update the user password:

  • sudo passwd [username]

mceclip12.png

Root permissions

Navigate to the /etc directory:

  • cd /etc

mceclip13.png

Open the Sudoers file by entering the following command in the /etc directory:

  • sudo visudo

mceclip14.png

Navigate to root ALL=(ALL) ALL underneath the header User Privilege. Move the cursor to the end of the line and enter the letter “o”, this will create a new line. Enter the following text:

  • [username] ALL=(ALL) ALL

mceclip15.png

Press the Esc key, type “:wq!” and press Enter

 

Redhat

Create a new user:

  • sudo useradd [username]

mceclip16.png

Update the user password:

  • sudo passwd [username]

mceclip17.png

Navigate to the /etc directory:

  • cd /etc

mceclip18.png

Open the Sudoers file by entering the following command in the /etc directory: 

  • sudo visudo

mceclip19.png

Navigate to %wheel ALL=(ALL) ALL in the sudoers file

mceclip20.png

Note: If there is a # symbol in front of %wheel ALL=(ALL) ALL then it must be removed before editing the configuration. Remove the #, press the Esc key, type “:wq!” and press Enter

 

Add the user to the wheel group 

  • sudo usermod -aG wheel [username]

mceclip21.png

Verify that the [username] account has been added to the group.

mceclip22.png

 

Ubuntu

Create a new user:

  • sudo useradd [username]

mceclip23.png

Update the user password:

  • sudo passwd [username]

mceclip24.png

Add the user account to the sudo group: 

  • sudo usermod -aG sudo Username

mceclip25.png

To verify the user account has been added to the sudo group:

  • su - [username]

Enter the password for the account and type the following command:

  • sudo whoami

mceclip26.png

 

If you are still experiencing issues please send log files of the affected node(s) to [email protected]. The log files are located in C:/Program Files/Cloudamize for Windows machines, /usr/local/cloudamize/logs/ for Linux

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

3 Comments

  • 0
    Avatar
    Afeez

    This page does not include the download URL to the agentless connector :( Can you add it? I am trying to download it.

     

    Thanks,

  • -1
    Avatar
    Emanuel

    Hi Afeez, 

     

    You must open a request service asking for the setup for the agentless data collector, they send you an email with a link.

    Regars

  • 0
    Avatar
    Jon

    Hi. There's one important omission in this guide. Adding guests will fail with errors that indicates networking issues if you are missing proper DNS forwarding / reverse lookups. DNS Forwarding alone may not be adequate since translation from IP -> Name must happen as part of authorization. If IP cannot be resolved to a hostname the logon will fail, and by the look of the error it may look like a "port / networking issue".

    Aka:
    ==> Checking the WMI connection to host 10.20.30.40...  Failure.
    Here is the reason.
    SocketException = No such host is known
    -> Checking the ping connection to host 10.20.30.40...  Success.
    -> Checking the TCP connection to port 135 on host 10.20.30.40...  Success.
    Done with checking all hosts.

     

    I would suggest you add a requirement aka:

    - WINS IP to Name resolution or DNS Forward and Reverse lookup records for each entry that will be scanned by the agent.

    I'm not sure whether I would suggest WINS at all, but I leave that up to you.

    The LINK you send us to for troubleshooting WMI does not mention this requirement since the MS article there assumes we are using names.

    Ref troubleshooting link: https://msdn.microsoft.com/en-us/library/aa822854(v=vs.85).aspx

     

Please sign in to leave a comment.