Guidelines for RDP-based bot deployment

When you deploy a bot from the Control Room to any Bot Runner, it attempts an auto-login (if the Bot Runner is locked or logged off). However, auto-login is prone to security policies set on the machine. Therefore, certain policies might have to be relaxed for the auto-login function.

To reduce these issues, you can use Remote Desktop Protocol (RDP) based bot deployment that is introduced in the Control Room from Automation Anywhere Enterprise 10SP2.

RDP-based bot deployment: When a bot is deployed from the Control Room on a Bot Runner, the Control Room handles the Bot Runner session through RDP and executes the bot.

Key features and benefits

  • The bot runs in the Bot Runner RDP session in the Control Room in the background. This ensures that no activities are visible in the Control Room.
  • Auto-login issues are reduced as it is not attempted.
    Note: Auto-login is only attempted if RDP fails.
  • As the Bot Runner machine does not log in automatically, security issues related to live monitor scenarios are also reduced.

To ensure that the RDP-based bot deployment works seamlessly, there are certain prerequisites and settings necessary in the Control Room and the Bot Runner machine.

Prerequisites

Settings on Bot Runner

  • The Run Bot Runner session on Control Room (RDP-based deployment) succeeds with legal disclaimer enabled.
    If the Bypass Legal Disclaimer option is enabled on the Bot Runner (Tools > Options > Login Settings in Enterprise Client), the Run Bot Runner session on Control Room (RDP-based deployment) succeeds even if the Enterprise Client has legal disclaimers enabled.
    Note: Ensure the Control Room and Enterprise Client are upgraded to Version 11.3.4 before deploying the bot with the Bot Runner session on Control Room and Legal Disclaimer enabled.
  • The RDP connection must be enabled on the Bot Runner.
    1. Enabling RDP on Bot Runner machine.

      On the Bot Runner machine, ensure that remote connections to Bot Runner are allowed from My Computer properties. Ensure you select the Allow connections only from check box.

    2. Enabling RDP on Bot Runner on the virtual machine (Azure, VMware, Oracle Virtual Box).

      To enable RDP on the virtual machine, see the specific documentation on the virtual machine host.

    3. Enabling RDP on the Bot Runner hosted on Citrix XenDesktop.

      https://support.citrix.com/article/CTX129184/

    4. Enabling RDP on the Bot Runner hosted on the terminal server.

      See the documentation on Managing Remote Desktop Services Connections.

      For Windows Server 2008 R2, see https://technet.microsoft.com/en-us/library/cc772051(v=ws.11).aspx.

Also, the user session on the terminal server must be restricted to a Single Remote Desktop Services session.

Click Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections. Ensure the Restrict Remote Desktop Services users to a single Remote Desktop Services session is enabled.

Note: The same user cannot log in multiple times to the terminal server. However, multiple users are not restricted from connecting to the terminal server.

Ensure the Bot Runner machine is allowed to accept incoming RDP requests and connection with saved credentials. You can ensure this by disabling the group policy Bot Runner machine in Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security > Always prompt for password upon connection.

When the group policy is enabled, during RDP Client login (for example, AARemoteMachineConnector.exe), a request to input the credentials is prompted because the target machine does not accept incoming connections through any RDP client in which the user has supplied credentials.

Control Room settings

  • Allow connections even when there are certificate errors.

    On the Control Room, ensure the Don't ask me again for connections to this computer option is enabled.

  • In the Control Room AppServer machine, in order to run the RDP sessions, the user executing the Automation Anywhere Control Room Service (service logon user) must have administrator rights on that machine. When an RDP session is run, AARemoteMachineConnector.exe will be run in the Task Manager. The service logon user must have administrator rights in order to run AARemoteMachineConnector.exe.
  • If the Control Room cannot resolve the IP address of the Bot Runner in the Devices tab, the RDP deployment not getting triggered message appears. Use the nslookup command (for example, C:\> nslookup WIN-56888IBQ23P) to review this issue, and contact the administrator for further assistance.
    Note: It is mandatory that the Control Room obtains the IP address with the Bot Runner name that is displayed in the Devices tab.

Changing screen resolution for Bot Runner session on Control Room

It is recommended that you add the screen resolution configuration of the Bot Runner machine. This ensures your automation runs seamlessly during RDP-based deployment, even if the resolution of the screen varies between the Bot Runner and Control Room. You can do this by configuring the deployment properties file of the Control Room at the following location:

C:\Program Files\Automation Anywhere\Enterprise\Config\deployment.properties
Add the following:
rdp.desktop.height=768
rdp.desktop.width=1366
rdp.port=3389
Note: Configure the height, width, and port value based on your requirement.
You can set the screen resolution of the Bot Runners for every bot deployment or schedule it in the RDP. Select the Run bot runner session on Control Room option to enable the Set bot runner screen resolution check box. By default, this check box is disabled. Set the resolution by either selecting a value from the Pre-defined resolution drop-down list or by entering the value in the Custom resolution (width x height) field. The default value is 1366 x 768.
Note: The screen resolution is only set for the RDP session. The actual resolution of the Bot Runner machine remains unchanged.

When the screen resolution is set per deployment, the value in the deployment.properties file is ignored. This option is not displayed for Run bot with queue and is not available for API-based deployment.