This article will show how to setup the Agent Connectivity Credential (ACC) and also include Best Practices. When the Application ID (App ID) is used to register with Task Servers and download packages, it can be locked out. When the App ID is locked out it can create issues getting to the NS Console. Creating an Agent Connectivity Credential can remediate this issue by providing another account for Task Server registration and package downloads to use.
To setup the Agent Connectivity Credential do the following:
Note: please refer to our online documentation as well: Global Agent Settings Page Link
1. In the console go to “Settings > Agents/Plug-ins > Global Settings” and select the “Authentication” tab.
2. Click the Radio button for “Use these credentials” and enter an account and password of your choice. Best Practice: this should not be a domain account. The agent will create this Local Account on the Site Server when the Agent does its next Update Configuration. It will ONLY be created on site servers. Sample Local Account: ACC_user. Sample Domain account: Domain\User
Note: The UI is picky about password complexity. Use upper and lower case characters, numbers and symbols.
3. In the console go to “Settings > Notification Server > Site Server Settings” then go under the “Site Server Settings” and select “Global Site Server Settings”
4. Enable the top two boxes:
5. Update the agent configuration on all site servers including the SMP server. This will create the Account. You could send an “Update agent configuration” Task.
6. See Best Practice Note #2 for the Folders where the ACC needs to have READ permission added. HINT: Software Library, NSCAP share, and Patch Download location.
When the Agent on the Site Servers checks in, they will receive instructions to create a local account with the specified name and password. When the managed agents check in they will start authenticating to site servers using the local account that was created on each of the site servers.
As mentioned, creating the ACC will isolate the App ID service account from being used during registration for task servers and package downloads. It also eliminates App ID service account lockouts because Agents are no longer using that account.
181466 Restricting Package Access Credentials