- Getting Started
- Requirements
- Best Practices
- Installation
- Updating
- Identity Server
- Troubleshooting startup errors

Orchestrator installation guide
Publish-Orchestrator.ps1.
               | Parameter | Description | 
|---|---|
| 
 | Mandatory. Indicates the type of scenario you want to start. The following options are available: 
 | 
| 
 | Mandatory. The Azure service principal ID. Please note that the used service principal needs to be assigned the Contributor role to the app service at the subscription scope. | 
| 
 | Mandatory. The Azure token password for the service principal ID. | 
| 
 | Mandatory. The Azure subscription ID for the App Service that hosts Orchestrator. | 
| 
 | Mandatory. The Azure tenant ID. | 
| 
 | Mandatory. The name of the Azure Resource Group that contains the Orchestrator App Service. | 
| 
 | Mandatory. The Orchestrator Azure App Service name. | 
| 
 | Mandatory. Indicate the full path of the  UiPath.Orchestrator.Web.ziparchive. | 
| 
 | Optional. Specify the full path of the  UiPathActivities.ziparchive, which is included by default, starting with v2018.4.4, inUiPathOrchestrator.zip. This enables you to install the local activity feed in Azure at install-time. Please note that this parameter can be used
                                 only with theLegacyrepository type. Otherwise, it has to be manually set up. | 
| 
 | Optional. This parameter enables the Test Automation module, for test data queues, test execution and scheduling. You can enable this feature based on one of the following scenarios: Start fresh with a clean Orchestrator install Configure the following settings for your App Service before running the  Publish-Orchestrator.ps1script using the-testAutomationFeatureEnabledparameter:
 
 :fa-exclamation-circle: Make sure to mark these settings as  Deployment slot setting, especially, if you are using hotswap slots.Enable Test Automation post Orchestrator installation If you already have deployed Orchestrator without enabling the Test Automation module, run the  Publish-Orchestrator.ps1script with the same parameters as for an upgrade, and add the-testAutomationFeatureEnabledparameter.Upgrade Orchestrator If you upgrade your Orchestrator instance, add the  -testAutomationFeatureEnabledparameter to thePublish-Orchestrator.ps1script before running it.For more details about upgrading Orchestrator, see Publish-Orchestrator.ps1 Update. | 
| 
 | Optional. This parameter enables the Insights module and feature. You can enable this feature in one of the following scenarios: Start fresh with a clean Orchestrator installation Configure the following settings for your App Service before running the  Publish-Orchestrator.ps1script using the-insightsFeatureEnabledparameter:
 
 Enable Insights post Orchestrator installation If you already have deployed Orchestrator without enabling the Insights module, run the  Publish-Orchestrator.ps1script with the same parameters as for an upgrade, and add the -insightsFeatureEnabled parameter.Upgrade Orchestrator If you upgrade your Orchestrator instance, add the  -insightsFeatureEnabledparameter to thePublish-Orchestrator.ps1script before running it.For more details about upgrading Orchestrator, see Publish-Orchestrator.ps1 Update. | 
| 
 | Optional. This parameter enables the Update Server module. You can enable this feature in one of the following scenarios: Start fresh with a clean Orchestrator installation Configure the following settings for your App Service before running the  Publish-Orchestrator.ps1script using the-updateServerFeatureEnabledparameter:
 
 Enable Update Server post Orchestrator installation If you already have deployed Orchestrator without enabling the Update Server module, run the  Publish-Orchestrator.ps1script with the same parameters as for an upgrade, and add the-updateServerFeatureEnabledparameter.Upgrade Orchestrator If you upgrade your Orchestrator instance, add the  -updateServerFeatureEnabledparameter to thePublish-Orchestrator.ps1script before running it.For more details about upgrading Orchestrator, see Publish-Orchestrator.ps1 Update. | 
| 
 | Optional. This should be used only if you want to use Elasticsearch for logging. Provide the Elasticsearch URL as the value, such as
                                  "http://elasticserver:9200". If your Orchestrator instance requires authentication, provide theElasticSearchUsername,ElasticSearchPassword,elasticSearchDiagnosticsUsername, andelasticSearchDiagnosticsPasswordparameters. | 
| 
 | Optional. This parameter enables you to send Robot logs only to the configured Elasticsearch server. Provide the Elasticsearch URL
                                 as the value, such as  "http://elasticserver:9200". Please note that it can only be used in conjunction with the-robotsElasticSearchUrlparameter. If you do not provide this parameter, Robot logs are sent to both the configured SQL database and Elasticsearch. | 
| 
 | Optional. This parameter enables you to indicate the username for your Elasticsearch instance if its authentication is enabled. | 
| 
 | Optional. This parameter enables you to indicate the password for your Elasticsearch instance if its authentication is enabled. | 
| 
 | Optional. This parameter enables you to indicate the username for your Elasticsearch instance if its authentication is enabled. This
                                 parameter together with  elasticSearchDiagnosticsPassword "Password"are required for internal Orchestrator logs. | 
| 
 | Optional. This parameter enables you to indicate the password for your Elasticsearch instance if its authentication is enabled. This
                                 parameter together with  elasticSearchDiagnosticsUsername "Username"are required for internal Orchestrator logs. | 
| 
 | Optional. Use Redis as a database to distribute messages and cache to and from all the machines connected through your load balancer.
                                 If  -redisConnectionStringis specified, it is automatically set totrue, otherwise it is set tofalse. | 
| 
 | Optional. It can only be used if  loadBalancerUseRedisis set totrue. A connection string that enables you to set up your Redis server, which contains the URL of the server, the password, and
                                 port used with Redis. It is also possible to enable SSL encrypted connections between the Orchestrator nodes and the Redis
                                 service. For more information, please click here.Examples: 
 | 
| 
 | Optional. Helps you enable Azure SignalR Service, facilitating a direct communication between your Robot fleet and the SignalR Service
                                 - Orchestrator no longer intermediates it. Please note that, if enabled, Robots with a version lower than 2019.2 rely only
                                 on the Heartbeat protocol to communicate to Orchestrator, meaning that any command given from Orchestrator is picked up by
                                 a Robot only every 30 seconds. Example:  -azureSignalRConnectionString "Endpoint=https://doctest.signalr.net;AccessKey=M1ug+sBu07hyyi12AgyJ52SEd4OgC2Mm6BvllVHCC9c=;Version=1.0;" | 
| 
 | Optional. Defines the target where execution media and packages are to be saved. It can be populated with the following targets: 
 If you have overridden the  UiPath.Orchestrator.dll.configStorage.Typeparameter in the Configuration section of the Azure App Service, when upgrading you need to pass this value as a script parameter toPublish-Orchestrator.ps1. | 
| 
 | Optional. Defines the actual location where execution media and packages are to be saved. Particularities: 
 More information on these deployments types is available here. If you have overridden the  UiPath.Orchestrator.dll.configStorage.Locationparameter in the Configuration section of the Azure App Service, when upgrading you need to pass this value as a script parameter toPublish-Orchestrator.ps1. | 
| 
 | Optional. It can be used only in upgrade scenarios. If specified, the script deploys Orchestrator in the indicated app service slot instead of the Production one. Additionally, a swap slot is performed with the Production slot, with no downtime. Prerequisites: 
 | 
| 
 | Optional. It can be used only if the Orchestrator App Service deployment slot is different from the default Production App Service Slot set by Azure. | 
| 
 | Optional. Key-value pairs of application settings that are pushed to the Azure App Service Configuration section after deployment.
                                 Keep in mind that this only applies to settings from the App Settings section of the UiPath.Orchestrator.dll.config file. You can use this parameter to change specific settings that are not exposed through the  Publish-Orchestrator.ps1script. For the rest, please use their dedicated parameter while deploying the script.Please note that existing settings are merged with new ones. | 
| 
 | Optional. If present, it stops the application before deployment and it starts it after the deployment is completed. | 
| 
 | Optional. If present, the deployment continues without any user confirmation. | 
| 
 | Optional. A string containing a comma-separated list of bucket providers you want to enable. If not specified, it defaults to  Orchestrator,Amazon,Azure,Minio. You also have the option to enable the FileSystem provider by adding it to that list.Caution: If you use the FileSystem provider and upgrade to 20.10.7 or later, you must pass in a value that includes  FileSystemfor this parameter. If you do not, this provider is disabled, and you will no longer be able to use those buckets. | 
| 
 | Mandatory only when FileSystem is selected as a bucket provider. The list of locations you want to allow buckets to be created at for the FileSystem provider. If you enable the FileSystem
                                 provider, you must pass in a value for this parameter too. Values are a list of UNC paths, separated by the pipe symbol  |(e.g.\mysharedstorage\mybyckets\myotherserver\myotherbuckets). | 
| 
 | Optional. Allows you to publish to the Azure App Service by relying on your own user identity, without having to create a service principal.
                                 If this parameter is used, the  UseServicePrincipalparameter set (which includes items such as the Azure application ID, password, subscription ID, and tenant ID) are no longer
                                 necessary. | 
| 
 | Optional. Allows you to include the external URL of the Orchestrator app service in cases where a custom URL is used. If this parameter is not populated, the app service default URL is used instead. | 
| -azureUSGovernmentLogin | Optional. This parameter is only used for US Government deployments. | 
UiPath.Orchestrator.dll.config parameter values are automatically migrated and persisted when performing an update. To change them, provide new values when
                  calling the Publish-Orchestrator.ps1 script.
               -NuGet.Packages.ApiKey
-NuGet.Activities.ApiKey
-NuGet.Packages.Path
-NuGet.Activities.Path
-machineKey/@decryption
-machineKey/@decryptionKey
-machineKey/@validationKey
-EncryptionKey
-NuGet.Repository.Type
-Storage.Type
-Storage.Location
-LoadBalancer.Redis.ConnectionString
-LoadBalancer.UseRedis
-Scalability.AzureSignalR.ConnectionString
-nlog/targets/target/@name=robotElasticBuffer/@name=RobotElastic/@uri
-nlog/targets/target/@name=robotElasticBuffer/@name=RobotElastic/@username
-nlog/targets/target/@name=robotElasticBuffer/@name=RobotElastic/@password
-nlog/rules/logger/@name=Robot.*/@writeTo
-nlog/targets/target/@name=serverElasticBuffer/@name=serverElastic/@uri
-nlog/targets/target/@name=serverElasticBuffer/@name=serverElastic/@username
-nlog/targets/target/@name=serverElasticBuffer/@name=serverElastic/@password
-nlog/targets/target/@name=serverElasticBuffer/@name=serverElastic/@index
-nlog/rules/logger/@name=*/@writeTo-NuGet.Packages.ApiKey
-NuGet.Activities.ApiKey
-NuGet.Packages.Path
-NuGet.Activities.Path
-machineKey/@decryption
-machineKey/@decryptionKey
-machineKey/@validationKey
-EncryptionKey
-NuGet.Repository.Type
-Storage.Type
-Storage.Location
-LoadBalancer.Redis.ConnectionString
-LoadBalancer.UseRedis
-Scalability.AzureSignalR.ConnectionString
-nlog/targets/target/@name=robotElasticBuffer/@name=RobotElastic/@uri
-nlog/targets/target/@name=robotElasticBuffer/@name=RobotElastic/@username
-nlog/targets/target/@name=robotElasticBuffer/@name=RobotElastic/@password
-nlog/rules/logger/@name=Robot.*/@writeTo
-nlog/targets/target/@name=serverElasticBuffer/@name=serverElastic/@uri
-nlog/targets/target/@name=serverElasticBuffer/@name=serverElastic/@username
-nlog/targets/target/@name=serverElasticBuffer/@name=serverElastic/@password
-nlog/targets/target/@name=serverElasticBuffer/@name=serverElastic/@index
-nlog/rules/logger/@name=*/@writeToSingle Node Installation
-unattended
                     manner and logs its steps at the -verbose level.
                  .\Publish-Orchestrator.ps1 `
-action "Deploy" `
-unattended `
-package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" `
-stopApplicationBeforePublish `
-azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" `
-azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" `
-azureAccountApplicationId "$AzureApplicationId" `
-azureAccountPassword "$AzurePassword" `
-resourceGroupName "DocTest-Orch-RG" `
-appServiceName "DocTests123" `
-testAutomationFeatureEnabled 
-updateServerFeatureEnabled 
-storageType "Azure" `
-storageLocation "DefaultEndpointsProtocol=https;AccountName=usr;AccountKey=...;EndpointSuffix=core.windows.net" `
-robotsElasticSearchUrl "http://docelasticserver:9200" `
-verbose.\Publish-Orchestrator.ps1 `
-action "Deploy" `
-unattended `
-package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" `
-stopApplicationBeforePublish `
-azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" `
-azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" `
-azureAccountApplicationId "$AzureApplicationId" `
-azureAccountPassword "$AzurePassword" `
-resourceGroupName "DocTest-Orch-RG" `
-appServiceName "DocTests123" `
-testAutomationFeatureEnabled 
-updateServerFeatureEnabled 
-storageType "Azure" `
-storageLocation "DefaultEndpointsProtocol=https;AccountName=usr;AccountKey=...;EndpointSuffix=core.windows.net" `
-robotsElasticSearchUrl "http://docelasticserver:9200" `
-verboseMulti-node Installation
-unattended manner and logs its steps at the -verbose level.
                  .\Publish-Orchestrator.ps1 `
-action "Deploy" `
-unattended `
-package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" `
-stopApplicationBeforePublish `
-azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" `
-azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" `
-azureAccountApplicationId "$AzureApplicationId" `
-azureAccountPassword "$AzurePassword" `
-resourceGroupName "DocTest-Orch-RG" `
-appServiceName "DocTests123" `
-redisConnectionString "docs123.redis.cache.windows.net:6380,passwprd=******,ssl=True" `
-azureSignalRConnectionString "Endpoint=https://doctest.signalr.net;AccessKey=*****;Version=1.0;" `
-robotsElasticSearchUrl "http://docelasticserver:9200" `
-storageType "Azure" `
-storageLocation "DefaultEndpointsProtocol=https;AccountName=usr;AccountKey=...;EndpointSuffix=core.windows.net" `
-verbose.\Publish-Orchestrator.ps1 `
-action "Deploy" `
-unattended `
-package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" `
-stopApplicationBeforePublish `
-azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" `
-azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" `
-azureAccountApplicationId "$AzureApplicationId" `
-azureAccountPassword "$AzurePassword" `
-resourceGroupName "DocTest-Orch-RG" `
-appServiceName "DocTests123" `
-redisConnectionString "docs123.redis.cache.windows.net:6380,passwprd=******,ssl=True" `
-azureSignalRConnectionString "Endpoint=https://doctest.signalr.net;AccessKey=*****;Version=1.0;" `
-robotsElasticSearchUrl "http://docelasticserver:9200" `
-storageType "Azure" `
-storageLocation "DefaultEndpointsProtocol=https;AccountName=usr;AccountKey=...;EndpointSuffix=core.windows.net" `
-verboseMulti-node Update
-unattended manner and logs its steps at the -verbose level.
                  Publish-Orchestrator.ps1 `
-action Update `
-unattended `
-package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" `
-stopApplicationBeforePublish `
-azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" `
-azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" `
-azureAccountApplicationId "$AzureApplicationId" `
-azureAccountPassword "$AzurePassword" `
-resourceGroupName "DocTest-Orch-RG" `
-appServiceName "DocTests123" `
-verbosePublish-Orchestrator.ps1 `
-action Update `
-unattended `
-package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" `
-stopApplicationBeforePublish `
-azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" `
-azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" `
-azureAccountApplicationId "$AzureApplicationId" `
-azureAccountPassword "$AzurePassword" `
-resourceGroupName "DocTest-Orch-RG" `
-appServiceName "DocTests123" `
-verboseWebhooks.Enabled and Telemetry.Enabled parameters to false. The procedure occurs in an -unattended manner and logs its steps at the -verbose level.
                  Publish-Orchestrator.ps1 `
-action Update `
-unattended `
-package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" `
-stopApplicationBeforePublish `
-azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" `
-azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" `
-azureAccountApplicationId "$AzureApplicationId" `
-azureAccountPassword "$AzurePassword" `
-resourceGroupName "DocTest-Orch-RG" `
-appServiceName "DocTests123" `
-appSettings @{"Webhooks.Enabled"="false"; "Telemetry.Enabled"="false"} `
-verbosePublish-Orchestrator.ps1 `
-action Update `
-unattended `
-package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" `
-stopApplicationBeforePublish `
-azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" `
-azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" `
-azureAccountApplicationId "$AzureApplicationId" `
-azureAccountPassword "$AzurePassword" `
-resourceGroupName "DocTest-Orch-RG" `
-appServiceName "DocTests123" `
-appSettings @{"Webhooks.Enabled"="false"; "Telemetry.Enabled"="false"} `
-verbose