Review pre-installation checklist

Ensure you have reviewed, understand, and completed all sections of this pre-installation checklist.

System requirements

The latest Nintex RPA Release Notes contain the system requirements. Be sure to review the system requirements for your application or operating system.

Note: System requirements are subject to change without notice. Be sure to apply all critical updates and service packs issued by Microsoft for your operating system. To obtain these updates, visit Microsoft's online Windows update service.

  • Ensure that applications can be installed on the target machine.
  • To avoid registry repair, do not install Nintex RPA on a computer running Microsoft Office 365 with FastTrack or Click-to-Run.
  • If not installed already, Nintex RPA Central installs Microsoft .NET Core Runtime, Microsoft .NET Framework 4.7.2, or Microsoftt Access Database Engine 2017.

  • Review the Domain requirements section. Your computer must be part of a domain (not a workgroup) and be connected to that domain.

    Caution: The installation will fail on a computer that is not connected to a domain.

  • Nintex RPA Central requires access to a Nintex URL to verify the License Key A License Key is required to complete your Nintex RPA and Nintex RPA Central installation.. Without this access, Nintex RPA Central will not be allowed to run. The access for communication is only for license validation and is encrypted and secured over TLS 1.2, using SSL certificates. The product key information is only communicated once at registration time and a unique API key is generated per product key and used for further communications which are event-driven.

  • Ensure you are connected to the internet. This will be required for License Key activation.
  • If a firewall is in place, confirm with your IT team managing the firewall that outbound HTTPS access to the endpoint wus-api-rpa.nintex.io is currently allowed from the Nintex RPA Central server and safe listed as described in IP safe listing. Configure the firewall to allow HTTPS traffic on port 443.

  • Ensure the machine where the Nintex RPA Central application is hosted has a continuously available connection outbound to the internet and is able to access the following URL: https://wus-api-rpa.nintex.io/. If your network requires the use of an internet proxy to reach the specified URL, ensure that all outbound internet traffic from the machine uses this proxy.

  • Ensure Powershell scripts are not blocked by your network.

  • Make sure that Google Chrome is not blocking any requests due to an SSL certificate using an outdated encryption algorithm. For example, browser error code NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM.

  • If your IT team has policies on browser privacy configuration, contact your IT department for guidance on browser options, such as using Microsoft Edge in Private view.
  • Your desktop zoom (sometimes called Display Size) and Microsoft Internet Explorer browser zoom should be set at 100%. If not, Nintex RPA will have trouble interacting with your applications. You may be prompted to restart or log off from your computer after changing this setting.

Nintex uses the Imperva Web Application Firewall (WAF) service for IP safe listing.

We strongly recommend safe listing your domain as the Nintex RPA Central service uses a Canonical Name (CNAME) record that might resolve to different IP addresses.

However, if you need to safe list by IP address instead, Imperva's latest IP address ranges can be found on their site, Allowlist Imperva IP addresses & Setting IP restriction rules.

Current IP address ranges are listed here, but are subject to change without notice.

  • 199.83.128.1 - 199.83.135.254
  • 198.143.32.1 - 198.143.63.254
  • 149.126.72.1 - 149.126.79.254
  • 103.28.248.1 - 103.28.251.254
  • 185.11.124.1 - 185.11.127.254
  • 45.64.64.0 - 45.64.67.255
  • 192.230.64.1 - 192.230.127.254
  • 107.154.0.0 - 107.154.255.254
  • 45.60.0.1 - 45.60.255.254
  • 45.223.0.1 - 45.223.255.254
  • 2a02:e980:0:0:0:0:0:0 - 2a02:e987:ffff:ffff:ffff:ffff:ffff:ffff

Nintex Bot and target applications, such as Microsoft Edge, Google Chrome, and Microsoft Excel, must be installed and run on the same machine. When Nintex Bot interacts with target applications, it uses Microsoft Windows components provided by the target applications to properly locate and interact with the those target applications. When both Nintex Bot and the target applications are installed on the same machine, Nintex Bot can interact with target applications as they are running, allowing for optimal functionality.

Installing the Nintex Bot on a Citrix Systems environment can be as:

  • Desktop Mode: Nintex recommends when installing the Nintex Bot to Citrix Systems, that the Nintex Bot be used in Desktop Mode. This allows the Nintex Bot to interact with target applications as expected.
  • Published Applications: When installing the Nintex Bot through Published Applications, target applications may be unobtainable by the Nintex Bot, resulting in unexpected behavior. This could include the Nintex Bot failing to recognize the target application because they technically do not exist on the same machine. When using Published Applications, it is not uncommon for both the Nintex Bot and the target application to be running on different Citrix System servers, but be presented as two applications running together on the same machine.

Domain requirements

Nintex RPA Central must be installed as follows for authentication and security purposes:

  • All machines with a Nintex RPA and Nintex RPA Central component must be joined, part of, and connected to an Active Directory Domain Services domain and not as a workgroup.
  • All machines with a Nintex RPA and Nintex RPA Central component must be deployed in the same domain.
  • If installing on a computer that is not connected to a domain, the installation will fail.
  • If remote or off-site, the computer must be connected to a domain via a VPN, and the DNS and AD servers must be accessible, to install and activate the license for Nintex RPA and Nintex RPA Central.

  • The user account on the machine where the Bot resides must have at least standard user permissions to the Nintex RPA Central machine/server.

Important: In a trial deployment, the machine needs to be on a domain during installation and have access to a domain during activation. During deployment where Nintex RPA and Nintex RPA Central are installed on the same machine, a self-signed certificate will be automatically generated and installed onto the machine. Once activated, the machine does not need access to the domain for Nintex RPA and Nintex RPA Central to function. In this setup where Nintex RPA Central will only run on localhost and will not be accessible by other computers, communication to the domain server is not required (such as VPN), as the certificate will not be required to be verified by a Certificate Authority. The use of self-signed certificates outside of development and testing environments is forbidden in most organizations by policy.

  • If your Active Directory supports domain distributed machine certificates, the Nintex RPA Central machine must be connected to the domain (directly or via VPN) to request a certificate from the Certificate Authority. Once the certificates are installed, there is no need to have communication to the domain, either in localhost and machine certification.

Nintex RPA Central uses Windows Authentication and Active Directory to verify the identity of users. This creates a trusted and seamless sign in experience without prompting users with a sign in screen while:

  • Starting the Nintex RPA Central browser-based application from a domain joined computer.

  • Starting the Nintex RPA desktop-based application on a domain joined computer linked to a trusted Nintex RPA Central.

Nintex RPA Central uses Windows Authentication, Active Directory, and Windows Domain DNS services to verify the identity of Nintex Bots installed on domain joined computers, preventing third-party applications on the network from acting as a known bot and compromising data from Nintex RPA Central.

Microsoft Azure support

Nintex RPA Central and Nintex Bot work with Microsoft Azure Active Directory Domain Services (AD DS) on a 2019 server. Currently, Nintex Bot does not work with Microsoft Azure AD. Nintex RPA supports configurations where Microsoft Azure AD DS is installed in your Microsoft Azure AD environment and your servers and computers are joined to the Microsoft Azure AD DS. Microsoft Azure AD DS runs a Microsoft Windows domain in Microsoft Azure, with support for:

  • Domain Name System (DNS)
  • Active Directory
  • Kerberos
  • New Technology LAN Manager (NTLM)

Traditional applications that use Windows Authentication as a security model do not require changes to those applications' authentication layer and work as expected.

In some instances, Nintex RPA Central may not correctly connect to a domain.

You can check the Microsoft domain controller to verify the connection.

To check the Microsoft domain controller:

  1. Open the Microsoft Windows Command Prompt window in the Windows System folder from the Windows menu.
  2. Type set L and press Enter.
  3. Note the LOGONSERVER field information, such as LOGONSERVER=\\YOURDOMAINDC##.
  4. Type Ping YOURDOMAINDC## and press Enter, omitting the leading \\ characters and where YOURDOMAINDC## is the value returned for LOGONSERVER in Step 3.

If connected, the ping test returns statistics and round trip values. Otherwise, the ping test returns that it could not find the host.

Firewall settings

Ensure your firewall settings are configured correctly for use with Microsoft Windows 10.

To check your firewall settings:

  1. Open the Control Panel. Right-click the Windows start menu, select Run, and type Control Panel to open.
  2. Navigate to System and Security -> Windows Defender Firewall and click Advanced settings.

    3. Complete the step 3 through step 12, first for Inbound Rules and then for Outbound Rules.

  3. On the left pane, click Inbound Rules or Outbound Rules.
  4. On the right pane, click New Rule.
  5. Click Port and Next.
  6. Select TCP and based on the format of your Nintex RPA Central URL, enter the following in the Specific local ports field.

    7. Note: The port number can be different depending on your machine and network environment. Consult with your Network Administrator.

    • Nintex RPA Central URL ends in a number, such as 8080, enter that number.
    • Nintex RPA Central URL does not end in a number, enter 443.
  7. Click Next.
  8. Select Allow the connection and click Next.
  9. Select Domain.
  10. Ensure Private and Public are not selected.
  11. Click Next.
  12. Enter a rule Name, and optionally enter a rule description. Click Finish.

    13. Note: Be sure to complete step 3 through step 12 for both Inbound Rules and Outbound Rules.

Obtain a valid license

To complete the installation, have your license key ready. Your license key will be emailed to you upon purchase of your licenses. The license key will be the following format: XXXXX- XXXXX- XXXXX- XXXXX- XXXXX

Please contact Nintex Support with any questions.

Download the latest release

Ensure you download the files that are correct for your licensing needs available on the Product Releases page:

  • Nintex RPA for Enterprise Edition. The Nintex RPA releases are versions 16.x and later.
  • Nintex RPA for Standard Edition. The Nintex RPA releases are version 16.5.1 / 1.3.3 and later.

Note: Nintex customer registration is required to use the Product Releases download page.

Ensure you review the Release Notes for your release for important release information.

Next:

Install Nintex RPA