Right Click Tools Prerequisites
- At least 4 cores CPU
- At least 8 GB RAM
- Windows Server 2012R2 or later
- ASP.net 4.7
- .Net Core Hosting Bundle (The Recast Management Server will install this if it is not present, this should be installed after IIS)
- Any licensed version of SQL (If you don't have permission to create a SQL DB during the install, you can pre-create the SQL DB)
- Download the newest version of the Recast Management Server installer by logging into the Recast Portal site at: https://portal.recastsoftware.com/
The first page in the wizard after accepting the EULA walks you through the server name and IIS port. You should only change the server name if the client is going to use a DNS alias. The server port can be changed to any open TCP port – 444 is the default to prevent conflicts when installing on ConfigMgr servers, but it can be changed to port 443 if it’s preferred in your environment.
Recast Management Server requires a certificate for secure communication with the Right Click Tools and any Recast Proxies. You have the option to generate a self-signed certificate or use an existing one. You should either use a web server certificate issued by a trusted internal Certificate Authority, or generate a self-signed certificate. The certificate can be changed later by editing the Binding in IIS Manager.
Things to Note:
- The subject name or one of the subject alternative names of the certificate should match the server name in the URL that the Right Click Tools and Recast Proxies are pointed towards.
- The public key of self-signed certificates will need to be added to the Trusted Root Certificate Authorities store on your Recast Proxies
- Right Click Tools will prompt for untrusted certificates and add them to an allowed list. To avoid this prompt, import the public key of the Recast Management Server certificate into the Trusted Root Certificate Authorities store on the devices where the Right Click Tools are installed.
- Certificates can be changed later from IIS Manager.
Recast Management Server requires a SQL Server in version 4.0 or higher. This can be the free SQL Server Express version, or enterprise SQL. If the SQL Server is installed on a remote device, the computer account of Recast Management Server will need permissions to create the database on the remote device. Alternatively, you can pre-create the RecastManagementServer database and give the computer account db_owner permissions. If the SQL Server is installed on the local device, the computer account of the Recast Management Server will need permissions to create the database on the local device. You can precreate the database and give the IIS AppPool\Recast Management Server account db_owner permissions to the database. This account will not exist until after the installation is finished, so the permissions will need to be given after installation. The Test SQL Connection button will verify connectivity to the SQL Server during installation if the account running the installation has permissions to remotely connect.
Things to Note:
- If using a remote SQL Server, the computer account of the Recast Management Server needs to be given the db_owner role for the RecastManagementServer database.
- The IIS AppPool\Recast Management Server account will not exist until after the installation completes.
- The default SQL Server Port Number is 1433
- For more information on SQL permissions, see Troubleshooting - SQL Server Configuration
- If using a local SQL Server, the IIS AppPool\Recast Management Server account needs to be given the db_owner role for the RecastManagementServer database.
Licenses can be downloaded during your Recast Management Server installation by entering your Recast Portal email address and password and clicking Download License. The license information should show up in the right pane if the retrieval was successful. If your server does not have internet access you can use the Browse for License button to browse the filesystem for a license file that has been exported from Portal.
Proxy Service Account Permission Requirements
- Local admin on the server where it is being installed
- Read analyst-only in ConfigMgr Console
- db_datareader in ConfigMgr DB
- Local admin on any device that actions will be run against
- Permissions to do desired actions in Active Directory
- Permissions to do desired actions in ConfigMgr Console
- Permission to MBAM if applicable
- If your Recast Management Server is installed on a server other than your ConfigMgr SQL DB, the proxy account will need write access to the DDM inbox. The location varies depending on your configuration but navigate to where the ConfigMgr DB inboxes are and it will be located under "inboxes\auth\ddm.box".
Install Recast Proxy
The installer will then bring you to the Service Account Proxy installation screen.
If you choose to install the Service Account proxy, you should enter the Service account Domain, Username, and Password.
Hit test connection to verify the service account has access to read from your domain.
Fill out your the site server name that has your SMS provider role and the Site Code. Also fill out the server name where your ConfigMgr SQL database is located and the database name.
If you have an MBAM Server in your environment, you can test if the service account has access to MBAM. Hit "Click Here to Configure MBAM" and fill out your Admin URL and SQL Server. If not, hit install.
This section is for a separate MBAM Server. If you are using the ConfigMgr integrated BitLocker or AD, you do not need to fill this out.
The installation will continue and finish with this dialog box. For information on how to configure routes for the proxy check the configuration section below.
When the installation is complete, verify that you are able to open the Recast Management Server by navigating to https://ServerFQDN:Port in a web browser. Chrome, Edge, or Firefox are recommended. You will receive an authentication window asking you to sign in. Enter the username and password for the account that you were using to install the Recast management Server. A correctly configured Recast Management Server should look similar to the below screenshot.
If you do not see a screen like the one above, please check out the troubleshooting section of our documentation Troubleshooting
If you need to verify the installation logs for any reason, Logs for the installation of the Recast Management Server and Recast Proxy (when installed together) will be located here:
C:\Users\user account running the install\AppData\Local\Temp
It will be named something like Recast_Management_Server_2021*****.log