How to configure IIS and SQL to use an Integrated App Pool Identity

How to configure IIS and SQL to use an Integrated App Pool Identity

How to configure IIS and SQL to use an Integrated App Pool Identity

The UiPath Installer can create the UiPath Orchestrator identity in IIS, but it cannot create the user in the SQL database. Additionally, the SQL user cannot be created unless the App Pool Identity has already been created in IIS. As such, first create the Identity in IIS and then add the identity to SQL.  Finally, the UiPath database needs to be created with the App Pool identity as the owner.

Create the Identity in IIS


NOTE: If the Application Pool “UiPath Orchestrator” already exists, go to the section “Changing the Application Pool Identity”
  1. Open Run and type “initmgr” – This will open IIS.
  2. Under the server where Orchestrator will be running, select “Application Pools”
  1. On the Right Menu under “Actions”, select “Add Application Pool…”
  1. Enter the name as “UiPath Orchestrator” and then click OK
 
Changing the Application Pool Identity
  1. If the Application pool Identity already existed, then the “Identity” needs to be changed to an App Pool Account.
  2. Follow steps 1-2 to get to the IIS page.
  3. Select the “UiPath Orchestrator” app pool.
  4. On the right “Actions” menu under the “Edit Application Pool” section, select “Advanced Settings…”.
  5. In the “Advanced Settings” dialog box scroll down to the section labeled “Process Model”.
  6. Click on the “Identity” section.
  7. Click in the ellipses that displays next to the “Identity” value
 
  1. In the “Application Pool Identity” dialog box, select “Built-in account” and choose “ApplicationPoolIdentity” in the dropdown menu.
 
  1. Click OK

Adding the Identity to SQL.
IMPORTANT:   Integrated Windows Authentication should be used  as the connection method for the SQL database for this to work.
  1. Open Microsoft SQL Server Management Studio.
  2. Connect and login to the server that is going to store the Orchestrator Database.
  3. Expand the “Security” folder and then right click “Login” and select “New Login”.
 
  1. In the Login creation window enter the login name for the App Pool Identity
    <ol style="list-style-type: lower-alpha;"><li><span style="font-size: 11pt;" uipath_custom_id="109"><span style="line-height: 107%;" uipath_custom_id="110"><span style="font-family: Calibri,sans-serif;" uipath_custom_id="111">If the SQL database is on a different server use the following pattern</span></span></span>
    
    	<ol style="list-style-type: lower-roman;"><li><span style="font-size: 11pt;" uipath_custom_id="112"><span style="line-height: 107%;" uipath_custom_id="113"><span style="font-family: Calibri,sans-serif;" uipath_custom_id="114"><b>Domain\ServerName$</b></span></span></span></li><li><span style="font-size: 11pt;" uipath_custom_id="115"><span style="line-height: 107%;" uipath_custom_id="116"><span style="font-family: Calibri,sans-serif;" uipath_custom_id="117">For example if the domain was UiPath and the Orchestrator server name was OrchestratorServer, you would enter the following:<b> UiPath\OrchestratorServer$</b></span></span></span></li></ol>
    	</li><li><span style="font-size: 11pt;" uipath_custom_id="118"><span style="line-height: 107%;" uipath_custom_id="119"><span style="font-family: Calibri,sans-serif;" uipath_custom_id="120">If the SQL database is on the same computer as the Orchestrator site use the following (Note: The Orchestrator site and database should be on different dedicated servers).</span></span></span>
    	<ol style="list-style-type: lower-roman;"><li><span style="font-size: 11pt;" uipath_custom_id="121"><span style="line-height: 107%;" uipath_custom_id="122"><span style="font-family: Calibri,sans-serif;" uipath_custom_id="123"><b>IIS APPPOOL\UiPath Orchestrator</b></span></span></span></li></ol>
    	</li></ol>
    </li><li><span style="font-size: 11pt;" uipath_custom_id="124"><span style="line-height: 107%;" uipath_custom_id="125"><span style="font-family: Calibri,sans-serif;" uipath_custom_id="126"><b>Do not click “Search”. </b></span></span></span></li><li><span style="font-size: 11pt;" uipath_custom_id="127"><span style="line-height: 107%;" uipath_custom_id="128"><span style="font-family: Calibri,sans-serif;" uipath_custom_id="129">Click OK</span></span></span></li><li style="margin-bottom: 11px;"><span style="font-size: 11pt;" uipath_custom_id="130"><span style="line-height: 107%;" uipath_custom_id="131"><span style="font-family: Calibri,sans-serif;" uipath_custom_id="132">Create the database with the app pool identity as the owner or, if it is already created, set the app pool user as an owner.</span></span></span></li></ol>
    



    Create the UiPath Database with the App Pool as the Owner

    1. Right click “Databases” and select “New Database…”
    2. In the database creation dialog, name the database “UiPath”.
    3. Next to the Owner field, click the ellipses.
    4. In the new dialog select “Browse”
    5. Select the App Pool user we created in the previous step.
    6. Click OK.


    Installing Orchestrator with an App Pool Identity.
    1. In the “Orchestrator Application Pool Settings” step select “Application Pool Identity”.
    2. In the “Orchestrator Database Settings” select “Windows Integrated Authentication”.