Managing MS agents

Update an MS agent

  1. Log in to SCM.

  2. From the left-hand menu, select About.

  3. Click the Download MS Agent icon and select Windows.

  4. (Optional) If required, move the Sectigo_MS_Agent.exe file to the install location of the existing MS agent.

  5. Right-click Sectigo_MS_Agent.exe and click Install.

    The package automatically recognizes that there’s an existing version of the MS agent and initiates an update instead of a new install.

  6. In SCM, navigate to the Private Key Agent page and verify that the agent is connected and showing the correct version.

  7. Read the EULA, select I agree to the license terms and conditions, and click Install.

  8. Click Next.

  9. Read the EULA, select I accept the terms in the License Agreement, and click Next.

  10. (Optional) Specify an installation location.

  11. Click Next, Install, and Close.

  12. In SCM, navigate to the MS Agents page and verify that the agent is connected and showing the correct version.

Uninstall an MS agent

  1. Navigate to Settings  Apps & features.

  2. Search for Sectigo.

  3. Select the Sectigo MS Agent and click Uninstall.

  4. (Optional) Delete the files and logs associated with the MS agent.

    1. Navigate to C:\ProgramData\Sectigo.

    2. Delete the MS Agent folder.

      This cannot be undone. Only delete this folder if you want to completely remove all files and logs related to the MS agent.

  5. In SCM, navigate to Integrations  MS Agents.

  6. Select the agent you want to delete.

  7. Click the Delete icon.

  8. Click Delete again.

MS agent service commands

  • Proxy service

  • Discovery service

When an MS agent is installed with Proxy MS Enrollment Protocols to SCM selected, the service commands are as follows:

Command Description

Start

Start an MS agent:

sc start CertSvc

Stop

Stop an MS agent:

sc stop CertSvc

Query

Query the status of an MS agent:

sc query CertSvc

When an MS agent is installed for discovery only (without Proxy MS Enrollment Protocols to SCM selected), the service commands are as follows:

Command Description

Start

Start an MS agent:

sc start ComodoMSAgent

Stop

Stop an MS agent:

sc stop ComodoMSAgent

Query

Query the status of an MS agent:

sc query ComodoMSAgent

Configure LDAPS communication with MS AD

Enable LDAPS communication between the MS Agent and MS AD as follows:

  1. Obtain an SSL certificate.

    The SSL certificate must comply with the requirements outlined by Microsoft for an LDAPS certificate. These requirements are subject to change by Microsoft at any time without notice.

    To view the current requirements, see Enable LDAP over SSL with a third-party certification authority.

  2. Run regedit.

  3. Navigate to HKEY_LOCAL_MACHINE  SOFTWARE  COMODO  CCM.

  4. Create a value of the type REG_DWORD = UseLDAPS.

  5. Specify a Data value of 0 if using LDAP, or 1 if using LDAPS.

    Since LDAPS communication imposes additional requirements, LDAP is the default communication protocol.

  6. Restart the agent using the certsrv.mcs snap-in.