Advanced (Manual) Installation

This topic only applies to Secret Server On-Premises.

Procedure

For the highest scalability and reliability, Delinea recommends using RabbitMQ. MemoryMQ is an easier but less capable alternative and can be used for trials and proof of concepts but should not be used for production environments. Two exceptions are very small deployments and customers that do not use open-source software for compliance reasons.

Step 1: Downloading the Secret Server Application Files

Ensure you have the IIS, .NET Framework, and SQL Server prerequisites installed before following the steps below.

Go to the download page to get a .zip file that contains both Secret ServerandPrivilege Manager files in the manual installation section.  Use this .zip file for the instructions below.

Step 2: Creating Folders and Extracting Contents

  1. Extract the contents of the .zip file downloaded above (Right-click, Extract All...). The original file is named with the latest version number for Secret Server.

  2. Extracting this file reveals a nugetCache folder, as well as another zipped folder named ss\_update. For a Secret Server-only install, you will not need the contents of the nugetCache folder.

  3. Create a folder called SecretServer in the location C:\inetpub\wwwroot\.

  4. Extract the contents of the ss\_update.zip file (Right-click, Extract All...) to C:\\inetpub\\wwwroot\\SecretServer.

Step 3: Configuring IIS

Open Internet Information Services (IIS) Manager* and create a new application pool:

Our IIS installation sets the .NET trust level to "Full (internal), which may affect other applications on the server.
  1. Right-click Application Pools and select Add Application Pool...

  2. Type a name (for example, SecretServerAppPool).

  3. Ensure that the highest .NET CLR version is selected.

  4. Ensure the Managed pipeline mode is set to Integrated.

  5. Click the OK button.

    The Secret Server installer sets the application pool to default to the system Network Service account.  If you selected Windows Authentication Mode during the SQL Installation process, see Running the IIS Application Pool As a Service Account. To use Windows Authentication you must use an Active Directory service account to run the application pool in IIS. We recommend this as a security best practice.
  6. See Changing IIS to Not Stop Worker Process in IIS 7.0 and Later to set the Idle Timeout and Regular Timeout settings to 0 for the application pool in IIS.

  7. Install Secret Server as either a virtual directory (4a) or as a website (4b):

Step 4a: Installing Secret Server as a Virtual Directory

  1. Right-click Default Web Site and select Add Virtual Directory...

  2. Select an alias for your Secret Server. The alias is appended to the website, and it is best to name it the name of your earlier unzipped folder. For example, SecretServer becomes https://myserver/SecretServer.

  3. Select the physical directory for where you unzipped Secret Server, for example, C:\inetpub\wwwroot\SecretServer. Do not replaceSecretServerwith anything longer than 20 characters.

  4. Click the OK button.

  5. In the tree, right-click the new virtual directory and select Convert to Application.

  6. Set the Application Pool to the same one you created in the Manual Installation section, for instance, SecretServerAppPool. Secret Server is now ready for installation. Skip to Step 5.

Step 4b: Installing Secret Server as a Website

  1. In IIS, right-click Sites and select Add Website...

  2. Type a site name.

  3. Click Select... and choose the application pool you created in the Manual Installation section.

  4. Click the OK button.

  5. Click the ... button beside the Physical path field and select the directory containing the unzipped Secret Server files, for example C:\inetpub\wwwroot\SecretServer.

  6. Click the OK button.

  7. Click the OK button at the bottom of the Add Website window to save your settings. Secret Server is now ready for installation.

Step 5: Completing Secret Server Installation from the Website

Your Secret Server advanced installation is now ready to complete:

  1. Installing and Configuring SQL Server.

  2. Open a browser and navigate to where your Secret Server is located, such as http://localhost/secretserver. You should arrive at a page that says "Secret Server (Not Installed or Unable to Access the Database)."

  3. Click the Install Secret Server button.

  4. On the SQL Server Location page, specify the server name of your SQL Database Server, <DatabaseMachineName>\InstanceName and then the database name that you created in SQL for Secret Server.

  5. If you are using Windows authentication mode to access SQL (recommended), ensure the correct service account is listed.

  6. If you selected mixed mode during the SQL install, select SQL Server Authentication and enter the SQL username and password you created for the SQL account. For information about adding a SQL Server user, see the SQL Server 2016 Standard Edition Installation.

  7. Click the Install Secret Server button. Secret Server verifies it is able to successfully create the Secret Server database. If an error occurs no database changes will be made.

    Secret Server attempts to download and install the latest version from the Internet. If you do not have an active Internet connection on your Web server, Secret Server will continue to install the version from your downloaded application files.

  8. The install may take a few minutes to complete. Once successful, click the Return to Home button.

  9. Create a username and password for the administrator account for Secret Server and store these credentials in a safe location.

  10. Click the Create User button and log on after entering the username and password.

  11. Once logged on Secret Server, you are prompted with the Getting Started wizard. The wizard guides you through adding your Licenses, setting up an email server, and creating your first group.

    If you skipped the wizard and would like to return, go to HELP > Getting Started from the top menu.

Secret Server is now installed. See our Getting Started Tutorial Overview or contact Delinea Support about training.

Troubleshooting Notes

  • If the database name you provide does not yet exist in the specified instance of SQL Server, Secret Server attempts to create the database using the SQL or Windows account you have specified. For that account to create a database, it needs to have the dbcreator server role in SQL Server. Secret Server
  • If using Windows authentication mode (recommended) you need to use a service account to run SS's application pools with appropriate permissions. See Running the IIS Application Pool As a Service Account.