Installing the Agent for Windows

This page guides you through the installation of a Windows Agent.

The Windows Agent can be used for 32-bit and 64-bit. Each version is identified using a three-digit abbreviations. These abbreviations are used in the file names of the Agents. In this page, the specific abbreviation is replaced by "???."

Tip! This page refers only to the manual installation process. If you want instructions on how to install a containerized Windows agent, see Installing Containerized Windows Agents.

Watch the Video: Installing Windows Agents

Notes:

  • 64-bit Windows platforms: Install a 64-bit Agent if you intend to start 64-bit programs and applications through it. Using a 32-bit Agent for this purpose may cause problems.

  • The following guide describes how to install an Agent in an AE system in which authentication is not used. Additional installation steps are required before the Agent can be started and used, if you intend to use one of the available authentication methods. For more information, see Agent Authentication.

  • It is best to install the Agent in a separate directory (such as C:\AUTOMIC\AGENT\WINDOWS).

This page includes the following:

Overview

Installation Files Supplied

The files of the Windows Agent are found in the directory IMAGE:AUTOMATION.PLATFORM\AGENTS\WINDOWS. Other files from this sub-directory are components of the installation program and the AE runtime system. For information about CallAPI files and their implementation, see CallAPI for Windows.

Potential Problems

  • Uppercase and lowercase letters used in the host name.
  • IP address with leading zeros.

Windows Agent for System-Wide Email Connection

A system-wide email connection can be implemented using a Windows Agent. For more information, see Email Connection.

Additional Rights Required

The Windows Agent requires certain additional rights under Windows in order to be able to use the Windows APIs that are listed below.

The Agent requires these rights in order to process file transfers and start jobs in different user contexts. Although users are defined in the Automation Engine jobs, the Agent must still be able to log on with the privileges of the particular user, read user profiles and start Jobs, for example. Therefore, start the Agent via the Service Manager as a SYSTEM user.

When you start the Agent as a regular user, however, you should install it with the recommended additional authorizations in order to make sure that it can process the above tasks:

  • Act as part of the operating system
  • Adjust memory quotas for a process
  • Back up files and directories
  • Log on as a service
  • Replace a process level token
  • Restore files and directories

The right 'log on as a batch job' is required when the option "log on as a batch user" has been activated in the Windows Jobs of the AE system's Job objects.

Powershell Configuration - File Backup or Rollback

The Agent must be configured to be able to execute Powershell commands for file backup or rollback. To do so, add the following key-value pairs in the [GLOBAL] section of the INI file of the Windows Agent:

ECPEXE=powershell.exe -NonInteractive -ExecutionPolicy bypass -NoLogo -file ECPEXT=ps1

Connecting to the Automation Engine

The Automation Engine and the Windows, UNIX, and Java Agents communicate using TLS/SSL. These agents establish a connection with the Java communication process (JCP), which uses trusted certificates to prove their identity to other communication partners.

Note: The TLS/SSL implementation does not apply to the HP-UX Agent, as it is no longer supported in this version.

You can use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters in the respective INI file to point to the relevant certificates. If the trustedCertFolder= parameter is not set, the certificates should be installed in the respective store; that is the Java trust store for Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. For more information, see Securing Connections to the AE (TLS/SSL).

For more information about the different certificate types and for detailed instructions on how to create and use them, see What Kind of Certificates Should I Use for Automic Automation v21.

TLS/SSL Agents (in containers or on-premises) and the TLS Gateway, when used for the Automic Automation Kubernetes Edition, establish a connection to an ingress / HTTPS load balancer and not the JCP directly. The ingress / HTTPS load balancer must be reachable and requires a certificate for authentication. The address of the load balancer must be defined on both sides: the Automation Engine and the Agent / TLS Gateway.

Important! When you install or upgrade Agents manually for an Automic Automation Kubernetes Edition system, you have to make sure that you configure your Agents and/or TLS Gateway to reach the TCP or HTTPS load balancer and not the CP or JCP directly. Also, make sure that your HTTPS load balancer has the required certificates in place. For more information, see Connecting to the AAKE Cluster.

Installing the Agent for Windows

  1. Install the Microsoft Visual C++ 2017 Redistributable Package.

    This installation step can be ignored if the package is already available in the required version. Refer to the Control Panel -> Add or Remove Programs to see if the package is installed, and if so, which version.

    • Host (32-bit): Install the package from the IMAGE:EXTERNAL.RESOURCES\CRTS2010\WINDOWS\X86 directory.
    • Host (64-bit): Install the package from the IMAGE:EXTERNAL.RESOURCES\CRTS2010\X64 directory.

  2. Install the Agent.

    On a 32-bit host:

    1. Start the program SETUP.EXE in the directory IMAGE:AUTOMATION.PLATFORM\AGENTS\WINDOWS\X86.
    2. Select a separate directory for the Agent (such as C:\AUTOMIC\AGENT\WINDOWS). Click the large button (computer, packing and disc) to start the installation.
    3. The Automic program group is automatically created and the Agent specified.

    On a 64-bit host:

    1. Start the program SETUP.EXE in the directory IMAGE:AUTOMATION.PLATFORM\AGENTS\WINDOWS\X64
    2. Select a separate directory for the Agent (such as C:\AUTOMIC\AGENT\WINDOWS). Click the large button (computer, packing and disc) to start the installation.

      The Automic program group is automatically created and the Agent specified.

  3. Set up the system environment.

    • On the host, adjust the INI file of the Windows Agent (64-bit) to your system environment. For more information, see Agent Windows 64-bit.

      Use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters in the respective INI file to point to the relevant certificates. If the trustedCertFolder= parameter is not set, the certificates should be installed in the respective store; that is the Java trust store for Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. For more information, see Securing Connections to the AE (TLS/SSL).

      For more information about the different certificate types and for detailed instructions on how to create and use them, see What Kind of Certificates Should I Use for Automic Automation v21.

      The user who starts the agent must have the following rights if the logon= parameter in the INI file of the agent is set to 1 (default):

      • Act as part of the operating system
      • Adjust memory quotas for a process
      • Allow log on locally
      • Back up files and directories **)
      • Logon as batch job *)
      • Logon as service
      • Replace a process level token
      • Restore files and directories

      *) This right is only required if you start jobs by using the start option Logon as batch user.

      For more information, see Windows Jobs.

      **) This right is necessary for the execution of job objects.

      For the extended File Transfer object (as of v9) this right is usually optional. It is necessary, however, when the agent transfers encrypted files with a file transfer because the agent uses the WinAPI LoadUserProfile.

      On Windows, the Local Security Policy can be called via the Control Panel > Administrative Tools. Rights are defined in User Rights Assignment in the Local Security settings.

      All Windows users that should execute BATCH-type jobs required the right Read & Execute for the agent's bin and temp directories. Otherwise, an error message occurs when the job starts (Access denied). This is necessary when the logon= parameter in the INI file of the agent is set to 1 (default) or the UC_HOSTCHAR_*'s setting ANONYMOUS_JOB is set to "N".

    • On the Admin or server computer, adjust HEADER.WINDOWS, TRAILER.WINDOWS and RESTART.WINDOWS if necessary. For more information, see Include Objects in Headers and Trailers.

  4. Start the Agent.

    • On the server computer, the AE system must be running. For more information, see Multi-Server Operations.

    • On the host, start the Agent from the Automic program group. An Agent object is automatically created in system client 0000 and stored in the folder HOST.

    • On the admin or server computer, verify that the Agent is logged on to the Automation Engine.

      Newly logged on Agents are not assigned to a client automatically and can only be viewed in Client 0. Once you have logged in to Client 0, access the Administration perspective and select Agents & Groups.

      Assign the new Agent to clients with the required rights using the Agent object definition. For more information, see Authorizations Page.

    You can use the ServiceManager to start and end the Agent as a service. For more information, see ServiceManager.

  5. On the host, shut down the Agent by right-clicking the Agent in the task bar and selecting Exit.

See also: