How to install and configure Active Directory Exchange AIM

Document ID : KB000035383
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary

The below steps contain a step by step approach to allow you to quickly install and configure the SystemEDGE, Advanced Encryption + Active Directory/Exchange AIM. The instructions also include the requirements for setting up the Exchange servers to allow the Active Directory/Exchange AIM to manage the environment.

Active Directory and Exchange Server (ADES) requires the following ports
PowerShell Ports: 80, 443, 5985, and 5986
ADSI Ports: 3268, 389

This illustrates how an ADES AIM works

 

Instructions

Installation of the CA SystemEDGE + CA Advanced Encryption + Active Directory/Exchange AIM

  1. Install CA SystemEDGE

    i.  Navigate to DVD\Installers\Windows\Agent\SysMan\CA_SystemEDGE_Core

    ii. Right click on ca-setup.exe, select "Run as Administrator"

  2. Install CA Advanced Encryption 

    i.  Navigate to DVD\Installers\Windows\Agent\SysMan\CA_SystemEDGE_AdvancedEncryption

    ii. Right click on ca-setup.exe, select "Run as Administrator"

  3. Install CA Active Directory Exchange AIM (caesadaim)

    i.   Navigate to DVD\Installers\Windows\Agent\SysMan\CA_SystemEDGE_ADES

    ii.  Edit ca-setup.dat, add on line EULA_ACCEPTED=YES, save changes and close file OR run ca-setup.exe EULA_ACCEPTED=YES from a command prompt.

    iii. Right click on ca-setup.exe, select "Run as Administrator"

Configure the Active Directory/ Exchange AIM to manage your Exchange servers

  1. Install Microsoft .NET Framework 3.5 Service pack 1 (Full Package) on Exchange AIM Host 
    http://www.microsoft.com/en-us/download/details.aspx?id=25150
  2. Configure the CA SystemEDGE Windows Service with the Active Directory Domain account (Account is required to allow the agent to collect Performance Data)
  3. The below is required to be executed on all the Exchange Servers you want the Exchange AIM to monitor

    Domain Administrator privilege is required to retrieve the MAC address. If the provilege is not granted then the MAC address will not be retrieved by the AIM.
    The Performance Monitor Users privilege is required to retrieve the performance counters.

    Exchange Organization Admin rights is not mandatory, you can use read only Exchange Organization rights
    i) Run on all Exchange Servers (Requirement to configure the AIM as per the Documentation):

    1) Enable-PSREmoting
    2) Set-Item WSMan:Localhost\Client\TrustedHosts -Value * -Force  
    3) Restart-Service WinRM 

  4. Use nodecfgutil installed on the exchange aim server to tell the agent to start managing the Exchange servers. 
    Nodecfgutil can be found in SystemEDGE_InstallPath\plugins\AIPCommon directory.
    Example:
    SystemEDGE_InstallPath\plugins\AIPCommon\nodecfgutil ades -u user -p passwd -d domainname -e entity -o option
    Entity(0-AD Only, 1-Exchange Only, 2-Both AD and Exchange)
    Option(0-domain based/automatic, 1-host based/manual)

Troubleshooting

  1. Download Esadaim_Requirements_checker.zip to the Active Directory Exchagen AIM agent host, then unzip and execute runme.cmd.
    Enter the exchange host when prompted. After the diagnostic script is complete, please zip and send the following:

    1. CA_ESADAIM.txt
    2. Stop the SystemEDGE agent, then zip the entire Program Files\CA\SystemEDGE\plugins\caesadaim folder
    3. SystemEDGE port161 or port1691 folder.
File Attachments:
TEC1792994.zip