订阅

UiPath AI Center

UiPath AI Center

6. Configure AI Center

🚧

Before continuing, double-check that the following ports allow inbound connections:

443, 8800, 31443, 31390

Recall from step 1. Provision a Machine, that you also need to allow port 6443 to be accessible from the ip of linux machine itself. Said differently, you can set network configuration rules to constraint IP source address on the rule for port 6443.

Provision an AI Center Tenant

  • Navigate to <linux-machine-ip or domain-name>:31390/ai-app, click on the three-dot menu on the top right, and click on Log in
  • Log-in with the host tenant admin credentials. Make sure you log in to the host tenant, the default will be default.
  • Once logged in, you will see the list of all Orchestrator tenants associated with your account. The first column is whether that tenant is also provisioned in AI Center . Since this is the first time you are logging in, all tenants will show Not Provisioned under AI Center . Click on the 3-dot menu for the tenant you would like to provision, and click Provision. After a few seconds, refreshing will show that tenant as provisioned

Trust the Application Certificate

The application certificate needs to be trusted by the Machine where you will be using AI Center and the machine that will be using UiPath Robot/Studio. This step can be skipped if you used a trusted domain certificate in Step 5.

Navigate to <machine-ip or domain-name>:31390/ai-app. This step involves adding the application certificate to your trusted certificate store.

  • In Google Chome, click the padlock icon in the address bar (this will be an exclamation icon when you repeat the process for port 31443). Some steps may not appear depending on your Chrome version.
  • Click the Show connection details arrow
  • Click the More Information button
  • Click the View Certificate or Certificate button
  • Click the Details tab in the top navigation
  • Click the Copy to File button
  • Follow the Certificate Export Wizard and export the certificate as save the certificate as base64-encoded to some path you can easily reach later.
  • Double-click that certificate and click Install Certificate
  • Set the store location of the certificate to your Local Machine, and place the certificate into the Trusted Root Certificate Authorities folder

❗️

  • Repeat the process outline above for the following certificates:
  • Certificate for Orchestrator
  • Certificate for <linux-machine-ip or domain-name>:31443
    Note: In this case, there will not be a padlock icon but rather an exclamation icon. The page will say "This XML file does not appear to have any style information associated with it..."

Note, these instructions are from the perspective of a user with a simple networking setup adding certificates to their own local machine's Trusted Root Certificate Authorities. An IT admin can add these certificates to the company's Trusted Store so that users within an organization making use of that trusted store need not go through this process.

Verify the Application Install

  • Navigate to <linux-machine-ip or domain-name>:31390/ai-app, if you are still logged-in on the host tenant, use the 3-dot menu on the top-right corner to log out and log in on the tenant you just provisioned in Provisioning an AI Center Tenant.
  • If you see something like Origin authentication failed, this is due to a rarely occurring problem with permissions. To work-around this, go to Orchestrator and create a new role. Give that role AI Center permissions (see About AI Center ) and your user to that role. Navigate back to AI Center (<linux-machine-ip or domain-name>:31390/ai-app), the issue should be resolved.
  • Follow the instructions in About Projects to quickly create a project, you can always delete this later.
  • Follow the instructions in About Datasets to quickly create a Dataset. Uploading some files to the Dataset allows your to verify that the chain of trust has been established and that there are no issues the the underlying object store. If you have problems this most likely is due to a misconfigured certificate trust chain. Make sure that the three certificates in Trust the Application Certificate are in your trusted store.
  • Follow the instructions in Out of the Box Packages to quickly deploy a machine learning model in your tenant. Due to the fact that some of the out-of-the-box packages are quite large and adding them to your account can fail due to connectivity issues, AI Center runs a periodic job that will synchronize the out-of-the-box packages of your account. If you do not have all the ones listed here, don't worry. The recurring synchronization job ensures that eventually your account will have all the models. If after a few days you still do not have all the models listed in Out of the Box Packages, contact UiPath Support.

Verify that the ML Skill Activity can communicate to AI Center

  • On the machine where you are going to use UiPath Studio to build automations, open UiPath Studio and install the UiPath.MLServices.Activities Package if it is not there already.
  • Create an empty RPA workflow and add the ML Skill Activity to the workflow.
  • Click on the drop-down arrow in the ML Skill Activity, if you get an error it means that Studio cannot securely connect to the AI Center back-end. The most common error is Could not establish trust relationship for the SSL/TLS secure channel. This is due to a misconfigured certificate trust chain. Make sure that the three certificates in Trust the Application Certificate are in your trusted store.

Verify that Orchestrator can communicate with AI Center

🚧

This session is only valid for Orchestrator 20.4, for 20.10 and newer version the ML Skills page has been removed from Orchestrator.

  • Go to Orchestrator.
  • Click on the ML Skills tab in the left navigation bar. If there is some misconfiguration, a red-error banner will appear at the top.
  • If there is an error, it was likely due to a misconfigured trust chain or the fact that Orchestrator cannot communicate with AI Center . Verify your network inbound and outbound rules.
  • If you open the "ML Skills tab" and you see a red banner with the message "An Error has occurred", please open Event Viewer to see a more detailed message.

To do this open the Event Viewer application, this can be found through Windows search.

  • Expand Windows logs
  • Click on Application under Window Logs.

Error: Mismatched thumbprint values

If Event Viewer has a message stating "UiPath.Orchestrator.AiFabric.AiFabricInternalException: Failed to connect to AI Center . Error: IDX10638: Cannot create the SignatureProvider, 'key.HasPrivateKey' is false, cannot create signatures. Key: [PII is hidden." proceed with the following troubleshooting steps:

  • Go to IIS Manager and open the Orchestrator Certificate used during installation.
  • Click on Details and verify that the certificate thumbprint value exactly matches the thumprint values written in OrchestratorUiPath.Orchestrator.dll.config (or web.config) (in step 3. Configure Orchestrator ).

Example UiPath.Orchestrator.dll.config (or Web.config):

...
<add key="IDP.CurrentTokenThumbprint" value="fb4e45797efd3d21021828617835d05920945091" />
<add key="IDP.PreviousTokenThumbprint" value="fb4e45797efd3d21021828617835d05920945091" />
...

Error: Keyset does not exist

If Event Viewer has a message stating "Keyset does not Exist’" proceed with the following troubleshooting steps:

  • In the Orchestrator Windows server, go to Run and enter mmc.exe
  • Click on File -> Add/Remove Snap-in
  • Add Certificates in the wizard that opens up and click Ok
  • In the wizard that opens up select the radio button Computer Account and hit Next
  • In the final wizard screen select the ratio button Local computer and click Finish.

Now open the certificate manager:

  • In Windows program search, type Manager Computer Certificates
  • Right click on the Orchestrator certificate in the Personal Store and click Manage Private Keys under the All Tasks menu.
  • Click on add. This will enable you to add a new user to the permissions list.
  • In the wizard that opens, Enter "IIS AppPool<AppPoolName>" replacing <AppPoolName> with your Application Pool. For example:
  • Click Ok, and run iisreset from PowerShell

Verifying Out-of-the-Box ML Packages

Download and installation of out-of-the-box ML Packages (including Document Understanding) will take between 45 minutes to 3 hours depending on your internet bandwidth. The process that uploads these ML packages to your cluster runs independently of the application installer.

Updated 26 days ago


6. Configure AI Center


建议的编辑仅限用于 API 参考页面

You can only suggest edits to Markdown body content, but not to the API spec.