AI Center
2020.10
false
Banner background image
AI Center
Last updated Mar 11, 2024

6. Verify Installation

Important:

443, 8800, 31443, 31390

Recall from step 1. Provision a Machine, that you also need to allow port 6443 to be accessible from the ip of linux machine itself. Said differently, you can set network configuration rules to constraint IP source address on the rule for port 6443.

Provision an AI Fabric tenant

  • Navigate to <linux-machine-ip or domain-name\>:31390/ai-app, click on the three-dot menu on the top right, and click on Log in
  • Log-in with the host tenant admin credentials. Make sure you log in to the host tenant, the default will be default.


  • Once logged in, you will see the list of all Orchestrator tenants associated with your account. The first column is whether that tenant is also provisioned in AI Fabric. Since this is the first time you are logging in, all tenants will show Not Provisioned under AI Fabric. Click on the 3-dot menu for the tenant you would like to provision, and click Provision. After a few seconds, refreshing will show that tenant as provisioned


Trust the application certificate

The application certificate needs to be trusted by the Machine where you will be using AI Fabric and the machine that will be using UiPath Robot/Studio. This step can be skipped if you used a trusted domain certificate in Step 5.

Navigate to \<machine-ip or domain-name>:31390/ai-app. This step involves adding the application certificate to your trusted certificate store.

  • In Google Chome, click the padlock icon in the address bar (this will be an exclamation icon when you repeat the process for port 31443). Some steps may not appear depending on your Chrome version.
  • Click the Show connection details arrow
  • Click the More Information button
  • Click the View Certificate or Certificate button
  • Click the Details tab in the top navigation
  • Click the Copy to File button
  • Follow the Certificate Export Wizard and export the certificate as save the certificate as base64-encoded to some path you can easily reach later.


  • Double-click that certificate and click Install Certificate


  • Set the store location of the certificate to your Local Machine, and place the certificate into the Trusted Root Certificate Authorities folder




    Important:
    • Repeat the process outline above for the following certificates:
    • Certificate for Orchestrator
    • Certificate for <linux-machine-ip or domain-name\))\))>:31443
    Note: In this case, there will not be a padlock icon but rather an exclamation icon. The page will say "This XML file does not appear to have any style information associated with it..."
Note: , these instructions are from the perspective of a user with a simple networking setup adding certificates to their own local machine's Trusted Root Certificate Authorities. An IT admin can add these certificates to the company's Trusted Store so that users within an organization making use of that trusted store need not go through this process.

Verify the application installation

  • Navigate to <linux-machine-ip or domain-name\>:31390/ai-app, if you are still logged-in on the host tenant, use the 3-dot menu on the top-right corner to log out and log in on the tenant you just provisioned in Provisioning an AI Fabric Tenant.
  • If you see something like Origin authentication failed, this is due to a rarely occurring problem with permissions. To work-around this, go to Orchestrator and create a new role. Give that role AI Fabric permissions (see About AI Fabric ) and your user to that role. Navigate back to AI Fabric (<linux-machine-ip or domain-name\>:31390/ai-app), the issue should be resolved.
  • Follow the instructions in About Projects to quickly create a project, you can always delete this later.
  • Follow the instructions in About Datasets to quickly create a Dataset. Uploading some files to the Dataset allows your to verify that the chain of trust has been established and that there are no issues the the underlying object store. If you have problems this most likely is due to a misconfigured certificate trust chain. Make sure that the three certificates in Trust the Application Certificate are in your trusted store.
  • Follow the instructions in Out of the Box Packages to quickly deploy a machine learning model in your tenant. Due to the fact that some of the out-of-the-box packages are quite large and adding them to your account can fail due to connectivity issues, AI Fabric runs a periodic job that will synchronize the out-of-the-box packages of your account. If you do not have all the ones listed here, don't worry. The recurring synchronization job ensures that eventually your account will have all the models. If after a few days you still do not have all the models listed in Out of the Box Packages, contact UiPath Support.

Verify if the ML Skill activity can communicate with AI Fabric

  • On the machine where you are going to use UiPath Studio to build automations, open UiPath Studio and install the UiPath.MLServices.Activities Package if it is not there already.
  • Create an empty RPA workflow and add the ML Skill Activity to the workflow.
  • Click on the drop-down arrow in the ML Skill Activity, if you get an error it means that Studio cannot securely connect to the AI Fabric back-end. The most common error is Could not establish trust relationship for the SSL/TLS secure channel. This is due to a misconfigured certificate trust chain. Make sure that the three certificates in Trust the Application Certificate are in your trusted store.

Verify if Orchestrator can communicate with AI Fabric

Important: This session is only valid for Orchestrator 20.4, for 20.10 and newer version the ML Skills page has been removed from Orchestrator.

- Go to Orchestrator.

- Click on the `ML Skills` tab in the left navigation bar. If there is some misconfiguration, a red-error banner will appear at the top. - If there is an error, it was likely due to a misconfigured trust chain or the fact that Orchestrator cannot communicate with AI Fabric. Verify your network inbound and outbound rules. - If you open the "ML Skills tab" and you see a red banner with the message "An Error has occurred", please open `Event Viewer` to see a more detailed message.

To do this open the Event Viewer application, this can be found through Windows search.


  • Expand Windows logs


  • Click on Application under Window Logs.

Error: Mismatched thumbprint values

If Event Viewer has a message stating "UiPath.Orchestrator.AiFabric.AiFabricInternalException: Failed to connect to AI Fabric. Error: IDX10638: Cannot create the SignatureProvider, 'key.HasPrivateKey' is false, cannot create signatures. Key: [PII is hidden." proceed with the following troubleshooting steps:
  • Go to IIS Manager and open the Orchestrator Certificate used during installation.
  • Click on Details and verify that the certificate thumbprint value exactly matches the thumprint values written in Orchestrator web.config (in step 3. Configure Orchestrator).


Example Web.config:

...
<add key="IDP.CurrentTokenThumbprint" value="fb4e45797efd3d21021828617835d05920945091" />
<add key="IDP.PreviousTokenThumbprint" value="fb4e45797efd3d21021828617835d05920945091" />
......
<add key="IDP.CurrentTokenThumbprint" value="fb4e45797efd3d21021828617835d05920945091" />
<add key="IDP.PreviousTokenThumbprint" value="fb4e45797efd3d21021828617835d05920945091" />
...

Error: Keyset does not exist

If Event Viewer has a message stating "Keyset does not Exist’" proceed with the following troubleshooting steps:
  • In the Orchestrator Windows server, go to Run and enter mmc.exe
  • Click on File -> Add/Remove Snap-in


  • Add Certificates in the wizard that opens up and click Ok


  • In the wizard that opens up select the radio button Computer Account and hit Next
  • In the final wizard screen select the ratio button Local computer and click Finish.

Now open the certificate manager:

  • In Windows program search, type Manager Computer Certificates
  • Right click on the Orchestrator certificate in the Personal Store and click Manage Private Keys under the All Tasks menu.


  • Click on add. This will enable you to add a new user to the permissions list.


  • In the wizard that opens, Enter "IIS AppPool\<AppPoolName>" replacing <AppPoolName> with your Application Pool. For example:


  • Click Ok, and run iisreset from PowerShell

Verify out of the box ML packages

Download and installation of out-of-the-box ML Packages (including Document Understanding) will take between 45 minutes to 3 hours depending on your internet bandwidth. The process that uploads these ML packages to your cluster runs independently of the application installer.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2024 UiPath. All rights reserved.