Install and Configure the WMI Agent
For supported software information, click here.
The Windows Management Instrumentation (WMI) agent receives notifications from Microsoft Active Directory (AD) and passes them on the Versa Messaging Service (VMS) so that the VMS can keep its entries updated and can learn about new events. The WMI agent also publishes incremental updates to a real-time messaging server.
VMS is a message streaming server that handles high volumes of streamed data and disseminates this data to the Versa Operating System™ (VOS™) devices that are deployed in a network. Passive authentication based on VMS checks and confirms user identity without requiring any specific action to authenticate users. For more information, see Configure Passive Authentication for VMS. The VMS server receives user events from WMI agents and shares this data with VOS for policy enforcement.
This article describes how to install the WMI agent and how to perform the initial configuration of the WMI agent.
Install the WMI Agent
You can install the Versa WMI agent as a standalone component or as a software package installed on a Windows server. The standalone installation is supported on the Windows 10 Client or Windows Server 2016. For hardware requirements, see the Windows 10 Client or Windows Server 2016 documentation.
Before you install the WMI agent, ensure the following:
- Download the Winscp or Wireshark application to the Windows device, to use for debugging.
- After you install Windows, copy the VersaWmiAgentInstaller.exe file to the Windows device from the following link:
https://versanetworks.app.box.com/s/d7jh1z6y3kaijd3yfwil0uxchr1w9ton
To install the WMI agent:
- Double-click the VersaWmiAgentInstaller.exe file.
- In the Security Warning popup window, click Run.
- In the User Account Control popup window, click Yes.
- Click Next in all the windows of the WMI agent installation wizard until you finish the installation. The first window of the installation wizard is shown below.
- In the Ready to Install window, click Install, and In the last wizard window, click Finish to complete the installation.
After you click Finish, the WMI agent launches.
Install the WMI Certificate Files
You must install two certificate files on the device running the WMI agent:
- root-ca-cert.pem—Root certificate file. This file is created on the VMS message-streaming server and is placed in the /opt/versa/vms/certs/ directory. You must install this certificate file on the device running the WMI agent before you install the WMI agent.
- client-cert.pfx—Client certificate file. This file is located in the /opt/versa/vms/certs/ directory on the VMS message-streaming server. You install this certificate file on the device running the WMI agent after you install the WMI agent.
To install the root-ca-cert.pem certificate file on the device running the WMI agent:
- Copy the root-ca-cert.pem certificate file from the /opt/versa/vms/certs/ folder on the VMS message-streaming server. For more information, see Install the Versa Messaging Service.
- On your Windows device, open certlm.msc and select Run as Administrator.
- In the certlm popup window, select Trusted Root Certification Authorities > Certificates.
- Right-click Certificates, select All Tasks, and click Import.
- In the Certificate Import Wizard popup window, click Local Machine (default) under Store Location and click Next.
- In the File to Import window, click Browse and select the root-ca-cert.pem certificate from the location where you saved the file.
- Click Next.
- In the Certificate Store window, click Place All Certificates in the Following Store (Default) and select Trusted Root Certification Authorities (Default).
- Click Next and then click Finish in the final window of the wizard.
To install the client-cert.pfx certificate file on the device running the WMI agent:
- Copy the WMI certificates from the /opt/versa/vms/certs/ folder on the VMS message-stream server. For more information, see Install the Versa Messaging Service.
- After you install the WMI agent, click the VMS tab.
- Click Import Client Certificate and select the client-cert.pfx certificate file that you copied from the VMS message-streaming server. For more information, see Step 4 in Configure a VMS Server, below.
Configure the WMI Agent
After you install the WMI agent, you configure the Active Directory and VMS server details for the WMI agent so that it can receive information from Active Directory and pass it to the VMS server. You can create user groups and user filters to enable or disable monitoring, and you can perform basic troubleshooting from the WMI agent.
Configure the Active Directory Server
To configure an Active Directory server on the WMI agent:
- To start the WMI agent, double-click the WMI agent shortcut on the desktop. The Active Directory tab displays.
- To configure authentication details for Active Directory, in the Active Directory tab, click Configuration to update the WMI agent Active Directory configuration. Enter information for the following fields.
Field Description Domain (Required)
Enter the name of the organization domain configured on the Active Directory server.
Username (Required)
Enter the username to log in to the Active Directory server. If the user has Administrator privileges on the Active Directory server, they can perform all operations. If the user does not have Administrator privileges on the Active Directory server, they can access event logs. For more information, see Create a Non-Administrator User To Access Event Logs, below. Password
Enter the password to log in to the Active Directory server. Reconnect Interval (Required)
Enter the time, in seconds, after which the WMI agent tries to reconnect to the Active Directory server after reconnection failures. The WMI agent attempts reconnections until the connection is re-established.
Value: 1 through 1800 seconds
Default: 10 seconds
- Click OK.
- Click Add Server to enter the active directory server details. In the Active Directory Configuration popup window, enter information for the following fields.
Field Description Server Address (Required)
Enter the IP address of the Active Directory server to which the WMI agent connects.
Server ID (Required)
Enter the identifier of the Active Directory server. Monitor Event
Click On to enable event monitoring of the Active Directory server on the WMI agent. This provides monitoring of connection errors and other debugging. It is recommended that you enable event monitoring. Secure LDAP Click On to enable secure LDAP query. The WMI agent fetches the principal user name using LDAP query. For more information, see Configure a VMS Server below.
Default: Off
Description
Enter a description for the Active Directory server. - Click OK.
- To delete an Active Directory server record, click Remove in the Active Directory tab:
To display information about the Active Directory server, click View Details for the Active Directory server and then select the Server Details tab. For example:
To display statistics about the Active Directory server, click View Details for the Active Directory server and then select the Server Statistics tab. For example:
Create a Non-Administrator User To Access Event Logs
By default, an Administrator user can perform all operations on the Active Directory server. If you want to allow a non-Administrator user to access the event logs on the Active Directory server, you create a user who has access to the built-in Active Director groups and configure security settings to allow the groups to access Active Director server and all name spaces.
To create a new user and add the user to predefined Active Director built-in groups:
- On the Active Director Server, add a new user (For example, event-auditor)
- In the Active Director domain, click Builtin.
- In the right panel, right-click Event Log Readers and then select Add To a Group.
- In the Enter the object names to select field, enter the username you created in Step 1.
- Click Check Names, and then click OK.
- In the Active Director domain, click Builtin.
- In the right panel, right click Distributed COM Users and then select Add To a Group.
- In the Enter the object names to select field, enter the username you created in Step 1.
- Click Check Names, and then click OK.
To configure the Distributed COM security settings to allow the groups to access the system remotely:
- Click Start > Run.
- Enter dcomcnfg, and then click OK.
- Drill down in the Component Services tree until you get to My Computer.
- Right-click My Computer, and in the menu, click Properties.
- Select the COM Security tab.
- In the Launch and Activation Permissions section, click Edit Limits.
- Click Add.
- In the Enter the object names to select field, enter the string Distributed COM Users.
- Click Check Names, and then click OK.
- Click Add.
- Repeat Steps 5 through 10 for the Performance Monitor Users group.
- For each of the permissions (Local Launch, Remote Launch, Local Activation, Remote Activation) for each group, check Allow
- Click OK.
Finally, to enable OpManager to fetch the data using WMI, you provide access for all classes under all namespaces for both the user groups. To set the WMI control security settings so that they apply to all namespaces:
- Click Start > Run.
- Enter wmimgmt.msc, and then click OK.
- Right-click WMI Control (Local), and in the menu, click Properties.
- Click over to the Security tab, click Root, and then click Security.
- Click Add.
- In the Enter the object names to select field, enter the string Distributed COM Users.
- Click Check Names, and then click OK.
- Ensure that the Distributed COM Users group is selected, and then click Advanced.
- Highlight the row with Distributed COM Users in it and click Edit.
- In the Applies to field, select This namespace and subnamespaces.
- In the Allow column, check Execute Methods, Enable Account and Remote Enable.
- Click OK.
- Repeat Steps 4 through 12 for the Performance Monitor Users group.
Configure a VMS Server
To configure a VMS server for the WMI agent:
- In the WMI agent main window, select the VMS tab.
- In the VMS tab, click Configuration to configure VMS server details to send data to VMS. In the VMS Configuration popup window, enter information for the following fields.
Field Description VMS Tenant (Required)
Enter the VMS tenant or organization name. This name must match the tenant or organization name on the VOS devices.
Duplicate Event Ignore Interval (Required)
Enter the time, in minutes, after which duplicate user login–related events received from Active Directory servers are ignored.
Value: 1 through 60 minutes
Default: 5 minutes
Users Expiry Interval (Required)
Enter the time, in hours, after which user records expire. A user–IP address record is valid on a VOS device until either the device receives a new user–IP address record or the expiration time interval occurs, whichever happens first.
Value: 1 through 168 hours
Default: 8 hours
User Principal Name Refresh Interval Enter the refresh interval, in minutes, to fetch user principal names in order to update with new users or to modify existing user principal names. The user principal name is the fully qualified username for a domain. For example, if domain is xyz-networks.com and username is "testuser," the user principal name is testuser@xyz-networks.com.
Value: 5 through 60 minutes
Default: 5 minutes
Send User Principal Name Click On to send the principal name of the user to the VMS server.
Default: On
- Click OK.
- Click Add VMS Server. In the Add VMS Server popup window, enter information for the following fields.
Field Description FQDN (Required)
Enter the fully qualified domain name (FQDN) of the VMS server to which to connect the WMI agent.
Server Port (Required)
Enter the port number of the VMS server.
Value: 1 through 65535
Default: 443 (For WMI Releases 11.4.0 and earlier, the default is 3092)
Secure Connection
Click On to enable secure connection between WMI Agent and VMS server. A secure connection uses HTTPS and a non-secure connection uses HTTP. Secure connection is usually used if the server is configured for two-way authentication, that is, when server and client use authentication. A client certificate is used for client authentication.
Default: On
Description
Enter a description for the VMS server. - Click Ok.
- To import a client certificate for client authentication, click Import Client Certificate in the VMS tab. The Import VMS Client Certificate popup window displays.
- Click Import to select the client certificate from the Windows device to import, or enter the path in the Certificate Path field.
- Enter the certificate key-store password.
- Click OK.
- Copy the client certificate that you set in Step 6a to the Windows machine on which the WMI agent is running. On the VMS server, the client server certificate is located in the directory /opt/versa/vms/certs/, in the file client-cert.pfx. Note that you can only import PFX certificates (.pfx).
To delete a VMS server record, click Remove in the VMS tab:
To display information about the VMS server, click View Details for the VMS server and then select the Server Details tab. For example:
To display event statistics for the VMS server, click View Details for the VMS server and then select the Event Statistics tab. For example:
To display bootstrap statistics for the VMS server after connection initiates with the server, click View Details for the VMS server and then select the Bootstrap Statistics tab. For example:
To view event history for the VMS server, click View History. For example:
To export the event history records to an Excel (.xls) file, click Export.
Add Group Filters
You can create groups that the WMI agent can monitor or not monitor. For example, you can create group filters for sales staff or system administrators.
To create a group and enable group filtering:
- In the WMI agent main window, select the Groups Filter tab.
- In the Groups Filter field, click On to enable filtering for the groups that you are when you click the Add Group field on this tab. When you enable group filtering, only groups that you add on this tab are monitored. If you disable group filtering, all groups are monitored. If you enable group filtering and do not add any groups, no user groups are filtered. So, enable group filtering only if you want to monitor or not monitor specific groups.
- Click Add Group.The Add Group popup window displays.
- In the Group Name field, enter a name for the group. This is a required field. Note that the group name you enter must be same as the group name in Active Directory.
- In the Filter Action field, select Monitor, to allow monitoring of the group, or Ignore, to disable monitoring for the group.
- Click OK.
Add User Filters
You can add users (for example, admin), and you can enable or disable filtering for users. You can add specific uses who you want to monitor or do not want to monitor.
To add user filters:
- In the WMI agent main window, select the Users Filter tab.
- In the Users Filter field, click On to enable filtering for all users, or click Off to disable filtering for all users. If you set User Filter to On and you set Default Filter Action to Monitor, the filter action that you set for each user is used.
- In the Default Filter Action field, click Monitor to monitor all users, or click Ignore to not monitor all users. The Default Filter Action also applies to the users that are not added here. For example, if you set Default Filter Action to Ignore, and when a user who is not added here logs in, that user's record is ignored as is not monitored.
- If you set the Filter Action for a user to, in the Log Off Old IP field, configure whether to log the user in or out if they use an old IP address. For example, if you set the Filter Action for the user "administrator" to Ignore, the Log Off Old IP field is enabled (On) by default.
- Click Add User to add a user filter. The Add User Filter popup window displays.
- In the Username file, enter the name of the user. A name is required.
- In the Filter Action field, click Monitor to monitor the user and click Ignore to not monitor the user. If you click Ignore, Log Off Old IP is enabled.
- If Filter Action is Ignore, in the Log Off Old IP field, select On to log off the user from an old IP address if the user logs in with a new IP address.
- Click OK.
To delete a user record, click Remove in the Users Filter tab:
View User Details
To view information about the users that you have added to the WMI agent:
- In the WMI agent main window, select the Users tab to display the username, the server to which a user is connected, the active and last event IP addresses, the last user action, and the time of the last event.
- To export user records to an excel (.xls) file, click Export.
- Click View Details to view more information about a user.
Configure Log Parameters
To configure log parameters for the WMI agent:
- In the WMI agent main window, select the More tab.
- Select Log in the left navigation bar, and enter information for the following fields.
Field Description Log Size Limit
Select maximum size for log files:
- 10 MB
- 25 MB
- 50 MB
- 100 MB
Log Active Directory Events
Click On to create logs for active director events. Application Log
Click On to enable logging for application events. Application Log Level Select the severity level to apply to application logs:
- Debug—Application log requires debugging.
- Error—Log event is an error.
- Info—Log event is for informational purposes.
- Verbose—Show additional information during the interaction with the client user interface.
- Warn—Log event is a warning.
Default: Debug
Troubleshoot WMI Service Issues
To check WMI service status and to start, stop, or restart the service:
- In the WMI agent main window, select the More tab.
- Select Troubleshooting in the left navigation bar to view the running status of the WMI service.
- indicates that the WMI service is running.
- indicates that the WMI service has stopped. Click Restart Service to try to restart the service.
- If the WMI service is not running, click Start Service to start it.
- To stop the service, click Stop Service.
- To save log records to share with Versa Networks Customer Support, click Export. The log records are saved as a .zip file.
- To save a configuration record (.zip file) to your local disk, click Export. All configuration details except the password of the account used for listening to Active Directory events are saved.
- To import a saved configuration record (.zip file) from your local disk, click Import and select the file to import.
Supported Software Information
Releases 21.2.1 and later support all content described in this article.
Additional Information
Configure Passive Authentication for VMS
Install the Versa Messaging Service