Core PlatformMoveworks On-Prem Agent

On-Prem Agent Operations and Health

View as Markdown

Common Commands

Commands shown with sudo apply to Docker deployments. Omit sudo when using Podman — see the Installation Guide for details.

TaskCommand
Start agent containerssudo ./setup_agent.sh --start
Stop agent containerssudo ./setup_agent.sh --stop
Reconfigure (credentials, URLs, connectors)sudo ./setup_agent.sh --configure
Upgrade to the latest versionsudo ./setup_agent.sh --upgrade
Validate OS and connectivity./setup_agent.sh --validate
Check running containerssudo docker ps
Follow live container logsdocker logs -f <container_name>
Tail agent log filestail -f /var/log/moveworks/*.INFO.log

Monitoring and Health

Navigate to Moveworks Setup > Core Platform > On-Premise Agents to see all deployed and reachable agents.

Agent Health

Agent health reflects the agent’s ability to serve requests from the Moveworks platform.

StatusMeaning
HealthyAgent successfully serves requests more than 90% of the time
Unhealthy10 or more out of 100 connection attempts from Moveworks failed
UnknownNo calls have been made to this agent yet — health cannot be determined

Agent health reflects the ability to serve requests, not the health of the Docker container itself. A running container can show as Unknown if it has not yet received any requests.

Agent Status

StatusMeaning
ActiveContainer is running and connected to the Moveworks platform
InactiveAgent has stopped or failed to connect. Remains visible for ~30 minutes before being removed from the list

Credential Rotation

Rotating the Moveworks Org Access Secret

If the org access secret expires or needs to be rotated:

  1. Navigate to Moveworks Setup > Core Platform > On-Premise Agents
  2. Click Generate Secret and save the new secret
  3. Reconfigure the agent with the new secret: 
    $sudo ./setup_agent.sh --configure
  4. When prompted for access_secret, enter the new value

The org access secret expires if not used within 30 days of generation. If the agent shows as Inactive or logs a 401 error, rotate the secret first.

Rotating the LDAP / AD Service Account Password

When the Active Directory service account password changes, update it in the agent config:

  1. Log into the agent VM and navigate to the Moveworks folder
  2. Stop the agent: 
    $sudo ./setup_agent.sh --stop
  3. Open the config file: 
    $vi /home/moveworks/agent/conf/agent_config.yml
  4. Under ldap_service_password, change encrypted_value to value and replace the old value with the new password: 
    1ldap_service_password:
    2  value: your-new-password
  5. Save and exit (:wq in vi)
  6. Start the agent: 
    $sudo ./setup_agent.sh --start
  7. Verify the config — the agent automatically re-encrypts value back to encrypted_value on start: 
    $cat /home/moveworks/agent/conf/agent_config.yml

Rotating a REST Service Account Password

Follow the same steps as above, locating the relevant password field under rest_configs in agent_config.yml:

1rest_configs:
2  SNOW:
3    header_decorators:
4    - basic_auth:
5        username: admin
6        password:
7          value: your-new-password

Start the agent after saving — it will encrypt the value automatically.

See Also

  • Troubleshooting — known errors, LDAP and TLS issues, connectivity diagnostics