- Release Notes
- Getting Started
- Installation and Upgrade
- Access and Permissions
- Interacting with Insights
- Troubleshooting
Insights
Installation
- Ensure that you meet the Hardware and Software Requirements for Insights.
- Enable IIS 10+.
To enable IIS 10+, go to Control Panel > Programs > Turn Windows features on or off > IIS.
Enable the following Web Server (IIS) modules:- Web Server
- Common HTTP Features
- Default Document
- Directory Browsing
- HTTP Errors
- Default Document
- Static Content
- Health and Diagnostics
- HTTP Logging
- Performance
- Static Content
- Security
- Request Filtering
- Common HTTP Features
- Management Tools
- IIS Management Console
- Web Server
- Download and install .NET Hosting Bundle version 3.1.17+.
- Download .NET Hosting Bundle.
- In Command Prompt, run
net stop was /y
and thennet start w3svc
.
- Install Orchestrator and enable the Insights feature. You need to
get an installation access token from Orchestrator.
Important:• Make sure that you select the
db_owner
role as this is required when you add the database owner role during the Insights SQL Server configuration.• Both the Orchestrator and Insights versions need to match. For example, if you run Orchestrator version 2021.10.1, you need to run the same version of Insights to establish proper communication between the two UiPath products.
- Enable HTTPS on your server using an SSL certificate. The procedure is similar to the one
provided for Orchestrator. See Using a Certificate for the HTTPS Protocol.
- Get self-signed certificate with your
DNS and import it into
certlm.msc
.
- Run the following
command:
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname <your-dns-name> -KeySpec KeyExchange $pwd = ConvertTo-SecureString -String '<your-password>' -Force -AsPlainText $path = 'cert:\localMachine\my\' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath <path-to-save>\cert.pfx -Password $pwd
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname <your-dns-name> -KeySpec KeyExchange $pwd = ConvertTo-SecureString -String '<your-password>' -Force -AsPlainText $path = 'cert:\localMachine\my\' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath <path-to-save>\cert.pfx -Password $pwdNote: Make sure to replace the following:<your-dns-name>
with the DNS name of your server or virtual machine<your-password>
with the password you want to encrypt the certificate with<path-to-save>
with the location where you want to save the exported.pfx
format certificate
- Manually install the certificate in
both Personal and Trusted using the certificate manager.
Important: It is preferable to use a SAN SSL certificate submitted to a Certificate Authority rather than a self-signed one.
- Self-signed certificates (and those from your own certificate authority) must be installed in both the Trusted Root and Personal certificate stores on the Insights machine, and must also be marked as Exportable.
- Certificates submitted to a Certificate Authority only need to be installed in Trusted Root.
Note that when using a self-signed certificate, you may experience issues if accessing Insights via Firefox or Edge. Internet Explorer support is no longer offered for Insights 2021.4 or newer.
- Get self-signed certificate with your
DNS and import it into
- When specifying a hostname for Insights, make sure that the desired hostname is resolvable
within your DNS.
- Verify that the server where Insights will be installed can communicate with the server(s) where Orchestrator is installed and vice versa.
- If you are using a local or a cloud-hosted VM, it must support nested virtualization on Windows operating systems.
- Make sure to use TLS 1.1 or 1.2.
- Make sure the following ports are open and accessible:
543
(default),9999
, and19999
.Create an inbound port rule for each port to open it up:543
,9999
,19999
.
- Port
543
:
- Port
9999
:
- Port
19999
:
- Port
- Install Docker based on your
environment.
Install Docker for Windows Server 2019:
- Using PowerShell, create the
following
variable:
$TMP_WORKDIR="c:\docker"
$TMP_WORKDIR="c:\docker" - Using PowerShell, create the
following
directory:
New-Item $TMP_WORKDIR -ItemType Directory -force
New-Item $TMP_WORKDIR -ItemType Directory -force - Enable the following Windows
features: Hyper-V and Container. To do this, take the following steps:
- Navigate to the Control Panel, then go to Programs.
- Click Turning the Windows features on or off.
- Select the checkboxes next to Hyper-V in the Server Roles tab and Container in the Features tab.
- Restart the server if
required.
- You can use PowerShell to download Docker and unzip the Linux Containers to the
$TMP_WORKDIR folder, by running the following
command:
Invoke-WebRequest -URI "https://download.docker.com/win/static/stable/x86_64/docker-20.10.24.zip" -OutFile "$TMP_WORKDIR\docker-20.10.24.zip"
Invoke-WebRequest -URI "https://download.docker.com/win/static/stable/x86_64/docker-20.10.24.zip" -OutFile "$TMP_WORKDIR\docker-20.10.24.zip" - You can use PowerShell to download lcow kernel and unzip the Linux Containers
to the $TMP_WORKDIR folder, by running the following
command:
Invoke-WebRequest -Uri "https://github.com/linuxkit/lcow/releases/download/v4.14.35-v0.3.9/release.zip" -UseBasicParsing -OutFile "$TMP_WORKDIR\release.zip"
Invoke-WebRequest -Uri "https://github.com/linuxkit/lcow/releases/download/v4.14.35-v0.3.9/release.zip" -UseBasicParsing -OutFile "$TMP_WORKDIR\release.zip" - Next, install Docker and
lcow:
Expand-Archive $TMP_WORKDIR\Docker-20.10.24.zip -DestinationPath $Env:ProgramFiles -Force Expand-Archive $TMP_WORKDIR\release.zip -DestinationPath "$Env:ProgramFiles\Linux Containers\." -Force
Expand-Archive $TMP_WORKDIR\Docker-20.10.24.zip -DestinationPath $Env:ProgramFiles -Force Expand-Archive $TMP_WORKDIR\release.zip -DestinationPath "$Env:ProgramFiles\Linux Containers\." -Force - Next, using PowerShell, set the
environment variables by running the following
command:
[Environment]::SetEnvironmentVariable("PATH", $Env:PATH + ";$Env:ProgramFiles\docker", [EnvironmentVariableTarget]::Machine) [Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine") [Environment]::SetEnvironmentVariable("LCOW_API_PLATFORM_IF_OMITTED", "linux", "Machine")
[Environment]::SetEnvironmentVariable("PATH", $Env:PATH + ";$Env:ProgramFiles\docker", [EnvironmentVariableTarget]::Machine) [Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine") [Environment]::SetEnvironmentVariable("LCOW_API_PLATFORM_IF_OMITTED", "linux", "Machine") - Using PowerShell, enable the
Experimental Features in
daemon.json
by running the following command:$configfile = @" { "experimental": true } "@ $configfile|Out-File -FilePath C:\ProgramData\docker\config\daemon.json -Encoding ascii -Force
$configfile = @" { "experimental": true } "@ $configfile|Out-File -FilePath C:\ProgramData\docker\config\daemon.json -Encoding ascii -Force - Register the service by running the
following command in
PowerShell:
cd $Env:ProgramFiles\docker .\dockerd.exe --register-service
cd $Env:ProgramFiles\docker .\dockerd.exe --register-service - Lastly, restart your computer by
running the following command in
PowerShell:
Restart-Computer -Force
Restart-Computer -Force
Install Docker on air-gapped VMs:
To install Docker in air-gapped environments, you need to perform two steps. First, download the installation files to an online VM, then copy the files to your offline VM, where you want to install it.
Requirements- Make sure the offline VM meets the requirements for the Insights Server.
- The online VM needs to run Windows Server 2019+ and have internet access.
Download Docker installation files on the online VM
In your online VM, open PowerShell as Administrator and run the following commands to create a new Docker folder.
# variables $TMP_WORKDIR="c:\docker" # Create tmp_workdir New-Item $TMP_WORKDIR -ItemType Directory -force # Install Hyper-V and Containers Install-WindowsFeature Hyper-V Install-WindowsFeature containers
# variables $TMP_WORKDIR="c:\docker" # Create tmp_workdir New-Item $TMP_WORKDIR -ItemType Directory -force # Install Hyper-V and Containers Install-WindowsFeature Hyper-V Install-WindowsFeature containersDownload lcow kernel and unzip the Linux Containers to the $TMP_WORKDIR folder.
# Get docker Invoke-WebRequest -URI "https://download.docker.com/win/static/stable/x86_64/docker-20.10.24.zip" -OutFile "$TMP_WORKDIR\docker-20.10.24.zip" # Get lcow Invoke-WebRequest -Uri "https://github.com/linuxkit/lcow/releases/download/v4.14.35-v0.3.9/release.zip" -UseBasicParsing -OutFile "$TMP_WORKDIR\release.zip"
# Get docker Invoke-WebRequest -URI "https://download.docker.com/win/static/stable/x86_64/docker-20.10.24.zip" -OutFile "$TMP_WORKDIR\docker-20.10.24.zip" # Get lcow Invoke-WebRequest -Uri "https://github.com/linuxkit/lcow/releases/download/v4.14.35-v0.3.9/release.zip" -UseBasicParsing -OutFile "$TMP_WORKDIR\release.zip"Install Docker on the offline VM
In your offline VM, open PowerShell as Administrator and run the following commands to install Docker, register the service and restart the machine.
# Install Expand-Archive $TMP_WORKDIR\Docker-20.10.24.zip -DestinationPath $Env:ProgramFiles -Force Expand-Archive $TMP_WORKDIR\release.zip -DestinationPath "$Env:ProgramFiles\Linux Containers\." -Force # Add Environment Variables [Environment]::SetEnvironmentVariable("PATH", $Env:PATH + ";$Env:ProgramFiles\docker", [EnvironmentVariableTarget]::Machine) [Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine") [Environment]::SetEnvironmentVariable("LCOW_API_PLATFORM_IF_OMITTED", "linux", "Machine") # Enable Experimental Features in Docker daemon.conf $configfile = @" { "experimental": true } "@ $configfile|Out-File -FilePath C:\ProgramData\docker\config\daemon.json -Encoding ascii -Force # Register service cd $Env:ProgramFiles\docker .\dockerd.exe --register-service # Restart Computer Restart-Computer -Force
# Install Expand-Archive $TMP_WORKDIR\Docker-20.10.24.zip -DestinationPath $Env:ProgramFiles -Force Expand-Archive $TMP_WORKDIR\release.zip -DestinationPath "$Env:ProgramFiles\Linux Containers\." -Force # Add Environment Variables [Environment]::SetEnvironmentVariable("PATH", $Env:PATH + ";$Env:ProgramFiles\docker", [EnvironmentVariableTarget]::Machine) [Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine") [Environment]::SetEnvironmentVariable("LCOW_API_PLATFORM_IF_OMITTED", "linux", "Machine") # Enable Experimental Features in Docker daemon.conf $configfile = @" { "experimental": true } "@ $configfile|Out-File -FilePath C:\ProgramData\docker\config\daemon.json -Encoding ascii -Force # Register service cd $Env:ProgramFiles\docker .\dockerd.exe --register-service # Restart Computer Restart-Computer -Force - Using PowerShell, create the
following
variable:
- If you use VMWare, make sure to use VMwareToolboxCmd 11.0.6+. Earlier versions may cause Docker container to restart unexpectedly.
Before installing Insights, you need to configure the Insights SQL Server instance that you want to use.
Latin1_General_CI_AS
.
Prerequisites
Make sure that you have the following either at hand or have them worked through, as the initial configuration steps:
- The name of the SQL Server machine.
- The name of the instance, if it’s not the default instance.
- The SQL Server port is open in the firewall of the SQL Server machine.
- The TCP Protocol in SQL Server Configuration Manager is enabled.
- The SQL Server service is set to listen on a fixed port, not on a dynamically allocated one.
Recommendations
To configure the default MAXDOP of your database, see Configure the max degree of parallelism Server Configuration Option.
SQL Server Authentication Methods
Configure one of the following authentication methods through which Insights can connect to the SQL Server database:
Windows Integrated Authentication
For this option, a new login is required for the SQL Server as a service account. The service account should be a domain user whose password never expires. Looker, the analytics platform used by Insights, runs in a Linux container. To enable Windows Authentication, SQL Server needs to support authentication through the Kerberos protocol.
Considerations when configuring Windows Integrated Authentication
- Before configuring the Kerberos authentication, make sure that the Insights Server can access your Active Directory (AD) and SQL Server. You can review this with your IT administrator.
- SQL Server needs to be added to your AD domain.
- Insights Server needs to be on the same network as the AD Domain and SQL Server.
- DNS should be configured so that Insights Server can resolve the domain names for both AD Domain and SQL Server.
- AD
user should exist with access to SQL server and DB permissions as
defined in the Permissions section. Domain, username, and password for
this user must be provided during the Insights install process. Keep in mind
that the username is case sensitive and that this also serves as the
sAMAccountName
of the user.Open cmd as admin and runset user
to get theUSERDNSDOMAIN
andUSERNAME
. - SQL server needs to have SPN entries in AD. For
more information, see Register a Service Principal
Name for Kerberos Connections.
Important: It is critical that the Insights server needs to resolve the domain names of both AD Domain and SQL Server. You can verify this by running
nslookup <your_AD_domain_name>
andnslookup <your_SQL_server_domain_name>
on the host machine.
Create new login in SQL Server Management Studio
- In the Object Explorer panel, navigate to Security > Logins.
- Right-click the Logins folder and select New Login.
- Select the Windows Authentication option.
The window is updated accordingly.
- In the Login name field, type the user domain you want to use as a service account.
- From the Default Language list, select
English.
Important: Ensure that the Default Language is set to English. If it isn't, the website cannot start, and the Event Viewer on the computer on which Insights is installed displays the following error message:
The conversion of a varchar data type to a datetime data type resulted in an out-of range value
. - Click OK to save the configuration.
If the service account has already been created and added to the Security > Logins section of the SQL Server, check whether the Default Language of that SQL account is set to English. If it isn't, you need to make the necessary adjustments.
SQL Server Authentication
For this authentication method, you need an SQL Server user.
Create SQL user in SQL Server Management Studio
- In the Object Explorer panel, navigate to Security > Logins.
- Right-click the Logins folder and select New Login. The Login - New window is displayed.
- Select the SQL Server authentication
option. The window is updated accordingly.
- Fill in the Login Name,Password, and Confirm Password fields appropriately.
- Ensure that the Enforce password
expiration and User must change password at next login options
are not selected.
Important: Ensure that the Default Language is set to English. If it isn't, the website cannot start, and the Event Viewer on the computer on which Insights is installed displays the following error message: “The conversion of a varchar data type to a datetime data type resulted in an out of range value”.
If the SQL Server account has already been created and added to the Security > Logins section of the SQL Server, please check whether the Default Language is set to English. If it isn't, please make the necessary adjustments.
Permissions
dbcreator
Server Role BEFORE installing Insights, as the database is created during this installation process.
dbcreator
Server Role in the service account, create the empty database in SQL Server.
The Windows installer connects to SQL Server to verify the existence of the database.
db_owner
user mapping role, as in the following screenshot.
db_owner
user mapping role with the UiPath login, grant the following:
db_datareader
db_datawriter
db_ddladmin
EXECUTE
permission ondbo
schema
EXECUTE
permission has to be granted by using the GRANT EXECUTE
SQL command, as follows.
- if Windows Integrated Authentication is
used:
USE UiPath Insights GO GRANT EXECUTE ON SCHEMA::dbo TO [domain\user] GO
USE UiPath Insights GO GRANT EXECUTE ON SCHEMA::dbo TO [domain\user] GO - if SQL Server Authentication is
used:
USE UiPath Insights GO GRANT EXECUTE ON SCHEMA::dbo TO [sql_user] GO
USE UiPath Insights GO GRANT EXECUTE ON SCHEMA::dbo TO [sql_user] GO
- When upgrading to 2021.10, users with Insights permissions are not currently migrated to the new version. A script to do so will be available soon.
- The Installer will use the Windows Display Language if it is one of the following languages: en-US, fr-FR, de-DE, es-ES, es-MX, ja-JP, ko-KR, pt-BR, pt-PT, ru-RU, tr-TR, zh-CN. If the Windows Display Language is not one of these languages, then the installer will use English.
- Run the
InsightsInstaller.msi
installer as administrator using the command prompt or PowerShell console. - Type
cmd
orpowershell
, then right-click the app and Run as administrator. - Type the
cd <path-to-msi>
command, where<path-to-msi>
is where your.msi
installer is located. E.g.,C:\Users\yourUsername\Downloads>
. - Run the Insights installer using the following
command:
msiexec /i InsightsInstaller.msi
msiexec /i InsightsInstaller.msiAlternatively, you can use the following command:
.\InsightsInstaller.msi
.\InsightsInstaller.msi - The Insights installer should now check the
prerequisites. If all prerequisites are met, the UiPath Insights Setup Wizard shows
up and guides you through the Insights installation and configuration.
Note:If the installation failed or you want to check the installation log, you can go to the%temp%
or%temp%/<sessionID>
folder and check the latestMSI{random chars}.LOG
.If you would like to specify a different directory, use the commandmsiexec.exe /i InsightsInstaller.msi /L*V logfilepath
. For more details, see the Support page. - Accept the License Agreement and click
Next.
- Change the Insights server settings as
follows:
- Insights Server URL - the hostname or the URL of the Insights Server.
- Port - the port you want to use to enable the communication between the computer and Insights.
- Certificate - the
Subject or Thumbprint of the SSL certificate you want to use to secure
connections with Insights.
- Configure the Orchestrator settings as
follows:
- Orchestrator URL - the URL of Orchestrator
- Separate Identity Server - If you have a separate identity server, enable this option.
- Installation Token -
enter the Installation Access Token you generated on Identity Server's
Installation Access Token page by logging in as the host tenant.
For more details, see Installation Access Token.
Note: You need a new Installation Access Token on every installation. The token is valid for 2 hours, after which it expires. Generate another if experiencing an installation failure.
- Configure the Insights database settings as
follows:
- Server Name - the name of the SQL Server machine where the Insights database is located
- Database Name - the name of the Insights database
- Authentication Type -
choose one of the following authentication methods:
Important: You must use the fully-qualified domain name for the database (e.g.,
mysever.my.domain
instead ofmyserver
). Preferably the SQL Server must join the AD domain directly.- Windows Authentication - if selected, Insights connects to the database, creates tables, and runs the IIS Application Pool using the specified credentials. The installer validates the connection using the Windows credentials you are currently logged in with. If you select this option, you must specify the domain, username, and password.
-
SQL Authentication - if selected, the connection is made using SQL authentication. If using this option, the Username and Password fields become editable, and you must provide the SQL username and password used to connect to the database.
- Configure the email settings as follows:
- Configure Email Service
(SMTP) - check to configure the email service
- Server - the SMTP host
- From - the email address to send mail messages from. It must match that provided for Username.
- Username - the
username of the SMTP server, if it requires authentication. For
example, if you are using Gmail, fill in this field with the email
address used to send messages.
Important: Consider using SMTP with authentication, as SMTP with no authentication may not be supported in the future.
- Password - the email account password
- Port - the SMTP port.
- TLS/SSL - check to
enable TLS/SSL.
- TLS/SSL
Version - only visible TLS/SSL is checked. Choose
between TLSv1_1 and TLSv1_2
Note: Once this step is completed, an email is sent using the SMTP server details. This is to ensure the SMTP details are correct.
- TLS/SSL
Version - only visible TLS/SSL is checked. Choose
between TLSv1_1 and TLSv1_2
- Click Next to start
the installation. Once the installation process completed, click
Close to exit the installer.
Important: After Insights installation has finished, make sure to restart Docker.
To verify that Looker is running, make sure the Docker container is up.
After Insights installation has finished, navigate to the browser to confirm a successful installation.
Addressing log4j Vulnerability
To address the log4j vulnerability, make sure you run the hotfix to update dependencies to the latest non-vulnerable version of Apache Log4j.
For more information, see the UiPath Insights (version 2021.10+) / Automation Suite Advisory section in UiPath Security Advisory CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105.
Keep the original installation file in case you want to modify or uninstall it.
For more information, see Modifying Insights configurations.
After installing Insights, you must then enable it for your desired tenant(s) from the Orchestrator host portal. For more details, see Enabling or disabling features.
- Check the logs under %programdata%/UiPath Insights/Provisioning
- There should be an error about the OrchestratorTenantJob failing.
- Login to the Orchestrator DB using a sql client.
- Check the dbo.Tenants table.
- Check if the columns 'Key' and 'AccountId' are all capitalized.
- If they are, making them lowercase fixes the issue.
- If there is a tenant that's lowercase, try just enabling that tenant and see if the error still occurs.
- To fix the issue, change the case of the fields (make sure to backup the DB
before hand. Also make a note of the KEYs that are already lowercase).
- UPDATE [UiPath].[dbo].[Tenants]
- set [key] = LOWER([key]), [AccountId] = LOWER([AccountId])
- To revert the change, run
- UPDATE [UiPath].[dbo].[Tenants]
- set [key] = UPPER([key]), [AccountId] = UPPER([AccountId])
- WHERE [key] NOT IN ('xx-xx-xx-xx', 'xx-xx-xx-xx');
- Doing an IIS reset (or just recycling the Provisioning application pool) maybe necessary. The provisioning service tries to provision instance every 10 minutes so if this isn't done, just wait 10 minutes at most.
- If the issue is still occurring, raise a ticket with UiPath and include the
following
- Screenshot of the dbo.tenants table.
- The provisioning logs mentioned above.