Network and Security Manager - Command Line Tool

The VuGen Network and Security Manager command line tool, lr_agent_settings, lets you update and configure agent-related settings on local and remote machines. It allows you to make these change through a single command.

  • Agent ports
  • Agent settings
  • Authentication
  • Host security

To invoke this tool, you open a command line window and run the following file:

  • Windows (LoadRunner, Standalone Load Generator, Standalone MI Listener, and Monitor Over Firewall):

    <LoadRunner root>\bin\lr_agent_settings.exe.

    Note: The user running the tool should have write permissions to the LoadRunner installation folder.

  • Linux (Standalone Load Generator):

    <LG path>\bin\lr_agent_settings.exe

    The following guidelines apply on Linux machines:

    1. You must have administrator privileges for running this on a Linux machine.
    2. In Amazon cloud environments (AWS), you need to set the M_LROOT environment variable, as shown in the following example: ~$ sudo M_LROOT=/opt/MF/MF_LoadGenerator /opt/MF/MF_LoadGenerator/bin/lr_agent_settings -check_client_cert 0

If you want to automate your test and run it through the command line, use the lr_agent_settings.exe tool described in this topic.

Below is a list of the command line arguments supported by this tool. To retrieve this list on the LoadRunner machine, type lr_agent_settings.exe -usage or lr_agent_settings with no arguments.


  • LoadRunner currently supports basic and NTLM proxy authentication.

  • You can update the certificates on a remote machine only if:

    1. A secure connection was established using SSL.
    2. The client (the machine the tool is running on) was authenticated by the CA certificate on the remote load generator.
    3. Both of the above items were achieved by using certificates other than the defaults.
Option Arguments Description
Remote Update Options


remote host name or IP
The names of the hosts to update with the new settings.
To access the local machine, specify localhost or
For multiple machines, repeat the command: e.g. -remote_host host1 - remote_host host2.
file name

The name of a file containing the host names or IP addresses. Separate multiple host names with a line break. For hosts over a firewall, specify a port. For example,

Agent Port Options
The Load Generator m_agent listening port. Default: 54345
The Load Generator al_agent listening port. .Default: 54245
MIL listening port from Controller. This option is not available on Linux. Default: 50500
MIL listening port from Load Generator over firewall. If you change this port value, you should also change the port for the Load Generator over firewall machine using -mil_port. This option is not available on Linux. Default: 443
Load Generator Over Firewall Options
0 | 1
Indicates whether to communicate over a firewall.
Host name or IP address

Changes the MI listener name or IP address from the side of the load generator over a firewall.

port number

Changes the port for the MI listener from the side of the load generator over a firewall. The default port is 443.

Local machine key

Changes the host symbol (or local machine key) for LG over a firewall, to establish a unique connection from behind the firewall.

MILname:local machine key

Changes the MI Listener name and the local machine key in one string separated by a colon, ":".

-mil_username, -mil_passwd, -mil_domain
username, password, domain

-mil_username. Changes the user name with which to connect to the MI Listener machine.

-mil_passwd. Changes the connection password.

-mil_domain. Changes the domain for MI Listener machine (required only if NTLM is used).
sampling interval in seconds

Changes the sampling interval in seconds—the time the agent waits before retrying to connect to MI Listener machine. The Over Firewall load generator machine polls the MI Listener regularly to see if any Controller needs to use it for a test run. If no request is found, it closes the connection and waits this specified timeout period, before polling it again.


Changes the connection type: HTTP or TCP.

-proxy_name, -proxy_port
hostname, port

-proxy_name. Changes the name of proxy server when using HTTP connection.

-proxy_port xxxx: Changes the port of proxy server.

proxy name:proxy port

Changes the proxy name and port in one string separated by a colon, ":",

-proxy_username, -proxy_passwd, -proxy_domain
username, password, domain

-proxy_username. Changes the user name with which to connect to the proxy server.

-proxy_passwd. Changes the connection password.

0 | 1

Changes the flag to connect using Secure Sockets Layer protocol.

username, password, domain
Changes the password that is optionally required during SSL certificate authentication.
None | Medium | High

Indicates how to authenticate SSL certificates that are sent by the server.

None. Does not authenticate the SSL certificate.

Medium. Verifies that the server certificates is signed by a trusted Certification Authority.

High. Verifies that the sender IP matches the certificates information.

Certificate Authentication Options


0 | 1

0. Do not enforce SSL connections, i.e. allow both SSL and non-SSL connections.

1. Enforce SSL connections only and check if the client certificate is trusted by the CA installed on the agent machine.

Note: When monitoring over firewall, set this flag to 1 on the server machine. For guidelines on determining which machine is considered the server, see MI Listener and Over Firewall Overview.

CA certificate file name

Installs a CA certificate locally. It overwrites the dat\cert\verify\cacert.cer file, but does not affect any configuration file.

Note: You need to generate a CA certificate before installing it. To generate the CA certificate, run gen_ca_cert -common_name <your_selected_common_name, e.g. LoadRunner or HP> from the bin folder. Two files, cacert.cer and capvk.cer, will be generated in the current directory, for the CA certificate and private key. Store capvk.cer securely in a designated folder. Install cacert.cer as a CA certificate on all of your LR/PC installations.

full path of certificate file

Installs authentication certificate locally. It overwrites the dat\cert\verify\cacert.cer file, but does not affect any configuration file.

Note: This step assumes you already generated an SSL certificate ahead of time. Run gen_cert -common_name <your_selected_common_name, e.g. LoadRunner or HP> -CA_cert_file_name <CA_cert_file_full_path> -CA_pk_file_name <CA_private_key_file_full_path> from the bin folder to generate a certificate. You can use it across all of your LR/PC installations.

-generate_new_cert_file -CA_private_key_file_name

Generates a new authentication certificate and installs it to dat\cert\cert.cer.

Note: A CA private key is mandatory to generate a self-signed certificates. The CA certificate will be read from dat\cert\verify\cacert.cer from current machine.

private key file name Sets the matching private key of the SSL certificate you installed with gen_ca_cert -common_name (see above). If you generate an SSL certificate using gen_cert or through the -generate_new_cert_file option in this tool, you can skip this step. You only need it if you use a certificate which does not include a private key in the certificate file, such as the openssl tool.
Host Security Options
security channel key Changes the security key which is used to establish secure communication between an LG and Controller.
0 | 1
Changes the security mode.
Restart Agent Options

Restarts the magent or alagent. It automatically detects whether it is running as a service or process.

Note: If the agent is running a s a process and you want to use the command line to restart it as a service, first use the Agent Configuration Settings Dialog Box to change between the Process and Service mode for the agent.

Read Input Parameters
parameter file

Retrieves the value of input parameters listed in a file. The prm file should have the following format:
-mil_name MyHost1 -local_machine_key my_ofw_win -channel_type HTTP -proxy_name -proxy_port 8080.


  • When using the -prm argument in the command line, all other arguments are ignored.
  • The parameter file should only contain arguments for changing settings—not Remote Update arguments, -remote_host and -remote_file, which will be ignored.

Back to top

Common Examples

Below are some examples for using the Network and Security Manager command line tool to change settings for agent ports, load generator over firewall settings, host security settings, certificate authentication, etc.

In order to use this utility on Linux load generators on an Amazon cloud environment (AWS), you need to set the M_LROOT environment variable as shown in the following example:

~$ sudo M_LROOT=/opt/MF/MF_LoadGenerator /opt/MF/MF_LoadGenerator/bin/lr_agent_settings -check_client_cert 0

Set the agent proxy and port, and the MI Listener over a firewall

lr_agent_settings.exe -proxy_name -proxy_port 8080

lr_agent_settings.exe -m_agent_port 54888

lr_agent_settings.exe -proxy_string (The string before ":" is proxy name, the string after ":" is proxy port)

lr_agent_settings.exe -mil_string MyServer2:my_ofw_unix (The string before ":" is MIL name, the string after ":" is the local machine key)

Read parameters from a file

lr_agent_settings.exe -prm C:\my_settings.prm

where the parameter file is a text file with the parameters you want to use to change the settings, e.g.

-mil_name MyServer3 -local_machine_key my_ofw_win -channel_type HTTP -proxy_name -proxy_port 8080

Remote updates

lr_agent_settings.exe -remote_host MyServer1 -proxy_string

lr_agent_settings.exe -remote_host MyServer1 -prm C:\my_settings.prm

lr_agent_settings.exe -remote_host MyServer2:my_ofw_unix -prm C:\my_settings.prm (MyServer2:my_fow_unix says the remote host is OFW, the name before ":" is MIL name, the string after ":" is local machine key)

lr_agent_settings.exe -remote_host localhost/ -proxy_string (Updates local host)

Remote updates - multiple

lr_agent_setttings.exe -remote_host MyServer1 -remote_host vmlrrnd192 -use_ssl 1

lr_agent_settings.exe -remote_host localhost -remote_host vmlrrnd192 -use_ssl 1

lr_agent_settings.exe -remote_host MyServer1 -remote_host MyServer2:my_ofw_unix -prm C:\my_settings.prm

Remote updates - multiple from file

lr_agent_settings.exe -remote_file C:\remote_hosts.txt -proxy_string

lr_agent_settings.exe -remote_file C:\remote_hosts.txt -prm C:\my_settings.prm

The file contains the hosts separated by line breaks":

Restarting the agent

lr_agent_settings.exe -is_ofw 1 -mil_string MyServer2:my_ofw_win -restart_agent

lr_agent_settings.exe -remote_host MyServer1 -remote_host MyServer2:my_ofw_unix -restart_agent

Note: If you encounter Access Denied warnings when restarting the service, see Agent Configuration Dialog Box for details.

Back to top