Installing Control Room on Microsoft Windows Server using scripts

Silent Control Room installation, also known as unattended installation, uses a customized script for a full setup or an update setup. Silent installation runs the entire installation process in the background, without requiring user interaction or displaying messages.

Prerequisites

To perform the task, you must have a Control Room administrator account with the required rights and permissions.

  • Disable the User Access Control (UAC) on host VM for Control Room.
  • Verify Automation 360 On-Premises prerequisites.
  • Ensure that you have the following:
    • Automation Anywhere Control Room installation file
    • TLS certificate
    • License file
  • Create a Powershell script.

    See the installation parameters and sample scripts.

  • Run the script in Powershell.
Note: For instructions on performing silent install and configuration of Automation 360 separately, see .Silent installation and configuration of Automation 360 using scripts (A-People login required).

Procedure

  1. Review the parameters and identify the settings you require.
    • Control Room installation parameters
      Variable name Description

      AA_CRCLUSTERCONFIG

      if AA_SETCLUSTERMODE=1 then cluster IP comma separated

      AA_CRDBPORT

      Control Room database port. Default value is 1433

      AA_CRDBSSLMODE

      Secure SQL connection

      AA_CRFORCEHTTPSCONFIG=" "

      --

      AA_CRFORCETOHTTPS="1"

      Force traffic from HTTP to HTTPS

      AA_CRHTTPPORT

      Control Room HTTP port. Default is 5432
      AA_CRHTTPSPORT Control Room HTTPS port
      AA_CRLISTENPORT Web server port. Default value is 80
      AA_CRLOGDATADIR Data and logs path are unique to this server
      AA_CRSERVICECONFIRMPASSWD If AA_CRSETLOCALSERVICECRED= 0, then confirm password
      AA_CRSERVICEPASSWD If AA_CRSETLOCALSERVICECRED= 0, then confirm password
      AA_CRSERVICEUSERNAME

      if AA_CRSETLOCALSERVICECRED= 0, then add domain\user name

      AA_CRSETLOCALSERVICECRED
      • 1 if service logon as System
      • 0 if service logon as specific user
      AA_CRWCCERTPASSWD Certificate password
      AA_CRSELFSIGNCERT 1 for self-signed certificate
      AA_CRWCCERTPATH Certificate path
      AA_LOCAL_IPADDRESS_COMBO The local IP drop-down menu to select an IP address configured on this machine
      AA_SDSFEATURE
      • true=Cloud deployment type
      • false=On-Premises deployment type
      AA_SETCLUSTERMODE For cluster set 1, otherwise 0
      AA_SETUPTYPE Setup type Custom or Express
      INSTALLDIR Installation Directory
      IS_SQLSERVER_AUTHENTICATION
      • 0 for Windows authentication
      • 1 for SQL authentication
      • 2 for Azure AD authentication
      IS_SQLSERVER_DATABASE SQL database name
      IS_SQLSERVER_SERVER

      SQL server name (host name)

      Note: These are optional Control Room service parameters that can be used based on your requirement:
      • AA_STARTSERVICE_AARI
      • AA_STARTSERVICE_STORAGE
      • AA_STARTSERVICE_IQBOT
      • AA_STARTSERVICE_DISCOVERYBOT
      • AA_STARTSERVICE_DISCOVERYBOTML
      For information on selecting the services to run at startup, see Select Control Room services to automatically run at startup.
    • OpenSearch related parameters
      Note: Starting from Automation 360 v.28 release (Build 17593), the Elasticsearch service is replaced with OpenSearch service as the underlying technology for core product capabilities such as audit, Bot Insight, and so on.
      Parameter Description
      AA_ELASTICSEARCH_BACKUP Used only if installing on the first node of a backup server.

      Enter 1 if yes.

      Note: The AA_ELASTICSEARCH_BACKUP parameter is used when you install an Control Room as backup server for audit.
      AA_ELASTICSEARCHSYSIP Valid IP address
      AA_ESPASSWD Password for Elasticsearch
      Note: An additional parameter for confirming the password is not available. The password must have a minimum of 6 characters.
    • Key-vault related parameters
      Parameter Description
      AA_KEYVAULTTYPE Enter any of the following:
      • NONE if you do not want to define a key vault
      • AWSS for AWS Secrets Manager
      • CARK for CyberArk
      IS_SQLSERVER_AUTHENTICATION Enter any of the following:
      • 0 if SQL server authentication is not set
      • 1 if SQL server authentication is set
      IS_SQLSERVER_EKVAUTHENTICATION Use this if the SQL server authentication is configured for an external key vault. Enter any of the following:
      • 0 if SQL server authentication does not use an external key vault
      • 1 if SQL server authentication for a key vault is configured for CyberArk
      • 2 if SQL server authentication for a key vault is configured for AWS Secrets Manager
      AA_CRSERVICECREDTYPE Enter any of the following:
      • LOCAL if the Control Room database uses local authentication.
      • SERVICE if the Control Room database uses custom authentication.
      • SERVICEEKV if the Control Room database uses external key vault for authentication.
      AWS Secrets Manager key vault parameters
      AA_AWSSREGION AWS region
      AA_DBAUTHAWSSECRET AWS sqllogin secret
      AA_CRSERVAWSSECRET AWS service secret
      CyberArk key vault parameters
      AA_CARKAPPID CyberArk app ID
      AA_CARKCERTIFICATE Full certificate filename with path
      AA_CARKOPTIONALCERT Optional certificate filename with path
      AA_CARKCERTPASSPHRASE Certificate passphrase
      AA_CARKVAULTURL CyberArk URL
      AA_DBAUTHCARKOBJECTNAME CyberArk sqllogin object name
      AA_DBAUTHCARKSAFENAME CyberArk sqllogin safe name
      AA_CRSERVCARKOBJECTNAME CyberArk service credential
      AA_CRSERVCARKSAFENAME CyberArk service locker
    • IPv6-related parameters
      Parameter Description
      AA_IPV6ENABLED Enter 1 to enable IPv6 addresses

      To disable IPv6 addresses, do not enter the parameter.

  2. Optional: Edit the sample script to use a Microsoft SQL Server database.
    Use the script to install the Control Room with the configuration options available in the installer.
    1. Correct values for variables such as $service_username, $service_pwd, $db_server, $cr_port.
    2. Run the script with Credentials in Service logon, and a non-secure connection using Microsoft SQL Server authentication with a new database.
    Sample script:
    $cr_port=80
    
    $service_username= "domain\username" #e.g."aaspl-brd\ellie.brown"
    $service_pwd="password"
    
    #$certpath = "C:\SilentInstall\test256.pfx"
    #$certpass = "changeit"
    
    $db_server="localhost"
    $cr_db_name="CRDB-NEW-SI-3"
    $db_user="sa"
    $db_pwd="Admin@123"
    
    $elastic_password="Test@123"
    
    $installation_path="C:\Program Files\Automation Anywhere"
    
    #Install latest setup
    $static_installation_path="\Enterprise\"""""
    $silent_details=" /s ","v""" -join "/"
    $installpath_details=" /qn INSTALLDIR=\"""
    
    $deployment_details=" /AA_SDSFEATURE=true"
    
    $custom_details=" /vAA_SETUPTYPE=Custom 
                      /vAA_CUSTOMMODETYPE=1"
    
    $port_cluster_details=" /vAA_SETCLUSTERMODE=0 
                            /vAA_CRLISTENPORT=$cr_port"
    
    #$service_details=" /vAA_CRSETLOCALSERVICECRED=0 
                        /vAA_CRSERVICEUSERNAME=$service_username 
                        /vAA_CRSERVICEPASSWD=$service_pwd 
                        /vAA_CRSERVICECONFIRMPASSWD=$service_pwd"
    
    $service_details=" /vAA_CRSETLOCALSERVICECRED=1"
    
    #$service_selections (The below parameter is optional and must be used if you want to selectively install the services. To install any specific service, set the value to 1 or remove that specific service from the below parameter.)
    $service_selections=" /vAA_STARTSERVICE_IQBOT=0 /vAA_STARTSERVICE_AARI=0 /vAA_STARTSERVICE_STORAGE=0 /vAA_STARTSERVICE_DISCOVERYBOT=0 /vAA_STARTSERVICE_DISCOVERYBOTML=0"
    
    #$db_details=" /vAA_BIMETADATADBTYPE=AA_BIMETADATADBTYPE 
                   /vIS_SQLSERVER_SERVER=$db_server 
                   /vIS_SQLSERVER_DATABASE=$cr_db_name 
                   /vIS_SQLSERVER_DATABASE1=$bi_db_name"
    
    $db_details=" /vIS_SQLSERVER_SERVER=$db_server 
                  /vIS_SQLSERVER_USERNAME=$db_user 
                  /vIS_SQLSERVER_PASSWORD=$db_pwd 
                  /vIS_SQLSERVER_DATABASE=$cr_db_name 
                  /vIS_SQLSERVER_AUTHENTICATION=1"
    
    $other=" /vAA_ESPASSWD=$elastic_password 
             /vAA_CRWCHTTPPORT=80 
             /vAA_CRWCHTTPSPORT=443 
             /vAA_CRSELFSIGNCERT=1 
             /vAA_OPTIONALCACERT=0 
             /vAA_CRWCCERTPATH=$certpath 
             /vAA_CRWCCERTPASSWD=$certpass 
             /vLAUNCHPROGRAM=1 
             /v""
             /LIweamoruc! log.txt"""
    
    #Ensure that you remove the $service_selection parameter from the $final_command line if $serice_selection is not used.
    $final_commandline = -join($silent_details,
    	$installpath_details,$installation_path,
    	$static_installation_path,$custom_details,
    	$port_cluster_details,$service_details,$service_selections,
    	$db_details,$pg_details,$other)
    
    Write-Host $final_commandline
    $a=Get-ChildItem $PSScriptRoot\* -Include *.exe
    #$a = "C:\Silent\AutomationAnywhereEnterprise_A2019_<build>.exe"
    
    Write-Host $a
    Write-Host "Starting the installation wait for sometime..."
    
    $processdetail=(Start-Process -FilePath 
    	$a -ArgumentList $final_commandline 
    	 -Wait -PassThru).ExitCode
    
    Write-Host $a.Name execution is done. 
    If installation is not proper check msi logs in the temp folder.
    pause
    Note: When using Windows authentication for connecting to Microsoft SQL Server database, ensure that the following settings are configured:
    • The IS_SQLSERVER_AUTHENTICATION installation parameter should be set to 0

    • The user assigned to the $service_username parameter should be an active user in Microsoft SQL Server with permissions set as: db_datareader, db_datawriter, and db_ddladmin

    • The $db_user and $db_pwd parameter values should be disabled or commented out

  3. Save the script you edit to the server for installation.
  4. On the installation server, log on as an administrator, open Powershell in admin mode, and execute the following: Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
  5. Start Powershell in admin mode and execute: .\install.ps1
    Note: The silent installation logs are stored in the folder from which the installation script is executed. For example, if you run the script from C:\Silent Install, the logs are stored in C:\Silent Install folder.

Next steps

Complete the Control Room configuration and validation.
  • After installing the Control Room, complete the configuration settings to ensure timely Automation Anywhere communications are specified and confirm Automation Anywhere services are running.
  • After completing the post-installation tasks, validate the setup by logging in to the Control Room and installing a license. First time access to the Control Room walks you through the configuration for your authentication method.
  • As a Cloud user with administrator permissions, you can create, view, edit, delete, and enable or disable a user. Creating users steps vary depending on whether the user is a non-Active Directory, Active Directory, or single sign-on (SSO) user from an IdP server.