Installation on Windows (in Asset Mode)

XplicitTrust can run on Windows systems in two modes:

• Client Mode: for regular users to access services (like SSH, HTTPS, remote desktop, etc).

• Asset Mode: services (like SSH, HTTPS, remote desktop, etc) can be remotely accessed from an XplicitTrust client, or from another system running in Asset Mode.

On this page are the instructions for Asset Mode.

Installation

To install the XplicitTrust agent:

Download client at https://dl.xplicittrust.com/xtna-agent.msi

Graphical installation (default)Headless installation

Double click on the downloaded file to install (and accept any prompts, if necessary).
Please wait until you see a system tray icon that looks as follows, before moving to the next step:

Run the following (in Downloads folder), then wait ca. 30 seconds before next step:

msiexec /i xtna-agent.msi /qn

Configuration

Automatic provisioningUnattended provisioningManual provisioning (with config file)

1. To register the machine as an asset and (optionally) add it to the default policicy run:

   xtna-util -user <XplicitTrust admin email address> -default-policy
   

2. Open the URL that xtna-util returns in a browser to authenticate.

   If you chose the Headless Installation above, your Asset is fully configured and should already appear as Online in the Command Console. If you have chosen the Graphical Installation proceed with the following steps.

3. A window will open asking if you want to import the XplicitTrust config file.
   
   If you don't see the window, please look in the task bar (not the system tray) for an icon that looks like this (highlighted in red), and click on it:

   

   
   
   
   

   Please click "Yes" in the window:
   
   

   
   
   
   
   
   
   

   
   
   
   
   

4. The XplicitTrust icon in the system tray should now look like this:
   

   
   
   

   This means the installation was successful, and the system is now connected.

   Troubleshooting Tip

   If you encountered problems during the installation, please check that your Windows sandbox is disabled. Windows sandbox networking can interfere with the host machine's networking.
   

   How to Disable Windows Sandbox:
   

   Use the search bar on the task bar and type 'Turn Windows Features on or off' to access the Windows Optional Features tool. Unselect Windows Sandbox and then OK. Restart the computer if you're prompted.

1. Go to the admin console settings page

2. Create a new "Asset Creation Token", configure it, download and store it in a secure place

3. Use the token to register assets

   xtna-util -domain <tenant domain> -token <token>
   

   If you chose the Headless Installation above, your Asset is fully configured and should already appear as Online in the Command Console. If you have chosen the Graphical Installation proceed with the following steps.

4. A window will open asking if you want to import the XplicitTrust config file.
   
   If you don't see the window, please look in the task bar (not the system tray) for an icon that looks like this (highlighted in red), and click on it:

   

   
   
   
   

   Please click "Yes" in the window:
   
   

   
   
   
   
   
   
   

   
   
   
   
   

5. The XplicitTrust icon in the system tray should now look like this:
   

   
   
   

   This means the installation was successful, and the system is now connected.

   Troubleshooting Tip

   If you encountered problems during the installation, please check that your Windows sandbox is disabled. Windows sandbox networking can interfere with the host machine's networking.
   

   How to Disable Windows Sandbox:
   

   Use the search bar on the task bar and type 'Turn Windows Features on or off' to access the Windows Optional Features tool. Unselect Windows Sandbox and then OK. Restart the computer if you're prompted.

1. Go to the admin console assets page

2. Click "Create new" button, fill out form, click "Apply"

3. Click "Download Config" icon at top of the form box:

   

4. Copy the configuration to the asset and run:

   xtna-util -import xtna-*.xtconfig
   

   If you chose the Headless Installation above, your Asset is fully configured and should already appear as Online in the Command Console. If you have chosen the Graphical Installation proceed with the following steps.

5. A window will open asking if you want to import the XplicitTrust config file.
   
   If you don't see the window, please look in the task bar (not the system tray) for an icon that looks like this (highlighted in red), and click on it:

   

   
   
   
   

   Please click "Yes" in the window:
   
   

   
   
   
   
   
   
   

   
   
   
   
   

6. The XplicitTrust icon in the system tray should now look like this:
   

   
   
   

   This means the installation was successful, and the system is now connected.

   Troubleshooting Tip

   If you encountered problems during the installation, please check that your Windows sandbox is disabled. Windows sandbox networking can interfere with the host machine's networking.
   

   How to Disable Windows Sandbox:
   

   Use the search bar on the task bar and type 'Turn Windows Features on or off' to access the Windows Optional Features tool. Unselect Windows Sandbox and then OK. Restart the computer if you're prompted.

System Tray Icons

You can see the status of your XplicitTrust Windows client in the system tray at the bottom right of the screen (not on Windows Server Core):

XplicitTrust tunnels are up and running, click on it to see status information.

Windows client is authenticating itself, tunnels are not up yet.

Windows client is offline.

Tested Windows Versions

Windows 10, Windows 11, Windows Server 2019, Windows Server 2019 Core, Windows Server 2012

Troubleshooting

If the registration fails or the agent is not able to get Online check that outgoing HTTPS connections (TCP port 443) are allowed. For the best experience, allow outgoing connections on UDP port range 51820 - 60000.

Consult the FAQ to learn more about troubleshooting firewalls.