Use domain accounts as WPM Player service accounts
This section focuses on domain rights for WPM Player service accounts used by WPM Players to run transactions on remote systems. If you're looking for details about SolarWinds Platform accounts instead, see Adjust SolarWinds Platform account permissions for WPM users.
WPM worker processes rely on specific WPM Player service accounts. These service accounts provide the necessary permissions for the proper functioning of WPM worker processes. Each transaction performed by the WPM Player involves multiple steps. For playback of recorded transactions, individual WPM worker processes execute these steps, gathering data during playback. To ensure proper segregation and control, each process has its own unique WPM Player service account. This is crucial for effective permission and access management during concurrent execution of distinct transaction steps. By default, the SolarWinds Platform server uses two worker processes; remote systems that host WPM Players use seven worker processes.
Also by default, WPM Player service accounts have only local permissions. You can use the WPM Domain Accounts Configuration Tool to set up domain accounts as WPM Player service accounts so WPM can play transactions, as described next.
Before using domain accounts as WPM Player service accounts to play WPM transactions, your organization should internally review and assess if that methodology will make your deployment vulnerable to unauthorized access.
If you encounter WPM transaction steps with a "Not played yet" status on the Transaction Details page, check domain policy access rights to the remote system hosting the WPM Player, and verify passwords for domain accounts used as WPM Player service accounts in WPM Domain Accounts Configuration Tool. See this article in the SolarWinds Success Center.
Use the WPM Domain Accounts Configuration Tool
You can use the SolarWinds WPM Domain Accounts Configuration Tool to set up domain accounts as WPM Player service accounts, for example, to support SSO Authentication allowing successful playbacks of WPM transactions that require it. Otherwise, WPM transactions will fail to execute SSO Authentication due to pulling credential details and permissions from local account that usually lack login details to execute SSO Authentication successfully.
The number of domain accounts required depends on how many worker processes the WPM Player service needs, as cited in the numberOfWorkerProcesses
entry in the AgentSettings.dat
file, located at C:\ProgramData\SolarWInds\SEUM\Data
.
Configure WPM Player service accounts
To configure WPM Player service accounts:
- Log into the system hosting the WPM Player service running transactions — either the SolarWinds Platform server or a remote machine.
- Navigate to this default folder:
C:\Program Files\SolarWinds\Orion\SEUM\Player
- Launch the following file as an Administrator:
SolarWinds.SEUM.AgentDomainConfigurationTool.exe
.
- Select the "Enable domain accounts for playbacks" option.
- Provide the Domain name, Username, and Password for each account.
Note the following details about these fields:
- Do not cite the domain in the Username field — only the account name.
WPM worker processes rely on specific WPM Player service accounts. These service accounts provide the necessary permissions for the proper functioning of WPM worker processes. Each transaction performed by the WPM Player involves multiple steps. For playback of recorded transactions, individual WPM worker processes execute these steps, gathering data during playback. To ensure proper segregation and control, each process has its own unique WPM Player service account. This is crucial for effective permission and access management during concurrent execution of distinct transaction steps.
- Each user account must be unique; do not use the same account multiple times on the same system.
- To avoid unwanted disconnections, do not use personal domain account credentials (you might end up being randomly logged out of an RDP session).
- Passwords are encrypted with SYSTEM account key in the AgentSettings.dat file.
- Click Validate to test credentials, and then click Save.
- Watch for the Domain Configuration Tool to automatically restart the WPM Player service. If the Player service does not restart, use the SolarWinds Platform Service Manager to restart the WPM Playback Player service.
Related troubleshooting articles available in the Success Center include: