Installing Recast Management Server with Recast Proxy

Before installing Recast Management Server, ensure that your system meets the application's hardware and software requirements.

Recast Management Server software can be installed on its own server or on the primary Configuration Manager server.

IIS Configuration

On the IIS Configuration page, you should only change the server name if the client is going to use a DNS alias. 

The default IIS Port is TCP 444, to prevent conflicts when Recast Management Server is installed on Configuration Manager servers. The IIS Port can be changed to 443, or any open TCP port, to suit your environment.

IIS Configuration

Certificates

Recast Management Server requires a certificate for secure communication with Right Click Tools and any Recast Proxies. You have the option to generate a self-signed certificate or use an existing one. You should either use a web server certificate issued by a trusted internal Certificate Authority, or generate a self-signed certificate. The certificate can be changed later by editing the Binding in IIS Manager.

Certificate Configuration

CERTIFICATE NOTES:

  • The subject name or one of the subject alternative names of the certificate should match the server name in the URL that the Right Click Tools and Recast Proxies are pointed towards.
  • The public key of self-signed certificates will need to be added to the Trusted Root Certificate Authorities store on your Recast Proxies
  • Right Click Tools will prompt for untrusted certificates and add them to an allowed list. To avoid this prompt, import the public key of the Recast Management Server certificate into the Trusted Root Certificate Authorities store on the devices where the Right Click Tools are installed.
  • Certificates can be changed later from IIS Manager.

SQL Server

Recast Management Server requires a SQL Server in version 4.0 or higher. This can be the free SQL Server Express version, or enterprise SQL. If the SQL Server is installed on a remote device, the computer account of Recast Management Server will need permissions to create the database on the remote device. Alternatively, you can pre-create the RecastManagementServer database and give the computer account db_owner permissions. If the SQL Server is installed on the local device, the computer account of the Recast Management Server will need permissions to create the database on the local device. You can pre-create the database and give the IIS AppPool\Recast Management Server account db_owner permissions to the database. This account will not exist until after the installation is finished, so the permissions will need to be given after installation. The Test SQL Connection button will verify connectivity to the SQL Server during installation if the account running the installation has permissions to remotely connect.

SQL Server

SQL SERVER NOTES:

  • Remote SQL Server: the computer account of the Recast Management Server needs to be given the db_owner role for the RecastManagementServer database.
  • Local SQL Server: the IIS AppPool\Recast Management Server account needs to be given the db_owner role for the RecastManagementServer database.
  • The IIS AppPool\Recast Management Server account will not exist until after the installation completes.
  • The default SQL Server Port Number is 1433.
  • For more information, see Configuring SQL Server Permissions.

Importing Your Recast Software Enterprise License

You can download and import your Right Click Tools Enterprise or Endpoint Insights license when installing Recast Management Server.

To download your Enterprise license:

1. On the installer's Import License page, enter your Recast Portal email address and password.

2.  Click Download License. The license information will appear in the right-hand column. 

NOTE: If your server does not have internet access, click Browse for License to browse the filesystem for a license file that has been exported from the Recast Portal.

License

Proxy Service Account Permission Requirements

  • Minimum requirements

    • Local admin on the server where it is being installed
    • Read-only analyst in ConfigMgr Console
    • db_datareader in ConfigMgr DB
    • Read permissions in Active Directory
  • Run Actions as a Service Account

    • Local admin on any device that actions will be run against
    • Read/Write permissions in Active Directory (Write is only required to delete devices from AD)
    • Appropriate ConfigMgr Security Role for intended actions in ConfigMgr Console (Full Administrator for all actions)
    • Permission to MBAM if applicable
  • Collect Warranty Information with Endpoint Insights

    • If your Recast Management Server is installed on a server other than your ConfigMgr SQL DB, the proxy account will need to be added to the "SMS_SiteSystemToSiteServerConnection_MP_(YourSiteCode)" local group on that server. This will allow it to read/write to your "inboxes\auth\ddm.box" which is required to gather warranty data.

Install Recast Proxy

The installer will then bring you to the Service Account Proxy installation screen.

If you choose to install the Service Account proxy, you should enter the Service account Domain, Username, and Password.

Right Click Tools Service Account Proxy Account Info

Hit test connection to verify the service account has access to read from your domain.

Right Click Tools Service Account Proxy Do Not Install

Fill out your the site server name that has your SMS provider role and the Site Code. Also fill out the server name where your ConfigMgr SQL database is located and the database name. 

If you have an MBAM Server in your environment, you can test if the service account has access to MBAM. Hit "Click Here to Configure MBAM" and fill out your Admin URL and SQL Server. If not, hit install.

This section is for a separate MBAM Server. If you are using the ConfigMgr integrated BitLocker or AD, you do not need to fill this out.

The installation will continue and finish with this dialog box. For information on how to configure routes for the proxy check the configuration section below.

RMS install Complete

Verification

When the installation is complete, verify that you are able to open the Recast Management Server by navigating to https://ServerFQDN:Port in a web browser. Chrome, Edge, or Firefox are recommended. You will receive an authentication window asking you to sign in. Enter the username and password for the account that you were using to install the Recast management Server. A correctly configured Recast Management Server should look similar to the below screenshot.

Server Working Screenshot

If you do not see a screen like the one above, please check out the troubleshooting section of our documentation Troubleshooting

Installation Logs

If you need to verify the installation logs for any reason, Logs for the installation of the Recast Management Server and Recast Proxy (when installed together) will be located here:

C:\Users\user account running the install\AppData\Local\Temp

It will be named something like Recast_Management_Server_2021*****.log