Nintex RPA installation scenario
Use the following steps to guide your installation of the Nintex RPA components. Once your server is installed and configured, you can install the Nintex RPA Studio, Nintex RPA Robots, the Dynamic Advanced Commands (DAC), and then set up and test your automations.
Prerequisites:
-
Windows Server 2019
-
If using Active Directory, then the server must be part of the AD Domain.
Use the following steps to set up your server environment for installing Nintex RPA.
-
If your installation uses Microsoft SQL:
-
Install Microsoft SQL Server Management Studio.
-
Download and install SQL Server Management Studio on the Nintex RPA server. This is required for access to the managed database. You can download the installer from Download SQL Server Management Studio (SSMS).
-
-
Install Microsoft SQL Server. The Nintex RPA Server installation has the option of installing MS SQL 2017 Express as part of the installation and installs two databases. If you're happy using MS SQL 2017 Express, then skip this step and the next step.
-
Download and install MS SQL Server 2016 or later. During installation, ensure that installation is using default instance AND that mixed mode authentication is enabled with valid credentials for “sa” user.
-
-
Verify your database user permissions.
-
If MS SQL Server was previously installed, you must confirm that the database user used for your Nintex RPA system has sysadmin and public server role permissions. To verify this:
-
Log-in to SQL Management Studio.
-
Select the Security tab and open the Logins folder.
-
Right-click on the provided user and select Properties.
-
Navigate to the Server roles tab and verify that the user has sysadmin and public permissions selected.
-
-
-
-
Verify if the IIS service is running.
-
Open your Windows services configuration panel (run Services.msc).
-
Check the list of services for the World Wide Web Publishing Service. If the service is in the list and is running, first Stop the service and then set the Startup Type to Disabled. If the service is not available, continue to the next step.
-
-
Verify your Powershell privileges.
-
Start your Windows Powershell client using Run as Administrator.
- At the command line run Get-ExecutionPolicy.
- Confirm that the returned policy is Bypass, AllSigned, or Unrestricted.
- If the policy returned is not one of the above, run Set-ExecutionPolicy Bypass to update your policy privileges to Bypass.
- When prompted with the execution policy change, select [A] Yes to All.
-
- Verify that the required ports are not in use.
Launch the command prompt.
Verify for each port (except 80 and 443) to be used for your installation that it is not in use. Use the command “netstat -aon | findstr “<YourPortNo>”.
Ports Utilized by the RPA environment:Port Number Purpose Usage 80 / 443 (Configurable) Nginx Client to Server Comms 1433 (Configurable) Database RPA Server to DB server 3555 Idp Api Svc RPA Server to Aerobase 5000 RDP Svc Client to Server Comms 5011 LeoJSWebServer Internal Comms (Client) 5341 Seq RPA Server to Seq Server 5353 Discovery Svc Internal Comms (Server) 5671 / 5672 RabbitMQ RPA Server to RabbitMQ (AMQP) 5698 Aerobase (Master Realm) RPA Server to Aerobase 6379 Redis RPA Server to Redis server 7600 High Availability (HA) Bi-directional between RPA servers 8081 (Configurable) HttpComPort Internal Comms (Server) 8082 (Configurable) NetComPort Internal Comms (Server) 8083 (Configurable) HttpsComPort Internal Comms (Server) 8085 Kryon Connector Internal Comms (Client) 8090 High Availability (HA) Bi-directional between RPA servers 31336 Kryon Updater Internal Comms (Client) 50000 Queue Collector Svc Internal Comms (Server) 50001 Queue Manager Svc Internal Comms (Server) 50002 Task Manager Svc Internal Comms (Server) 50003 Studio Manager Svc Internal Comms (Server) 50004 Feature Toggle Svc Internal Comms (Server) 50005 Robots Manager Svc Internal Comms (Server) 50006 Public Api Svc Internal Comms (Server) 50007 History Manager Svc Internal Comms (Server) 50008 Clients Manager Svc Internal Comms (Server) 50009 Unattended Ui Svc Internal Comms (Server) 50010 License Manager Svc Internal Comms (Server) 50016 Notifications Svc Internal Comms (Server) 50023 Calendars Svc Internal Comms (Server) 50025 Magician Svc Internal Comms (Server) 50100 Triggers Svc Internal Comms (Server) 50103 ConsoleX Ocelot Svc Internal Comms (Server) 50104 ConsoleX Auth Svc Internal Comms (Server) 50105 ConsoleX Settings Internal Comms (Server) 50106 ConsoleX Unattended Internal Comms (Server) 51012 Raw Fetcher Svc Internal Comms (Server) 51018 Vault Svc Internal Comms (Server) 52935 DAC Comms Internal Comms (Client) If no result is returned, then that port is not in use. If you see results, identify the PID seen in the result and verify it against the Details tab in Window's Task Manager.
Ensure that any port conflict is deemed to be risk free before proceeding. If port conflict is seen, try restarting the server to clear any ports being locked from earlier processes and verify again. If conflicts are still seen, consider using a different port or seek further advice internally.
-
Check the SSL Certificate.
-
Ensure that the SSL certificate provided is issued against the either the FQDN of the Nintex RPA server or a wild-card certificate against the user’s domain. The certificate must also be CA certified and not self-signed. If it isn’t, please reach out to the administrator to ensure the correct certificate is provided.
-
The password of the certificate issued must not contain the following special characters. If the password contains any of these special characters, please request that the administrator to regenerates the certificate with a valid password. There is no workaround available.
-
-
‘ (apostrophe)
-
“ (double-quotes)
-
\ (backslash)
-
\t (tab)
-
\n (line feed)
-
\r (caret return)
-
\v (vertical tab)
-
and space
-
Disable the anti-virus.
-
Verify if any anti-virus or end point protection software is installed and enabled on the Nintex RPA server. It must be disabled before you start the installation.
-
-
Restart the server.
-
It is a good practice to restart the server after completing all the steps above before commencing the upgrade. After restarting the server, open Task Manager and click on Users tab, and ensure that there are no other active users seen. If there are, disconnect them from the session.
-
-
Before you start, make sure you have the correct installer version, and that it has not been blocked by Windows.
-
Run NintexServerSetup64bit with administration rights, or run it from an administrator command line using the following switches:
-
start /wait NintexServerSetup64bit_22.9.1.7.exe check_install_folder=false
-
-
When the installer splash screen displays, click Next. The Express install option is not recommended, as it skips all the configuration steps using default values.
-
In the Target Folder screen, update the path of the installation location. We recommend using a Nintex folder on the desired drive, i.e. C:\Nintex. Click Next.
The path is limited by the operating system, so a short path is best.Make sure the Install folder:
is on a local drive that has at least 100Gb free storage and at least 20Gb free storage on C:\.
isn't a root folder of a drive (e.g.,
C:\
).has a full path that doesn't exceed 20 characters in length.
-
In the Deployment Type screen, select Unattended Automation. For more information on Unattended and Attended automation types below. Click Next.
Unattended Automation:-
Robots are installed on a virtual machine.
-
Connected to the RPA server.
-
Run a predefined sequence of actions on a preset schedule or trigger.
-
Operate independently without human intervention.
Attended Automation:-
Robots are installed on the employee desktop.
-
Connected to the RPA server.
-
Remain dormant until triggered by an employee or an action.
-
Similar to virtual assistants and require human intervention.
To change the automation type after your installation is complete, see how to edit the config files in Nintex Assistant - Attended Automation.
-
-
In the Servers screen, update the Application server name. This should be the FQDN (Fully Qualified Domain Name) hostname of the server that you are installing on. Click Next.
If FQDN is not available, this should be the hostname of the server. DO NOT use the server’s IP address.
-
In the High Availability screen select Single machine deployment. If you need a High Availability environment, please contact Nintex support for further assistance. Click Next.
-
In the RabbitMQ service screen type or change the default RabbitMQ admin password as desired. If RabbitMQ is already installed, this screen won't show.
Typically, you won't need the Work with SSL or Join cluster options as RabbitMQ is an internal service. For those options see RabbitMQ service. Click Next.
Do not use special characters @, # or ? in the password, as these will cause issues.
-
In the RPA Clients screen, select English as the default Search engine language. This configures the language used in the RPA Client applications, such as Nintex RPA Robots, and Studio. It can be manually changed in the config file. Click Next.
-
In the Secured connection (TLS) screen, you have three options:
-
Without SSL/TLS Certificate
-
Secured (generate a new certificate)
-
Secured (provide an existing certificate).
An installation without an SSL/TLS certificate is only used for simple installations for testing.
Secured (generate a new certificate).Under CA certificate, click on Browse to locate the organization's certificate authority (CA) PFX file and let the installation generate the certificate automatically for you.
-
You must have the CA trusted on the client machines (Robot and Studio).
-
Secured SSL/TLS connection is recommended for RPA System Hardening and Vulnerability Management.
Secured (provide an existing certificate).If you are upgrading or re-installing or have an existing certificate, then select the Secured (provide an existing certificate) option. Then either select a PFX file and provide the password, or select Certificate is already installed and configure the certificate from the Windows Store and the CRT, KEY, and PEM files for NGINX communication certificate settings. Click Next.
Your files must:
-
be signed by the organization's certificate authority (CA) .
-
contain the RPA server FQDN in the Subject field (for example, CN=prodserver.mycompany.com).
-
contain the RPA server FQDN in the Subject Alternative Names field (for example, DNS=prodserver.mycompany.co).
-
-
In the Ports screen, make sure the default ports are not in use on the server, and if they are then change them to ports that are open.
Select Open all ports in Windows Firewall to have the corresponding firewall rules established on the server.If you encounter a Failed getting ports in use list error, please close the installer window and start the installation again to overcome the issue.
Click Next. -
In the SEQ - centralized log repository screen, leave the default option as Install SEQ locally. If you have an existing SEQ server, then select the Use remote server option and configure the options. Click Next.
You can pull the remote Seq information from the URL used to access Seq on the remote server. The URL structure is as follows:
{SEQ Protocol}://{SEQ serverFQDN}:{SEQ Server Port}/{End point}
Check out the Seq developer's website to learn more about installing and working with Seq.
-
There are three options in the User Authentication screen:
-
Single sign on (Kerberos)
-
Require username and password
-
Enable Nintex permissions system
You can select one or more of these options. Once you have selected the options required for your organization, click Next.
Single sing on (Kerberos) for Active DirectoryThis option sets your Nintex RPA system to use Active Directory, and enables the Connect to Active Directory, Active Directory Groups and Platform Security configuration screens.
Select Single sign on (Kerberos).
Selecting Single sign on means you must sync users between Active Directory and the RPA server after installation.Require username and passwordIf your organization requires username and password authentication, select the Require username and password option. You then need to configure users and their passwords using your local Nintex Admin application.
Enable Nintex permissions systemIf your organization requires specific levels of user permissions, select this checkbox to enable using Nintex's internal permissions system. This enables the assignment of read, write, and publish permissions to Studio users and robots for specific libraries and categories of automation workflows.
-
-
For Service Credentials, specify a user's Username and Password. This user must have local administration rights. This sets up credentials for the Nintex RPA application services. Click Next.
If you selected Single sing on (Kerberos) in the previous screen, use an Active Directory user's Username and Password.
When running the installation using a Local Admin user, if you apply the credentials of a user who isn’t a member of the local admin group, that user is automatically added to the local admin group.
-
In the Authentication Service Credentials screen, leave the default selection of the same user configured for Service Credentials. This screen configures the Aerobase authentication service user for the Aerobase services. Aerobase is an open-source identity and access management (IAM) platform. If your security policies require different users for difference services, you can configure a dedicated domain user by using the option in the drop-down. Click Next.
-
If you selected If you selected Single sign on (Kerberos) in the User Authentication screen in the User Authentication screen you now configure the Active Directory options:
Active Directory User Authentication- On the Connect to Active Directory screen the Connection URL is automatically configured from the domain, the drop-down shows both connections and either URL will work. Select the Organization unit that contains the users groups to use . You must sync the users between the services after the installation is complete. Click Next. You can only select one Organizational unit.
- On the Active Directory Groups screen, leave the default Do not use Active Directory groups to authenticate option selected unless you only need to grant access to specific AD Groups from the Organization unit. If you select Use Active Directory groups to authenticate, then the installer returns the AD groups available (this can take some time). Click Next. You can select multiple groups.
- On the Authentication Platform Security screen you have the following three options for applying the KEYTAB file:
- Provide a KEYTAB file post installation.
- Use an existing KEYTAB file.
- Generate a KEYTAB file.
Select the Generate a KEYTAB file option. You can either enter the domain administrator username and password, or generate the KEYTAB file using the Copy command to clipboard command line, and then apply that KEYTAB file using the Use an existing KEYTAB file option. See Authentication Platform Security for more information. Click Next.
If you choose to generate the KEYTAB file using the command line, the user performing the command must have Domain Administration rights. The resulting KEYTAB file is located in C:\ProgramData.
- On the Connect to Active Directory screen the Connection URL is automatically configured from the domain, the drop-down shows both connections and either URL will work. Select the Organization unit that contains the users groups to use . You must sync the users between the services after the installation is complete. Click Next.
- In the Connect to Database screen, configure access to your Microsoft SQL Server database, or if you don't have select Install local SQL Server 2017 Express. Click Next. For more information, see Connect to Database. Click Next.
- Use the RPA Authentication DB screen to test the connection to the authentication database, or select Skip DB connection test. Click Next.
- In the Keycloak default user credentials screen enter passwords for the AuthAdmin and test user. The AuthAdmin account is used to log in to the Aerobase system. Click Next.These credentials must be remembered or stored securely as you must enter these passwords when you upgrade to a new version.
- In the Support Tools screen, select to install the additional helper applications you need. Click Next.If any of these tools are already installed, that option will appear grayed out.
- Use the Components to Install screen to review what will be installed and configured. Click Previous to return to the previous screens. Click Install to install the Nintex RPA Server.If any of these components are already installed, they will appear grayed out.Once the Nintex RPA Server is installed, you must activate your license and sync users before using the client applications.
- Your installation of Nintex RPA Server is now complete. Click Close.
- From the Windows Start menu, locate and run the Nintex Admin tool.
- Log in with the credentials created during your installation. You may be prompted to change the temporary password upon first log in.
Username: admin
Password: Aa123456!
You can also access this user and password in Aerobase user management. - Activate your License. Follow the steps in Activating Your RPA License.
- Turn the Credentials Vault on. Follow the steps in Enabling the Credentials Vault..
- Add an Application. Follow the steps in Managing Applications.
- Create new wizard and sensor Libraries. Follow the steps in Managing Libraries. Link them to your application and company. .
- If you installed your Nintex RPA server with Single sign on (Active Directory)
Sync your users
- Add your federation in the Nintex Admin tool. Follow these steps:
Connect a federation with a company
To connect a federation with a company:
In the Menu Pane, click Companies and Users.
In the Entities Pane, select the company with which you want to associate a user federation.
The selected company's data appears in the Properties Pane.
In the General tab's User management section, click the link.
The Add federation window appears.
Select the federation to connect to the company.
Optional: Select the default permissions that you wish to automatically assign to each user. These permissions can be manually edited for individual users following sync.
Click the OK button to save your changes.
The connected user federation will now appear in the User management section.
- Log into Aerobase, select User Federation and then select Kryonaws. At the bottom of the Settings tab click Synchronize all users. This synchronizes with Active Directory.
- Sync your users in the Nintex Admin tool.Follow these steps:
Sync users to Nintex Admin Tool
After connecting the user federation, follow these steps to sync the federation's users to the Admin:
In the Properties Pane, select the Users tab.
Click the Sync Users button.
The Sync Users Window opens.
Click the Run button to begin the sync.
The Sync Users Window will close, and you will be returned to the Users tab. At any point, click the Sync Users button again to see the status of the sync process (but close the window without clicking the Run button again).
When the sync is complete, the Status column in the Sync Users Window displays
Finished
If you are using the three day free license and want to use a domain user to test the system, use the Nintex Admin tool to search for and edit that user's Status. - Add your federation in the Nintex Admin tool.
Now that your Nintex RPA Server has been installed and configured, you can install the client applications on the client computers.
Nintex RPA Studio
Use Nintex RPA Studio to create and manage automation content for Nintex Robots. Automation wizards are recorded by the RPA developer in Studio and then accessed by users who run it on their own computers (attended automation) or by robots who run it on virtual machines (unattended automation).
Nintex RPA Studio must be installed on the same server as your Nintex RPA server, and on the client computers.
Nintex RPA Studio Installation
To access the RPA Studio installation file:
-
Navigate to Customer Central.
-
Click on Product Releases from the left menu.
-
Select Nintex RPA in the search boxes.
-
Click the Download/Access icon for the latest available RPA version.
-
Navigate to the Client/ folder on the directed website.
-
Select an installation file type from the list.
The available list of downloads will vary depending on your selected version.
When installing the Nintex RPA Server, the installer generates JSON files that contain a list of parameters with predefined values, by default at: C:\Nintex\RPA Clients
.
After the server installation is complete, move the JSON Source Files to the same location as the RPA client installer files (MSI or EXE files) and edit the JSON file parameters as needed.
When you start the client installer wizard, it will read the parameters from the JSON file and automatically populate the values in the installer input fields. By clicking the Customize button in the installation wizard, you can see that the input values are the same as in the JSON file.
Without configuring the JSON file parameters, it is still possible to change these values by editing the user input fields in the installer user interface during customization.
Once you have edited your JSON file parameters according to your organization's needs, run the installation wizard for your downloaded RPA Studio.
To begin the installation wizard with the default parameters:
-
Run the Nintex Studio EXE file as an administrator.
-
Start the installation wizard.
-
Click Next after the System check.
-
Click Next after the Installation details are listed.
If you are installing with the default settings, Skip will be automatically input next to the services that are currently installed on your machine.If you would like to edit settings or review JSON parameter changes, select and follow these steps. -
Click Install after selecting the installation folder location.
-
The wizard executes the installation. Click Close when the installation is complete.
If you need to change something in the settings stored in the JSON file, you can edit your JSON file parameters according to your organization's needs, and then run the installation wizard for your downloaded RPA Studio. By default all the required parameters are created during the Nintex RPA Server installation.
-
Run the Nintex Studio EXE file as an administrator.
-
Start the installation wizard.
-
Click Next after the System check.
-
Click Customize under the listed Installation details.
Here you can customize parameters for the first time, or review JSON parameter changes that you previously edited after the RPA server installation. -
Select which components you want to install and click Next.
Components that are currently installed on your computer will automatically be unchecked. -
Select the RPA Server details and click Next.
-
RPA Server FQDN: These details are automatically populated.
-
Cluster servers FQDNs: List the FQDNs of the cluster servers separated by commas.
-
Load Balancer FQDN.
-
-
Ports configuration is automatically populated. Edit the port details if necessary and click Next.
-
Select if you are using an https connection, edit the NginX port, or keep the default, and click Next.
-
Click Install after selecting the installation folder location.
-
The wizard executes the installation. Click Close when the installation is complete.
Nintex RPA Robots - Unattended Automation
In this scenario we installed the Nintex RPA server for unattended robots. Unattended means a client installed on a virtual machine that runs wizards (i.e., sequences of instructions) on target applications with no human intervention, working behind the scenes to automate high-volume, repetitive, time-consuming business processes.
Nintex RPA Robot Installation
To access the RPA Studio installation file:
-
Navigate to Customer Central.
-
Click on Product Releases from the left menu.
-
Select Nintex RPA in the search boxes.
-
Click the Download/Access icon for the latest available RPA version.
-
Navigate to the Client/ folder on the directed website.
-
Select an installation file type from the list.
The available list of downloads will vary depending on your selected version.
When installing the Nintex RPA Server, the installer generates JSON files that contain a list of parameters with predefined values, by default at: C:\Nintex\RPA Clients
.
After the server installation is complete, move the JSON Source Files to the same location as the RPA client installer files (MSI or EXE files) and edit the JSON file parameters as needed.
When you start the client installer wizard, it will read the parameters from the JSON file and automatically populate the values in the installer input fields. By clicking the Customize button in the installation wizard, you can see that the input values are the same as in the JSON file.
Without configuring the JSON file parameters, it is still possible to change these values by editing the user input fields in the installer user interface during customization.
Once you have edited your JSON file parameters according to your organization's needs, run the installation wizard for your downloaded RPA Robot.
To begin the installation wizard with the default parameters:
-
Run the Nintex Robot EXE file as an administrator.
-
Start the installation wizard.
-
Click Next after the System check.
-
Click Next after the Installation details are listed.
If you are installing with the default settings, Skip will be automatically input next to the services that are currently installed on your machine.If you would like to edit settings or review JSON parameter changes, select and follow these steps. -
Click Install after selecting the installation folder location.
-
The wizard executes the installation. Click Close when the installation is complete.
Once you have edited your JSON file parameters according to your organization's needs, run the installation wizard for your downloaded RPA Robot. By default all the required parameters are created during the Nintex RPA Server installation.
-
Run the Nintex Robot EXE file as an administrator.
-
Start the installation wizard.
-
Click Next after the System check.
-
Click Customize under the listed Installation details.
Here you can customize parameters for the first time, or review JSON parameter changes that you previously edited after the RPA server installation. -
Select which components you want to install and click Next.
Components that are currently installed on your computer will automatically be unchecked. -
Select the RPA Server details and click Next.
-
RPA Server FQDN: These details are automatically populated from the json file.
-
Cluster servers FQDNs: List the FQDNs of the cluster servers separated by commas.
-
Load Balancer FQDN.
-
-
Ports configuration is automatically populated from the json file. Edit the port details if necessary and click Next.
-
Select if you are using an https connection, edit the NginX port, or keep the default, and click Next.
-
Click Install after selecting the installation folder location.
-
The wizard executes the installation. Click Close when the installation is complete.
Nintex RPA Dynamic Commands
Nintex RPA Dynamic Commands can be installed on both the server and client computers.
When installing on the client, a set of predefined commands is installed by the installer. Installing on the server allows for a distributed system of commands. See Dynamic Commands for more information.
Dynamic Commands Installation
-
Make sure that Nintex RPA Studio is installed before the DAC installation.
-
The Nintex Updater service MUST be running for DAC to work properly. This can be validated by opening the Services.msc and checking the Nintex Updater service.
-
Download the Dynamic Commands .exe file.
-
Run the Dynamic Commands installer.
-
Select the Deployment Type.
By selecting Server deployment, the DACs will automatically be distributed to all clients. -
Allow the installer to perform a System check.
-
Select the Dynamic Commands you wish to install.
-
Select the Installation folder path(recommended: C:\Nintex\DynamicCommands).
-
Click Next to initiate the installation.
In addition to installing the Dynamic Commands, the installer will also install Microsoft Windows Desktop Runtime to allow the system to run the new host service.
-
The execution of the Dynamic Commands is performed by the new host service, not from Studio.
-
-
Restart the server.
-
To confirm that the service is running, open Task Manager and look for Kryon.DC.Remote.Host service:
The service "Kryon.DC.Remote.Host.service" starts only when the studio and/or robot are up and running, and not when they are idle.
-
Make sure to run the installation on every client machine that needs to use the Dynamic Commands.
Once installation is complete, the commands will appear under the installation folder as follows:
Naming convention
The naming convention is : Kryon-ac-commandname-year.month.version
-
"
ac
" stands for "advanced command" -
The date stands for the release date of the dynamic command + its version
-
On your client computer, run the Nintex RPA Robot application (double click on the desktop icon or run it from the Start menu).
-
You should get a message telling you that this robot is pending approval, as shown below:
-
On your Nintex RPA Server, log in to Nintex Console.
-
Select the Robots option, then select the Pending approval tab.
-
Click the three dots menu option and select Approve.
-
Enter a new name for this Robot and click Yes, approve.
-
Now that the Robot is approved, assign it to a queue. Click the three dots menu option , select Assign to queue. Select the queue from the list of option and click Assign 1 queue.
-
Back on your client computer, restart the Nintex RPA Robot application. The Nintex Robot app should show.
-
Start Nintex RPA Studio.
-
In Wizards, create a New Category, then create a New Wizard. Give the wizard a Name and click Get Started.
-
In the Nintex Wizard Editor, add a Show message action to Step 1.
-
In the message dialogue enter Test is complete as your message and click OK.
-
Close the editor and publish the wizard. On the Status option click Change, then select Published and click Set Status.
-
Click Save changes to complete the wizard.
-
On your server computer, in Nintex RPA Console, select Tasks.
-
Create a new Task with the name Test.
-
For this task select the wizard that you just created and add it to the default queue.
-
Click Add to queue.
-
Back on the client computer the Robot should display the Test is complete message pop up.
-
This shows that your Nintex RPA system is working, and you can go on with creating automations for your business.