RPA server GUI upgrade or repair

Nintex System Manager provides a comprehensive solution for managing the upgrade or repair of RPA. The repair process, allows you to change existing configurations, such as enabling or disabling TLS, without upgrading to a higher version .

The upgrade process is started when you have an existing Nintex RPA installation and you use an RPA installation bundle zip file for a newer version. The repair process is started when you use an installation bundle zip file for the same version as the RPA version that you installed previously.

The following sections are relevant information related to the process.

The following is a list of recommended items that you can verify before starting the process:

  Item Remark
1 Type of environment (E.g. Dev/Test/Prod)  
2 What is the current version?  
3 What is the targeted version?  
4 Does the hardware and software meet the minimum/recommended specifications for Server & Clients?  
5 Automation type (Attended or Unattended)
Refer: Configurations > General Settings 		 
6 Is TLS/SSL used?
If yes, prepare the necessary credentials and/or files. Refer: Configurations > Security Options 		 
7 Determine the account to be used as the application services user and have the password on hand.
Refer: Configurations > Customize Application Services User

Is a domain account required as application services user?
If yes, the domain account must have local admin and log on as a service privileges & able to execute the setspan commands on the RPA server. 		 
8 Is Active Directory (AD) used for managing the users?
If yes, determine the account to be used to connect to AD and the Organizational Unit the RPA users belong to.
Refer: Configurations > Customize User Management 		 
9 Is Single Sign-On enabled?
If yes, have the KEYTAB files on hand.
Refer: Configurations > Client-Server Authentication 		 
10 Determine the two databases used by RPA. The default names are nintex_RPA and nintex_Authentication.
Is the MSSQL Server’s sa user available for use during the upgrade?
If no, you will need an account that has access to the MSSQL Server, with sysadmin server role, and db_owner role for the master, nintex_RPA and nintex_Authentication databases.
Refer: Third Parties > MSSQL (Database Server) 		 
11 Can anti-virus software, if present, be disabled/turned off during server installation?
If no, it may block or significantly slow down the upgrade process. 		 
12 Can a backup of the server be performed prior to the upgrade? It may be necessary to abort the upgrade in the event of complications.  

If you are upgrading from Nintex RPA 22.9 or later, the latest version of System Manager is able to retrieve the parameters you used previously and automatically populate the same fields.

Perform the following actions before starting the process:

Before you start, create a restore point for the server VM.

    • Log in to the console and verify the following:

      • Task Queue: Ensure there are no pending tasks.

      • Running Tasks: Ensure there are no tasks running currently.

      • Triggers: Ensure that all triggers are set to Inactive status.

      • Approved Robots: Ensure none of the approved robots have the Running status.

  • Disable any anti-virus software that is running so that it doesn't block the upgrade/repair process, and to improve performance during the process.

  • Check whether DAC is installed in the RPA server and client VMs. Post-upgrade or repair, DAC should be installed back in the same location.

  • Ensure that you have installed the latest version of Nintex System Manager (Nintex RPA) (NintexSystemManagerSetup.exe).

  • Check server requirements according to Nintex RPA server.

  • Ensure that the latest version of the RPA installation bundle zip file (e.g., nintex-rpa-server-<latest version>-full.zip) is ready and available for use during the process.

  • Verify that no conflicting versions of .NET are present in the PATH environment variable. See Known issues below.

    • Backup the database; if it is self-managed, make sure it satisfies the minimum requirements.

    • Ensure the user account that will run the process is able to log in to the MSSQL Server and take note of the following:

      • The user account has the Server role sysadmin for the MSSQL Server and Database role db_owner, for the RPA, RPA Authentication, and master databases.

      • The FQDN and instance name used by the database.

      • The port used in the SQL Configuration Manager is configured correctly.

    • (For TLS/SSL installation) Different certificate file options, such as Personal Information Exchange file (e.g., kryonaws_full_chain.pfx or PKCS#12), CERT, KEY, and PEM files, are supported. Make sure you have the necessary files for your environment and ensure that each server in a multi-server installation has a certificate installed before you start the process.
    • Log in to Keycloak using the authadmin credentials at <fqdn>/authadmin and verify the following:
      • If you are using Active Directory, take note of the value for Domain in System Manager at Configurations > Customize User Management > Active Directory [select Use Active Directory] > Domain. Compare this Domain value with the one specified in Keycloak at User Federation > [ID] > Required Settings > Console Display Name. If they are not the same, update the one in Keycloak to be the same as System Manager.
      • Check the Client Secret (Keycloak's Client > Edit > Credentials tab). The value specified for Secret must be the same as the one used in the Environment Variable field. If the values do not match, use the value in Secret to update the Environment Variable value. The following are examples of these values:
        Keycloak SecretEnvironment Variable
        kryon-secrets-adminNINTEX_SECRETS_IDP_KRYON_SECRETS_ADMIN_SECRET
        kryon-secrets-readerNINTEX_SECRETS_IDP_KRYON_SECRETS_READER_SECRET
        kryon-serverNINTEX_SECRETS_IDP_KRYON_SERVER_SECRET (for RPA v22.9, check the configuration value for keycloakClientSecret in C:\nintex\config\prod\general\keycloak-token-client.json file)
        authadmin-cliNINTEX_SECRETS_IDP_AUTH_ADMIN_CLIENT_SECRET
Make sure you have the latest System Manager installed for best performance and access to new features.

The primary method of installing RPA is through System Manager, which provides a user-friendly graphical interface. This is the recommended method for most users.

To install System Manager, follow these steps:

  1. Locate and run the System Manager executable file: NintexSystemManagerSetup.exe.

  2. Click Install.

  3. (Optional) Select the Run NintexSystemManager checkbox to launch the application immediately after installation.

  4. Click Finish.

After installing System Manager, you can run it. It will guide you through the RPA upgrade or repair process. The System Manager GUI guides you through the following steps:

Page Description
Welcome Page to select the ZIP file that you want.
Setup Page used to enter server details and specify the desired destination folder.
System check Verifies that your system meets the requirements for the software.
Configurations Page to configure the preferred connection option and specify the desired port.
Optional features Page to enable or disable key features.
Third parties Page to configure settings for various external components used in the system.
Upgrade Page that shows the progress of the procedure.
Completion Indicates the successful completion of the process. Choose to launch the System Manager immediately or exit the installer.

When System Manager starts, do the following:

  1. Drag the RPA installation bundle ZIP (.zip) file into the designated box or select the ZIP file by clicking Select file.

  2. Click Start to begin the process.

> Next step: Setup

Following are recommended actions after you have performed the upgrade or repair:

  • Restart the Server VM.

  • Log in to the Admin Tool to manage the Nintex RPA platform.

  • Log in to the Console Plus to create and manage robots, tasks, and triggers.

  • Check that Triggers are working.

  • Log in to Console and check Email server settings. For more information, see Setting Up the Email Server.

      • The following does not apply to the Repair process unless the server FQDN or SSL option was changed.

    • Install the latest version of the clients. You do not need to uninstall them first.

    • Reinstall the Dynamic Advanced Commands on either the server or client machine(s), depending on where it was installed prior to the upgrade.

      If the DAC is installed in the server, allow some time (up to an hour) for it to synchronize updates with client machine(s).

    • Check that the relevant wizards appear in RPA Admin and Studio.

    • Check that wizard permissions have been applied correctly in Robot, Studio and Console.

    • Check that users are synchronized between Keycloak and Nintex Admin Tool user.

    • Check that users have the appropriate user roles as specified in Keycloak's user Role Mapping.

    • Check that users have a tenantID attribute in User Federation. To do this, go to Console > Users. For each user, go to [ID] > Attributes and make sure there is an entry with Key = tenantID and Value = 1. Add one if this not available. If you are unable to add it, go to User Federation > [ID] > Settings > Edit Mode and change the value to Writable.

    • To validate Single Sign-On for Client Server Authentication, log in to the client machine using an Active Directory user account that has been imported into Aerobase (and synchronized in the Admin tool). Start a client application (Studio or Robot), and if the setup is successful, it will log in automatically without requiring manual credentials.

.Net Core path conflict

  • Issue: When installing the RPA Server, the process may fail at the RPA Services step due to the Nintex Server - Authentication Service being stuck in a Paused state. This is usually caused by a conflict with the .NET Core installation path.

  • Explanation: The failure occurs because the process installs .NET Core 6 in C:\Program Files\dotnet. However, if the PATH environment variable has an entry for C:\Program Files (x86)\dotnet before the correct path, the system cannot find the installed .NET Core version. This conflict may occur on virtual machines (VMs) that come with .NET already installed in the wrong location and architecture (x86/x64).

  • Workaround: To resolve this issue, follow these steps:

    1. Check that .NET Core 6 is installed in C:\Program Files\dotnet.

    2. Remove C:\Program Files (x86)\dotnet from the PATH environment variable. To do this:

      1. Open System settings.

      2. Click Advanced system settings.

      3. Click Environment Variables in the Advanced tab.

      4. Select Path from the System variables.

      5. Click Edit.

      6. Delete the entry C:\Program Files (x86)\dotnet.

    3. Restart the machine.

    4. Run the process again.