This article aims to assist with the Unitrends secure agent pairing for Windows operating systems.
Starting with Unitrends release 10.6.6, Secure Agent Pairing features are enabled for Windows which result in secure TLS communication between agent and appliance and prevent unauthorized systems from all communication to the Unitrends Agent.
In various circumstances, pairing may not have been completed within 25 hours of an agent installation or upgrade to 10.6.6+ release, or, key files necessary for agent operation were removed manually resulting in a need to repair.
Normally, pairing mode is automatically enabled for 25 hours after an agent is upgraded or newly installed with 10.6.6 or higher when no keyfiles are already present in the C:\PCBP\keystore directory. In situations where it is necessary to manually re-pair outside of this time the following process can be used.
Step 1: Enable Pairing Setting (Windows Agent)
Starting with 10.7.9, the Unitrends Agent Pairing Utility can be used instead of the command line arguments. To open Unitrends Agent Pairing Utility, please run gui_key_manager (Run as administrator). To access gui_key_manager, navigate to C drive> PCBP folder.
Manual steps if the utility is not used:
From a windows command prompt, run the following command:
NOTE - commands must be run from Agent installed directory. Example c:\PCBP
c:\pcbp\cli_key_manager.exe json_pairing --action set --force true
Step 1.1: Enable Pairing Setting (Appliance)
[root@testUB ~]# cli_key_manager json_pairing --action get
Running Json Pairing Command
JsonWorker::ReadJsonSubtree failed to read_json
expected value
Action: get
Exp: 12/31/1969 18:00:00
Is_Enabled: false
Is_Forced: false
[root@testUB ~]# cli_key_manager json_pairing --action set --enable true --force true
Running Json Pairing Command
JsonWorker::ReadJsonSubtree failed to read_json
expected value
Action: get
Exp: 12/31/1969 18:00:00
Is_Enabled: true
Is_Forced: true
Then attempt to re-save or register the asset in the Unitrends UI normally. This will work for the next pairing attempt only. If you need to pair manually with multiple appliances, repeat this step after each pairing.
Alternatively, you can set a pairing window to retain pairing mode until a specified date or date and time. The time value is optional and can be left off. Please use date formats as MM/DD/YYYY time should be in 24 hour format if included.
c:\pcbp\cli_key_manager.exe json_pairing --action set --exp "05/19/2022 09:20"
Step 2: Reload Listener
Once pairing is set, it is necessary to restart the bpagent service in windows to load this change in setting. To do this open the windows services control panel, locate the service titled Bpagent, and restart the service.
Step 3: Pair the Agent
If you have yet to successfully register the asset to an appliance, an attempt now would succeed.
If the asset was prior registered and was presenting pairing or SSL errors, it would be necessary now to also follow additional steps on the appliance.
Please see our KB Unitrends Agent Pairing - Clearing Appliance Pairing for information on how to clear prior pairing status on the appliance as needed.
Note: For the above steps to work, permit pairing mode must be yes. This is the default value upon agent installation.
[Pairing mode]
PermitPairingMode=Yes
PairingPort=888