Guidelines for RDP-based bot deployment
- Updated: 2021/02/01
Guidelines for RDP-based bot deployment
When you deploy a bot from the Control Room to any Bot Runner, it attempts an auto-login (if the Bot Runner is locked or logged off). However, auto-login is prone to security policies set on the machine. Therefore, certain policies might have to be relaxed for the auto-login function.
To reduce these issues, you can use Remote Desktop Protocol (RDP) based bot deployment that is introduced in the Control Room from Automation Anywhere Enterprise 10SP2.
RDP-based bot deployment: When a bot is deployed from the Control Room on a Bot Runner, the Control Room handles the Bot Runner session through RDP and executes the bot.
Key features and benefits
- The bot runs in the Bot Runner RDP session in the Control Room in the background. This ensures that no activities are visible in the Control Room.
- Auto-login issues are reduced as it is not attempted.
Note: Auto-login is only attempted if RDP fails.
- As the Bot Runner machine does not log in automatically, security issues related to live monitor scenarios are also reduced.
To ensure that the RDP-based bot deployment works seamlessly, there are certain prerequisites and settings necessary in the Control Room and the Bot Runner machine.
Prerequisites
Settings on Bot Runner
- The Run Bot Runner
session on Control Room (RDP-based deployment) succeeds with legal disclaimer
enabled.If the Bypass Legal Disclaimer option is enabled on the Bot Runner ( in Enterprise Client), the Run Bot Runner session on Control Room (RDP-based deployment) succeeds even if the Enterprise Client has legal disclaimers enabled.Note: Ensure the Control Room and Enterprise Client are upgraded to Version 11.3.4 before deploying the bot with the Bot Runner session on Control Room and Legal Disclaimer enabled.
- The RDP connection must be enabled on the Bot Runner.
- Enabling RDP on Bot Runner machine.
On the Bot Runner machine, ensure that remote connections to Bot Runner are allowed from My Computer properties. Ensure you select the Allow connections only from check box.
- Enabling RDP on Bot Runner on the virtual machine (Azure,
VMware, Oracle Virtual Box).
To enable RDP on the virtual machine, see the specific documentation on the virtual machine host.
- Enabling RDP on the Bot Runner hosted on Citrix XenDesktop.
- Enabling RDP on the Bot Runner hosted on the terminal
server.
See the documentation on Managing Remote Desktop Services Connections.
For Windows Server 2008 R2, see https://technet.microsoft.com/en-us/library/cc772051(v=ws.11).aspx.
- Enabling RDP on Bot Runner machine.
Also, the user session on the terminal server must be restricted to a Single Remote Desktop Services session.
Click Restrict Remote Desktop Services users to a single Remote Desktop Services session is enabled.
. Ensure theEnsure the Bot Runner machine is allowed to accept incoming RDP requests and connection with saved credentials. You can ensure this by disabling the group policy Bot Runner machine in .
When the group policy is enabled, during RDP Client login (for example, AARemoteMachineConnector.exe), a request to input the credentials is prompted because the target machine does not accept incoming connections through any RDP client in which the user has supplied credentials.
Control Room settings
- Allow connections even when there are certificate errors.
On the Control Room, ensure the Don't ask me again for connections to this computer option is enabled.
- In the Control Room AppServer machine, in order to run the RDP sessions, the user executing the Automation Anywhere Control Room Service (service logon user) must have administrator rights on that machine. When an RDP session is run, AARemoteMachineConnector.exe will be run in the Task Manager. The service logon user must have administrator rights in order to run AARemoteMachineConnector.exe.
- If the Control Room cannot resolve the IP address of the Bot Runner in the Devices tab, the
RDP deployment not getting triggered message appears. Use the
nslookup command (for example, C:\> nslookup
WIN-56888IBQ23P) to review this issue, and contact the
administrator for further assistance. Note: It is mandatory that the Control Room obtains the IP address with the Bot Runner name that is displayed in the Devices tab.
Changing screen resolution for Bot Runner session on Control Room
It is recommended that you add the screen resolution configuration of the Bot Runner machine. This ensures your automation runs seamlessly during RDP-based deployment, even if the resolution of the screen varies between the Bot Runner and Control Room. You can do this by configuring the deployment properties file of the Control Room at the following location:
C:\Program Files\Automation Anywhere\Enterprise\Config\deployment.propertiesrdp.desktop.height=768
rdp.desktop.width=1366
rdp.port=3389
When the screen resolution is set per deployment, the value in the deployment.properties file is ignored. This option is not displayed for Run bot with queue and is not available for API-based deployment.