Modify the AFService​.exe​.config file

The PI AF Application connect string defines the location of the PI AF database and the security mode used to connect to this database. During an AF Server installation, the PI AF Application Service is configured to connect with the PI AF SQL Server database. For some installation scenarios, you may need to manually update the connect string in the AFService.exe.config file.

The PI AF database can be an Azure SQL Database, an Azure Managed Instance database, an Amazon Relational Database Service (RDS) database or a PI AF SQL Server database.

This topic provides instructions on how to modify the AFService.exe.config file to address the following scenarios:

• Specify a PI AF Azure SQL or Azure Manged Instance database that uses Microsoft Entra authentication and a user-assigned or system-assigned managed identity

• Specify a PI AF SQL Server database that uses SQL Server security mode

• Change the SQL Server mode and add a SQL Server user (also applies to Amazon RDS)

• Use integrated security (Windows authentication), SQL Server security or another setup (applies to Amazon RDS)

  Important: Restrict access to the AFService.exe.config file to authorized users only, including the account that runs the PI AF Application Service. You can edit the AFService.exe.config file to control who can access and sign on to PI AF server as well as set a security descriptor on the this file or its directory.

Specify an Azure database and user-assigned managed identity

Follow these steps to if you are using Azure SQL Database or an Azure Managed Instance to store your PI AF database with Microsoft Entra authentication and a user-assigned managed identity:

1. In Windows Explorer, navigate to the %PIHOME64%\AF folder on the PI AF Application Service computer.

2. On the PI AF server computer, open the AFService.exe.config file with a text editor, such as Notepad.

3. Verify that the connect string looks similar to the following example:

   <add key="connectString" value="server=exampleDataba.database.windows.net;database=<AFDatabaseName>;Application Name=AF Application Server;Trust Server Certificate=True;Authentication=Microsoft Entra ID Managed Identity;User ID= 00000000-0000-0000-0000-000000000000;Persist Security Info=False;/>

4. Modify the connect string if needed.

5. Save and close the file.

6. Restart the PI AF Application Service and any PI client applications that point to the on-premises PI AF SQL Server database.

Specify an Azure database and a system-assigned managed identity

Follow these steps to if you are using Azure SQL Database or Azure Managed Instance to store your PI AF database with Microsoft Entra authentication and a system-assigned managed identity:

7. In Windows Explorer, navigate to the %PIHOME64%\AF folder on the PI AF Application Service computer.

8. On the PI AF server computer, open the AFService.exe.config file with a text editor, such as Notepad.

9. Verify that the connect string looks similar to the following example:

   <add key="connectString" value="server=exampleDataba.database.windows.net;database=<AFDatabaseName>;Application Name=AF Application Server;Trust Server Certificate=True;Authentication=Microsoft Entra ID Managed Identity;Persist Security Info=False;/>

10. Modify the connect string if needed.

11. Save and close the file.

12. Restart the PI AF Application Service and any PI client applications that point to the on-prem PI AF SQL Server database.

Change the SQL Server security mode and add a SQL Server user (also applies to Amazon RDS)

If you want to use SQL Server security, you need to change the connect string to reference the correct security mode and add a SQL Server user and password. These steps can be followed if you are using Amazon RDS.

13. In Windows Explorer, navigate to the %PIHOME64%\AF folder on the PI AF Application Service computer.

14. Open the AFService.exe.config file with a text editor, such as Notepad.

15. Locate the connect-string key. It has the following format:

    <add key="connectString" value="Persist Security Info=False;Integrated Security=SSPI;Data Source=.\phxtest;Initial Catalog=PIFD;Trust Server Certificate=True; Application Name=AF Application Server;"/>

16. Modify the connect string by replacing Integrated Security=SSPI with Trust Server Certificate=True.

17. Add the SQL Server user ID (User ID) and password (Password) at the end of the connect string.

    After your changes, the connect string should resemble this example:

    <add key="connectString" value="Persist Security Info=False;Trust Server Certificate=True;Data Source=AFSQLDB\SQLEXPRESS;Initial Catalog=PIFD;Application Name=AF Application Server;User ID=af_sql_user;Password=af_sql_password;"/>

18. Save and close the file.

19. Restart the PI AF Application Service.

Examples for on-premises SQL Server and Amazon RDS

The following procedure provides instructions and examples of how to modify the connect string server portion of the AFService.exe.config file for your SQL Server scenario. These instructions can also be used for Amazon RDS.

Note: We recommend that you configure certificates for SQL Server installations. If you are unable to install certificates on SQL Server, then a self-signed certificate can be issued and trusted by updating "Trust Server Certificate=True". You can modify other attributes in the connect string, such as enabling encrypted communication or the authentication mode. For other options, see this Microsoft topic: SqlConnection.ConnectionString Property.

20. In Windows Explorer, navigate to the %PIHOME64%\AF folder on the PI AF Application Service computer.

21. Open the AFService.exe.config file with a text editor, such as Notepad.

22. Modify the connect string server portion of the AFService.exe.config file for your particular scenario:

    Integrated Security

    <add key="connectString" value="Persist Security Info=False;Integrated Security=SSPI;Data Source=AFSQLDB\SQLEXPRESS;Initial Catalog=PIFD;Application Name=AF Application Server;"/>

    SQL Server Security

    <add key="connectString" value="Persist Security Info=False;Trust Server Certificate=True;Data Source=AFSQLDB\SQLEXPRESS;Initial Catalog=PIFD;Application Name=AF Application Server;User ID=af_sql_user;Password=af_sql_password;"/>

    Remote SQL Server and named instance

    <add key="connectString" value="Data Source=<SQLName>[\SQLInstance];Initial Catalog=<PIFD>;Persist Security Info=False;User ID=af_sql_user;Password=af_sql_password;Trust Server Certificate=True;Application Name=&quot;AF Application Server&quot;" />

    SQL Server that runs on a cluster

    In this scenario, the IP address or computer name of the clustered resource is referenced.

    <add key="connectString" value="Data Source=<SQLClusterName>[\SQLInstance];Initial Catalog=<PIFD>;Persist Security Info=False;User ID=af_sql_user;Password=af_sql_password;Trust Server Certificate=True;Application Name=&quot;AF Application Server&quot;" />

    SQL Server that uses SQL Server mirroring with Failover Partner

    <add key="connectString" value="Data Source=<SQLClusterName>[\SQLInstance];Failover Partner=<SQLServerName>[\SQLInstance];Initial Catalog=<PIFD>;Persist Security Info=False;User ID=af_sql_user;Password=af_sql_password;Trust Server Certificate=True;Application Name=&quot;AF Application Server&quot;" />

23. Save and close the file.

24. Restart the PI AF Application Service.