Before continuing, double-check that the following ports allow inbound connections:
443, 8800, 31443, 31390
Recall from step 1. Provision a Machine, that you also need to allow port 6443 to be accessible from the ip of linux machine itself. Said differently, you can set network configuration rules to constraint IP source address on the rule for port 6443.
- Navigate to <linux-machine-ip or domain-name>:31390/ai-app, click on the three-dot menu on the top right, and click on
- Log-in with the host tenant admin credentials. Make sure you log in to the host tenant, the default will be
- Once logged in, you will see the list of all Orchestrator tenants associated with your account. The first column is whether that tenant is also provisioned in AI Center . Since this is the first time you are logging in, all tenants will show
Not Provisionedunder AI Center . Click on the 3-dot menu for the tenant you would like to provision, and click
Provision. After a few seconds, refreshing will show that tenant as provisioned
The application certificate needs to be trusted by the Machine where you will be using AI Center and the machine that will be using UiPath Robot/Studio. This step can be skipped if you used a trusted domain certificate in Step 5.
Navigate to <machine-ip or domain-name>:31390/ai-app. This step involves adding the application certificate to your trusted certificate store.
- In Google Chome, click the padlock icon in the address bar (this will be an exclamation icon when you repeat the process for port 31443). Some steps may not appear depending on your Chrome version.
- Click the
Show connection detailsarrow
- Click the
- Click the
- Click the
Detailstab in the top navigation
- Click the
Copy to Filebutton
- Follow the Certificate Export Wizard and export the certificate as save the certificate as base64-encoded to some path you can easily reach later.
- Double-click that certificate and click
- Set the store location of the certificate to your Local Machine, and place the certificate into the Trusted Root Certificate Authorities folder
- Repeat the process outline above for the following certificates:
- Certificate for Orchestrator
- Certificate for <linux-machine-ip or domain-name>:31443
Note: In this case, there will not be a padlock icon but rather an exclamation icon. The page will say "This XML file does not appear to have any style information associated with it..."
Note, these instructions are from the perspective of a user with a simple networking setup adding certificates to their own local machine's Trusted Root Certificate Authorities. An IT admin can add these certificates to the company's Trusted Store so that users within an organization making use of that trusted store need not go through this process.
- Navigate to <linux-machine-ip or domain-name>:31390/ai-app, if you are still logged-in on the
hosttenant, use the 3-dot menu on the top-right corner to log out and log in on the tenant you just provisioned in Provisioning an AI Center Tenant.
- If you see something like
Origin authentication failed, this is due to a rarely occurring problem with permissions. To work-around this, go to Orchestrator and create a new role. Give that role AI Center permissions (see About AI Center ) and your user to that role. Navigate back to AI Center (<linux-machine-ip or domain-name>:31390/ai-app), the issue should be resolved.
- Follow the instructions in About Projects to quickly create a project, you can always delete this later.
- Follow the instructions in About Datasets to quickly create a Dataset. Uploading some files to the Dataset allows your to verify that the chain of trust has been established and that there are no issues the the underlying object store. If you have problems this most likely is due to a misconfigured certificate trust chain. Make sure that the three certificates in Trust the Application Certificate are in your trusted store.
- Follow the instructions in Out of the Box Packages to quickly deploy a machine learning model in your tenant. Due to the fact that some of the out-of-the-box packages are quite large and adding them to your account can fail due to connectivity issues, AI Center runs a periodic job that will synchronize the out-of-the-box packages of your account. If you do not have all the ones listed here, don't worry. The recurring synchronization job ensures that eventually your account will have all the models. If after a few days you still do not have all the models listed in Out of the Box Packages, contact UiPath Support.
- On the machine where you are going to use UiPath Studio to build automations, open UiPath Studio and install the UiPath.MLServices.Activities Package if it is not there already.
- Create an empty RPA workflow and add the ML Skill Activity to the workflow.
- Click on the drop-down arrow in the ML Skill Activity, if you get an error it means that Studio cannot securely connect to the AI Center back-end. The most common error is
Could not establish trust relationship for the SSL/TLS secure channel. This is due to a misconfigured certificate trust chain. Make sure that the three certificates in Trust the Application Certificate are in your trusted store.
This session is only valid for Orchestrator 20.4, for 20.10 and newer version the ML Skills page has been removed from Orchestrator.
- Go to Orchestrator.
- Click on the
ML Skillstab in the left navigation bar. If there is some misconfiguration, a red-error banner will appear at the top.
- If there is an error, it was likely due to a misconfigured trust chain or the fact that Orchestrator cannot communicate with AI Center . Verify your network inbound and outbound rules.
- If you open the "ML Skills tab" and you see a red banner with the message "An Error has occurred", please open
Event Viewerto see a more detailed message.
To do this open the
Event Viewer application, this can be found through Windows search.
- Click on
Event Viewer has a message stating "UiPath.Orchestrator.AiFabric.AiFabricInternalException: Failed to connect to AI Center . Error: IDX10638: Cannot create the SignatureProvider, 'key.HasPrivateKey' is false, cannot create signatures. Key: [PII is hidden." proceed with the following troubleshooting steps:
- Go to IIS Manager and open the Orchestrator Certificate used during installation.
- Click on
Detailsand verify that the certificate thumbprint value exactly matches the thumprint values written in OrchestratorUiPath.Orchestrator.dll.config (or web.config) (in step 3. Configure Orchestrator ).
Example UiPath.Orchestrator.dll.config (or Web.config):
... <add key="IDP.CurrentTokenThumbprint" value="fb4e45797efd3d21021828617835d05920945091" /> <add key="IDP.PreviousTokenThumbprint" value="fb4e45797efd3d21021828617835d05920945091" /> ...
Event Viewer has a message stating "Keyset does not Exist’" proceed with the following troubleshooting steps:
- In the Orchestrator Windows server, go to
- Click on File ->
Certificatesin the wizard that opens up and click
- In the wizard that opens up select the radio button
Computer Accountand hit
- In the final wizard screen select the ratio button
Local computerand click Finish.
Now open the certificate manager:
- In Windows program search, type
Manager Computer Certificates
- Right click on the Orchestrator certificate in the
PersonalStore and click
Manage Private Keysunder the
- Click on add. This will enable you to add a new user to the permissions list.
- In the wizard that opens, Enter "IIS AppPool<AppPoolName>" replacing
<AppPoolName>with your Application Pool. For example:
- Click Ok, and run iisreset from PowerShell
Download and installation of out-of-the-box ML Packages (including Document Understanding) will take between 45 minutes to 3 hours depending on your internet bandwidth. The process that uploads these ML packages to your cluster runs independently of the application installer.
Updated 26 days ago