We have an On-Premise Orchestrator setup , and i am trying to automate the triggering of a bot based on an email received in Outlook, so trying to use the MS Power Automate as the middle layer. But connecting from Power Automate to an On-Premise Orchestrator is challenging. PA is not recognizing the Orchestrator Server. I get the following error- UnresolvableHostName , HTTP request failed with status code- ‘NameResolutionFailure’ . Has anyone encountered this? Is it possible to connect from Office 365 ¶ to OnPremise Orch.
Hi,
it is possible, for one project I created with Microsoft Flow an app that set a trigger to enable on an On-Premise Orchestrator. It performs three HTTP requests to do this.
Did you set the right address? ex. https://{orchestrator}/api/Account/Authenticate
Can you test the request on Swagger?
Regards, Gio
https://{[orchestrator]}/api/Account/Authenticate . I am using the above link and it works fine with Swagger. But when i connect from Microsoft Flow it gives the error. Did you update any settings in the Orchestrator server side ? could you send me the screen shot of your PA HTTP request (of course without any sensitive information ).
Hi,
in the Orchestrator, you should set the permissions (but if you don’t have the permission, the response will be 401 Unauthorized). Is the Orchestrator visible from the Internet or it is on a private LAN?
Here an HTTP request example, to retrieve a trigger (basically there are only the mandatory proprieties: schedulerID, authorization and “X-UIPATH-OrganizationUnitId”):
Regards, Gio
I was asking the screenshot for this specific HTTP request https://{[orchestrator]}/api/Account/Authenticate .
Also what permissions are you referring to set in orchestrator . The onpremise orchestrator is in our work network and we login using SSO .
Aha, ok.
So, here is the authentication request based on username and password:
The permissions to set are indicated in the Orchestrator guide or Swagger details:
Permissions Per Endpoint (uipath.com)
Gio
Hi @q.gio
Were you able to find a solution to your problem? I am facing the exact same situation. Power Automate works smoothly with the cloud orchestrator API, but not with an on-premise installation.
Am able to process requests using Postman or even using UiPath’s own HTTP request activity from another system, which is executed over the internet. So the application is available online.
Hi @Shabbir_Abid,
I used this with an on-premise version of the Orchestrator. So in my situation, it worked good. Which kind of error the HTTP request returns?
Regards, Gio
Hi @q.gio , am getting this error:
{
“error”: {
“code”: “BadRequest”,
“message”: “Http request failed with status code ‘ConnectFailure’ and status message: ‘Unable to connect to the remote server’.”
}
}
Just replacing the on-premise URL with a cloud orchestrator URL fixes the issue in Power Automate. But the on-premise URL itself is working, when accessed through Postman
Hi,
in your situation is difficult, it should analyze your IT system because Power Automate cannot access your orchestrator. Probably Postman uses your authorizations while Power Automate runs on a Microsoft server and cannot connect with Orchestrator. Maybe your on-premise Orchestrator runs under a VPN or isn’t visible from the Internet.
Regards, Gio
Thank you @q.gio, for those inputs. My issue is that I have tried with Postman on a completely disconnected system (a different country), and we made the Orchestrator publicly accessible. I can now connect to the application without the VPN setup which was needed earlier.
So Orchestrator seems to be hosted correctly, and that I can access it from a different country without relying on a VPN seems to confirm that. Why Power Automate is then unable to connect is quite worrying.
Hi @q.gio,
I follow On Promise method. I have no issue when debugging in postman with a VPN connection and I am able to get the result. But when I run it from power automate with or without a VPN connection, it gives me this error:
UnresolvableHostName . Http request failed with status code ‘NameResolutionFailure’ and status message: 'The remote name could not be resolved: ‘{{url}}’
Like you said it could be the Orchestrator isn’t visible from the internet. What should I tell IT to resolve this problem?
Has anybody succeeded sending requests to on-premise orchestrator?
Here we run under VPN and since requests via Postman are sucessfull, I tried using Power Automate Desktop, but didn’t succeeded, looks like it is not visible.
Re: Postman, the one thing I keep reading in this thread is everyone’s use of Postman, but no one is indicating whether they are using Postman on their Desktop which I would expect to work as the requests are made from your computer vs Postman’s Web which would come from public Internet and if Firewalls/Routing is not configured would not be able to reach the private network
Yes, it is possible - but in order to do so the Orchestrator needs to be reachable to your private network, whether you expose Orchestrator directly to the public internet, or have a network route setup in such a way that it is reachable (Proxy, Gateway, Site-To-Site VPNs, etc.).
A couple potential options
- Expose On-Prem Orchestrator directly to Internet, ideally scoping which sources can communicate with it at your edge firewall.
- On-premises data gateway - I have used this, the way it works (Outbound Polling) makes this a pretty simply solution, so long as the host you install it on can reach out to the Internet, you register the Gateway in Power Platform and can use it in your Flows, Custom Connectors, etc.
- There are some limitations depending on your use case for example when building a Custom Connector, the authentication through the Data Gateway is limited to No Authentication, Basic, and Windows Authentication - You loose the ability to us an API Token and OAuth which are additional options on Custom Connectors without a Data Gateway. This means you have to get more creative in Authenticating to Orchestrator and injecting the Authentication Bearer Token to additional requests via Policies.
- Normally with a Custom Connector I would import the remote services Swagger definition if it has one to simplify the creation; however UiPath’s definition is pretty large as well as there are some Swagger components that Power Platform does not currently support correctly, so I’m been playing around with splitting the Swagger into functional realms and looking at multiple connectors
- If you’re not interested in building out a Custom Connector, you can still use some HTTP based Actions, note that the default
HTTPAction in theHTTPConnector does not support the use of a Data Gateway, but theInvoke an HTTP requestAction fromHTTP with Azure ADConnector does, both of which are in the Premium Tier.
- Some other potential options that I have not explored include
- Virtual Network (VNet) Data Gateway - This would remove the need for an On-Premises Date Gateway, but would have to read the documentation to understand any limitations with a given service.
- ExpressRoute Circuit - Which can both be used for Microsoft Peering (Microsoft 365, Power Platform, etc) and Private Peering (Private Azure Services). You’re essentially exposing the network to the Public Internet with a requirement that you’re On-Prem service have public IPs assigned, if not you’d need to also configure NAT to translate the Public IP to a Private, as well you’d also want to restrict where requests can come from for security.
- Azure Application Gateway - Can be used as a Proxy, I’ve used this for for other Private applications and configured DNS with a Split Horizon so that if coming from the Internet it is routed via Azure and if On-Prem, then it is routed internally. So I don’t see why this wouldn’t work for UiPath Orchestrator as well.
- Of course if you are a Microsoft ecosystem, could also deploy UiPath into Azure which UiPath Supports and can easily be setup using their Automation Suite
- I believe there are other Services available depending on your needs, but I am not really familiar with Azure as a whole and have only used certain aspects of it for specific scenarios, best to reach out to your IT team if you have one or Microsoft for potential solutions
2 Likes
V_Roboto_V
ashokkarale
aikaterini.karakasidi
sonaliaggarwal47
Nguyen_Van_Luong1
Anil_G
nisargkadam23
mohamed.saty2012
adilhassanpost