If after following the instructions for agent installation, you are experiencing any problems with agent stability, alert consistency, agent unavailability, or remote connection instability, please verify the following:
Supported Versions
Please take a look at the main article to see which Mac versions are compatible with the Atera agent.
Additional requirement: For users of macOS devices with an M processor series, it is essential to have Rosetta, a dynamic binary translator developed by Apple, installed on your devices. In the majority of instances, macOS devices utilizing the M processor series come with Rosetta pre-installed. However, even if Rosetta is not present on your devices, during the agent installation process, Atera will make an attempt to install Rosetta if it detects the absence of the software application. For more info, see If you need to install Rosetta on your Mac and About the Rosetta translation environment
Please check out this section to see how to install Rosetta.
Server List and Ports
It is mandatory to configure your network settings to enable communication between your devices and our servers.
List of servers that the agent is communicating with, make sure to have these servers whitelisted on your network.
- pubsub.atera.com
- pubsub.pubnub.com
- app.atera.com
- agenthb.atera.com
- packagesstore.blob.core.windows.net
- ps.pndsn.com
- agent-api.atera.com
- cacerts.thawte.com
- agentreportingstore.blob.core.windows.net
- atera-agent-heartbeat.servicebus.windows.net
- ps.atera.com
- atera.pubnubapi.com
- appcdn.atera.com
- atera-agent-heartbeat-cus.servicebus.windows.net
- ticketingitemsstoreeu.blob.core.windows.net
- download.visualstudio.microsoft.com
- a32dl55qcodech-ats.iot.eu-west-1.amazonaws.com
- agentspoliciesprod.blob.core.windows.net
Important Note: Whitelisting our servers is not achievable based on IP addresses; the whitelisting process must exclusively employ the server name.
Ports
Besides whitelisting the servers from above on your network, you will also need to:
- Allow outbound traffic over ports 443 and 8883 (TCP/UDP) in the Antivirus, Firewall, and Proxy servers.
Verify server connection
To evaluate the connection between your device and our servers, run the provided bash script on your affected endpoint with administrative privileges. The script will generate a list indicating blocked and whitelisted servers on your network. Whitelisting a blocked server is essential for proper functionality.
#!/bin/bash
# Define the list of target servers and their corresponding ports (TCP and UDP)
targets=(
"pubsub.atera.com 443"
"pubsub.pubnub.com 443"
"app.atera.com 443"
"agenthb.atera.com 443"
"packagesstore.blob.core.windows.net 443"
"ps.pndsn.com 443"
"agent-api.atera.com 443"
"cacerts.thawte.com 443"
"agentreportingstore.blob.core.windows.net 443"
"atera-agent-heartbeat.servicebus.windows.net 443"
"ps.atera.com 443"
"atera.pubnubapi.com 443"
"appcdn.atera.com 443"
"atera-agent-heartbeat-cus.servicebus.windows.net 443"
"ticketingitemsstoreeu.blob.core.windows.net 443"
"download.visualstudio.microsoft.com 443"
"a32dl55qcodech-ats.iot.eu-west-1.amazonaws.com 443 8883"
)
# Function to resolve all IP addresses for a given server
function get_all_ip_addresses {
server=$1
ip_addresses=($(dig +short $server))
for ip in "${ip_addresses[@]}"; do
echo "$ip"
done
}
# Function to test TCP connection to a specific port
function test_tcp_connection {
server=$1
port=$2
resolved_ips=($(get_all_ip_addresses $server))
if [ ${#resolved_ips[@]} -gt 0 ]; then
for resolved_ip in "${resolved_ips[@]}"; do
(echo > /dev/tcp/$resolved_ip/$port) &>/dev/null
if [ $? -eq 0 ]; then
echo -e "\e[32mTCP Connection to $server ($resolved_ip) on port $port is successful.\e[0m"
else
echo -e "\e[31mTCP Connection to $server ($resolved_ip) on port $port failed.\e[0m"
fi
done
else
echo -e "\e[31mUnable to resolve IP addresses for $server.\e[0m"
fi
}
# Loop through the targets and test both TCP and UDP connections
for target in "${targets[@]}"; do
IFS=" " read -r server ports <<< "$target"
read -ra port_array <<< "$ports"
echo "Testing connections to $server..."
# Test TCP connections
for port in "${port_array[@]}"; do
test_tcp_connection $server $port
done
# Test UDP connections (you can add specific UDP tests if needed)
# for port in "${port_array[@]}"; do
# test_udp_connection $server $port
# done
echo "" # Add an empty line after testing each server
done
Potential software/devices for blockage
In accordance with your organization's settings, you may need to adjust settings for your Anti-Virus, Firewall, Proxy, or Geo-blocking. The following is a list of configurations that must be applied to all relevant applications.
Anti-Virus
Include the following paths in the Antivirus whitelist:
/Library/Application Support/com.atera.ateraagent
/Library/LaunchDaemons/com.atera.agent.plist
/Library/LaunchDaemons/com.atera.ateraagent.plist
/Applications/AteraAgent.app
Accessibility and Full Disk Access
Enable the Atera agent to have access to Accessibility System Preferences > Security & Privacy > Privacy > Accessibility.
Besides Accessibility, the Atera agent will also need to be enabled in the Full Disk Access section.
Firewall
In certain network environments where HTTPS traffic is restricted, ensure the addition of a rule permitting HTTPS traffic from LAN to WAN, specifically for the Atera address:
- agent-api.atera.com
Additionally, HTTPS inspection (Deep Packet Inspection/SSL Inspection) may lead to blockages, it is crucial to either disable HTTPS scanning or include Atera and its servers in the inspection whitelist.
Important Note: The Great Firewall of China is currently blocking certain servers essential for AteraAgent to report device availability (online/offline status). Consequently, machines situated in this country may not be manageable from the console. While using a VPN connection may potentially bypass these restrictions, please be advised that we cannot offer specific instructions or support for configuring such setups.
Proxy
Proxy and web-filtering systems are frequently encountered and can impact the stable behavior of the agent.
Ensure that outbound traffic on ports 443 and 8883, as well as file extensions ZIP and EXE from our website (Atera address: agent-api.atera.com), are permitted.
Important Note: Please be aware that Atera does not provide support or guidance for proxy configuration.
Geo-blocking
As an example, SonicWall routers, renowned for their Geo-Blocking features, may require specific configurations.
Ensure the allowance of content traffic, in addition to permitting TCP traffic on ports 443 and 8883, for optimal functionality.
FileVault
If FileVault is enabled, the device status in the Atera Dashboard will appear as Offline as long as no user is logged in. Once a user logs into the device, Atera will reflect the device status as Online. Turning FileVault off will fix this behavior.
Previously installed agent
If an Atera agent was previously installed, and then removed, through a different account, it is necessary to do a full clean-up before installing the new agent.
To do a full clean-up, use these commands in the terminal
cd "/Library/Application Support"
sudo rm -rf com.atera*
sudo rm -rf /Library/LaunchDaemons/com.atera.ateraagent.plist
sudo rm -rf /Applications/AteraAgent.app
Outdated Atera agent installers
Using an outdated installer may lead to issues during the Atera agent installation process. It is advised to utilize an up-to-date installer when installing the agent on a new device. To generate an up-to-date installer, simply follow the steps outlined in our main article.