Configurator tool

  • 3 minute read
Prev Next

The configurator tool is used to configure the headless, always-on, and SSO clients. The Windows Service AppGate SDP Client Service must be running to use this tool. Once a complete configuration is applied, the client will try to sign in using it and continue to retry if it fails. You can apply a configuration at any time to force the client to try to connect.

To run the configuration tool:

  1. Open a command prompt with administrator rights.

  2. Go to the AppGate ZTNA installation location (default C:\Program Files\Appgate SDP\Service\). This folder will contain the AppGate ZTNA Service executable. To get a list of available commands, enter the following inn the command prompt:

"Appgate SDP Service.exe" configurator --help

The configuration tool uses different options to provide specific functionality:

get

Used to get information about the running service.

set

Used to configure the service.

reset

Used to reset the service.

--help

Lists the help options.

--version

Lists the version information.

Using the get command

The get command is used to understand the current configuration and active state of the service.

Enter:

"Appgate SDP Service.exe" configurator get OPTION

The available OPTIONS are:

OPTION

Description

-c --config

Will provide information about what is configured in the client.

Current configuration settings for Appgate SDP service including controller URL and username.

-d --details

When this option is used then the status is shown with more details about Sites, Gateways, and entitlements.

Command line output showing connection status and gateway information for Appgate SDP Service.

-s --status

Will provide information if the service is connected or still trying to sign in, or if there's any error in the sign in process. In this case the client hasn't been configured. The error indicates that an invalid controller URL is preventing it from connecting.

Command line output showing Appgate SDP Service status as connected.

If service is being configured it can sometimes return the following:

[  STATUS  ]

Applying new config

This indicates that a new configuration has been applied to the service and client will soon try to connect using it.

The different connection [STATUS] for headless client can be:

Status message

Description

Waiting for configuration

Client is waiting to be configured

Applying the new configuration

Client is applying the configuration and trying to sign in to AppGate ZTNA.

Connecting

Client has successfully signed in and is connecting to AppGate ZTNA.

Connected

Client has successfully signed in and is connected to all Sites.

Partially Connected

Client has successfully signed in but can only connect to some Sites.

Suspended. Full client is currently connected
(Always-on only)

Client is suspended because the full client is in operation.

None connected

Client has successfully signed in but can't connect to any Site.

Disconnecting

Client is disconnecting and will soon try to sign in again.

Using the set command

This is the command used to configure the client. The profile link must be used. The -o option can be used in combination with additional options to configure credentials to sign in, etc.

Enter:

"Appgate SDP Service.exe" configurator set -o appgate://url.com OPTION OPTION

The available OPTIONS are:

OPTION

Description

-u --username

Set username to use for sign in with credentials. Must be used with -p.

-p --password

Set password to use for sign in with credentials. Must be used with -u.

-o --profile

Specify the client profile link to be used. Can be copied from the Client Profiles UI.

-a --authenticationcertificatepath

Set the absolute path to the certificate pfx file to be used in certificate authentication

-b --authenticationcertificatepassword

Set the password for the authentication certificate pfx file

-m, --localcomputercertificatename

Set the simple subject name of the certificate in the local computer certificate store to be used in certificate authentication. Enter any value to get the list of available certificates. Overrides the p12/pfx file.

-l, --loglevel

Set the log level of the client.

Refer to LDAP Certificate IdP if using certificate authentication.

The configurator will return the following exit codes:

  • 0 - no error

  • 1 - error on configurator; including connection to the service/daemon.

  • 78 - configurator worked fine, but there are errors in the result from the service/daemon; like success: false

  • 127 - wrong/missing arguments

Using the reset command

This is the command used to reset configuration or active state of the service.

Enter:

"Appgate SDP Service.exe" configurator reset OPTION

The available OPTIONS are:

OPTION

Description

-c --config

Will clear the current configuration of the client (even if connected).

-s --service

Resets the active state of the service forcing it to reload the configuration and to reconnect.

As well as the above get, set and reset always include the following options:

Command line options for enabling debug logging and displaying version information.

--JSON

Display any output from a command in the JSON format.
It will also not block the process with "Press any key to continue".

--loglevel

Sets the log level of the configurator itself.

--help

Lists the help options.

--version

Lists the version information.

Log files location

Configurator logs are found in C:\user\username\appdata\roaming\appgate\logs\configurator.log

Related articles