Downloading and Installing a Distributed Engine

  1. Search for and navigate to Sites and Engines. The Distributed Engine page loads.

  2. Click Add Engine. The Download Engine popup appears.

  3. For Processor architecture, select the bit value for your machine, either 64 or 32.

  4. For Preconfigured Site, select Default.

  5. Click Download Now to save and download your engine .zip file.

    Note the location of the download, which defaults to Downloads on Windows.

  6. Open the download directory on your machine and extract the Thycotic.DistributedEngine.Service.Default.x64 zip file.

  7. Open the unzipped folder and run setup.exe.

  8. Open Services on the App Server and right-click the Thycotic Distributed Engine.

    Use a service account with the least amount of privileges or level of access.

  9. Switch back to your browser and reload the Distributed Engine page.

  10. Expand the Default site by clicking the half-arrow next to it.

  11. Hover over the engine that is now showing and click the three-dot menu on the far right.

  12. Select Activate, then click OK in the pop-up.

    Green circled checkmarks will appear for Connection Status and Activation Status, indicating that your engine is now installed.

Running a Distributed Engine as a Service Account

If you are running a distributed engine as a service account:

  1. Select Properties and click the Log On tab.

  2. Click This account and click Browse.

  3. Click Locations and select Entire Directory:

  4. Type the Service Account you would like to run in the Enter the object text box, check Names, and then click OK.

  5. Switch back to your browser and reload the Distributed Engine page.

  6. Type the password for the Administrator, and click OK.

Facilitating Auto Upgrades of Your Distributed Engine

We have seen issues getting engines auto-upgraded when the service is running as a domain account instead of the built-in account. From our research and testing, the important things to have in order to use an AD service account and to have successful, hands-free upgrades are the following:

  • The service account should be in the local Administrators group (so the account can start/stop the service).

  • The service account needs full permissions to the DE installation directory.

  • After setting the service account as the DE login account, the service must be restarted to have the login identity change take effect.

After changing the service account, the DE will show up as a Pending engine. The old engine with the local login identity should be deactivated and removed from the Site, with the new engine/identity instance added back to the Site upon activation.