Install the AAA Server

Prerequisites:

Review all prerequisites and installation steps to identify those that pertain to your product version and environment. Before installing the AAA Server, you must complete the following:

General:

Make sure you have local administration rights on the machine to correctly install and configure the AAA Server and its components.

Note: In newer versions of Microsoft Windows, some local permissions are more restricted by default. If the account you are using to install and run AAA Server for Windows does not have Local Administrator privileges, installation and running of necessary services may not succeed.

It is recommended that you install and run the AAA Server as a local administrator. If you choose not to run the AAA Server as a local administrator, then the user account you use must have the rights to start and stop services.
Make sure that the system ports 1812 and 1813 are not already in use. To view the list of open ports and ports in use, run the command netstat -an at the command prompt.
If you are installing the AAA Server on Microsoft XP, then you must apply the KB926255 security update. For further information, see http://www.microsoft.com/technet/security/bulletin/ms06-075.mspx.
If Microsoft SQL Server is on a remote computer, you must:

Set both the SQL Server and Windows authentication in the instance’s Security properties.
Create a SQL Login account corresponding to the Windows Machine Account of the AAA server with Sysadmin rights to the “Master” database. (The Windows Machine account is sometimes referred to as the System account, and has the following format: <DOMAIN\AAA_SERVER_COMPUTER_NAME$>. The appended “$” symbol is required.)
Make sure that the SQL Server ports (TCP 1433 and UDP 1434) are open.
For any Microsoft SQL installation of AAA Server 7, you MUST install Microsoft ODBC Driver 17, or the installation will not succeed. Microsoft ODBC Driver 17 is included with the AAA Server for Windows distribution, and can be installed directly from the Setup.exe screen, in the Install tab or the Drivers tab.

It is also recommended installing the latest Microsoft security updates to ensure the highest level of security.

Upgrading:

You can upgrade to AAA Server 7.0 from version 6.8 or later if you are using SQL Server or Oracle as your database management system. If you are using a version earlier than 6.8, then you must upgrade to AAA Server 6.8 first. For more information, see Upgrade.
If you also are upgrading the Web Help Desk on the machine, then you must back up the Security Questions and Answers data (if configured) and uninstall the Web Help Desk before upgrading the AAA Server.
For upgrade information, see Managing the ActivID AAA Server.

Databases:

If you are using Oracle databases, then you must install the Oracle ‘Instant Client’ ODBC drivers for Oracle 12c R2 or 19c first, and ensure that connectivity to the target database is tested successfully.
See the ActivID AAA Server for Windows 7.0 ReleaseNotes for additional important information about installing AAA with Oracle database before you begin.

Download and decompress the installation binaries, then launch the Start.exe file in the ActivID AAA For Remote Access 7.0 directory.

Click Install.

If you do NOT have an existing database, then you must first Install Microsoft SQL Server Express.

The setup provided with the distribution installs the required ActivPack database instance. If you do not use the included Setup installer and install Microsoft SQL Server Express 2014 from the .msi installer, you must configure the ACTIVPACK database instance manually.

For further information (prerequisites and post-installation steps), see the AAA Server Release Notes.
When complete, you can proceed with the AAA Server setup.
If you have an existing database instance, proceed to the next step.
Note: Microsoft ODBC Driver 17 (required for any AAA Server 7 installation with a Microsoft SQL Database) requires the latest supported Visual C++ Redistributable for Visual Studio (currently available here: https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads)
Once installed, then proceed with the Micrrosoft SQL ODBC Driver 17 installation.

Click Install AAA Server for Remote Access & Admin Console.
Note: You must install the AAA Administration Console component on the computer designated for administrative tasks.
Alternatively, run the Setup-4T-AAA-Server-7.0.msi in the Installers directory from the downloaded installation binaries.
In the wizard welcome page, click Next.

In the License Agreement, review the warranty and liability information, accept the agreement, and then click Next.

The Custom Setup window is displayed:

The following table describes the available components:

Component	Description
Documentation	Install the AAA Server documentation set.
Administration Console	Install the AAA Administration Console (and database if using SQL Server or SQL Server Express).
AAA Server	Install the RADIUS server and the AAA Server database.
SKI Connector Service Note: Select this service if you plan to install the Web Help Desk on the computer.	Install the SKI Connector to allow connection to a second application (such as the Web Help Desk or ActivID CMS), if required. During the setup, you also configure the SSL connection between the SKI Connector and the Web Help Desk.

To modify the default setup, use the feature icon menu to change the state.
Accept the default installation location and click Next, or click Change to specify to a different directory.
The default installation directory is: C:\Program Files\ActivIdentity\AAA.

Specify the required directory and click OK, and then click Next.
For SQL Server deployments, select the instance where to create the administration and server databases from the Choose an SQL Server drop-down list.
Note:
- You must enter the server information manually if the remote SQL Server Browser service is not running.
- If the Microsoft SQL Server is on a remote computer, and the SQL Server Browser service is not running on the remote instance, the name is not automatically populated, and you need to manually set the SQL Server instance information in the “Choose a SQL Server:” field.
- If you are using the SQL Server Express database provided with the AAA Server setup, the instance is called ‘ACTIVPACK’.
- If you choose to install the SQL Express 2014 locally using the included with the AAA Server distribution, it is recommended to use the “Install Microsoft SQL Server Express” link on the Start.exe setup screen, or the Setup-4T-SQLExpress-for-AAA-Server-7.0 installer in the “Installers” directory in the distribution. This ensures that the pre-configured “ACTIVPACK” database instance is created.
  If you install the server directly from the Microsoft installer executable, the automatic configuration does not occur, and the SQL Server Express instance needs to be manually configured for the AAA Server installation to succeed
Important: Remote SQL Servers:
1. For remote Microsoft SQL Server installations, you must configure the remote server with mixed authentication mode (SQL Server and Windows Authentication mode) in the instance’s Security properties.
2. You must Create a SQL Login account corresponding to the Windows Machine Account of the AAA server with Sysadmin rights to the “Master” database. (The Windows Machine account is sometimes referred to as the System account, and has the following format: <DOMAIN\AAA_SERVER_COMPUTER_NAME$>. The appended “$” symbol is required.) If this login is not configured on the remote SQL Server, remote SQL Server installation with Windows Authentication will not succeed.
Important: Oracle Database Connectivity Information:
If you are using Oracle databases, then you must install the Oracle ‘Instant Client’ drivers ODBC drivers for Oracle 12c R2 or 19c first and ensure that connectivity to the target database is tested successfully.
If the needed drivers are not installed, the installer dpes not provide the option of choosing Oracle Database connectivity for installation.
See the ActivID AAA Server for Windows 7.0 ReleaseNotes.html for additional important information about installing AAA with Oracle database before you proceed.

Use the following table to select the authentication mode that the setup program uses to create the databases:

To...	Then...
Use the network logon credentials for the computer hosting the selected SQL Server.	Select With Windows Authentication.
Use Windows account other than the Local System administrator.	Enter the credentials for the alternative account in Configure the Windows Account AAA Server service will log on as.
Use the administrator credentials for the selected SQL Server.	Select With SQL Server authentication, then enter the Login ID for the user selected earlier, and enter the user’s password.
Use the default SQL Express ACTIVPACK database instance.	Select With SQL Server authentication and enter the following credentials: Login ID: sa Password: Password999

For security reasons, change these default credentials AFTER installation.

The setup program creates the following database instance and user credentials:

Administration database:
Username - ActivPackAdmin
Password - Pr0t0c0m
(where 0 is the numerical digit, not the alphabetical character)
Server database:
Username - ActivPackServer
Password - Pr0t0c0m
(where 0 is the numerical digit, not the alphabetical character)

Click Next and take the relevant following action.

If...	Then...
An AAA Server installation already exists.	The setup program detects that there is an existing AAA Server installation, and a dialog box is displayed with the message whether or not to destroy the existing authentication and administration databases and create new ones. You can reuse the databases if they belong to a version of AAA Server (ActivPack) 5.0 or later. The setup program verifies the version and prompts you accordingly. For more information, see Upgrade. Warning! When prompted to replace the existing ODBC DSNs, you MUST choose Yes to replace them. If you do not replace the existing configured ODBC Data Source Names (choosing No), the installation will not succeed.
This is the first installation of the AAA Server.	The ActivPack Configuration window is displayed. Assign the first ActivPack Administrator a user ID and password for the Administration Console and server, and click Next. Warning! If installing with an Oracle Database, and not running the installer .msi from an elevated Administrative command prompt, you MUST not configure the first ActivPack Administrator, or the installation will not succeed. You are prompted to create the Administrator account after installation when running the AAA Server Configurator or launching the AAA Server Administration Console. Note: You must keep a record of these credentials as they are required to access the Administration Console, configure the server, and create other console users.

If...

Then...

An AAA Server installation already exists.

The setup program detects that there is an existing AAA Server installation, and a dialog box is displayed with the message whether or not to destroy the existing authentication and administration databases and create new ones. You can reuse the databases if they belong to a version of AAA Server (ActivPack) 5.0 or later. The setup program verifies the version and prompts you accordingly. For more information, see Upgrade.

Warning! When prompted to replace the existing ODBC DSNs, you MUST choose Yes to replace them. If you do not replace the existing configured ODBC Data Source Names (choosing No), the installation will not succeed.

This is the first installation of the AAA Server.

The ActivPack Configuration window is displayed. Assign the first ActivPack Administrator a user ID and password for the Administration Console and server, and click Next.

Warning! If installing with an Oracle Database, and not running the installer .msi from an elevated Administrative command prompt, you MUST not configure the first ActivPack Administrator, or the installation will not succeed.
You are prompted to create the Administrator account after installation when running the AAA Server Configurator or launching the AAA Server Administration Console.

Note: You must keep a record of these credentials as they are required to access the Administration Console, configure the server, and create other console users.

The AAA Administrator Credentials window is displayed:

Enter the User ID and Password for the first AAA Server Administration Console administrator, and then click Next.
If you do not create the Administrator credentials now, you are prompted to do so when you run the Administration Console or Server Configurator for the first time.
Warning! If installing with an Oracle Database, and not running the installer .msi from an elevated Administrative command prompt, You MUST not configure the first ActivPack Administrator, or the installation will not succeed.
See the ActivID AAA Server for Windows 7.0 ReleaseNotes.html for additional important information about installing AAA with Oracle database before you proceed.
If you selected to install the SKI Connector (required for deployments with the Web Help Desk), you are prompted to configure the SSL connection.
Enter and confirm the passwords for the generated SKI Connector and Web Help Desk certificates and then click Next.
The passwords must be at least six characters long (alphanumeric).
If the passwords do not meet the length requirements or do not match, the wizard displays the corresponding warning messages.
Note:
SSL Configuration:
The AAA Server setup automatically generates the certificates required for the SSL connection:
- AAA Server root CA file - AAAroot.cer
- SKI Connector server certificate file (signed by the AAA Server root CA certificate) - SKIConnector.p12
- Web Help Desk client certificate file (signed by the AAA Server root CA certificate) - WHD.p12
They are then stored in the <installdir>\Certificates directory by default, and are valid for 10 years.
The Self-Signed root certificate, AAAroot.cer, is automatically imported into the Windows Trusted Root Certification Authority store.
The SKIConnector.p12 certificate is imported during configuration of the SKI Connector in the SKI Connector Configurator (run after installation).
The WHD.p12 certificate is imported during the installation of AAA Web Help Desk.
It is important to not lose the password you chose for these certificates.
To re-generate the certificates, you must run the setup again to re-install the AAA Server.

Important: As of AAA Server 7.0, self-signed certificates are now generated to comply with SSL Hostname Verification requirements. If you previously installed AAA Server and used generated self-signed certificates, new certificates are regenerated by AAA Server 7.0.

Click Install, or click Back to modify the setup information.
Click Finish.
Start or restart the AAA Server service(s) as follows:
Note: Do not restart the computer. The setup program automatically defines the Microsoft SQL and Oracle service dependencies for the AAA Server.
- To start the ActivID AAA Server service, from the Windows Start menu, point to Program Files, ActivID, AAA, and then click Server Configurator. Enter the AAA Server Administrator credentials, review the configuration, and then click Apply. Click Yes to restart the service.
- To start the ActivID AAA SKI Connector service, from the Windows Start menu, point to Program Files, ActivID, AAA, and then click SKI Connector Configurator. Review the configuration, and then select Apply. Click Yes to restart the service.