Install Keyfactor Command on a Windows Server Under IIS from the Command Line

The Keyfactor Command server can optionally be configured using a pair of configuration files and a command run from the command line. You may be provided one or both of these files by your Keyfactor Customer Success Manager. The configuration files for command-line configuration are:

Keyfactor Command Configuration File

This file, with an extension of .cmscfg, contains information in XML format to configure the Keyfactor Command database. This file can be generated by installing Keyfactor Command, running the configuration wizard and populating all the fields as desired, and then saving a copy of the configuration either with or without a password to encrypt sensitive information in the file (see Install Keyfactor Command on a Windows Server Under IIS). Keyfactor highly recommends using a strong password to protect the file. A file that has not been protected with a password will be missing the sensitive information that would be protected by the password encryption (e.g. service account passwords).
Input Parameters File

This file, with an extension of .xml, contains information in XML format to connect to and configure SQL, open the Keyfactor Command configuration file, locate the Keyfactor Command license, and create application pools, if desired.

To configure and, optionally, install Keyfactor Command from the command line:

Install the Keyfactor Command software using one of these methods:

Follow the initial instructions for Install Keyfactor Command on a Windows Server Under IIS except on the final installation wizard page, uncheck the Launch the Configuration Wizard now box and click Finish. The configuration wizard should not open.

Open an administrative command prompt and execute a command similar to the following:

start /wait msiexec /i <full path to install file>\KeyfactorPlatform.msi /Live <path for msiexec logs> /Quiet

This will install the default components of Keyfactor Command in a non-interactive way (/Quiet), output log information to a file (/Live), and wait to return to the command prompt until the installation is complete (start /wait).

If you wish to install a set of features other than the default features, you can add the ADDLOCAL parameter A parameter or argument is a value that is passed into a function in an application. and specify the features you wish to install. For example, the following command will install the Orchestrator Service API and Windows Services features:

start /wait msiexec /i <full path to install file>\KeyfactorPlatform.msi ADDLOCAL=AgentServicesFeature,ServiceFeature /Live <path for msiexec logs> /Quiet

The following features are available:

AgentServicesFeature

This installs the Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. Service API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. feature.
ConfigurationFeature

This installs the configuration wizard and is required for all installations.
ServiceFeature

This installs the Windows Services feature, which includes the Keyfactor Command Service (a.k.a. the timer service).
VCRedistFeature

This installs the Microsoft Visual C++ Redistributable and is required for all installations unless it has been separately installed.
WebApiFeature

This installs the WebAPI feature, which includes the Keyfactor API.
WebConsoleFeature

This installs the Management Portal feature, which includes the Keyfactor Command Management Portal and the Keyfactor API.

The features you decide to install will depend on the role the server will be playing in your Keyfactor Command implementation. Table 114: Features Required for Each Server Role shows the minimum features that need to be installed for each of the server roles shown in the table columns. If you're installing all the required features on a single server, you need everything. If you don't intend to use any orchestrators (see Orchestrators), you do not need to install the AgentServicesFeature.

Table 114: Features Required for Each Server Role

ADDLOCAL Parameter	Single Server	Management Portal	Windows Services	Keyfactor API	Orchestrator Service API
Configuration Feature
VC Redist Feature
Web Console Feature
Service Feature
Web Api Feature
Agent Services Feature

Acquire a Keyfactor Command configuration file from your Keyfactor Customer Success Manager or create one by installing and configuring Keyfactor Command on a test machine. It's not practical to attempt to generate this file manually, though a file can be edited once generated (other than password-protected fields).
Create an input parameters file. See Table 115: Input Parameters XML File Fields. A sample file can be found in the Configuration directory under the directory in which you installed Keyfactor Command. By default, this is:

C:\Program Files\Keyfactor\Keyfactor Platform\Configuration\InputParameters.xml
Open an administrative command prompt, change to the Configuration directory under the directory in which you installed Keyfactor Command (by default this is C:\Program Files\Keyfactor\Keyfactor Platform\Configuration), and execute a command similar to the following, referencing your input parameters file and using the appropriate parameters for the ConfigurationWizardConsole tool (see Table 116: ConfigurationWizardConsole.exe Options):

.\ConfigurationWizardConsole.exe -p C:\Stuff\InputParameters.xml -u

Tip: Check the Keyfactor Command log and the Windows application event log for errors if the installation does not complete successfully (see Configure Logging).

Table 115: Input Parameters XML File Fields

Parameter Description

Protected A Boolean indicating whether sensitive information in the Keyfactor Command configuration file is protected with a password (true) or not (false).

Password A string containing the password used to protect the Keyfactor Command configuration file if Protected is set to true.

Configuration File The full path to the Keyfactor Command configuration file (e.g. C:\Stuff\myconfig.cmscfg).

Database Server

The hostname or IP address of the SQL server where the Keyfactor Command database will be installed, with optional port. For example:

Local with default port:
mysql.keyexample.com
Azure SQL
myazuresql.database.windows.net,1433

Database The name of the database in SQL for Keyfactor Command. If a database with this name exists, it will be used (see ForceDatabaseConversion). If it doesn't, it will be created (see CreateDatabaseIfMissing).

Create Database If Missing A Boolean indicating whether the SQL database should be created if it does not exist (true) or not (false). If this is set to false and a database does not exist, an error will be generated and the configuration will not continue.

Force Database Conversion A Boolean indicating whether a pre-existing SQL database should be converted for use by Keyfactor Command (true) or not (false). If this is set to false and a pre-existing database that has not already been converted for Keyfactor Command use is found, an error will be generated and the configuration will not continue.

Force Database Upgrade A Boolean indicating whether a pre-existing SQL database should be upgraded from a previous version of Keyfactor Command (true) or not (false). If this is set to false and a pre-existing database that is running a version of Keyfactor Command that does not match the version being installed is found, an error will be generated and the configuration will not continue.

Continue On Sql Grant Error A Boolean indicating whether the configuration should continue if an error is encountered when attempting to set SQL permissions.

Sql Username A string containing the SQL username to be used to authenticate to the SQL server if you have opted to use SQL authentication. For an on-premise SQL server, the server must be configured to support mixed mode authentication in order to use the SQL option. This option can be used to connect to cloud-based (e.g. Azure) SQL servers. Leave this field blank if you are using Windows integrated authentication. The credentials of the logged on user executing the command will be used to authenticate to SQL.

Sql Password A string containing the SQL password to be used to authenticate to the SQL server. Leave this field blank if you are using Windows integrated authentication.

License File The full path to your Keyfactor Command license file (e.g. C:\Stuff\keyexample.cmslicense).

Appliation Pools To Create

An array of application pools to create. A separate application pool is required for each virtual directory that will be created for Keyfactor Command in IIS. If you choose to install all the roles, this will be either four or five application pools for the virtual directories with the following names, by default:

KeyfactorAgents (Keyfactor Command agent and orchestrator service endpoint)
KeyfactorAnalysis (Keyfactor Command dashboard and reporting)
KeyfactorAPI (Keyfactor API)
KeyfactorPortal (Keyfactor Command Management Portal)
KeyfactorProxy (Keyfactor Command proxy to your identity provider for OAuth support; only created if an identity provider other than Active Directory is used as the identity provider)

Application pool fields include:

Parameter	Description
Name	A string containing the name of the application pool to create.
Username	A string containing the user name of the Active Directory (DOMAIN\username format) or local (HOSTNAME\username format) service account under which the application pool will run. Tip: The same service account may be used for all application pools.
Password	A string containing the password of the Active Directory or local service account under which the application pool will run.
Fail If Exists	A Boolean indicating whether the configuration will fail if the application pool already exists (true) or not (false).

For example:

Copy

<ApplicationPoolsToCreate>
<!--Remove this section if none are to be created-->
   <WizardApplicationPool>
      <Name>KeyfactorPortalPool</Name>
      <Username>KEYEXAMPLE\svc_kyfpools</Username>
      <Password>MySecurePassword</Password>
      <FailIfExists>true</FailIfExists>
   </WizardApplicationPool>
   <WizardApplicationPool>
      <Name>KeyfactorAPIPool</Name>
      <Username>KEYEXAMPLE\svc_kyfpools</Username>
      <Password>MySecurePassword</Password>
      <FailIfExists>true</FailIfExists>
   </WizardApplicationPool>
   <WizardApplicationPool>
      <Name>KeyfactorAnalysisPool</Name>
      <Username>KEYEXAMPLE\svc_kyfpools</Username>
      <Password>MySecurePassword</Password>
      <FailIfExists>true</FailIfExists>
   </WizardApplicationPool>
   <WizardApplicationPool>
      <Name>KeyfactorAgentsPool</Name>
      <Username>KEYEXAMPLE\svc_kyfpools</Username>
      <Password>MySecurePassword</Password>
      <FailIfExists>true</FailIfExists>
   </WizardApplicationPool>
</ApplicationPoolsToCreate>

Table 116: ConfigurationWizardConsole.exe Options

Switch	Description
-p, --paramfile	The full path to the input parameters XML file. This switch is required.
-u, --unattended	Do not output errors at the console. Errors will be redirected to the Windows event log.
-d, --database	Create the database in SQL but do not configure Keyfactor Command.
-s, --scriptpath	The full path to a non-standard location for the scripts used during a database upgrade. By default, these are found in the following path: C:\Program Files\Keyfactor\Keyfactor Platform \Configuration\DatabaseUpgrade This option is typically only used by Keyfactor Support.
--help	Display the help.
--version	Display the version information.

Was this page helpful? Provide Feedback

Version v25.1.1

On this page: