Orchestrator
2022.10
false
Banner background image
Orchestrator Installation Guide
Last updated Mar 4, 2024

The Windows Installer

The UiPathOrchestrator.msi installer enables you to install Orchestrator on one or multiple nodes, depending on your needs. The following sections provide you with the details on how to perform a successful installation in both single- and multi-node environments.

Included services

These are the services included in the Orchestrator installation:
  • Orchestrator
  • Identity Server
  • Webhooks
  • Resource Catalog Service

Single-Node Installation

In single-node installations, the session is kept in the memory, as you do not need to share it.

  1. Run the Windows Installer (UiPathOrchestrator.msi). The UiPath Orchestrator Setup wizard is displayed.
  2. Select the I accept the terms in the License Agreement check box to agree to the terms in the agreement, then click Install. The Product Features selection window is displayed:


    Important:
    • When enabling the Test Automation feature, a database with the default name UiPathTestAutomation is created. You may choose a different name by passing via the command line TA_DATABASE_NAME=<MyCustomDB>.
    • The Test Automation database can either be separate or part of the Orchestrator database.
  3. Select if the following features are installed with Orchestrator: UiPath Insights and/or Test Automation. Click Next, the Orchestrator IIS Settings step is displayed.


  4. Change the IIS Settings as desired:
    • Website name - the name of the website. This is set to UiPath Orchestrator by default and cannot be edited.
    • Website Port - the port you want to use to enable the communication between the computer and Orchestrator. By default, this is set to 443, to enable you to use HTTPS. If another port is used, be sure to append it to the PUBLIC_URL Identity Server parameter as detailed below.
    • Add firewall rules for this port - when selected, automatically adds firewall rules for this port, to ensure your machine's security.
    • SSL certificate - the Subject or Thumbprint of the SSL certificate you want to use to secure connections with Orchestrator. By default, this is filled in with the full computer name.
    • Verify port availability - if selected, checks if the specified website port is available.
  5. Click Next. The Application Pool Settings step is displayed.


  6. Configure the editable options as desired:
    • Name - the application pool name. This is set to UiPath Orchestrator by default and cannot be edited.
    • Identity - enables you to choose the identity under which the UiPath Orchestrator website runs. The following options are available:

      • Application Pool Identity - runs the Orchestrator website under the default identity of the application pool.
      • Custom account - runs the Orchestrator website under an existing Windows or Domain identity. Selecting this option displays two fields, Username and Password, which enable you to specify the identity under which to run.

        For more information on Application Pool Identities, please see Microsoft's official documentation.

    • Click Next. The Orchestrator Database Settings step is displayed.



  7. Fill in the fields with information about your SQL Server, as follows:
    • SQL Server Host - the name of the SQL Server machine. By default, this is set to localhost (.). If it is not the default instance, please also mention it in the MyMachine\MyInstance format. You can also specify a custom port number here using a comma, such as MyMachine\MyInstance,800.
    • Database Name - the name of the database. By default, it is set to UiPath. Please note that the following special characters are not supported: an empty space, \, /, *, :, ;, ?, ", <, >, |, and the maximum length is 123 characters.
    • Authentication mode - enables you to choose the authentication mode for the UiPath Orchestrator website. The following options are available:

      • Windows Integrated Authentication - This is the default option. If you select it, Orchestrator connects to the database using the detected IIS Application Pool's Windows account and creates the database using the Windows credentials you are currently logged in with.
      • SQL Server Authentication - If you select this option, the SQL Username and Password fields are displayed, which have to be filled in with the SQL Server username and password. For more information, see the Prerequisites chapter.

        Note: The password does not support the use of semicolons (;).
    • Click Next. The SQL connection is verified by the installer. If the SQL connection is not valid, a dialog box is displayed. If the SQL connection is valid, the Identity Server Settings step is displayed.

      Note: Identity Server is shipped along with Orchestrator, enabling centralized authentication and access control across UiPath products.


      Important: For large deployments, we recommend using a separate database for Identity Server.
  8. Fill in the fields with information about your Identity Server, as follows:
    • Database Name - the name of the database. By default, this is the name of the Orchestrator database, but can be changed. Please note that the following special characters are not supported: an empty space, \, /, *, :, ?, ", <, >, |, and the maximum length is 123 characters.
    • Orchestrator Public URL - the URL of the Orchestrator to which the Identity Server connects. In a multi-node scenario, this would be the URL of the load balancer by which the user calls the Orchestrator installation (e.g. https://orchestrator.mydomain.local).

      By default, the Orchestrator Public URL is set to https://<host name>. Note that this only applies if you use the default website port: 443. If you opt for a custom port, the Orchestrator Public URL is https://<host name>:<custom port>. For instance, if the website port is set to 444, the Orchestrator Public URL is https://<host name>:444.
    • Signing Certificate - the Subject or Thumbprint of the certificate used to sign access tokens used for authentication between Orchestrator and Identity Server.
  9. Click Next. The Update Server Database Settings step is displayed.


  10. Fill in the fields with information about the Update Server database, as follows:
    • SQL Server host - the name of the SQL Server machine. By default, this is set to localhost (.). If it is not the default instance, make sure to also mention it in the MyMachine\MyInstance format. You can also specify a custom port number here using a comma, such as MyMachine\MyInstance,800.
    • Database name - the name of the database used by Update Server. By default, this is the name of the Orchestrator database, but you can change it. Note that the following special characters are not supported: an empty space, \, /, *, :, ?, ", <, >, |, and the maximum length is 123 characters.
    • Authentication mode - enables you to choose the authentication mode for the Update Server. The following options are available:

      • Windows Integrated Authentication - This is the default option. If you select it, Orchestrator connects to the database using the detected IIS Application Pool's Windows account and creates the database using the Windows credentials you are currently logged in with.
      • SQL Server Authentication - If you select this option, the SQL Username and Password fields are displayed, which have to be filled in with the SQL Server username and password. For more information, see the Prerequisites chapter.
        Note: The password does not support the use of semicolons (;).
    • Click Next. The Elasticsearch Log Settings step is displayed.



  11. (Optional) Fill in the fields with information about your Elasticsearch instance, as follows:
    • URL - The Elasticsearch URL to which you want to log information.
    • Requires authentication - Enables you to indicate if your Elasticsearch instance requires authentication. If selected, the Username and Password fields are displayed.

      • Username - The Elasticsearch username.
      • Password - The Elasticsearch password.

        Note: If you do not want to use Elasticsearch for logging, please leave the URL field empty.
    • Click Next. The Orchestrator Authentication Settings step is displayed.



  12. Fill in the fields as follows:
    • Host password - Set a custom password for the host administrator. Please note that passwords must be between 8 and 33 characters long and must include at least one lowercase character and one digit.
    • Confirm password - Confirm the host administrator password.
    • Reset at first login - Enables you to enforce a password reset on the first login for the host administrator. This is also called a one-time password.
    • Default tenant password - Set a custom password for the default tenant administrator. Please note that passwords must be between 8 and 33 characters long and must include at least one lowercase character and one digit.
    • Confirm password - Confirm the default tenant administrator password.
    • Reset at first login - Enables you to enforce a password reset on the first login for the default tenant administrator. This is also called a one-time password.
  13. Click Next. If the Insights feature was selected, the Insights step is displayed.
    Note: During the Insights SQL Server configuration, make sure that you select the db_owner role as this is required when you add the database owner role.
  14. Fill in the fields with information about your Insights instance, as follows:
    • SQL Server host - the name of the Insights SQL Server machine. By default, this is set to localhost (.). If it is not the default instance, please also mention it in the MyMachine\MyInstance format. You can also specify a custom port number here using a comma, such as MyMachine\MyInstance,800.
    • Database Name - the name of the database. By default, it is set to UiPath. Please note that the following special characters are not supported: an empty space, \, /, *, :, ;, ?, ", <, >, |, and the maximum length is 123 characters.
    • Authentication mode - enables you to choose the authentication mode for the UiPath Orchestrator website. The following options are available:

      • Windows Integrated Authentication - This is the default option. If you select it, Orchestrator connects to the database using the detected IIS Application Pool's Windows account and creates the database using the Windows credentials you are currently logged in with.
      • SQL Server Authentication - If you select this option, the SQL Username and Password fields are displayed, which have to be filled in with the SQL Server username and password.
    • Click Next. If the Test Automation feature was selected, the Test Automation step is displayed.



  15. Fill in the fields with information about your Test Automation instance, as follows:
    • SQL Server host - the name of the TA SQL Server machine. By default, this is set to localhost (.). If it is not the default instance, please also mention it in the MyMachine\MyInstance format. You can also specify a custom port number here using a comma, such as MyMachine\MyInstance,800.
    • Database Name - the name of the database. Please note that the following special characters are not supported: an empty space, \, /, *, :, ;, ?, ", <, >, |, and the maximum length is 123 characters.
    • Authentication mode - enables you to choose the authentication mode for the UiPath Orchestrator website. The following options are available:

      • Windows Integrated Authentication - This is the default option. If you select it, Orchestrator connects to the database using the detected IIS Application Pool's Windows account and creates the database using the Windows credentials you are currently logged in with.
      • SQL Server Authentication - If you select this option, the SQL Username and Password fields are displayed, which have to be filled in with the SQL Server username and password.

        Note: The password does not support the use of semicolons (;).
    • Click Next. The Orchestrator Storage Settings step is displayed.

  16. Enter the desired Storage Type and Storage Location. See here for details.
  17. Click Next. The Ready to install UiPath step is displayed.
  18. Click Install. The installation process starts. Note that Orchestrator is installed at the following location: C:\Program Files (x86)\UiPath\Orchestrator.
    Important: Double-check the selected installation path. Moving an installation from one location to another post-install is not supported.
  19. Navigate to IIS Manager.
  20. Select the Orchestrator server. The Features View is updated accordingly.
  21. Double-click Feature Delegation. The Feature Delegation view is displayed.
  22. Right-click Authentication - Windows and click Read/Write.
  23. Start the website. You can now use Orchestrator.
    Note: To log in as the host administrator, use the credentials provided by our teams when purchasing a license and write host in the Tenant Name field. Details here.

Multi-Node Installation

Important:

Multi-node Orchestrator deployments use the RESP (REdis Serialization Protocol) for communication, and thus can be configured using any solution implementing this protocol.

High availability deployments with multi-node Orchestrator are supported by UiPath only if the UiPath High Availability Add-on is used.

Important: For multi-node installations, the CERTIFICATE_SUBJECT and IS_CERTIFICATE_SUBJECT parameters are mandatory. Orchestrator-Identity Server integration does not work if different certifications are used for Identity. Its value in the parameters file used must be a common one across all nodes. This can be accomplished by using:
  • A wildcard certificate (subject=*.domain.local); or
  • A Subject Alternative Name (SAN) certificate containing the DNS name of the public load balancer and optionally the DNS names of all the nodes, either when creating the certificates or by editing the value in the parameters file before proceeding with the secondary node installation(s).

Certificates can be entered by subject or thumbprint.

On the primary node:, install Orchestrator from an elevated command prompt using the following command line: UiPathOrchestrator.msi OUTPUT_PARAMETERS_FILE=install.json REDIS_HOST=redis.corp.local REDIS_PASSWORD=secretPass STORAGE_TYPE=FileSystem STORAGE_LOCATION="RootPath=\\fileserver\Share" PUBLIC_URL=<Orchestrator_LoadBalancer_URL> CERTIFICATE_SUBJECT=*.domain.local IS_CERTIFICATE_SUBJECT=*.domain.local.

See here for details of the available parameters.

Note: You can also specify a port for the installed RESP (REdis Serialization Protocol) solution using the REDIS_PORT parameter if you do not want to use the default port (6379).
High Availability Add-on uses port 10000.
Important: For deployments including Insights, complete the Insights installation before proceeding with the secondary node installation of Orchestrator.
  1. On all the secondary nodes, install Orchestrator using UiPathOrchestrator.msi with command-line arguments, making sure you provide the SECONDARY_NODE parameter set to true and the parameters file generated during the primary node installation. We also recommend using the /passive parameter, as a passive installation displays the progress bar and error popups. Opt for the silent mode, by specifying the /Q parameter, only for unattended installations.
    For example: UiPathOrchestrator.msi SECONDARY_NODE=1 PARAMETERS_FILE=install.json /Q.

    The Application Pool is started, and you can start using your Orchestrator instance.

    The database is initialized when you install the primary node. When setting up the secondary nodes, the database initialization step is no longer needed.

Adding Nodes to Multi-node Orchestrator

Where the above methods assume installation and configuration of the primary and secondary nodes during the initial deployment, it is also possible to generate a parameters file from any existing node to be used in the installation of any additional node(s).

This is done using the Generate-ParametersFile.ps1 script, found in the Tools subfolder of the Orchestrator installation directory:
  1. Open the Tools subfolder of your Orchestrator installation directory and execute Generate-ParametersFile.ps1.
    Note: The appPool custom user password must be passed unless appPoolIdentity is used for authentication.
  2. A JSON file is generated based upon the configuration files and environment of the existing Orchestrator.
  3. Using this file, complete the secondary node installation (step 2 in the above multi-node installation).

Packages Storage Considerations

The metadata (definition) of all packages - activities, workflows, libraries - is kept in the SQL database for faster search and filtering.

In addition to this, it is possible to keep the actual files and execution media in the FileSystem or a blob storage of your choosing - Azure, Amazon S3, or Minio. This feature allows for a more performant file synchronization, especially in complex multi-node Orchestrator environments.

Take into consideration that, regardless of the storage you use to keep your packages, the maximum file size per upload is 28.6MB - a limitation given by IIS. To see how to change this for Amazon, Minio, FileSystem, and Azure, please visit this page.

  • Included services
  • Single-Node Installation
  • Multi-Node Installation
  • Adding Nodes to Multi-node Orchestrator
  • Packages Storage Considerations

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.