Privilege Cloud installer prerequisites check

The following table presents the prerequisites checked by the PSMCheckPrerequisites_PrivilegeCloud.ps1 script, and the actions that should be applied.

Prerequisite

Description & recommended action

General checks

VaultConnectivity

Checks connection to Privilege Cloud.

Action:

Privilege Cloud public IP is Port 1858

TunnelConnectivity

Checks connection to the Secure Tunnel.

Action:

The Secure Tunnel public IP is Port 443

CustomerPortalConnectivity

Checks connection to service backend:

https://<CustomerDomain>.privilegecloud.cyberark.cloud

Action:

Connection is with Port 443

ConsoleNetConnectivity

Connects with
https://console.privilegecloud.cyberark.cloud

Action:

Connection is with Port 443

ConsoleHTTPConnectivity

Connects with
https://console.privilegecloud.cyberark.cloud

Action:

Retrieves tenant details

SeureTunnelLocalPort

Checks port 50000/50001 is free for use by the secure Tunnel

Action:

Port 50000/50001 is free

CRLConnectivity

Checks http://ocsp.digicert.com on port 80

Action:

Status is 200

OSVersion

Checks the OS Version is Windows Server is 2016, 2019

Action:

Windows Server is 2016, 2019

Processors

Checks minimum of 8 cores

Action:

Minimum of 8 cores are found

Memory

Checks a minimum of 8 RAM

Action:

Minimum of 8 RAM are found

SQLServerPermissions

Administrator group is defined as a local security group

Action:

Define Administrator group as local security group.

InterActiveLoginSmartCardIsDisabled

Checks smart card is not enabled for accessing the machine

Action:

Disable smart card access

UserLoggedOn

Checks if there are other users currently logged on to the component server

Action:

All users must be logged off from the machine.

IPV6

Checks if IPV6 is disabled

Action:

Disable IPV6

SecondaryLogon

Checks the Windows Secondary Logon service is running

Action:

The service must be on.

KUsriniDELL

Checks the KUsrinit.exe file exists. Should exist after DELL agent is deployed and replaced the default userinit.exe

Action:

KUsrinit.exe exists.

NetworkAdapter

Checks that all NICs are up, to support the Connector installer.

Action:

Set all NICs. They can be disabled after installation

DotNet

Checks if .NET 4.8 or higher is installed, from CPM/PSM version 12.1.

Action:

Install .NET 4.8.

PSRemoting

Checks if PSRemoting is enabled

Action:

Enable PSRemoting using the Enable-PSRemoting command

WinRM

Checks that WinRM service is running and isn't blocked by any GPO

Action:

Run WinrM service.

WinRMListener

Checks that WinRM is listening on HTTPS protocol and also has a valid certificate.

Action:

Set WinRM to listen to HTTPS and assign a valid certificate

DomainUser

Check that the logged on user is a Domain User (this prerequisite is only checked for In Domain deployments)

Action:

Log on with the domain user

PendingRestart

Check that the server is not pending a restart

Action:

Restart the server

GPO

Check if GPO is defined as expected:

  • No settings in Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services

  • Allow CredSSP authentication = Not configured

  • Allow remote server mangament through WinRM = Not configured

  • Prevent running First Run wizard = Not configured

  • Allow Remote Shell Access = Not configured

Action:

Properly define the GPO policy