Issue
After RPA Central is installed, if the user tries to access it after setting the Certificate and URL, and it repeatedly prompts for the Users Credentials, this is because how we use Windows Authentication. It usually means the users Domain and Site URL do not match.
Active Directory
Domain
RPA Central requires Active Directory configured as described in the Pre-installation checklist in the Microsoft Azure support section.
To check if a machine is connected to the Domain follow these steps:
Azure AD
Supported: Not officially, but it may work.
When Site URL doesn't match the Domain
If all of the following are true:
- A customer wishes to make their RPA Central site accessible to other machines.
- They want the site URL to differ from the domain itself (e.g. rpa.company.com rather than hostname.company.local).
- They want to interact with their RPA Central site from the machine on which it’s installed.
Resolution
Register the Service Principal Name (SPN)
You must register the SPN if you want:
-
To make Nintex RPA Central accessible from other machines.
-
The site URL to differ from the domain. For example, rpa.company.com instead of hostname.company.local.
-
To allow interaction with Nintex RPA Central from the machine on which it is installed.
In addition to installing the certificate for the site URL, perform the following actions by executing these commands in a command prompt window on the Nintex RPA Central machine:
Note: You must be a domain administrator or a user with the "Validated write to service principle name” permission to use these commands.
-
Get the hostname of the machine: Type hostname and press Enter.
-
Get the domain and username: Type whoami and press Enter.
-
Register the custom domain name service principal with the host: Type setspn -S HTTP/{siteUrl} {domain}{hostname} and press Enter.
-
List all SPNs: Type setspn -L {domain}{hostname} and press Enter.
-
Delete an SPN: Type setspn -D HTTP/{siteUrl} {domain}{hostname} and press Enter.
-
Purge all cached tokens after updating the SPN list: Type klist purge and press Enter.
Note: If you have the {siteUrl} registered with a different hostname or with a username, delete and purge it first before adding the correct SPN. Also, you may want to run the list command before and after setting the SPN.