3. Configure Orchestrator

Orchestrator configuration entails adding some fields in the Orchestrator UiPath.Orchestrator.dll.config (or Web.config for Orchestrator 20.4). Before you begin, backup your existing UiPath.Orchestrator.dll.config file (for example making a copy in a different path).

Below we provide two options to update this configuration:

Automated Configuration . A PowerShell script.
Manual Configuration - A step-by-step guideline with explanations, this should be used in very unique cases (such as governance rules not allowing for automated changes to Orchestrator Config). Manual configuration is error prone and can lead to downstream installation issues.
Note: Please note that if you update DNS or certificates for Orchestrator or Identity Server, AI Fabric would stop working. You would need to reconfigure the Orchestrator certificates, then redeploy AI Fabric to fix it.

Automated configuration

Important: This should be the preferred approach. Manual Configuration should only be used in very special cases.

Open PowerShell in Administrator mode. * Download the file [here](https://raw.githubusercontent.com/UiPath/ai-customer-scripts/master/orchestrator/orchestratorAutomationAIF20-10.ps1). This can be done with the following command:
```
wget https://raw.githubusercontent.com/UiPath/ai-customer-scripts/master/orchestrator/orchestratorAutomationAIF20-10.ps1 -outfile "orchestratorAutomationAIF20-10.ps1"wget https://raw.githubusercontent.com/UiPath/ai-customer-scripts/master/orchestrator/orchestratorAutomationAIF20-10.ps1 -outfile "orchestratorAutomationAIF20-10.ps1"
```

You can familiarize yourself with the script options by running:

get-help .\)\)orchestratorAutomationAIF20-10.ps1 -fullget-help .\)\)orchestratorAutomationAIF20-10.ps1 -full

For most of the Orchestrator installations, the default values for the non-mandatory options will work. In these cases run:

.\)\)orchestratorAutomationAIF20-10.ps1 -aifip "<aif-linux-machine-domain-name-or-ip>" -orcname "<Orchestrator-Domain-Name Lower>".\)\)orchestratorAutomationAIF20-10.ps1 -aifip "<aif-linux-machine-domain-name-or-ip>" -orcname "<Orchestrator-Domain-Name Lower>"

Where you replace <AIF Machine Domain Name or IP> with the ip of the linux machine where AI Fabric will be installed (or the fully qualified domain name if AI Fabric will be installed with a certificate) and

<Orchestrator Domain
                     Name Lower Case>

with the domain name of Orchestrator. The letter case must exactly match the Orchestrator certificate used to install Orchestrator.

If you are using a non-standard port for AI Fabric (for example, you have a proxy or a load-balancer in the case of a HA setup), you can add the optional parameter for the port. (aifport "31390")

Important: The Orchestrator domain entered must exactly match the name of the domain in the certificate. This includes case-sensitivity. Be sure to match the uppercase and lowercase characters.

If you have a non-standard path to Orchestrator UiPath.Orchestrator.dll.config (Web.config), you can specify the path to the file explicitly:

.\)\)orchestratorAutomationAIF20-10.ps1 -aifip "<aif-linux-machine-domain-name-or-ip>" -orcname "<Orchestrator-Domain-Name Lower>" -config "<Path to UiPath.Orchestrator.dll.config file>".\)\)orchestratorAutomationAIF20-10.ps1 -aifip "<aif-linux-machine-domain-name-or-ip>" -orcname "<Orchestrator-Domain-Name Lower>" -config "<Path to UiPath.Orchestrator.dll.config file>"

Sanity check configuration check

Note: In below section, config file will design Web.config if you are using Orchestrator 20.4 and UiPath.Orchestrator.dll.config for newer versions.

After applying the script below, your config file will be modified. Applying a file diff on your previous config file and the modified config file looks like this:

Compare the certificate (which was used to install Orchestrator) thumbprint values, to the values in the modified config file. These values should be the same:

Similarly, compare the base-64 encoded certificate to the IDP.SigningCertificate field in the modified config file. These should be the same:

Manual configuration

Add AI Fabric keys to the config file.

Go to the windows server where Orchestrator is running and open Orchestrator config file.

Add the following lines within the <appSettings></appSettings> section, preferably right before the closing appSettings tag.

<add key="AiFabric.Licensing" value="true" />
    <add key="AiFabric.MLSkillsCreate" value="false" />
    <add key="AiFabric.MLSkillsCreateOOB" value="false" />
    <add key="AiFabric.PackagesCreate" value="false" />
    <add key="AiFabric.Packages" value="false" />
    <add key="AiFabric.Logs" value="false" />
    <add key="AiFabric.ModuleEnabled" value="true" />
    <add key="AiFabric.FeatureEnabledByDefault" value="true" />
    <add key="AiFabric.ModelStorageUrl" value="https://${AIF-IP}:31443" />
    <add key="AiFabric.MLPackagingInstructionsUrl" value="https://docs.uipath.com/ai-fabric/v2020.7/docs/building-ml-packages" />
     <add key="AiFabric.MLServiceUrl" value="https://${AIF-IP}:31390" />
    <add key="AiFabric.MLSkillUrl" value="https://${AIF-IP}:31390/ai-deployer" />
    <add key="AiFabric.MLPackageUrl" value="https://${AIF-IP}:31390/ai-pkgmanager" />
    <add key="AiFabric.MLLogUrl" value="https://${AIF-IP}:31390/ai-helper" />
    <add key="AiFabric.MLTrainUrl" value="https://${AIF-IP}:31390/ai-trainer" />
    <add key="AiFabric.AccountId" value="host" />
    
    <add key="IDP.Scope" value="["AIFabric","Orchestrator"]" />
    <add key="IDP.CurrentTokenThumbprint" value="<THUMBPRINT>" />
    <add key="IDP.PreviousTokenThumbprint" value="<THUMBPRINT>" />
    <add key="IDP.SigningCertificate" value="<BASE64 SIGNING CERTIFICATE>" />
    <add key="IDP.Authority" value="https://${ORCHESTRATOR_URL}/api/auth/" />
    <add key="IdentityProviderFeature.Enabled" value="true" />
    
    <add key="Auth.OAuth.SharedRobotOAuthClientId" value="03FFA863-3C0C-4EEC-BBE5-094D4FCF4F22" />
    <add key="Auth.OAuth.SharedRobotOAuthAuthority" value="https://${ORCHESTRATOR_URL}/api/auth/" />
    <add key="Auth.OAuth.SharedOrchestratorOAuthClientId" value="a42436d5-4cd6-4d6a-9311-51271d9fc217" />
    <add key="Auth.OAuth.SharedOrchestratorOAuthAuthority" value="https://${ORCHESTRATOR_URL}/api/auth/" />
    <add key="Auth.OAuth.OrchestratorOAuthAudience" value="Orchestrator" />
    <add key="Auth.OAuth.RobotAuthenticationEnabled" value="true" /><add key="AiFabric.Licensing" value="true" />
    <add key="AiFabric.MLSkillsCreate" value="false" />
    <add key="AiFabric.MLSkillsCreateOOB" value="false" />
    <add key="AiFabric.PackagesCreate" value="false" />
    <add key="AiFabric.Packages" value="false" />
    <add key="AiFabric.Logs" value="false" />
    <add key="AiFabric.ModuleEnabled" value="true" />
    <add key="AiFabric.FeatureEnabledByDefault" value="true" />
    <add key="AiFabric.ModelStorageUrl" value="https://${AIF-IP}:31443" />
    <add key="AiFabric.MLPackagingInstructionsUrl" value="https://docs.uipath.com/ai-fabric/v2020.7/docs/building-ml-packages" />
     <add key="AiFabric.MLServiceUrl" value="https://${AIF-IP}:31390" />
    <add key="AiFabric.MLSkillUrl" value="https://${AIF-IP}:31390/ai-deployer" />
    <add key="AiFabric.MLPackageUrl" value="https://${AIF-IP}:31390/ai-pkgmanager" />
    <add key="AiFabric.MLLogUrl" value="https://${AIF-IP}:31390/ai-helper" />
    <add key="AiFabric.MLTrainUrl" value="https://${AIF-IP}:31390/ai-trainer" />
    <add key="AiFabric.AccountId" value="host" />
    
    <add key="IDP.Scope" value="["AIFabric","Orchestrator"]" />
    <add key="IDP.CurrentTokenThumbprint" value="<THUMBPRINT>" />
    <add key="IDP.PreviousTokenThumbprint" value="<THUMBPRINT>" />
    <add key="IDP.SigningCertificate" value="<BASE64 SIGNING CERTIFICATE>" />
    <add key="IDP.Authority" value="https://${ORCHESTRATOR_URL}/api/auth/" />
    <add key="IdentityProviderFeature.Enabled" value="true" />
    
    <add key="Auth.OAuth.SharedRobotOAuthClientId" value="03FFA863-3C0C-4EEC-BBE5-094D4FCF4F22" />
    <add key="Auth.OAuth.SharedRobotOAuthAuthority" value="https://${ORCHESTRATOR_URL}/api/auth/" />
    <add key="Auth.OAuth.SharedOrchestratorOAuthClientId" value="a42436d5-4cd6-4d6a-9311-51271d9fc217" />
    <add key="Auth.OAuth.SharedOrchestratorOAuthAuthority" value="https://${ORCHESTRATOR_URL}/api/auth/" />
    <add key="Auth.OAuth.OrchestratorOAuthAudience" value="Orchestrator" />
    <add key="Auth.OAuth.RobotAuthenticationEnabled" value="true" />

Replace ${AIF-IP} with the IP of the linux machine where you are going to install AI Fabric.
Replace ${ORCHESTRATOR_URL} with the Orchestrator domain-name.
Replace <THUMBPRINT> with the certificate thumbprint of the Orchestrator certificate. Specifically, at the time of installing Orchestrator, a self signed certificate or a proper certificate has to be given as input for the MSI installer, the thumbprint values should correspond to that certificate.
Replace <BASE64 SIGNING CERTIFICATE> with the Orchestrator certificate. To do this, go to the Orchestrator certificate (given at Orchestrator install time). In the Certificate Manager, right-click the certificate, and follow the export wizard. Be sure to select base-64 encoded X.509 as the format.
Open the file in an editor like Notepad++ and copy the certificate (between BEGIN CERTFICATE and END CERTIFICATE). Remove the newline characters such that you have one long string with the entire certificate. This long string is what must replace <BASE64 SIGNING CERTIFICATE>.

Add clicnet applications to the config file.

Outside of the appSettings tag, add the following lines:

</appSettings>
  <ClientApplications>
    <add displayName="Robot" clientId="03ffa863-3c0c-4eec-bbe5-094d4fcf4f22" jwtExpirationInSeconds="86400"/>
    <add displayName="Orchestrator" clientId="a42436d5-4cd6-4d6a-9311-51271d9fc217" jwtExpirationInSeconds="86400"/>
  </ClientApplications></appSettings>
  <ClientApplications>
    <add displayName="Robot" clientId="03ffa863-3c0c-4eec-bbe5-094d4fcf4f22" jwtExpirationInSeconds="86400"/>
    <add displayName="Orchestrator" clientId="a42436d5-4cd6-4d6a-9311-51271d9fc217" jwtExpirationInSeconds="86400"/>
  </ClientApplications>

Add Identty Provider to the config file.

Inside the <configSections></configSections> tags in config file , add the following lines:

<section name="ClientApplications" type="UiPath.Orchestrator.Security.IdentityProvider.Model.ClientApplications, UiPath.Orchestrator.Security.IdentityProvider" /><section name="ClientApplications" type="UiPath.Orchestrator.Security.IdentityProvider.Model.ClientApplications, UiPath.Orchestrator.Security.IdentityProvider" />