5.8
Table Of Contents
- VMware vRealize Configuration ManagerAdvanced Installation Guide
- Contents
- About This Book
- Achieving a Successful VCM Installation
- Hardware Requirements for Collector Machines
- Software and Operating System Requirements for Collector Machines
- Preparing for Installation
- System Prerequisites to Install VCM
- Configure Resources to Install VCM on a Virtual Machine
- Secure Communications Certificates
- Single-Tier Server Installation
- Configure a Single-Tier Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure Windows Server Operating System
- Install the .NET Framework
- Configuring the Database Components of the VCM Collector
- Install SQL Server on the VCM Collector
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Web Components
- Configure SSRS on the VCM Collector
- Configure the VCM Collector Components
- Two-Tier Split Installation
- Configuring a Two-Tier Split Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure Windows Server Operating System
- Configuring the VCM Database Server
- Disable the Firewall or Add an Exception for SQL Server Port 1433
- Install SQL Server on the Database Server
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Combined VCM Collector and Web Server
- Three-Tier Split Installation
- Configuring a Three-Tier Split Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure Windows Server Operating System
- Configure the VCM Database Server
- Install SQL Server on the Database Server
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Web Server
- Configure the VCM Collector
- Installing VCM
- Configuring SQL Server for VCM
- Upgrading or Migrating VCM
- Upgrading VCM and Components
- Upgrading Virtual Environments Collections
- Migrating VCM
- Prerequisites to Migrate VCM
- Migrate Only Your Database
- Replace Your Existing 32-Bit Environment with a Supported 64-bit Environment
- Migrate a 32-bit Environment Running VCM 5.3 or Earlier to VCM 5.8
- Migrate a 64-bit Environment Running VCM 5.3 or Earlier toVCM 5.8
- Migrate a Split Installation of VCM 5.3 or Earlier to a Single-Tier, Two-Tier...
- How to Recover Your Collector Machine if the Migration is not Successful
- Maintaining VCM After Installation
- Hardware and Operating System Requirements for VCM Managed Machines
- VCM Agent Support on Non-English Windows Platforms
- VCM Managed Machine Requirements
- Linux, UNIX, and Mac OS Agent Files
- Windows Custom Information Supports PowerShell 2.0
- Linux and UNIX Patch Assessment and Deployment Requirements
- Support for VMware Cloud Infrastructure
- vRealize Operations Manager Integration Features
- FIPS Requirements
- Agent Sizing Information
- Index
Change Permissions On Machine Certificate Keys
If you plan to use certificate keys generated by Installation Manager for HTTP communication between
the VCM Collector and the VCM Agents on managed machines, you must review your security policy.
You can change the permissions on the certificate key to allow the Administrators group to have full
control after you install VCM.
The Foundation Checker system check reports a warning message about the security policy used to create
new objects. The security policy sets the permission on new files to the Administrators group instead of
the creator of the object. The system check does not stop the installation process, but instead creates a
certificate and associated cryptographic keys.
If the security policy is not set appropriately when Installation Manager generates the certificate, the
certificate private key is not accessible to other members of the Administrators group and causes HTTP
communication with the Agents to fail.
The TLS certificate private key to be generated on the Windows machine must have permissions that
include the Administrators group as the owner or as having full control. You cannot resolve this warning
before you install VCM. If an error occurs, after installation, you must either change the group policy so
that new files are assigned to the Administrators group and run Installation Manager again, or add the
Administrators group with full control to the generated certificate key file in the Machine Keys folder.
Prerequisites
n Install VCM. See "Installing VCM" on page125.
Procedure
1. Browse to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
This path is the default location for your private keys. This path might differ depending on your
organizational policies.
2. Expand the MachineKeys folder.
The key that matches the date and time when you generated the certificate during installation is most
likely the correct key. Because another reliable method does not exist to identify the key, use the date
and time.
3. Right-click the key file and click Properties.
4. In the Machine Key Properties dialog box, click the Security tab.
5. Click Continue to continue as an administrative user.
6. In Advanced Security Settings, select the account and click OK to take ownership of an account.
7. In the Permissions dialog box, click Administrators and confirm whether the Administrators group
has Full Control.
8. If the Administrators group does not have full control, click Add to add the group.
9. In the Select Users, Computers, Service Accounts, or Groups dialog box, type the name of the
Administrators group and click Check Names.
When the name is validated, click OK to return to the Permissions dialog box and add the
Administrators group to the Group or user names area.
10. In the Allow column, click Full Control.
11. Click OK and click OK again to save changes.
vRealize Configuration Manager Advanced Installation Guide
128
VMware, Inc.