Next Topic

Previous Topic

Book Contents

Install Agents

Agent > Install Agents

  • This page applies to the following products: On Premises, Kaseya Advanced, Kaseya Essentials, IT Center

The Install Agents page installs the agent on a remote system and creates a new machine ID / group ID account. Install Agents remotely installs the packages created using Deploy Agents. There are two methods of selecting machines to install agents on:

  1. Machines discovered using LAN Watch - Clicking any LAN Watch machine—sometimes called the "discovery machine"—displays a listing of all discovered machines on the same network. Machines without an agent display in red text.
  2. IP Address - You can also install an agent by entering an IP address or host name that you know the discovery machine has network access to, even if it is not listed on the page.

Remote Install Prerequisites

  • An administrator account—a member of the local administrators group—is required on the remote machine.
  • Account must have a password. A blank password is not valid for remote access.
  • The administrator account must have been used at least once to log in locally on the machine.

Installing Agents on Selected Machines

  1. Select remote machines, by either:
    • Checking multiple machines listed on the page in red text, or by
    • Entering the IP address of a single machine at the top of the page.
  2. Enter an administrator credential for the machines you've selected.
    • If the target machine is on a domain, the administrator credential must include the domain. The username field must be in the form domain\administrator or administrator@domain. If the target machine is not on a domain, then the administrator credential must include the hostname in the form hostname\administrator. For Linux machines, the root username alone—without a hostname or domain—must be used.
  3. Select an agent install package. The OS of the selected agent install package must match the OS of the remote machine.
    • Windows machines if the LAN Watch discovery machine was a Windows machine.
    • Macintosh machines if the LAN Watch discovery machine was a Macintosh machine.

      Note: Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.

    • Linux machines if the LAN Watch discovery machine was a Linux machine.

      Note: For Linux machines, the root username alone—without a hostname or domain—must be used.

  4. Click Install.

Kconnect and SSH

The following technologies are used by Agent > Install Agents to install agents on remote systems after a LAN Watch scan is run on the discovery machine.

  • Kconnect enables the installation of agent packages on remote target systems running a Windows operating system
  • SSH (aka Secure Shell) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. This protocol is primarily used on Unix-based systems, including Mac OS X and Linux.
    • Mac OS X 10.3.9 and above machines must have SSH Remote Login in System Preferences > Sharing > Remote Login enabled to support the remote install of Macintosh agents using Install Agents.
    • On Linux sshd must be installed and enabled. This is not enabled by default in some Linux distributions.

A valid credential set with administrator rights is required to successfully install an agent remotely.

Note:The KcsSetup installer skips installation if it detects an agent is already on a machine if the /e switch is present in the installer package. The installer overwrites installation if it detects an agent is already installed on a machine if the /r switch is present in the installer package. The /r switch overrides the /e switch if both switches are included in the agent package.

Running Kconnect

When Install Agent is run, Kconnect.exe is downloaded from the KServer into the c:\kworking directory and run using the following command line. You don't have to create this command line. Install Agent does it for you.

c:\kworking\kconnect \\hostname -u "adminname" -p "password" -c -f -d "c:\kworking\kcssetup.exe" > c:\kworking\LANInsAipAddr.txt

The terms hostname and ipAddr refer to the remote machine. If the agent is on a drive other than C: then the working files are referenced to the same drive the agent is installed on.

Kconnect Error Messages

If a remote Windows agent installation fails for any reason, the KServer passes back the results reported by Kconnect.exe. Typically, Kconnect.exe is simply reporting OS errors that it received trying to execute a call.

Typical Reasons for Install Failure

See Install Issues and Failures for a general agent install issues and failures. Additional issues and failure related to remote installation of agents using Install Agents include:

  • File and Printer Sharing Not Enabled - Verify File and Printer Sharing is enabled on the target machine's firewall if the target machine's firewall is on.
  • Blocked by Network Security Policy
    • Windows - Kconnect.exe connects to the remote PC through the RPC service and runs as a local account. Remote access to this service is controlled by a Local or Domain Security Setting. Open Local Security Policy (part of Administrative Tools). Open Local Policies\Security Options\Network access: Sharing and security model for local accounts. The policy must be set to Classic for Kconnect.exe to operate across the network.

      Note: Classic is the default setting for machines that are members of a domain. Guest is the default setting for machines that are not in a domain. Microsoft does not allow Windows XP Home Edition to become a domain member.

    • Macintosh - SSH can be blocked by client management network policies, which are configured using Server Admin in Mac OS X 10.4 and later.
  • Failure to Connect - The RPC service is not available on the target machine. For example, XP Home does not support RPC. This prevents anything from remotely executing on that box. On Windows XP you can turn this service on by opening Windows Explorer and selecting Tools - Folder Option... - View tab. Scroll to the bottom of the list and uncheck Use simple file sharing. The XP default configurations are as follows:
    • XP Pro on a domain - RPC enabled by default. Use simple file sharing is unchecked.
    • XP Pro in a workgroup - RPC disabled by default. Use simple file sharing is checked.
    • XP Home - RPC disabled always. Use simple file sharing is not available.
  • Network Path Not Found - If you get a message saying that the network path could not be found, it means that the admin$ share is not available on that machine. The admin$ share is a default share that windows creates when it boots, it is possible to turn this off via the local security policy, or domain policy. If you want to check the shares on that remote machine you can use Kconnect.exe to retrieve a list for you. Type kconnect \\ "net share". Check that the admin$ share exists and points to c:\windows or c:\winnt on older operating systems.
  • Blocked by Anti-Virus Program - Some anti-virus programs may classify Kconnect.exe and SSH as security threats and block its execution.
  • Invalid Credential - The credential must have administrator rights on the local machine. The agent requires administrator rights to install successfully.
    • If the target machine is on a domain, the administrator credential must include the domain. The username field must be in the form domain\administrator or administrator@domain. If the target machine is not on a domain, then the administrator credential must include the hostname in the form hostname\administrator. For Linux machines, the root username alone—without a hostname or domain—must be used.
    • On Vista, 7, and 2008 machines, ensure User Account Control (UAC) is disabled for the administrator rights credential being used.
    • Mac OS - Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.
    • Linux - Linux machines credentials must use the root user on the Install Agents page. Embedding a root credential in the agent install package is unnecessary for Linux agent install packages used on the Install Agents page.
  • SSH Not Installed or Enabled - Mac OS X 10.3.9 and above machines must have SSH Remote Login in System Preferences > Sharing > Remote Login enabled to support the remote install of Macintosh agents using Install Agents. On Linux sshd must be installed and enabled. This is not enabled by default in some Linux distributions.
  • Reboot of Remote Machine Required - If a remote install attempt fails, you may need to reboot the remote machine. The problem is that the rejected attempt to mount the remote file share is remembered on the remote machine. Until the remote machine is rebooted, the failed attempt is cached and the remote machine continues to return that old failed status until the machine is rebooted.

Testing and Troubleshooting

Admin Logon Name

The administrator name used to remotely access the selected machine. The Admin Logon Name must have administrator rights on the remote selected machine. Multiple accounts may have administrator rights on the same machine. Your domain administrator account may be different than the local administrator account. To ensure you are using the domain account enter the logon name using the domain\administrator or or administrator@domain format. If the target machine is on a domain, the administrator credential must include the domain. For Linux machines, the root username alone—without a hostname or domain—must be used.

Password

The password associated with the Admin Logon Name.

Install

Click Install to schedule an installation of the selected install package on all selected machines.

Cancel

Click Cancel to cancel execution of this task on selected managed machines.

Select an Agent Package to Install

Select the agent package to remotely install on selected machines. These packages are created using Deploy Agents.

Show all devices

Check this to see possible machines that did not report a host name. such as Mac machines that do not have a DNS.

Hide devices that match the MAC address of existing machine IDs

Check this box to hide all machines on a LAN with a MAC address matching the MAC address of an existing machine ID / group ID account.

Hide devices that match the computer names of existing machine in <machine ID>

Check this box to hide machines that have a common computer name in this same group ID. A LAN Watch may discover an managed machine with a second device using a different MAC ID then the one used to report to the KServer. For example, the same managed machine may connect to the internet using direct connection and have a second wireless connection with a different MAC ID. Checking this box hides the second device from this list so that you don't assume you've found a new unmanaged machine.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Host Name

The host name of each device on the LAN discovered by the latest LAN Watch scan.

IP Address

The private IP address of each device discovered by the latest LAN Watch scan.

MAC Address

The MAC address of each device discovered by the latest LAN Watch scan.

Vendor

The system manufacturer.

Last Seen

The time each device was last detected by the latest LAN Watch scan.