During the installation process, you will move through the screens listed below. The side panel on each screen includes information relevant to the screen you are working with.
- Welcome
- Terms and Conditions
- Pre-Installation Check
- Windows Feature
- Configuration Checklist
- Server Farm
- Database
- User Authentication
- Website
- Application Pool
- Installation
- Finish
The Welcome screen includes the product name and version, and links to system requirements, the Precisely website, and Customer Support.
If you want to stop installation, click Cancel. Click Next to proceed.
The Terms and Conditions screen allows you to accept or decline the terms and conditions, and you can print the page.
Note: The default security settings in IE 11 on Windows Servers block the scripts needed for System requirements URL to operate correctly.
For the link to work properly, add the following entries in the trusted sites list of IE 11:
The Preinstallation Check screen notes the availability of required applications, services, and environments.
For the Studio Manager Server Installer, preinstallation checks confirm the following:
- OS - Microsoft Windows Server 2016 or 2019
- PowerShell 5.1 or above
- Microsoft .Net 4.8.x
- IIS 10.0 or above
If not already installed, Microsoft Visual C++ 2008, 2010, 2013, and 2015-2019 redistributables will automatically be installed.
If the requirements have not been met, the status of each requirement is indicated and Next is disabled. Click Back to return to the Terms and Conditions screen. If you would like to stop the installation, click
Cancel. When all requirements have been met, click Next to continue.
Windows Features screen notes the Windows features enabled with the installation, as listed below.
.NET Framework4.5 features
- ASP.NET 4.5
- MSMQ Server Core
- MSMQ Active Directory Domain Services Integration
- Web Management Tools
- IIS Management Console
- IIS Management Scripts and Tools
- IIS Management Services
- World Wide Web Services
- Application Development features
- .NET Extensibility 4.5
- Application Initialization
- ASP.NET 4.5
- ISAPI Extensions
- ISAPI Filters
- Common HTTP features
- Default Document
- Directory Browsing
- HTTP Errors
- HTTP Redirection
- Static Content
- Health and Diagnostics
- Custom Logging
- HTTP Logging
- Logging Tools
- ODBC Logging
- Request Monitor
- Tracing
- Performance features
- Dynamic Content Compression
- Static Content Compression
- Security
- Request Filtering
- Windows Authentication
Click Back to return to the Preinstallation Check screen. If you want to stop the installation, click Cancel. Click Next
to proceed.
Configuration Checklist screen lists remaining details required for a successful installation:
- Authentication Type
- An existing or new Farm
- Evolve URL
- App Pool User
- Database Server
- Database Name
- Database Authentication
- Installation Location
Click Back to return to the Windows Features screen. If you want to stop the installation, click Cancel. Click
Next to proceed.
The Server Farm screen defines the server farm and offers a choice between an existing and a new server farmconnection type.
Definition: a server farm is a collection of two or more servers that share configuration data.
- If you want to create an NLB setup, connect to an existing DB, or connect to a or a backup DB, click Yes.
- If you want to create a new server farm, click No. A new DB will be
created during installation.
Click Back to return to the Configuration Checklist screen. If you want to stop installation, click Cancel.Click Next to proceed.
Database screen requests the database server and name in addition to account-related details.
Provide the following account details forDB authentication:
Windows Authentication - for the user executing the Installer
SQL Server - username and password for the user with access to the server
Windows AuthenticationBy default, the Authentication mode is set to Windows Authentication and the username and password fields are disabled.
Required fields- The database server and name are required if the Authentication mode is set to Windows Authentication.
- The database server and name, the username, and the password are required if the
Authentication mode is set to SQL Server.
Note: SQL Server 2017 and above are supported.
A SQL Server database connection can be created with:
- machine name
- localhost
- Use “dot” to indicate the machine currently being used
Cloud db includes additional methods to create a SQL Server database connection.
We do not support localhost and dot. If you want to use “dot” or localhost, all products must be installed on the same machine; please be aware that the Studio Manager server, App Pool, Web site, and Worker services may be impacted.
- When you click Next, the Installer validates the information you provided. If the validation fails, a descriptive error message will appear.
Possible Validations |
Database server and database name fields must be completed. |
Username and password fields must be completed for SQL Server Authentication. |
Database server details must be valid and it can contain db port no with valid syntax. Generally separated by a comma (<SERVER_NAME>,1234) |
For an Existing Server Farm setup, the database name must already be in use. |
For an Existing Server Farm setup, the database must be the same version as the Installer. |
For a New Server Farm setup, the database name must be new (not already in use). |
For the SQL Server authentication mode, the credentials provided must be correct. |
The logged-in user (the installation user) must have both the security admin role and the DB creator role on the SQL server provided. With an Existing Server Farm setup, the logged-in usermust also have the DB owner role on the DB server provided. |
The logged-in user can select the authentication mode (Windows or SQL) to set up the Application connectivity with database and the Application database. |
When you have a role ‘higher’ than DB Owner for upgrades, add-WFE, Modify, Repair, or otherprocesses, and when you have a role ‘higher’ than DB creator for a fresh installation, the Installer will not check for ‘lower’ roles such as DB Owner. |
Now supporting AWS RDS (SQL Server 2017 and above) for SQL server database. |
There is support for database names with up to 120 characters. Increased timeout and extra parameter for DacPac execution: Timeout (/TargetConnectionString:"Server=CHA- EN- VST602\SQLEXPRESS;Database=WSEvolveDB;Trusted_Connection=Yes;Connection Timeout=600" and /p:CommandTimeout=600) Now supporting Azure SQL Managed instance |
Note:
Below character set is restricted for the respective fields. An error is thrown in case restricted character set is used.
- Database Name - " ' * ? ;
Error message - " ' * ? ; characters are not allowed. Please provide a valid Database Name.
- Database Server- " ' * ? ;
Error message - " ' * ? ; characters are not allowed. Please provide a valid SQL Server Name.
- User Name - " ‘ ;
Error message -" ‘ ; characters are not allowed. Please provide a valid User Name.
- Password - " ‘ ;
Error message - “ ' ; characters are not allowed. Please provide a valid User Password.
A new database will be created in a New Server Farm setup. With an Existing Server Farm setup, no change will be made to the database schema, but other changes will be configured – changes such as setting user permissions and database roles.
The file growth properties are set to 2 GB for both the database and the database logging files.
Database and its user Authentication detailFor Azure SQL managed Instances and AWS RDS we are using SOL authentication only and windows authentication is not supported. For Application database setup the SQL User must have DB creator and Security admin roles.
Database Recovery model:Note: The 20.2 Installer is set to Simple. If you are upgrading, it will remain a “full recovery model” (as of version 20.0). We recommend that after upgrading, you set it to Simple.
Click Back to return to the Server Farm screen. To stop the installation, click Cancel. Click Next to proceed.
An error message appears saying User does not have permission.On the User Authentication screen, select the account to configure for the application authentication – choosing Windows Authentication, SAML Authentication, or OAuth 2.0. (OAuth is an open-standard authorization protocol or framework that provides applications the ability for secure, designated access.)
If you select Windows Authentication, the Windows authentication security feature in IIS is enabled. If you select SAML Authentication, no change is made.
Click Back to return to the Database screen. If you want to stop the installation, click Cancel. Click Next toproceed. The Website screen allows you to indicate where and how you will deploy the application. The website will be deployed and configured according to the details you provide on this screen – you select the website name, secure or insecure mode, the IP, the port, and the host name. For secure mode, you must also select the SSL Certificate.
If SSL Certificate details are fetched when this screen is loaded, and if a new certificate is added, go back and proceed again to the Website screen.
When you click Next, the Installer validates the information you provided. If the validation fails, you will receive an error message.
Possible validations- The website name, port number, and host name fields must be completed.
- With an https address, you must select SSL Certificate.
- The port number must include numeric values only.
- The website name and website bindings (a combination of the IP address, the port, and the host)
cannot already be in use.
API Gateway certificate security will only be supported on HTTPS installation and it will not be supported forHTTP or SSL offloading installation.
Click Back to return to the User Authentication screen. If you want to stop the installation, click Cancel. Click
Next to proceed.
On the Application Pool screen, enter the App Pool name and identity. You can choose either of the following for the App Pool Identity:
Built-in account - either Application Pool Identity or Network Service- Custom account – provide the username (domain\userid) and password.
The Installer validates the credentials on a “TempDir”. If the credentials are successfully validated, the Installer
logs the information in the log file (example: “Returning LASTEXITCODE: 0”).
If the validation of the credentials fails, the Installer logs the information in the log file as follows:
- wsx\Testuser123: There was no mapping between the account names and security IDs.
- “Returning LASTEXITCODE: 1332” in the log file. The Installer then displays a message such as the one below:
Special characters are supported for the username and password.
If Group Managed Service Account selected, then Username should be like domain\account$ (last character should be $).
Group Managed Service Account authentication check will be skipped
Note: Group Managed Service Account should be configured on installed machine. On Evolve/Worker Installation, if Group managed account is used as app pool user then Installer will not be validating the account so customer must provide correct and valid value.
When you click Next, the Installer validates the information provided. If the validation fails, you will receive an error message.
Validations- The app pool name field must be completed.
- An existing app pool name cannot be used.
- Username and password fields must be completed for a custom account
- Credentials must be valid with a custom account.
The following modifications are made during installation, in accordance with the app pool settings you provide. The App Pool Identity user is provided with the following DB roles and permissions:
- WSDBAccessRole: with CONNECT, SELECT, EXECUTE, DELETE, INSERT, UPDATE, CREATE VIEW, ALTER
ANY SCHEMA, VIEW ANY COLUMN ENCRYPTION KEY DEFINITION, VIEW ANY COLUMN MASTER KEY
DEFINITION, VIEW DATABASE STATE permissions on Application DB
- WSDBReportRole: SELECT, VIEW ANY COLUMN ENCRYPTION KEY DEFINITION, VIEW ANY COLUMN MASTER KEY DEFINITION permissions on Reporting DB
The App Pool Identity user is added to the default schema of the DBO. Allow Access rights (ReceiveMessage, PeekMessage, ReceiveJournalMessage, GetQueueProperties, SetQueueProperties, GetQueuePermissions, ChangeQueuePermissions, TakeQueueOwnership, WriteMessage) on MSMQs, and full control rights on private queues with Winshuttle Studio Manager are provided as follows:
- If NETWORK SERVICE is selected, the NETWORK SERVICE account will be provided the rights on MSMQs.
- If Application Pool Identity is selected, IIS AppPool\<AppPoolName> will be provided the rights on MSMQs.
- If Custom Account is selected, the custom account will be provided with the rights on MSMQs.
Click Back to return to the Website screen. If you want to stop the installation, click Cancel. Click Next to proceed.
On the Installation screen, designate the destination directory for installation. You can either use the default path provided or click Browse to select a different path.
The Studio Manager Server folder gets Read permissions to “IIS_IUSRS” – local machine group. The Studio Manager Server folder gets Read permissions to “IUSR” – local machine user.
- Read & execute
- List folder contents
- Read
Note: A warning message is displayed if the provided installation directory is not empty when installing for thefirst time. It is recommended that user should provide an empty directory and then proceed for the installation.
Click Back to return to the Application Pool screen. If you want to stop the installation, click Cancel. Click Next
to proceed.
Click Back to return to the Application Poolscreen. If you want to stop the installation, click Cancel. Click Next toproceed.
The Installation screen post destination path includes details you previously provided. You can verify that all configurations are correct.
The Installationscreen will display the current status, as in the example below
The Finish screen indicates a successful installation and includes the configurations. To launch the site, checkbox and click Finish.
- If you are doing a fresh installation of the server and there are keys for SAP GUI
entries, the Installer sets those keys to zero. If keys for SAP GUI entries do not exist,
the Installer establishes new keys with a default value of zero.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SAP\SAPGUI Front\SAP Frontend Server\Security
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\SAP\SAPGUI Front\SAP Frontend Server\Security
- Key: Security Level
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SAP\SAPGUI
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\SAP\SAPGUI
- StartSAPLogon
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\NoInteractiveServices - Key: NoInteractiveServices
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\SAP\SAPGUI\DelegationMode
-DelegationMode
- If Studio Manager Server and Studio Manager Worker will be installed on the same
machine, the following SAP GUI registry entries will be reset to 0 on every fresh and
repair installation.
- SecurityLevel
- StartSAPLogon
- NoInteractiveServices
- DelegationMode
XML Metadata File Upload for SAML Authentication:
Users can now upload an XML metadata file containing SSO authentication details during setup, reducing manual configuration errors and simplifying the process.
On the Authentication Type: SAML wizard, you can either select the file or provide the metadata URL and the information for the authentication details for the SAML provider will be fetched directly from it.
System for Cross-domain Identity Management specification (SCIM)
- SCIM or System for Cross-domain Identity Management specification is an open standard designed to manage user identity information.
- It offers a User management API to enable the automatic provisioning of users and groups between your application and Identity provider.
- SCIM is a standard that defines schemas and protocols for identity Management
-
Schema
- Users
- Groups
-
Protocol
- REST
- CRUD + Search + Discovery + Bulk