Install Recast Management Server with Recast Proxy

Recast Management Server software can be installed on its own server or on the primary Configuration Manager server.

Prerequisites

Run the Recast Management Server Installer

After downloading Recast Management Server from the Recast Portal, run the installer and follow its prompts.

IIS

To configure IIS:

1. On the IIS Configuration page, change the Server Name only if the client is going to use a DNS alias. 

2. Set the IIS Port. The default IIS Port is TCP 444, to prevent conflicts when Recast Management Server is installed on Configuration Manager servers. The IIS Port can be changed to 443, or any open TCP port, to suit your environment.

IIS Configuration

Certificates

Recast Management Server requires a certificate for secure communication with Right Click Tools and any Recast Proxies. 

To configure a certificate:

On the Certificate Configuration page, you have the option to Generate a Self-signed Certificate or Use an Existing IIS Certificate issued by a trusted internal Certificate Authority.

Certificate Configuration

CERTIFICATE NOTES:

  • The subject name or one of the subject alternative names of the certificate should match the server name in the URL that the Right Click Tools and Recast Proxies are pointed towards.
  • The public key of self-signed certificates must be added to the Trusted Root Certificate Authorities store on your Recast Proxies.
  • Right Click Tools will prompt for untrusted certificates and add them to an allowed list. To avoid this prompt, import the public key of the Recast Management Server certificate into the Trusted Root Certificate Authorities store on the devices where the Right Click Tools are installed.
  • The certificate can be changed later by editing the Binding in IIS Manager.
  • For instructions on importing a certificate to a local machine, see Certificate used by Recast Management Server is not trusted.

SQL Server

There are two types of permissions that will allow the Recast Management Server installer to automatically create the SQL database with all the necessary permissions:

  • The user account running the installation can be assigned a SysAdmin role in the SQL instance. If the user account has permission to connect remotely, use the Test SQL Connection button to check connectivity to the SQL Server during the install. After the RMS installer creates the database, the SysAdmin permission can be removed.
  • The computer account of the Recast Management Server can be granted db_creator permissions. In this case, check the Skip SQL Connection Test box.  

SQL Server

SQL SERVER NOTES:

  • The default SQL Server Port Number is 1433.
  • A fully licensed version of SQL is strongly recommended to avoid the 10GB storage limitation of SQLExpress.
  • After the SQL database is created, simplify the database recovery model to prevent storage issues.
  • Remote SQL Server: The computer account of Recast Management Server will need db_owner permissions to create the database on the remote device. If the account running the Recast Management Server installer does not have permission to create a SQL database, the database administrator can pre-create the RecastManagementServer database and manually give the computer account db_owner permissions.
  • Local SQL Server: The IIS AppPool\Recast Management Server account will need db_owner permissions to create the database on the local device. Alternatively, the database administrator can pre-create the database and give the IIS AppPool\Recast Management Server account db_owner permissions to the database. The IIS AppPool\Recast Management Server account will not exist until after the installation completes, so the permissions will need to be given after installation.

Import License

You can download and import your Recast licenses when installing Recast Management Server.

To download your Enterprise license:

1. On the Import License page, enter your Recast Portal email address and password.

2.  Click Download License. The license information will appear in the right-hand column. 

NOTE: If your server does not have internet access, click Browse for License to browse the filesystem for a license file that has been exported from the Recast Portal.

License

Proxy

Recast Proxy must be deployed separately, after Recast Management Server installation, if the proxy is being installed on a server other than the Recast Management Server. For instructions, see Install Recast Proxy Separately.

NOTE: Proxy configuration is optional for Privilege Manager where Active Directory or Microsoft Entra ID objects are not used to target rules.

To configure the proxy during RMS installation:

On the installer's Proxy Configuration page, enter the service account Domain, Username, and Password and click Test Credentials to verify service account details.

Right Click Tools Service Account Proxy Account Info

Domain

To configure your domain:

1. On the Domain Configuration page, enter the Domain Name.

2. Click Test Domain Connection to verify that the service account has access to read from your domain.

Right Click Tools Service Account Proxy Do Not Install

Configuration Manager

NOTE: Configuration Manager does not need to be set up for Privilege Manager.

To set up your Configuration Manager for the proxy:

1. On the Configuration Manager Configuration page, enter the following information:

  • Name of the site server that has your SMS Provider role
  • Site Code
  • Name of the SQL Server where your Configuration Manager SQL database is located
  • SQL Database name

NOTE: You can skip the Configuration Manager Configuration page during Recast Management Server or Recast Proxy installation by removing any information from the text fields, selecting Test ConfigMgr Connection and the Skip ConfigMgr Verification checkbox, and clicking Next.

2. Click Test ConfigMgr Connection to check that the service account has access.

MBAM

MBAM configuration is only required for a separate MBAM Server. If you are using the ConfigMgr integrated BitLocker or AD, you can skip this section and click Install.

NOTE: MBAM does not need to be configured for Privilege Manager or Application Manager.

To configure MBAM:

1. Tap Click Here to Configure MBAM.

2. Add your Administration URL and SQL Server information.

3. Click Test MBAM Connection to verify that the service account has access to MBAM.

4. Click Install.

Verify Your Installation

When the installation is complete, verify that you are able to open the Recast Management Server by navigating to  https://ServerFQDN:Port  in a web browser (Chrome, Edge, or Firefox are recommended). 

When asked to sign in, enter the username and password for the account used to install the Recast Management Server. 

Installation Log Location

To verify the installation logs for Recast Management Server and Recast Proxy (when installed together), navigate to  C:\Users\user account running the install\AppData\Local\Temp 

NOTE: The log is named something like Recast_Management_Server_2022*****.log


Copyright © 2023 Recast Software, LLC. All rights reserved.