Environment
NetIQ AppManager 6.x
NetIQ AppManager 7.0.x
NQKeyGenWindows
Situation
How do I verify whether or not an AppManager agent is using RPC Encryption?
How do I verify whether or not an AppManager Management Server is using RPC Encryption
Resolution
To verify the current security level for an AppManager agent, run the following command from a Command Prompt on the agent computer
nqkeygenwindows - agentseclev
The security level can be determined remotely from another agent machine, Management Server, or Console by using the following command:
nqkeygenwindows -remoteseclev machinename
The Windows registry on an agent contains the RPC encryption setting:
- RPC Encryption OFF = 0
- RPC Encryption ON = 1
You can change the setting for RPC encryption using the NQKeyGenWindows utility. If the utility does not allow you to use the Knowledge Script, you can turn off RPC Encryption manually.
To turn off RPC encryption manually (please note that this method is for informational purposes only, and is generally not recommended):
- Change the following entry in each agent computer's registry:
HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\AppManager\4.0\AgtShared
String : RPC Encryption
Change this value to 0. - If the agent computer is also a Management Server, change the following entry in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\AppManager\4.0\NetIQms\Config
String : RPC Encryption
Change this value to 0. - Restart the NetIQ Client Resource Monitor service (Netiqmc) and the NetIQ Client Communication Manager service (Netiqccm) on all machines where the registry keys were modified.
Additional Information
For complete instructions regarding Secure Communication for AppManager Agents, please refer to the NetIQ AppManager Administrator Guide