Setup Instructions and Troubleshooting
- Steve Baer (Unlicensed)
- Dave Laing
- Deepak Bojanapati
Getting Ready
This guide will walk you through setting up and troubleshooting the Cloudamize Agentless Data Collector.
Minimum System Requirements
The Cloudamize Agentless Data Collector will need to be installed on a physical or virtual Windows machine, meeting the following minimum requirements:
64-bit Windows Server 2012 or higher
.NET Framework version 4.0
8 CPU cores
16 GB RAM
5 GB persistent storage
Powershell v5.1 (If SQL data is required)
SQLServer Powershell Module (if advanced SQL data is required - the installer will attempt to install if it is not)
Prior to Installation
Setup a new Windows instance to host the agentless data collector
When using multiple data collectors, ensure that each individual data collector’s scope of IP ranges is unique
Each data collector can, by default, assess up to a maximum of 500 instances (configurable)
Exclude the data collector IP address when adding hosts
Linux remote hosts: Cloudamize ADC cannot collect data when requiretty is true in sudo in remote hosts
Firewall requirements
Please note the following rules for each class of machine:
Machine with Cloudamize Agentless Data Collector installed
TCP port 445 opens inbound
TCP ports 443 and a proxy server port if a proxy is being used (e.g., 8080,80) open outbound to our servers at am.cloudamize.com (US), am-de.cloudamize.com (EU), or am-ae.cloudamize.com (UAE).
If your system locally caches DNS resolution, you may need to resolve am.cloudamize.com to 35.171.170.26 or am-de.cloudamize.com to 18.194.12.63 to allow egress traffic. This feature is not currently available for our UAE region.
Each Windows endpoint
TCP ports 135 and the dynamic RPC port ranges open inbound, appropriate for your OS versions:
Windows Server 2008 and later: TCP ports 49152 to 65535 open inbound
Windows Server 2003 and earlier: TCP ports 1025 to 5000 open inbound
TCP port 445 opens outbound to the machine with the Agentless Data Collector installed
Each Linux endpoint
TCP port 22 opens inbound
The table below lists the relevant ports for machine discovery and communication to the Cloudamize servers:
Protocol | Port | Usage |
TCP | 22 | SSH to access Linux servers |
TCP | 135 | Windows RPC |
TCP | 445 | Microsoft-DS Active Directory and SMB, Windows shares |
TCP | 1025-5000 | RPC dynamic port range for Windows Server 2003 and earlier |
TCP | 49152-65535 | RPC dynamic port range for Windows Server 2008 and later |
TCP | 443 | SSL to communicate with the Cloudamize servers |
Ports relevant to the Cloudamize Agentless Data Collector
Note: ICMP/Ping is required to discover machines
Windows Agentless Data Collector GUI Installation
The latest version of the Cloudamize Agentless Data Collector can be downloaded from your assessment in the agent setup tab.
After downloading: Run the MSI file by double-clicking it and clicking "Next"
Accept the End-User License Agreement and click “Next”
Enter the customer key that was generated for the assessment. The customer key is available under Install agent using GUI. It is located by going to the Console portal here and navigating to Settings > Setup > Agentless Setup
To use a proxy server, enable "Use proxy" and type in HTTP proxy and port. If your proxy server needs user credentials, enable "Use proxy credential" and enter the Username and Password.
Click "Next". Click Install to begin the Cloudamize Agentless Data Collector installation
Once the installation completes, click Finish to close the installer
Command Line Installation with GUI
Please select one of the following commands and run it as administrator (i.e., run Command Prompt as administrator and type in one of the commands)
When a proxy server is not used,
msiexec /i <downloaded MSI file> CUSTOMERKEY="your key"
When a proxy server is used but proxy credentials are not used,
msiexec /i <downloaded MSI file> CUSTOMERKEY="your key" USE_PROXY=1 HTTPS_PROXY="https://www.your_own_proxy.com" PROXY_PORT="your_proxy_server_port"
When a proxy server is used and proxy credentials are used,
msiexec /i <downloaded MSI file> CUSTOMERKEY="your key" USE_PROXY=1 HTTPS_PROXY="https://www.your_own_proxy.com" PROXY_PORT="your_proxy_server_port" USE_PROXY_CREDENTIAL=1 PROXY_USER_NAME="user_name" PROXY_PASSWORD="password"
When a connection problem occurs, the installer will try to connect to the Cloudamize server for 24 hours. To limit the installation maximum duration due to a connection problem,
msiexec /i <downloaded MSI file> CUSTOMERKEY="your key" INSTALL_MAX_DURATION_IN_MIN=60
Unit of INSTALL_MAX_DURATION_IN_MIN is minute and 60 minutes are set in this example.
Additional options
IS_PROXY_CERTIFICATE_SIGNED_BY_CA
0: Skip the proxy certificate verification with the proxy server option. This is the default value.
1: Verify the proxy certificate.
IS_SERVER_CERTIFICATE_SIGNED_BY_CA
0: Skip the server certificate verification.
1: Verify the server certificate. This is the default value.
INSTALL_SQL_SERVER_PS_MODULE
0: Skip installation of the SQLServer Powershell Module (only required for advanced SQL data).
1: Attempt installation of the SQLServer Powershell Module if necessary.
Add and Configure Hosts
Continue to our guide for the following steps on how to Add and Configure Hosts with the Cloudamize Agentless Data Collector.
Windows Troubleshooting
Account Credentials
This error occurs when a Domain name is not specified. The format for the username is DomainName\Administrator
Cloudamize Agentless Data Collector is flagged by Antivirus
An anti-virus may flag our agentless data collector as the installation package includes obfuscated code to protect our Intellectual Property. When the Cloudamize agentless data collector is flagged by an antivirus, re-installing on the same host is sometimes not possible due to remnants left behind during the uninstallation process. Cloudamize recommends a fresh installation of the agentless data collector on a different host that meets the prerequisites.
In the event that hosts were added to the agentless data collector, the HostInfo.xml and HostInfoBackup.xml files should be backed up in a separate folder, such as C:\Temp, before uninstalling the Cloudamize agentless data collector. These files are located in: C:\Program Files\CloudamizeAgentlessDC or C: Program File (x86)\CloudamizeAgentlessDC depending on your architecture. Please note that these files can only be accessed by accounts that belong to the Administrators group.
Folder showing the location of HostInfo.xml and HostInfoBackup.xml on (x86) architecture
When the HostInfo.xml and HostInfoBackup.xml files are backed up, the Cloudamize agentless data collector can be uninstalled. You can download the latest version of the data collector from the portal.
Follow the usual process (above) to install. Once the installation has completed, copy the HostInfo.xml and HostInfoBackup files back into C:\Program Files\CloudamizeAgentlessDC\ or C:Program Files(x86)\CloudamizeAgentlessDC and restart the Cloudamize Watchdog and Cloudamize Agent services.
Unable to resolve a node
The host [IP Address] is down
The account name and password are incorrect, or the account does not have sufficient privileges.
If the server is domain joined, the domain controller itself may not be running.
The Active Directory administrator group may not include the domain administrator group.
The user account provided may not be in the domain admin group, or it may not be the local administrator account.
A local account on the server is in use, and it is a member of the administrator's group but not the administrator account itself.
Entry Key to disable UAC:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio n\Policies\system\LocalAccountTokenFilterPolicy
Note: A new registry key will be required if the file path does not exist. Please note that this will require administrative privileges.
Open Regedit, right-click on the System folder, and select “New” and “DWORD (32-bit)”
Change the name of the new registry entry to LocalAccountTokenFilterPolicy.
Right-click on the registry entry and select “Modify”
Change the value from 0 to 1 and select “OK”
5. WMI traffic is not enabled. Run the following command in an elevated command prompt:
netsh advfirewall set rule group=“windows management instrumentation (wmi) new enable=yes
6, 7, 8, 9, 10. Windows Firewall issues. Refer to the Firewall requirements section Under Window Agentless Data Collector Setup.
Linux Troubleshooting
Creating a user
To create a new user:
sudo useradd [username]
Update the user password:
sudo passwd [username]
Root permissions
Navigate to the /etc directory:
cd /etc
Open the Sudoers file by entering the following command in the /etc directory:
sudo visudo
Navigate to root ALL=(ALL) ALL underneath the header User Privilege. Move the cursor to the end of the line and enter the letter “o”, this will create a new line. Enter the following text:
[username] ALL=(ALL) ALL
Press the Esc key, type “:wq!” and press Enter
Redhat
Create a new user:
sudo useradd [username]
Update the user password:
sudo passwd [username]
Navigate to the /etc directory:
cd /etc
Open the Sudoers file by entering the following command in the /etc directory:
sudo visudo
Navigate to %wheel ALL=(ALL) ALL in the sudoers file
Note: If there is a # symbol in front of %wheel ALL=(ALL) ALL then it must be removed before editing the configuration. Remove the #, press the Esc key, type “:wq!” and press Enter
Add the user to the wheel group
sudo usermod -aG wheel [username]
Verify that the [username] account has been added to the group.
Ubuntu
Create a new user:
sudo useradd [username]
Update the user password:
sudo passwd [username]
Add the user account to the sudo group:
sudo usermod -aG sudo Username
To verify the user account has been added to the sudo group:
su - [username]
Enter the password for the account and type the following command:
sudo whoami
If you are still experiencing issues, please send log files of the affected node(s) to helpdesk@cloudamize.com. The log files are located in C:/Program Files/Cloudamize for Windows machines, /usr/local/cloudamize/logs/ for Linux.