Monitor & Agent Management Affected by Microsoft Update
  • Dark
    Light
  • PDF

Monitor & Agent Management Affected by Microsoft Update

  • Dark
    Light
  • PDF

A recent Microsoft update has affected our ability to manage and deploy agents and monitors from the Real-Time Console.

Microsoft included KB5004442 in their latest cumulative update that was released the week of 13 June 2022. This KB by default hardens the DCOM communication which we use for the Real-Time Console to manage agent and monitor machines (along with the WMI). Hardening DCOM causes the Real-Time Console to not be able to perform management tasks on the agent and monitor machines.

Issue

Real-Time Console Management Tasks
The Real-Time Console is not able to perform management tasks such as start/stop/deploy on agent and monitor machines that ran this latest Windows update.

Agent Deployment from the Real-Time Console
This issue also may affect the ability to deploy new agents and monitors directly from the Real-Time Console onto Windows machines that have run this Windows update. This issue affects environments that have selected the Deploy Agents Automatically option in the Agent Settings page. For deployment, you can use an MSI. For details, see How to Deploy the Agent on Your Master Image for PVS/MCS/Linked/Instant Clones.

Because this issue affects the ability of the Real-Time Console to perform other management tasks such as start/stop on the machines as well as monitor deployment, we strongly suggest you perform the workaround on all machines that have run the Windows update to enable ControlUp to continue monitoring and remediation.

Possible Errors

Here is a screenshot of the error that may be seen on the target machine running the ControlUp Agent:
image.png

Here is a screenshot of the error that may be seen in the Real-Time Console:
image.png

Workaround

We are working on a solution and in the interim, you can implement this workaround. Disable DCOM hardening on all machines that have run the latest Windows update and have, or plan to have, the agents and monitors deployed onto them.

To disable DCOM hardening:

  1. Add the following registry key to ALL machines that have the ControlUp Agent or the ControlUp Monitor deployed on them. This includes any machines that are planned to have either deployed:
    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
    Value Name: RequireIntegrityActivationAuthenticationLevel
    Type: dword
    Value Data: default = 0x00000000 is disabled. (0x00000001 means enabled.) If this value is not defined, it will default to disabled which is what you want to ensure.

  2. Restart the machine.


Was this article helpful?