How do I disable agent authentication? (NETIQKB51301)

  • Document ID:7751301
  • Creation Date:02-Feb-2007
  • Modified Date:27-Sep-2007
    • Micro Focus Products:
      Security Manager

Resolution

goal
How do I disable agent authentication?

goal
Is there a way to have agents use encryption only?

goal
Can I force the agent to only use encrypted communications?

fact
Security Manager 5.X

fix

To disable authentication:

NOTE: ON NEW INSTALLS OF SECURITY MANAGER 5.5 AND ABOVE, AUTHENTICATION IS DISABLED BY DEFAULT.

  1. Start  the Monitor Console in the NetIQ Security Manager program group.

  2. In the left pane, expand Configuration > Global Settings.

  3. On the Action menu, click Edit Agent Settings.

  4. On the Communications tab, select Use Secured Port (encryption only).

  5. Click OK.

  6. In the right pane, click Communications.

  7. On the Action menu, click Properties.

  8. Ensure the Communicate with authenticated agents only check box is cleared.

  9. Click OK.

  10. In the left pane, click Configuration.

  11. On the Action menu, click Force Configuration Changes Now.  For SM 5.5, skip to step 13.  Wait until each agent receives either a 21240 or 21270 event before proceeding.

  12. Restart NetIQ Security Manager service (formerly called OnePoint for version 5.0) on all agent computers.  If you have many agents and want to  automate restarting the agent service, see the note below.

    13. Note: Security Manager version 5.5 agents restart automaticaly.

  13. In the left pane, expand Monitor > Infrastructure Components > Agents. Wait for the Authentication Status to change to Not Authenticated for all the agents in this view.

  14. Run the following SQL query in Microsoft SQL Query Analyzer to remove any existing keys in the database:

Use onepoint
Delete from ComputerSecurity where status <8000



note

For SM 5.5, the following information is no longer necessary since the agent will restart itself when receiving this configuration change.

To restart the NetIQ Security Manager Service (formerly called OnePoint for version 5.0) on all agent computers:

  1. On each central computer, navigate to \Program Files\NetIQ Security Manager\OnePoint\InstallService (If you have version 5.0, navigate to Program Files\MCS OnePoint\OnePoint\InstallService ).

  2. Open the InstallService.ini file, scroll to the end of the file and add a semi-colon character (;), and then save the file.

  3. Perform a managed computer scan. The agents will see the InstallService.ini file has a newer timestamp than the one they have and go into a pending installation state. For more information about performing a manager computer scan, see the Help.

  4. In the left pane of the Monitor Console, expand Configuration > Pending Agents > Installation.

  5. Approve and process the pending upgrades. This causes the NetIQ Security Manager (OnePoint for version 5.0) service to bounce on the agent and this forces it to use the new communication setting. For more information, see the User Guide for Security Manager.



Additional Information

Formerly known as NETIQKB51301