This site requires JavaScript to be enabled
IE BUMPER

Logo

Dear Tricentis qTest users,

If you would like to submit a Tricentis qTest ticket,

please use this support request form.

Tosca Version
IncidentLookup using list
Language
How can we help?

Solution Suggestions

Please enter your question to get suggestions.
  Help
IE BUMPER
Categories
Boolean Operators
OR or vertical bar symbol (|)
Finds a match if either the terms exist in a document (a union using sets).
AND
Finds a match if both terms exist in a document (an intersection of sets).
NOT, minus (-), or exclamation point (!)
Excludes documents that contain the term after NOT (a difference of sets).
Wildcards
Asterisk (*)
The asterisk symbol performs a multi character wildcard search.
Percent sign (%)
The percent sign performs a single character wildcard search.
Phrases
Quotation marks (")
Use quotation marks to search for an exact phrase with multiple terms.
For examples and more information look at our Knowledge Base: Advanced Search On The Support Portal

Setup Tricentis Distributed Execution (Dex) for Unattended Execution using RDPServer

This article is describes how to setup unattended test execution of graphical user interface tests with Tosca Distributed Execution. Unattended execution enables you to execute GUI tests with a locked screen, i.e. test keyboard or mouse operations without a user logged in to the agent computer.

In below article several modifications to security settings are described. In an enterprise environment this generally is managed centrally and changes will not be possible or not persistent if they are done on the individual machine. Contact the security or infrastructure team of your company to support in this. This document explains the most common settings to take into account when setting this up without elaborating exactly how and where this needs to be setup. This security setup can be different based on your enterprise environment making it impossible to give precise instructions.
 

Article Content

 


Situation

For security reasons it is quite common, that testing machines are locked during test execution.
Non-UI tests and API-Tests can be run on locked screens without any further configurations. GUI tests however, can not be run on locked computers, due to the fact that the user session is frozen. Because of this the testing engine cannot simulate user actions, this is a basic constraint of Windows that cannot be changed.

 

To resolve this situation, Tosca RDPServer can be implemented. When executing TestEvents, Tosca RDPServer establishes a remote desktop connection to the applicable execution agent. The test event is scheduled for execution on the agent and the system closes the connection once it has executed all TestCases. Initial setup of DEX can be found in the Tosca Manual on Distributed Execution Setup
 

For this to work, connections must be possible with stored credentials from the server to the agent. To confirm if this is already possible execute below mentioned connectivity test.

 

Required setup of Tosca Execution Agent Machine

Allow Remote Access

It is required that the execution agent accepts inbound RDP connection requests.
This can be configured in the system properties of the windows machine.
The user(s) that should be allowed to connect needs to be specified as well by clicking on 'Select Users':
Image result for allow remote access

 

Allow RDP connections through the firewall

To be able to connect using RDP to the Execution Agent, the inbound connection needs to be allowed in the windows firewall and any other firewalls in your enterprise environment. The RDP protocol uses TCP and UDP port 3389.


 

Configure Group and Security Policies

To enable test automation several group policies need to be applied to the machine and useraccount levels. Best practice is to have a separate Organisational Unit in Active directory specifically for these machines and users and put all the relevant settings in these.

Group policies are accessible using gpedit.msc
Security policies are accessible using  secpol.msc


Do not require CTRL+ALT+DEL
Security Policy:  Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL
Required Value: Enabled

Disable Interactive logon: Message text
Security Policy Folder: Security Settings\Local Policies\Security Options\
Policies: Interactive logon: Message text for users attempting to logon
              Interactive logon: Message title for users attempting to logon
Required value: <empty>     (there should be no value for these entries)

Disable any prompts for passwords
Group Policy: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Always prompt for password upon connection
Required value: Disabled
 

Additional Machine settings

  • The Tosca Distribution agent needs to be configured including the RDP credentials on tab 'Unattended Execution'
  • A user session on the Execution Machine should have been initiated and the Tosca Distribution Agent needs to be active. Best practice is to have the Tosca Distribution Execution agent automatically start on login of the machine.
  • The screensaver on the Execution Agent Machine should be disabled since an activated screensaver blocks access to the GUI.
  • Best practice is a non-personal user account is used to connect to the machine because the tester(s) need to be able to access the session occassionally.
  • Scheduled software updates of the Machine would be required in most organisations, however it is adviced to agree on a common schedule when this is performed. If a mandatory reboot is required after the updates, an automatic login can be implemented to have the agent active again

 


Required setup of ToscaServer

ToscaServer uses a utility called ToscaRDPServer to open and close RDP connections to the Execution Agents. Unfortunately this can not be run as a windows service. This means a user session needs to be permanently logged in on ToscaServer and in this user session the ToscaRDPServer process needs to be running. 
 

Install and Setup ToscaRDPServer

  1. Copy the directory %TRICENTIS_HOME%\DistributedExecution\Rdp which can be found in the installation directory of Tosca Server to any machine that is always running and also runs a permanent user interface session. Ideally, this is the machine on which you have installed the Tosca Distribution Server itself, but it does not have to be, as is described later in this document

  2. On the machine you have copied this folder to, start the Tosca RDP Server. Right-click the file ToscaRdpServer.exe and select Run as administrator from the context menu.

  3. Make sure that TCP/UDP Port 3389 is open for outbound communication in the windows firewall and any other firewalls in your enterprise environment.

  4. ToscaRDPServer allows additional configuration options, see this page 

  5. If preferred ToscaRDPServer can also be setup to run through a scheduled task on the ToscaServer. This allows running the process as a SYSTEM user with elevated privileges. This does not require a permanently active user session on ToscaServer.

 

Configure Group and Security Policies

To enable test automation several group policies need to be applied to the machine and useraccount levels. Best practice is to have a separate Organisational Unit in Active directory specifically for these machines and users and put all the relevant settings in these.

Group policies are accessible using gpedit.msc
Security policies are accessible using  secpol.msc


Allow the use of Saved Credentials
This policy allows the use of saved credentials, required to have RDPServer connect to the Distribution Agent machines using RDP. The precise setup of these policies is depending on the security implementations of the organisation. In the most common setup this should be:

Group Policy Folder: Computer Configuration\Administrative Templates\System\Credentials Delegation\
Policies: Allow delegating Saved Credentials with NTLM-only Server Authentication
               Allow delegating Saved Credentials
Required value: Enabled, for Server TERMSRV/*

Allow Passwords to be saved
Group Policy: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Do not allow passwords to be saved
Required value: Disabled

Disable any prompts for passwords
Group Policy: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Prompt for credentials on the client computer.
Required Value: Disabled


Additional Machine settings

  • Best practice is to have the ToscaRDPServer process automatically start on login of the machine.
  • Scheduled software updates of the ToscaServer would be required in most organisations, however it is adviced to agree on a common schedule when this is performed. If a mandatory reboot is required after the updates, an automatic login could be implemented to have the ToscaRDPServer active again.

Connectivity test of the setup

The correct setup of the required firewall rules and group policies can be a complex activity in an enterprise environment. Testing this setup can be done without any additional tools. If this connectivity test has been successful, ToscaRDPServer will have no technical issues making the RDP connections. To do this test follow the next steps:
 

  1. Open a RDP connection to the ToscaServer using the account that will run the RDPServer.exe process
  2. From the ToscaServer, Create an RDP connection to the execution agent machine and click 'Show Options'

     
  3. In the options screen enter the connection details and tick the 'Allow me to save credentials' box
     
     
  4. Save the current connection settings to an RDP file by clicking button 'Save As'
  5. Double click on the saved RDP file
  6. On the login prompt, enter the user account and password and tick the box 'Remember Me'
     
  7. You should now be connected to the Execution Machine, disconnect this RDP connection
  8. Again, double click on the RDP file
  9. The RDP connection should now be established, and the desktop of the execution machine should be visible. No login or other prompts should have been visible on the ToscaServer or Execution machine during this process. If this is the case, the connectivity test was succesful.

If above test fails, double check all settings as specified in this document.
To identify which policies are actually applied to the system, use rsop.msc or gpresult


Alternative setup - ToScaRDPServer on a separate machine

From a security perspective it can be preferred to have the ToscaRDPServer process running on a machine other than ToscaServer. Although this is possible and supported, it requires modification of various configuration files.

  1. On ToscaServer, edit the web.config file that can be found under: C:\Program Files (x86)\Tricentis\Tosca Server\DexServer
    to match the machines address that will run ToscaRDPServer:


     

  2. Copy the directory %TRICENTIS_HOME%\DistributedExecution\Rdp which can be found in the installation directory of Tosca Server to the machine that will run the ToscaRDPServer Process

  3. In the destination folder, edit the configuration file ToscaRdpServer.exe.config and edit the following line to match the ip address of this machine.


     
  4. In the same file edit the following line to the correct IP address of the Dex Server


     
  5. On ToscaServer, restart IIS
  6. Start ToscaRdpServer.exe (you can check ToscaDistributionServerRdp.log if the startup was sucessfully)

 


Alternative setup - no use of ToScaRDPServer

The setup ToscaRDPserver requires a different approach to security than what most enterprises work with by default. Unfortunately these requirements are due to the technical requirements that are related to GUI tests. The above described process is the supported way of Tricentis to work with these limitations. For increaded security additional measures could be implemented like;

  • Limit which user accounts can open RDP connections to specific machines.
  • Limit access to production or internet environments from specific machines or users
     

The below process is an alternative setup for GUI Tests, however this has disadvantages as well. This process will disconnect an active RDP session, and send the GUI session to the machines' console window by using built-in windows funcionality. More info on this can be found on the site of Microsoft.

  1. Connect to the Distribution Agent machine using RDP from any workstation
  2. Configure the Tosca Distribution Agent not to use a RDP connection
  3. create a file called 'disconnect.bat' having the following content:
    for /f "skip=1 tokens=3" %%s in ('query user %USERNAME%') do (
    %windir%\System32\tscon.exe %%s /dest:console)

     

  4. Right-click on the file 'disconnect.bat' and select 'Run as Administrator' and the session is disconnected

Disadvantages

Although above process works, there are several disadvantages to this solution

  • the preferred and supported solution is to implement the use of ToscaRDPServer
  • the 'disconnect' from the RDP' requires local administrator access to each execution machine.
  • the 'disconnect from the RDP' should always be done in this specific way, this can easily be forgotton and a normal disconnect can be used. As a result of this the GUi test execution will fail since the user-context is locked.

Troubleshooting

Log Locations

To identify issues the following logs are created, the loglevel can be increased to DEBUG in the corresponding config file:

ToscaRDPServer: <Install Directory of ToscaRDPServer>\ToscaDistributionServerRdp.log
Tosca Distributed Execution Server: C:\ProgramData\TRICENTIS\ToscaServer\DistributionServer\logs\ToscaDistributionServer.log
Tosca Distribution Agent: <Install Directory of Tosca Distribution Agent>\ToscaDistributionAgent.log


Config File Locations

The config files of the different components of this setup can be found in below mentioned locations. If required the loglevel of the logs can be increased to DEBUG in these files. This become in effect the respective program or server needs to be restarted. Set the loglevel back to INFO when no more detailed logs are required for troubleshooting.

ToscaRDPServer: <Install Directory of ToscaRDPServer>\ToscaRdpServer.exe.config
Tosca Distributed Execution Server: C:\Program Files (x86)\TRICENTIS\Tosca Server\DEXServer\Web.config
Tosca Distribution Agent: <Install Directory of Tosca Distribution Agent>\ToscaDistributionAgent.exe.config

Additional config files for the Distribution Agent are located:
C:\Users\<user>AppData\Local\Tricentis_GmbH\ToscaDistributionAgent\<Tosca Version>\user.config
C:\ProgramData\TRICENTIS\TOSCA Testsuite\7.0.0\DistributedExecutionAgent
C:\Users\<user>\AppData\Roaming\TRICENTIS\TOSCA TestSuite\7.0.0\Settings\ToscaDistributionAgent\user.<Tosca version>.config

 


References

  • Setup Tosca Distributed Execution using HTTPS: KB0013845
  • How are the user credentials of a user being stored when using RDPServer:  KB0013919
IE BUMPER

Tosca is the perfect solution

Optimize - Manage - Automate

Download Trial