Server Pre-installation Steps

Prerequisites:

  • Windows Server 2019

  • If using Active Directory, then the server must be part of the AD Domain.

Make sure you have completed these steps before you begin the server installation.

Use the following steps to set up your server environment for installing Nintex RPA.

  1. If your installation uses Microsoft SQL:

    1. Install Microsoft SQL Server Management Studio.

    2. Install Microsoft SQL Server. The Nintex RPA Server installation has the option of installing MS SQL 2017 Express as part of the installation and installs two databases. If you're happy using MS SQL 2017 Express, then skip this step and the next step.

      • Download and install MS SQL Server 2016 or later. During installation, ensure that installation is using default instance AND that mixed mode authentication is enabled with valid credentials for “sa” user.

    3. Verify your database user permissions.

      • If MS SQL Server was previously installed, you must confirm that the database user used for your Nintex RPA system has sysadmin and public server role permissions. To verify this:

        1. Log-in to SQL Management Studio.

        2. Select the Security tab and open the Logins folder.

        3. Right-click on the provided user and select Properties.

        4. Navigate to the Server roles tab and verify that the user has sysadmin and public permissions selected.

  2. Verify if the IIS service is running.

    1. Open your Windows services configuration panel (run Services.msc).

    2. Check the list of services for the World Wide Web Publishing Service. If the service is in the list and is running, first Stop the service and then set the Startup Type to Disabled. If the service is not available, continue to the next step.

  3. Verify your Powershell privileges.

    1. Start your Windows Powershell client using Run as Administrator.

    2. At the command line run Get-ExecutionPolicy.
    3. Confirm that the returned policy is Bypass, AllSigned, or Unrestricted.
    4. If the policy returned is not one of the above, run Set-ExecutionPolicy Bypass to update your policy privileges to Bypass.
    5. When prompted with the execution policy change, select [A] Yes to All.
  4. Verify that the required ports are not in use.

    1. Launch the command prompt.

    2. Verify for each port (except 80 and 443) to be used for your installation that it is not in use. Use the command “netstat -aon | findstr “<YourPortNo>”.

      Port NumberPurposeUsage
      80 / 443 (Configurable)NginxClient to Server Comms
      1433 (Configurable)DatabaseRPA Server to DB server
      3555Idp Api SvcRPA Server to Aerobase
      5000RDP SvcClient to Server Comms
      5011LeoJSWebServerInternal Comms (Client)
      5341SeqRPA Server to Seq Server
      5353Discovery SvcInternal Comms (Server)
      5671 / 5672RabbitMQ RPA Server to RabbitMQ (AMQP)
      5698Aerobase (Master Realm)RPA Server to Aerobase
      6379RedisRPA Server to Redis server
      7600High Availability (HA)Bi-directional between RPA servers
      8081 (Configurable) HttpComPortInternal Comms (Server)
      8082 (Configurable)NetComPortInternal Comms (Server)
      8083 (Configurable)HttpsComPortInternal Comms (Server)
      8085Kryon ConnectorInternal Comms (Client)
      8090High Availability (HA)Bi-directional between RPA servers
      31336Kryon Updater Internal Comms (Client)
      50000Queue Collector SvcInternal Comms (Server)
      50001Queue Manager SvcInternal Comms (Server)
      50002Task Manager SvcInternal Comms (Server)
      50003Studio Manager SvcInternal Comms (Server)
      50004Feature Toggle SvcInternal Comms (Server)
      50005Robots Manager SvcInternal Comms (Server)
      50006Public Api SvcInternal Comms (Server)
      50007History Manager SvcInternal Comms (Server)
      50008Clients Manager SvcInternal Comms (Server)
      50009Unattended Ui SvcInternal Comms (Server)
      50010License Manager SvcInternal Comms (Server)
      50016Notifications SvcInternal Comms (Server)
      50023 Calendars SvcInternal Comms (Server)
      50025Magician SvcInternal Comms (Server)
      50100 Triggers SvcInternal Comms (Server)
      50103ConsoleX Ocelot SvcInternal Comms (Server)
      50104ConsoleX Auth SvcInternal Comms (Server)
      50105ConsoleX SettingsInternal Comms (Server)
      50106ConsoleX UnattendedInternal Comms (Server)
      51012Raw Fetcher SvcInternal Comms (Server)
      51018Vault SvcInternal Comms (Server)
      52935DAC CommsInternal Comms (Client)

    3. If no result is returned, then that port is not in use. If you see results, identify the PID seen in the result and verify it against the Details tab in Window's Task Manager.

    4. Ensure that any port conflict is deemed to be risk free before proceeding. If port conflict is seen, try restarting the server to clear any ports being locked from earlier processes and verify again. If conflicts are still seen, consider using a different port or seek further advice internally.

  5. Check the SSL Certificate.

    1. Ensure that the SSL certificate provided is issued against the either the FQDN of the Nintex RPA server or a wild-card certificate against the user’s domain. The certificate must also be CA certified and not self-signed. If it isn’t, please reach out to the administrator to ensure the correct certificate is provided.

    2. The password of the certificate issued must not contain the following special characters. If the password contains any of these special characters, please request that the administrator to regenerates the certificate with a valid password. There is no workaround available.

    • ‘ (apostrophe)

    • “ (double-quotes)

    • \ (backslash)

    • \t (tab)

    • \n (line feed)

    • \r (caret return)

    • \v (vertical tab)

    • and space

  6. Disable the anti-virus.

    • Verify if any anti-virus or end point protection software is installed and enabled on the Nintex RPA server. It must be disabled before you start the installation.

  7. Restart the server.

    • It is a good practice to restart the server after completing all the steps above before commencing the upgrade. After restarting the server, open Task Manager and click on Users tab, and ensure that there are no other active users seen. If there are, disconnect them from the session.