Prerequisites check

The following table presents the prerequisites checked by the PSMCheckPrerequisites_PrivilegeCloud.ps1 script, and the actions that should be applied.

Prerequisite

Description

Action

General checks

VaultConnectivity

Checks connection to Privilege Cloud

Privilege Cloud public IP is Port 1858

TunnelConnectivity

Checks connection to the Secure Tunnel

The Secure Tunnel public IP is Port 443

CustomerPortalConnectivity

Checks connection to service backend:
https://<CustomerDomain>.privilegecloud.cyberark.com

Connection is with Port 443

ConsoleNetConnectivity

Connects with https://console.privilegecloud.cyberark.com

Connection is with Port 443

ConsoleHTTPConnectivity

Connects with https://console.privilegecloud.cyberark.com

Retrieves tenant details

SeureTunnelLocalPort

Checks port 50000/50001 is free for use by the secure Tunnel

Port 50000/50001 is free

CRLConnectivity

Checks http://ocsp.digicert.com on port 80

Status is 200

OSVersion

 Checks the OS Version is Windows Server is 2016, 2019

Windows Server is 2016, 2019

Processors

Checks minimum of 8 cores

Minimum of 8 cores are found

Memory

Checks a minimum of 8 rAM

Minimum of 8 RAM are found

SQLServerPermissions

Administrator group is defined as a local security group

Define Administrator group as local security group

InterActiveLoginSmartCardIsDisabled

Checks smart card is not enabled for accessing the machine

Disable smart card access

UserLoggedOn

 Checks if there are other users currently logged on to the component server

All users must be logged off from the machine.

IPV6

Checks if IPV6 is disabled

Disable IPV6

SecondaryLogon

Checks the Windows Secondary Logon service is running

The service must be on.

KUsriniDELL

Checks the KUsrinit.exe file exists. Should exist after DELL agent is deployed and replaced the default userinit.exe

KUsrinit.exe exists.

NetworkAdapter

Checks that all NICs are up, to support the Connector installer.

Set all NICs. They can be disabled after installation

DotNet

Checks if .NET 4.8 or higher is installed, from CPM/PSM version 12.1.

Install .NET 4.8.

PSRemoting

Checks if PSRemoting is enabled

Enable PSRemoting using the Enable-PSRemoting command

WinRM

Checks that WinRM service is running and isn't blocked by any GPO

Run WinrM service.

WinRMListener

Checks that WinRM is listening on HTTPS protocol and also has a valid certificate.

Set WinRM to listen to HTTPS and assign a valid certificate.

DomainUser

Check that the logged on user is a Domain User (this prerequisite is only checked for In Domain deployments)

Log on with the domain user

PendingRestart

Check that the server is not pending a restart

Restart the server

GPO

Check if GPO is defined as expected:

  • No settings in Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services

  • Allow CredSSP authentication = Not configured

  • Allow remote server mangament through WinRM = Not configured

  • Prevent running First Run wizard = Not configured

  • Allow Remote Shell Access = Not configured

Properly define the GPO policy