The Platform Configuration Tool script is available with Orchestrator
The UiPath Platform Configuration Tool is used to ensure that all certificate requirements are met by your Orchestrator instance following a new installation or update of your Orchestrator deployment.
This check is intended to be performed following installation / update.
The tool consists of a PowerShell script,
Platform.Configuration.Tool.ps1, bundled with the
UiPlatformInstaller.exe installers, and the
UiPathOrchestrator.zip. The bundled script can be found in the
Tools folder of the Orchestrator installation directory,
C:\Program Files (x86)\UiPath\Orchestrator by default, and in the
/ps_utils directory of the
When executed, the Platform Configuration Tool performs the following checks on the SSL certificate:
hostnameof the Orchestrator site matches the Subject or a Subject Alternate Name (including wildcards) on the certificate,
- has a valid trust chain, and
- is not expired.
The tool also performs the following checks on the Identity Server token-signing certificate:
- The certificate has the appropriate key size (
2048bits or larger),
- has a private key accessible by the AppPool user, and
- is not expired.
The tool can also validate that the
Buckets.FileSystem.Allowlist app setting is present in Orchestrator versions starting with v2020.4. Orchestrator versions prior to v2020.4 skip this check.
Click to expand!
- To perform the following checks, you need to decrypt the
appSettingsconfig sections. If any of these configuration sections is encrypted, then a warning prompts you in the terminal, and the rest of the buckets validations are skipped.
Could not determine if any buckets with file system provider are in use. Config section 'connectionString' is encrypted, could not find the sql connection string to the UiPath database.
- If, for any reason, the buckets could not be retrieved from the database, a warning prompts you in the terminal, and the rest of the validations are skipped as well.
Could not determine if any buckets with file system provider are in use. Could not connect to the UiPath Database.
- This validation is performed on the retrieved buckets root paths from the Orchestrator database buckets table. If there are any unqualified paths, then a warning prompts you in the terminal. A similar check for the unqualified paths is done for the paths in the
Buckets.FileSystem.Allowlistapp setting in the config file.
- If any of the paths in the two sources is not valid or is unqualified, then it is not be taken into considerations for the rest of the validations described below.
- If the
Buckets.FileSystem.Allowlistapp setting is not set in the config file, then the terminal prompts you with an error asking you to add the allowlist to the config file. The suggested paths are the root path of the buckets that use the file system provider.
All storage buckets using the file system provider are not on the allowed list. Add the following setting in the configuration file to allow all exiting buckets root paths: <add key="Buckets.FileSystem.Allowlist" value="C:\work\stuff\Bucket\|C:\work\stuff\Bucket1\" />
- If the
Buckets.FileSystem.Allowlistapp setting is set in the config file, then a validation is performed on the buckets root path that use the FileSystem provider. If a bucket root path is not a subpath of any of the paths defined in the allowlist, then a warning prompts you in the terminal asking you to add the bucket root path to
There are some storage buckets using the file system provider that are not on the allowed list. The buckets feature will not work for buckets with root paths that are not on the allowed list. Check if any of the following paths are required to be on the allowed list and add them to the 'Buckets.FileSystem.Allowlist' key in configuration file: |C:\work\stuff\Buckets\|C:\work\stuff\Bucket1\
- Otherwise, if every bucket root path is a subpath of any path in the allowed list, then the terminal displays a success message.
All storage buckets using file system provider have the root path on the allow list in the configuration file.
If any of these checks fail an error is output which you should correct before proceeding with the install/upgrade to ensure proper functionality of Orchestrator and Identity Server.
To execute the script, open an elevated command line and:
- Change to the directory where the script is located, for example:
cd C:\Program Files (x86)\UiPath\Orchestrator\Tools\
- The output will display either
Certificate checks completeif successful or an error related to the particular check failed.
Updated 3 months ago