Follow the steps below to download and install Dynatrace OneAgent on Windows:
Download the installer. There are two options:
- Click the Download agent.exe button to download Windows installer (EXE file) for single-server installation.
- Click the Download MSI package link to download the Windows installer for Group Policy deployments. You get a ZIP package that includes an MSI file and an example command line in the form of a batch file (you can copy and paste the command line when configuring Group Policy for Dynatrace installation). Then, you have to create a distribution point, assign a package (the OneAgent MSI installer with parameters) and publish your policy.
Run the executable file and follow the displayed instructions. You'll need administrator rights to install OneAgent.
How to customize installation
The Windows Group Policy installer can be used with command line parameters when you can't use the default settings. Note that all parameters except
TENANT_TOKEN are optional.
SERVER—The address of the Dynatrace Server. Use the IP address or a name. Add the port number following a colon, for example
TENANT—Your Dynatrace environment ID. You received this ID with your activation email. By default, this setting is already set to the correct value. If you're selling Dynatrace-based services, use this option to set your customers' IDs (available from the pool of IDs you purchased from Dynatrace).
TENANT_TOKEN—The internal token that is used for authentication when OneAgent connects to the Dynatrace cluster to send data. You can retrieve the tenant token from the following REST endpoint. In return, you will get a JSON object that will include the
PROXY—The address of the proxy server. Use the IP address or a name. Add the port number following a colon, for example
PROXY=126.96.36.199:8080. We also support IPv6 addresses. Skip the
PROXY parameter to force the installer to automatically detect proxy or ask for proxy details. If you want the installer to ignore proxy detection or want to skip entering proxy details, use PROXY=0.0.0.0
APP_LOG_CONTENT_ACCESS—When set to
true, allows Dynatrace OneAgent to access log files for the purpose of log analytics. Accepted values are (
false) or (
0). This option can alternatively be enabled/disabled through the Web UI.
INSTALL_PATH—Allows installation to a directory of your choice. Works only with absolute Windows paths, for example
INFRA_ONLY—Activates cloud infrastructure monitoring mode, in place of full-stack monitoring mode. With this approach, you receive infrastructure-only health data, with no application or user performance data. For details, see Cloud infrastructure monitoring. Accepted values are
0 (deactivated) and
1 (activated). This option can alternatively be enabled/disabled through the Web UI.
INSTALLATION.LOG—Path to the file where the installation log is to be stored.
USER—The user running Dynatrace OneAgent. This parameter can have one of two values:
dtuserThe default user account used to run Dynatrace components. Applied automatically when the
USERparameter isn't used.
no_createDisables user creation when installing Dynatrace OneAgent. Use this for deploying Dynatrace on Windows Server Domain Controller to avoid propagation of
dtuseracross the domain, which can cause interference with existing
dtuseraccounts on hosts that have Dynatrace installed. You can also use this to comply with strict security policies that prohibit creation of local user accounts. Note that using
USER=no_createdisables Dynatrace OneAgent Plugin functionality.
USER parameter is supported only by command-line .msi installer.
Note: Parameter names are case sensitive. Use ALL CAPS for parameter names.
How to perform a silent installation in Windows
With silent installation, the Dynatrace installer is pre-configured with parameter values that you define. This means that dialogs won't be generated during installation and no human interaction is required.
To set up silent command line installation, add
/quiet /qn as shown here:
msiexec /i Dynatrace-OneAgent-Windows-188.8.131.5270202-225117.msi SERVER="https://someserver.com" TENANT="xxx" TENANT_TOKEN="xxx" INSTALL_PATH="c:\test dir" /quiet /qn
What happens during installation
Dynatrace OneAgent is a set of specialized services that have been configured specifically for your monitoring environment. The role of these services is to monitor various aspects of your hosts, including hardware, operating system, and application processes.
During the installation process, the installer
Installs executable code and libraries that are used by Dynatrace OneAgent.
Creates entries in the Windows Registry that start Dynatrace OneAgent as a
SYSTEMservice. Additionally, the
WinPcapare installed to allow better integration with the operating system and to facilitate the capture of network statistics.
Checks the system’s global proxy settings.
Checks for a connection to Dynatrace Server or Security Gateway (if you installed Security Gateway and downloaded the OneAgent installer after Security Gateway was connected to Dynatrace).
Creates its own user (
dtuser). This user is utilized by services that don’t require root privileges. This user is a member of the Performance Monitoring Users group, and can only log in as a service. The password is randomly generated during installation and stored encrypted. You can't change the password. For security purposes, the
dtuseris not allowed to:
- Access computer from the network.
- Log in as a batch job.
- Log in locally.
- Log in through Remote Desktop Services.
dtuseris required for Dynatrace to operate properly, therefore you must not delete it. If, for some reason, the
dtuserwas deleted, next update will recreate it.
For a summarized view of the changes made in your system's files by OneAgent installation, please visit Changes on Windows files page.
It’s recommended that you install the version of
WinPcap that is packaged with the Dynatrace OneAgent installer. Its library is the cornerstone of Dynatrace network analysis. We’ve packaged the library in such a way that its DLLs are seamlessly integrated with Dynatrace software, thereby enabling unattended updates and other advantages. If you already have
WinPcap installed, please remove it before Dynatrace OneAgent installation. The installer includes the latest, unmodified version of the library&so any other software you have that relies on
WinPcap won’t suffer from library loss.
OneAgent is shipped with trusted Dynatrace SSL certificates, which are used to verify that OneAgent connects successfully to Dynatrace Server or Security Gateway.
If your environment uses a proxy (thereby requiring an update to the remote server's SSL certificate), then you may encounter a
Server certificate check failed message during the initial connection check.
To resolve this issue, specify the trusted proxy certificate that is to be utilized by OneAgent. To do this, provide a copy of your proxy's SSL certificate as a file called
custom.pem in the
/var/lib/dynatrace/oneagent/agent/customkeys directory. The file
custom.pem should contain the proxy’s certificate along with any intermediate certificates as required.