Overview

Nxtcfg is a small console application which reads and modifies the configuration parameters of the Collector. Ensure that you run Nxtcfg with administrator privileges.

Installation

By default, the Nxtcfg tool is installed along with the Collector when installing the Collector MSI. Once the Collector is installed, the Nxtcfg tool is located under:

 C:\Windows\System32\nxtcfg.exe.

The Collector MSI version used determines the Nxtcfg version installed (Windows 32-bit or 64-bit system).

If not required, add the option CFG_INSTALL=0 to the MSI command line, when installing the Collector.

Options

Option

Description

Example

/start

Start the Collector.

nxtcfg.exe /start

/stop

Stop the Collector.

nxtcfg.exe /stop

/restart

Restart the Collector.

nxtcfg.exe /restart

/g

Get the value of a particular configuration parameter from the Collector.

nxtcfg.exe /g ip

/s

Set the value of one or more configuration parameters of the Collector.

nxtcfg.exe /s ip=192.168.0.1 udp_port=999

/l

List all the configuration parameters of the Collector with their current values.

nxtcfg.exe /l

/d

Dump all the configuration parameters of the Collector and their corresponding values to a file.

nxtcfg.exe /d C:\temp\collector.cfg

Configuration parameters

The modification of some of the parameters requires a restart of the Collector for the change to take effect. Rebooting the device forcefully restarts all Collector components as well. For each parameter, this is specified by the values in the column Restart required of the parameters table:

  • No: No reboot or component restart required.

  • Yes: Collector restart or device reboot required.

Parameter

Description

Default value

Range

Restart required

ip

IP address or DNS name of the target Appliance.

-

-

No

udp_port

Port number for UDP communication with the target Appliance.

-

[1 - 65535]

No

tcp_port

Port number for TCP communication with the target Appliance.

-

[1024 - 65535]

Yes

tag

Optional integer number to identify the installation.

0

[0 - 2147483647]

No

string_tag

Optional label to identify the installation.

-

any string (max 2048 chars)

No

cgpi

CrashGuard Protection Interval Value. It is the time interval since boot (in minutes) after which a dirty reboot does not increase the CrashGuard.

240 min

-

Yes

logmode

Logging mode

  • 0 - Silent

  • 1 - Verbose

  • 2 - Debug (not recommended for production)

0

[0 - 2]

No

logsize

Maximum size of log file when logging is enabled. Logs are rotated after the maximum is reached.

32 MB

[1 - 512] MB

Yes

printing

Disable or enable print monitoring function.

disable

[disable - enable]

Yes

dsps

Disable (1) or enable (0) SMB print monitoring subfunction (requires printing enabled).

1

[0 - 1]

Yes

iops

Enable (1) or disable (0) IOPS monitoring functionality.

0

[0 - 1]

Yes

dwef

When set, the Collector does not report application freezes nor hungs.

0

[0 - 1]

Yes

mss

Maximum size, in bytes, of the UDP packets sent from the Collector to the Engine.

1224 B

[1000 - 16384] B

Yes

pkg_interval

Period, in hours, in which the Collector checks for new installed packages and updates and reports them:

  • 0 - Never report packages.

  • 1 - Report packages after Collector initializes and then once per hour.

  • 2-24 - Report packages 45 minutes after Collector initializes and then every 2 to 24 hours.

1

[0 - 24]

Yes

wme

When set, the Collector reports Web and Cloud data.

1

[0 - 1]

Yes

wm_domains

List of domains for which to report the URL of web requests.

-

Comma separated domain names

.

No

prefer_ipv6

When set, the Collector prefers IPv6 to communicate with the Engine when the name of the Engine resolves to both IPv6 and IPv4 addresses.

0

[0 - 1]

No

custom_shells

When set, enable the Collector to report user logon events and user interactions in virtualized and embedded (kiosk mode) environments.

0

[0 - 1]

No

execution_policy

The security policy to apply when executing scripts of remote actions.

signed_trusted_or_nexthink

  • disabled

  • signed_trusted

  • signed_trusted_or_nexthink

  • unrestricted

No

customer_key

The Customer Key of the master Appliance.

-

Path to text file with cryptographic key.

Yes

root_ca

The Root Certificate of the master Appliance.

-

Path to text file with root certificate.

Yes

assignment_status

The status of the assignment of the Collector to a particular Engine.

disabled

  • disabledThe Collector is not using the Assignment Service.

  • standbyThe Collector is awaiting assignment to an Engine.

  • assignedThe Collector is assigned to an Engine.

No (read‑only)

use_assignment

Instruct the Collector whether to use or not use the Assignment Service.

disable

  • disableInstruct Collector not to use the Assignment Service.

  • enableInstruct Collector to use the Assignment Service.

Yes (only when enabling)

engage

Activation of the features to engage with the end-user.

enable_except_on_server_os

  • enable_except_on_server_osActivate the features to engage with the end-user, except on devices that run an OS of the server type.

  • disableDeactivate the features to engage with the end-user.

  • enableActivate the features to engage with the end-user.

Yes

data_over_tcp

Send Collector data over TCP

disable

  • disableSend end-user data over the UDP channel.

  • enableSend end-user data over the TCP channel.

Yes

proxy_pac_address

URL of the PAC file to automatically configure the proxy settings.

-

  • <url>The URL of the PAC file

  • ""Do not use a PAC file

Yes

proxy_address

FQDN or IP address of the proxy for manual configuration of proxy settings.

-

  • <FQDN or IP address>The address of the proxy.

  • ""Do not use manual proxy settings.

Yes

proxy_port

Port number where the proxy is listening for manual configuration of proxy settings.

-

  • <port number>The port number of the proxy.

  • ""Do not use manual proxy settings.

Yes

Nxtcfg in Remote Actions

Because the Collector communicates with the Engine when running remote actions, it is not recommended to change any of the configuration parameters of the Collector from a remote action. Thus, refrain from modifying any of the following configuration parameters when running nxtcfg.exe within a remote action:

  • ip

  • tcp_port

  • customer_key

  • root_ca

For the same reason, do not stop or restart the Collector with nxtcfg.exe in a remote action. Directly stopping or restarting the Collector abruptly ends the communication between the Collector and the Engine, resulting in the Collector losing its state in respect to the remote action. Once the Collector is up again, it starts the execution of the remote action from the beginning, potentially creating an infinite loop.

Instead, if you need to modify some Collector settings from a remote action that requires a restart, use the following code in the script of the remote action:

  • To stop the Collector:

Stop-Service -Name "Nexthink Service" -Force
Stop-Service -Name "nxtrdrv5" -Force
Stop-Service -Name "nxtrdrv" -Force
CODE


  • To start the Collector:

Start-Service -Name "nxtrdrv"
Start-Service -Name "nxtrdrv5"
Start-Service -Name "Nexthink Service"
CODE

Setting the Customer Key and Root Certificate

The Collector uses the Customer Key and Root Certificate to validate the identity of the slave Appliance (Engine) and securely communicate with it via TLS. If any of these security parameters change in the Appliance (e.g. moving from pre-production to production environment), you must change the configuration in your Collectors accordingly.

The parameters customer_key and root_ca are special in the sense that they do not admit a direct value as argument, but a path to a text file holding the actual value of the Customer Key or the default Root Certificate, respectively. To download the Customer Key and the default Root Certificate from the master Appliance, follow the same method described for installing the Collector:

  1. Log in to the Web Console of the master Appliance as admin.

  2. Select the Appliance tab at the top of the Web Console.

  3. Click Collector management in the left-hand side menu.

  4. Under Collector default certificates at the bottom of the page, click the buttons DOWNLOAD CUSTOMER KEY and DOWNLOAD DEFAULT ROOT CERTIFICATE to download, respectively, the text files holding the Customer Key and the default Root Certificate of the Appliance.

    • Only use the default Root Certificate of the master Appliance if you did not replace the certificates for the TCP connection of the Collector with the Appliances.

To set the Customer Key and Root Certificate downloaded from the master Appliance, type in the following (assuming that you placed the downloaded files in the root directory of your C: drive): 

nxtcfg.exe /s customer_key="C:\Nexthink-customer-key.txt" root_ca="C:\Nexthink-root-ca.txt"

When listing the customer_key and root_ca parameters with the /l option of Nxtcfg, neither the full Customer Key nor the full Root Certificate are displayed. Instead, only the first few characters of both the configured key and certificate are shown. These characters are usually enough to identify the key or the certificate, while keeping the list of Nxtcfg parameters readable.

The operations described in this article should only be performed by a Nexthink Engineer or a Nexthink Certified Partner.

If you need help or assistance, please contact your Nexthink Certified Partner.


RELATED TASKS