What ports and network specific settings are needed to configure the UiPath Software?
Issue Overview: How does the Robot connect to Orchestrator? Are there any specific TLS/ SSL settings needed?
Technical Overview: The Robot Machine initiates a connection to the Orchestrator server. Once a Robot Machine is configured this is handled by the Robot Service when it starts up.
In a typical deployment the sequence of events is as follows:
- The Robot Service grabs the machine key and URL. For first time configuration this can be done via the Robot tray, or these settings are stored in the UiPath.Settings file.
- If an HTTPS connection is being used, the Robot Service first validates the Certificate
- Then the Robot Service tries to create an HTTPS connection to the Orchestrator Server.
- For authentication the machine key is used.
- Alternatively, the connection can occur over HTTP, but Orchestrator has to be configured for this.
- If HTTP is used, the Robot Service does not need to validate the certificate.
Do the Robot and Orchestrator use specific cipher suites or other security settings?
Both Orchestrator and the Robot are built on .Net and .Net does have defaults for encryption. However, by design most components rely (or should rely) on system settings. It is a Microsoft best practice to let the system define the encryption settings. In other words, if a TLS or SSL issue is encountered, the problem is most likely with system settings.
The default encryption for the .Net HTTPClient is as follows:
- 4.6 – TLS 1.1
- 4.7 – TLS 1.2
Ports needed: On the Orchestrator server port 443 needs to be opened (unless configured to something else).
Other Considerations: The IIS site needs to have the correct bindings to work correctly.