# RAS Enrollment Server configuration RAS Enrollment Server communicates with Microsoft Certificate Authority (CA) to request, enroll, and manage digital certificates on behalf of a user for SSO authentication in the Parallels RAS environment. {% hint style="info" %} **Note:** For security reasons, RAS Enrollment Server should be installed on a secure, dedicated server similar to an Active Directory Domain Controller or Certificate Authority with no other Parallels RAS components installed. {% endhint %} ## **Setup and configure RAS Enrollment Server** You can remotely install the RAS Enrollment Server Agent on a specified server from the RAS Console. You can also install the Agent by running the standard RAS installer on the desired server. To remotely install the RAS Enrollment Server: 1. In the RAS Console, navigate to **Farm** > **Site** > **Enrollment servers**. 2. Click **Tasks** > **Add**. 3. Specify the FQDN or IP address of the server where you want the RAS Enrollment Server Agent to be installed. 4. Click **Next**. 5. In the **Enrollment Server Agent Information** dialog, click **Install** and follow the onscreen instructions. To install the RAS Enrollment Server using the Parallels RAS installer: 1. Run the Parallels RAS installer on the server where you want the RAS Enrollment Server Agent installed. 2. On the **Select Installation Type** page, select **Custom** and click **Next.** 3. Clear all other components and select the Parallels RAS Enrollment Server component. 4. Click **Next** and follow the onscreen instructions. 5. Once the RAS Enrollment Server is installed, open the RAS Console and navigate to **Farm** > **Site** > **Enrollment servers**. 6. Click **Tasks** > **Add**. 7. Enter the Enrollment Server FQDN or IP address and click **Next**. 8. Follow the onscreen instructions to add the server to the Farm. ## **Obtain and copy the registration key** If you perform a manual installation using the RAS installer, it is necessary to place a registration key file on the Enrollment Server host. This step is not required if the RAS Enrollment Server Agent was remotely deployed from the RAS Console. First, you need to obtain the registration key file as follows: 1. Open the RAS Console and navigate to **Farm** > **Site** > **Enrollment servers**. 2. Click **Tasks** > **Export registration key**. 3. Save the key to a file named *registration.crt*. Once you have the registration.crt file, copy it to the following folder on the server where you have the RAS Enrollment Server installed, by default in the following path: `C:\Program Files (x86)\Parallels\ApplicationServer\x64` {% hint style="info" %} **Note:** It is mandatory for the registration key file to be named "registration.crt". {% endhint %} ## **Configure AD integration** After you added the RAS Enrollment Server in the RAS Console, you need to configure AD integration for it as follows: 1. In the RAS Console, navigate to **Farm** > **Site** > **Enrollment Servers**. 2. Select the **AD Integration** tab. 3. In the **Certificate authority (CA)** section, specify the configuration string of your Enterprise CA where the new certificate templates, (Prls Enrollment Agent and Prls Smartcard Logon) were created. This should be done in the following format: `CAhostname.domain\issuing CA name` Alternatively, you can click the **\[...]** button to select a CA. For configuration details, see [**Configure certificate authority templates**](/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/saml-sso-authentication/saml-configuration/configure-certificate-authority-templates.md). 4. In the **Enrollment Agent** section, specify the Enrollment Agent username and password. For configuration details, see [**Active Directory user account configuration**](/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/saml-sso-authentication/saml-configuration/active-directory-user-account-configuration.md). 5. In the **NLA user** section, specify the NLA username and password. For configuration details, see [**Active Directory user account configuration**](/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/saml-sso-authentication/saml-configuration/active-directory-user-account-configuration.md). 6. Click the **Validate AD integration settings** button to make sure that the information you've entered is valid. ## **Using computer management tools** You can perform standard computer management tasks on a RAS Enrollment Server host right from the RAS Console. These include Remote Desktop Connection, PowerShell, Computer Management, Service Management, Event Viewer, IPconfig, Reboot, and others. To access the **Tools** menu, click **Tasks** > **Tools** and choose a desired tool. For requirements and usage information, see [**Computer management tools**](/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/common-management-tasks/computer-management-tools.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.parallels.com/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/saml-sso-authentication/saml-configuration/ras-enrollment-server-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.