Install Windows Server

Ensure prerequisites are in place before you begin the installation.

It is important to have a fresh Windows server for a new install of Application Control for Linux.

Installing the Server

Following are the steps for installing the backend Windows Server:

  1. Deploy Master installer from your AC for Linux installation kit

  2. The installer will check for C++ redistributable and if not found, this will be automatically installed.

  3. Mosquitto will be automatically installed.

    Please ensure that no previous installations of Mosquitto are present on your server, also any residual folder ( C:\Program Files\mosquitto ) need to be deleted prior to Application Control for Linux installation.

  4. .NET 5 Windows Server Hosting will be automatically installed.

  5. At this step, please enter the SQL connection string per the following:

    1. If you opt for Windows Authentication, your DB admin needs to create an valid login for the backend machine that looks like this: Domain\backend_name$

      1. On the database server, open a SQL manager with your sysadmin login; expand Security; expand Logins. Right click on Logins and choose New Login.

      2. Choose Windows Auth as the connection method and complete Login Name with your Domain\backend_name$

        Don't use Search as AD will not resolve the name.

      3. On Server Roles assign public and dbcreator roles.

      4. Once the setup on the database server is finished, the Validate step appears. Insert the following:

        Data Source=Instancename;;Trusted_Connection=True

    2. If you opt for SQL auth (with sa and password):

An example for SA: Data Source=Instancename;;User Id=sa;;Password=myPassword;

  1. Press the Validate button .

Once validation is successful, the next button will became available. Application Control for Linux is now installing all the necessary bits, such as certificates, and the IIS site is configured for your convenience.

Once the installation is complete you will be prompted to close the installer and to open install log if you wish to do so. If not, once you press "close" the installer will exit.

The following ports are set automatically during installation for active firewall configuration, allowing connections on some of the important, default-configured ports. They are mentioned here for the purpose of troubleshooting by admins, if needed:

8883 – MQTT over SSL communication (Mosquitto Broker).

3123 – AFS over SSL communication (Application Control Server, Application Framework (AF) Server and AC Agent).

5001 – Self-hosted user interface over SSL communication (Application Control for Linux Web Console).

Interface Access and Database Auto Configuration

If you have opted for DB WIN AUTH with remote database server --or-- DB SA AUTH:

  1. Open up a browser and type in https://localhost:5001/home

    This should open up the UI WEB Console for Application Control for Linux.

  2. Once the Interface has popped up, the database, called AcDatabase, has also been generated and can be accessed and interrogated on your SQL server.

If you opted for DB WIN AUTH but with a local database instance, where the database instance is installed on the same WIN Server as your Backend:

  1. Open the IIS Manager

    Expand Application Pools

    Select NetcorePool

    Choose Advanced Settings from the right panel

    Modify Identity to Local Service because you are running a local DB instance

  2. Open up a browser and type in https://localhost:5001/home

    This should open up the UI WEB Console for Application Control for Linux .

  1. Once the UI has appeared, the database, called AcDatabase, has also been generated and can be accessed and interrogated on your SQL server.

Testing the Install

From the start menu , open the AF server executable as administrator. A console should pop up, stating that SSL communication is ready and the connection policy has been created.

"Starting test console.

Press any key to exit.

1/17/2022 12:17:33 PM: ==> Started OAuth Service.

Started apis at https://+:3123/st/console/privateapi

Detected a fresh install, reinstalling policy

Queueing policy for removal

No policy to delete:

Read certificate from : C:\\Program Files\\mosquitto\\server.crt

Policy written to: C:\Program Files\Ivanti\ACServer\AF Server\..\AC Server\HostedFiles\policy.zip

Adding policy:

Policy: name='AcPolicy', id='381bfc9b-fa13-4c2d-8c8d-cb48d5eb1023', version='1'

1/17/2022 12:17:34 PM: ==> Started Registration Service.

1/17/2022 12:17:34 PM: ==> Started Agent State Service.

1/17/2022 12:17:34 PM: ==> Started Results Service.

1/17/2022 12:17:34 PM: ==> Started Custom Results Service. "

The AF server needs to remain open for communication between Windows Backend and Registered Linux Endpoints to function properly.

Finishing

At this point, if the above steps have been followed :

  • The IIS site is created and configured.

  • The WEB UI Console has been started in your browser by accessing https://localhost:5001

  • The application database called AcDatabase has been created and configured and can be interrogated via an MSSQL management tool.

  • The AF server console has been started as administrator and had the communication channels all configured for you.

Warning: if the Advanced settings / server logs are not being pulled, you need to stop the ISS, stop the AF server, restart the ISS, refresh the page in the WEB UI, then start AF server as admin once more.

Next Steps

Transfer the tar archives to your Linux endpoints, using scp or a scp like transfer tool (example: winscp).

.tar archives can be found on your backend under this path: C:\Program Files\Ivanti\ACServer\AC Server\HostedFiles

Where C:\Program Files\Ivanti\ACServer is the default install path of Application Control for Linux.

Related Topics:

Installation Overview

Prerequisites

Install Linux

Uninstall

Troubleshooting

Application Control for Linux Utilization (opens Application Control Help)