Installation Procedure
-
RDP to your lab VM as your admin user account, e.g.
Softwareidm\labadmin - Open Windows Explorer to the Downloads\PanelTools folder (to which PanelTools was previously downloaded):
~\labadmin\Downloads\PanelTools - Run ServiceSetup.exe
- Execute step 3 (configure Panel Check health monitoring - as a new Windows Scheduled Task)
- Enter the domain\name of the account to use for running the Scheduled Task - typically use the ServicePanel identity, i.e.
Softwareidm\idpservice - Enter a password
<redacted> - Specify a method for emails (we'll choose Azure in this case):
2 - Specify a valid mailbox sender email address, e.g.
IdPAlerts@sidm.us-
NOTE:
To send messages with the Graph API you MUST specify an App Registration with the Microsoft Graph - Mail.Send permission. For more information go to https://support.identitypanel.com and search "Mail.Send".
-
NOTE:
- Specify the email recipient(s) of email alerts (comma separated, or set up a new d-group), e.g.
LabSupport@softwareidm.com - Paste Azure Tenant ID of the application that will be used as the service principle for sending the email
<redacted> - Paste Azure Application ID of the application that will be used as the service principle for sending the email
<redacted> - Paste Client Secret for the application that will be used as the service principle for sending the email
<redacted>
Installation Procedure Variation for gMSA
If you wish to execute the PanelCheck task running as a gMSA account, a variation to the above procedure is required, noting that step #2 below cannot be done interactively:
- At step #5 above, enter the credentials of another (non-gMSA) domain account with the necessary local permissions to run scheduled tasks.
- On successful completion of step #12, execute the following from a CMD shell running as Administrator to change the domain identity to a gMSA account:
schtasks /change /TN \PanelCheck /RU Domain\gMSAName$ /RPNote: Don’t forget the $ at the end of the gMSA name.
Indicative Output
Once installed, a Windows Scheduled Task will have been created - see output below from one of the training labs.
ServiceSetup.exe
Note: the above error does not prevent the task creation - only mail delivery because in this case the Azure AD training tenant I am using for this article is not licensed with M365 mailboxes.
Windows Task Scheduler
Identity Panel Dashboard
Config.json
The following is the JSON section within the C:\Program Files\SoftwareIDM\PanelTools\config.json file created once PanelCheck has been successfully configured.
"PanelCheck": {
"TryResolve": true,
"PingInterval": "7.00:00:00",
"SendErrorTo": "errorreporting@softwareidm.com",
"Service": "SoftwareIDM.PanelService",
"Test": {
"PanelService": true,
"PanelHost": true,
"ScheduleService": true,
"WorkflowService": true,
"PasswordService": true,
"PasswordCertificate": true
},
"SMTP": {
"Server": "0dba38dd-9670-4997-91be-0f95cdfb74f8",
"Port": 25,
"UseSSL": false,
"User": "a7918df3-0888-48d8-8c5e-cde828b1c543",
"Password": "<redacted>",
"From": "IdPAlerts@sidm.us",
"To": "LabSupport@softwareidm.com"
}
}
Comments
0 comments
Please sign in to leave a comment.