0
Under review

Problems installing the Anturis Monitoring Agent on a 2012 r2 domain controller

IS_RP 3 years ago updated 3 years ago 4

Hi,
I tried to update the agent from the web console but it was version 2.7 and I was advised to do it manually.
I simply ran the installation on one of the 3 servers (running 2012 r2) with outdated agents and everything went fine without a reboot.
However the last server is a domain controller and the in-place upgrade failed to start the service ("Verify if you have sufficient privileges to start system services").
I had to cancel the upgrade and it reverted to version 2.7 but it won't start due to logon failure.
I rebooted the server but that didn't help with the upgrade.
I uninstalled the existing 2.7 and rebooted but the upgrade fails the same way.
I noticed that on the 2 other servers there are now 2 local accounts (AnturisAgent and AnturisRestricted).

I added those 2 accounts to the local SecPol "Log on as a service" but the upgrade still fails.

Currently there's no agent installed on this DC and I need this fixed ASAP.

Answer

Answer
Under review

Hi,

About the DC with issue. Does this DC have another DC(like secondary DC) at the same network?

In common case this usually helps:

  1. Uninstall agent from all servers that are in the same domain.
  2. Check in users list that there are no Anturis* users
  3. Check there are no Anturis* users in Local Security Policy->Local Policies->User Rights Assignment for the following policies: Allow log on locally, Log on as a service, Replace a process level token
  4. Delete key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Acronis Monitoring in registry from all servers where Anturis agents were installed.
  5. After that install the latest agent version on each server manually
  6. Connect it to account and setup components & monitors again

About service account for 'logon as a service' it is good point but unfortunately, it is not possible now.

It seems that the installation of the latest version of the agent fails at the step of creating the service.

On the other hand, it would help if we could use a domain "service account" as service logon because many companies have GPOs that restrict the accounts that are allowed to "Log on as a service".

Answer
Under review

Hi,

About the DC with issue. Does this DC have another DC(like secondary DC) at the same network?

In common case this usually helps:

  1. Uninstall agent from all servers that are in the same domain.
  2. Check in users list that there are no Anturis* users
  3. Check there are no Anturis* users in Local Security Policy->Local Policies->User Rights Assignment for the following policies: Allow log on locally, Log on as a service, Replace a process level token
  4. Delete key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Acronis Monitoring in registry from all servers where Anturis agents were installed.
  5. After that install the latest agent version on each server manually
  6. Connect it to account and setup components & monitors again

About service account for 'logon as a service' it is good point but unfortunately, it is not possible now.

Yes, there is another DC in this domain and the agent on it is version 2.8.1.10611 (10611) but I don't have "Update" button for it on the portal. I had such buttons for the servers that had version 2.7.* but pressing the button resulted in "Please do it manually"... I guess following the above procedure will help with its upgrade too.

I am surprised that I will have to uninstall and reinstall the agent on all of our servers in order to fix the issue with the DC. From my past experience the uninstall/re-install of the agent requires the reboot of the server which we'd like to avoid but if that's the (only) best solution I will do it.

Thank you for the response, Ilya!

Ilya,

The procedure suggested by you helped me reinstall the latest version of the agent on all the servers I need to monitor.
The dashboard view "Agents & Locations" shows all components as "Connected" (green).

However, in "Infrastructure" and "Global Overview" all the components (monitors) fail with the following details:

No response from the Agent
Error code: 500
No response from the Anturis Agent. Please check if the corresponding host is up, connected to the network and can reach https://anturis.com.
Check also whether the Agent service is running and connected to Anturis servers. If the problem persists try re-installing the Agent or contact us at support@anturis.com.

I went and reconfirmed all the monitors for one of the servers - clicked EDIT, didn't change anything, then SAVE.
The monitors and the component went grey and several minutes later I got this alert:


New Critical Incident started at 16:03 EST on Wednesday, November 23 with ****_**.
1 new Problem(s):
  • Critical Problem with **** (new Status:Error) started at 16:03 EST on Wednesday, November 23:
    • Monitor ping@*.*.*.* Connectivity error on *********. Error 500: No response from the Agent [No response from the Anturis Agent. Please check if the corresponding host is up, connected to the network and can reach https://anturis.com.
      Check also whether the Agent service is running and connected to Anturis servers. If the problem persists try re-installing the Agent or contact us at support@anturis.com.]

Please visit Anturis Console to troubleshoot.


I installed the agent on a machine that hasn't been monitored until today and created a new component for it - all its monitors are green now.

I tried to rebuild the components but after a minute or two of "Loading" animated icon I got "Server error: Failed to rebuilt component."

It seems that the pre-existing components are experiencing the Error 500 mentioned above... Do I have to delete all the old components and re-create them?