Creating and Configuring a Workflow Manager Farm
Thanks to: http://www.harbar.net/
Now we have our base platform taken care of, we can proceed to create and configure the Workflow Manager Farm. There are a few things I like to do as standard for Workflow Manager production installations. These are not “best practices”, just recommendations!
- Use a SQL Alias for the SQL Server. It’s all very well and good having HA for the Workflow Manager hosts, but we shouldn’t overlook the database platform in this respectJ. I’m using a SQL Alias of SQLWFM in this example.
- Don’t store the Service Bus and Workflow Manager databases on the same SQL Instance that hosts your SharePoint databases.
Don’t collocate this stuff in production, it will only hurt you later. For this example I have a single instance hosting everything.
- Use a dedicated Service Account Identity. I use the same one for both Workflow Manager and Service Bus. In this example I’m using wfm@fabrikam.com (fabrikam\wfm).
- Everything else I leave at the defaults. One could change up the database naming convention, but that is only really of help if you are co-locating databases.
We can either use the Workflow Manager Configuration Wizard or Windows PowerShell to create and configure our farm. In reality, the Configuration Wizard simply is a UI which guides us through entering the settings. It then generates Windows PowerShell to actually perform the install and executes it. It also allows us to view and save that Windows PowerShell for later use. Are you paying attention SharePoint? :)
On the first server for the Workflow Manager Farm (FABWFM1):
- Launch the Workflow Manager Configuration Wizard
- Choose the Configure Workflow Manger with Default Settings (Recommended) option
- On the New Farm Configuration page
- Enter SQLWFM as the SQL Instance
- Enter wfm@fabrikam.com as the User ID
- Enter the password as the Password :)
- Enter a Certificate Generation Key twice, and remember it!
- Click the “Next” icon
- Wait while the commands to create the farm are generated
- On the Summary page, note the Get PowerShell Commands link. Click the “tick” icon to proceed and apply the configuration
- Wait while the Service Bus Farm and Workflow Manager Farm are created
- Once complete, click the “tick” icon to close the Configuration Wizard
Here’s the Windows PowerShell the wizard generates for me, and I can use when replicating the environment:
01 | # To be run in Workflow Manager PowerShell console that has both Workflow Manager and Service Bus installed. |
02 |
03 | # Create new SB Farm |
04 | $SBCertificateAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with Service Bus Certificate Auto-generation key ******' -Verbose; |
05 |
06 |
07 | New-SBFarm -SBFarmDBConnectionString 'Data Source=SQLWFM;Initial Catalog=SbManagementDB;Integrated Security=True;Encrypt=False' -InternalPortRangeStart 9000 -TcpPort 9354 -MessageBrokerPort 9356 -RunAsAccount 'wfm@fabrikam.com' -AdminGroup 'BUILTIN\Administrators' -GatewayDBConnectionString 'Data Source=SQLWFM;Initial Catalog=SbGatewayDatabase;Integrated Security=True;Encrypt=False' -CertificateAutoGenerationKey $SBCertificateAutoGenerationKey -MessageContainerDBConnectionString 'Data Source=SQLWFM;Initial Catalog=SBMessageContainer01;Integrated Security=True;Encrypt=False' -Verbose; |
08 |
09 | # To be run in Workflow Manager PowerShell console that has both Workflow Manager and Service Bus installed. |
10 |
11 | # Create new WF Farm |
12 | $WFCertAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with Workflow Manager Certificate Auto-generation key ******' -Verbose; |
13 |
14 |
15 | New-WFFarm -WFFarmDBConnectionString 'Data Source=SQLWFM;Initial Catalog=WFManagementDB;Integrated Security=True;Encrypt=False' -RunAsAccount'wfm@fabrikam.com' -AdminGroup 'BUILTIN\Administrators' -HttpsPort 12290 -HttpPort 12291 -InstanceDBConnectionString 'Data Source=SQLWFM;Initial Catalog=WFInstanceManagementDB;Integrated Security=True;Encrypt=False' -ResourceDBConnectionString 'Data Source=SQLWFM;Initial Catalog=WFResourceManagementDB;Integrated Security=True;Encrypt=False' -CertificateAutoGenerationKey $WFCertAutoGenerationKey -Verbose; |
16 |
17 | # Add SB Host |
18 | $SBRunAsPassword = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with RunAs Password for Service Bus ******' -Verbose; |
19 |
20 |
21 | Add-SBHost -SBFarmDBConnectionString 'Data Source=SQLWFM;Initial Catalog=SbManagementDB;Integrated Security=True;Encrypt=False' -RunAsPassword$SBRunAsPassword -EnableFirewallRules $true -CertificateAutoGenerationKey$SBCertificateAutoGenerationKey -Verbose; |
22 |
23 | Try |
24 | { |
25 | # Create new SB Namespace |
26 | New-SBNamespace -Name 'WorkflowDefaultNamespace' -AddressingScheme 'Path'-ManageUsers 'wfm@fabrikam.com','Administrator@FABRIKAM' -Verbose; |
27 |
28 | Start-Sleep -s 90 |
29 | } |
30 | Catch [system.InvalidOperationException] |
31 | { |
32 | } |
33 |
34 | # Get SB Client Configuration |
35 | $SBClientConfiguration = Get-SBClientConfiguration -Namespaces'WorkflowDefaultNamespace' -Verbose; |
36 |
37 | # Add WF Host |
38 | $WFRunAsPassword = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with RunAs Password for Workflow Manager ******' -Verbose; |
39 |
40 |
41 | Add-WFHost -WFFarmDBConnectionString 'Data Source=SQLWFM;Initial Catalog=WFManagementDB;Integrated Security=True;Encrypt=False' -RunAsPassword$WFRunAsPassword -EnableFirewallRules $true -SBClientConfiguration$SBClientConfiguration -CertificateAutoGenerationKey $WFCertAutoGenerationKey-Verbose; |
Now we go ahead and run the Workflow Manager Configuration Wizard on the second and third servers in the farm (FABWFM2 and FABWFM3).
- Launch the Workflow Manager Configuration Wizard
- Choose the Join an Existing Workflow Manager Farm option
- On the Join Farm page
- Enter SQLWFM as the SQL Instance
- Hit the Test Connection button
- Click the “Next” icon
- On the Join Workflow Manager Farm page
- Enter the Password for the Service Account
- Enter the Certificate Generation Key you used on FABWFM1
- Click the “Next” icon
- On the Join Service Bus Farm page
- Check the Use the same service account credentials as provided for Workflow Manager check box
- Enter the same Certificate Generation Key as used when creating the farm
- Click the “Next” icon
- Wait while the command to create the farm are generated
- On the Summary page, note the same Get PowerShell Commands link. Click the “tick” icon to proceed and apply the configuration
- Wait while the host is added to the Service Bus Farm and Workflow Manager Farm
- Once complete, click the “tick” icon to close the Configuration Wizard
Here’s the Windows PowerShell the wizard generates for me, and I can use when replicating the environment:
01 | # To be run in Workflow Manager PowerShell console that has both Workflow Manager and Service Bus installed. |
02 |
03 | # Add SB Host |
04 | $SBRunAsPassword = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with RunAs Password for Service Bus ******' -Verbose; |
05 |
06 |
07 | $SBCertificateAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with Service Bus Certificate Auto-generation key ******' -Verbose; |
08 |
09 |
10 | Add-SBHost -SBFarmDBConnectionString 'Data Source=SQLWFM;Initial Catalog=SbManagementDB;Integrated Security=True;Encrypt=False' -RunAsPassword$SBRunAsPassword -EnableFirewallRules $true -CertificateAutoGenerationKey$SBCertificateAutoGenerationKey -Verbose; |
11 |
12 | Try |
13 | { |
14 | # Create new SB Namespace |
15 | New-SBNamespace -Name 'WorkflowDefaultNamespace' -AddressingScheme 'Path'-ManageUsers 'wfm@fabrikam.com','Administrator@FABRIKAM' -Verbose; |
16 |
17 | Start-Sleep -s 90 |
18 | } |
19 | Catch [system.InvalidOperationException] |
20 | { |
21 | } |
22 |
23 | # Get SB Client Configuration |
24 | $SBClientConfiguration = Get-SBClientConfiguration -Namespaces'WorkflowDefaultNamespace' -Verbose; |
25 |
26 | # Add WF Host |
27 | $WFRunAsPassword = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with RunAs Password for Workflow Manager ******' -Verbose; |
28 |
29 |
30 | $WFCertAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with Workflow Manager Certificate Auto-generation key ******' -Verbose; |
31 |
32 |
33 | Add-WFHost -WFFarmDBConnectionString 'Data Source=SQLWFM;Initial Catalog=WFManagementDB;Integrated Security=True;Encrypt=False' -RunAsPassword$WFRunAsPassword -EnableFirewallRules $true -SBClientConfiguration$SBClientConfiguration -CertificateAutoGenerationKey $WFCertAutoGenerationKey-Verbose; |
Easy Peasy Lemon Squeezy. We can view the status of our Workflow Manager by running the Following Windows PowerShell on one of the hosts:
1 | Import-Module WorkflowManager |
2 | Get-WFFarm |
3 | Get-WFFarmStatus |
Which will give us the following output:
01 | FarmType : Workflow |
02 | WFFarmDBConnectionString : Data Source=SQLWFM;Initial Catalog=WFManagementDB;Integrated Security=True;Encrypt=False |
03 | RunAsAccount : wfm@fabrikam.com |
04 | AdminGroup : BUILTIN\Administrators |
05 | Hosts : {Name: FABWFM1.fabrikam.com, Configuration State: HostConfigurationCompleted, Name: FABWFM2.fabrikam.com, Configuration State: HostConfigurationCompleted, |
06 | Name: FABWFM3.fabrikam.com, Configuration State: HostConfigurationCompleted} |
07 | InstanceDBConnectionString : Data Source=SQLWFM;Initial Catalog=WFInstanceManagementDB;Integrated Security=True;Asynchronous Processing=True;Encrypt=False |
08 | ResourceDBConnectionString : Data Source=SQLWFM;Initial Catalog=WFResourceManagementDB;Integrated Security=True;Asynchronous Processing=True;Encrypt=False |
09 | HttpPort : 12291 |
10 | HttpsPort : 12290 |
11 | OutboundCertificate : Thumbprint: 53C96B64BAFC637A885F4BB4D0CB6ECB0F593680, IsGenerated: True |
12 | Endpoints : {https://FABWFM1.fabrikam.com:12290/, https://FABWFM2.fabrikam.com:12290/, https://FABWFM3.fabrikam.com:12290/} |
13 | SslCertificate : Thumbprint: 029D8DBD758DDE27AAD75D4B8C0816439EA1665D, IsGenerated: True |
14 | EncryptionCertificate : Thumbprint: 029D8DBD758DDE27AAD75D4B8C0816439EA1665D, IsGenerated: True |
15 |
16 | HostName : FABWFM1.fabrikam.com |
17 | ServiceName : WorkflowServiceBackend |
18 | ServiceStatus : Running |
19 |
20 | HostName : FABWFM1.fabrikam.com |
21 | ServiceName : WorkflowServiceFrontEnd |
22 | ServiceStatus : Running |
23 |
24 | HostName : FABWFM2.fabrikam.com |
25 | ServiceName : WorkflowServiceBackend |
26 | ServiceStatus : Running |
27 |
28 | HostName : FABWFM2.fabrikam.com |
29 | ServiceName : WorkflowServiceFrontEnd |
30 | ServiceStatus : Running |
31 |
32 | HostName : FABWFM3.fabrikam.com |
33 | ServiceName : WorkflowServiceBackend |
34 | ServiceStatus : Running |
35 |
36 | HostName : FABWFM3.fabrikam.com |
37 | ServiceName : WorkflowServiceFrontEnd |
38 | ServiceStatus : Running |
At this stage it is prudent to test the Workflow Manager Farm is responding on its virtual name from a machine which is not part of the farm. This also allows us to easily access the certificate we will need in the next stage.
Perform the following steps on FABSP1:
- Using Internet Explorer, browse to https://wfm.fabrikam.com:12290.
- We will see a certificate warning – as the certificate is untrusted.
- Click Continue to this website (not recommended) and we will see the Workflow Manager configuration returned:
- Click the Certificate Error icon to the right of the Address Bar
- Click View Certificates
- Click the Details tab
- Click the Copy to File… button
- On the Welcome to the Certificate Export Wizard page, click Next
- On the Export File Format page, click Next
- In the File name text box enter c:\wfm.cer and click Next
- Click Finish, followed by OK twice
Create a Workflow Service Connection in SharePoint
Now we have a functional Workflow Manager farm, load balanced we can use its virtual name to create the Service Connection in SharePoint.
These tasks assume that your SharePoint Farm is up and ready. We also need a SSL Web Application listening on https://intranet.fabrikam.com.
Perform the following tasks on FABSP1:
- Import the Workflow Manager SSL Services Certificate to the SharePoint Certificate Store. Execute the following Windows PowerShell:
1$trustCert=Get-PfxCertificate"c:\wfm.cer"2New-SPTrustedRootAuthority-Name"Workflow Manager Farm"-Certificate$trustCert
Watch out with this cmdlet. If the certificate file doesn’t exist it will still create a trust! Way to go SharePoint! Make sure to watch the output for any errors. If there are some, you will need to delete the trust before running New-SPTrustedRootAuthority again after resolving the problem.
- Register the Workflow Service connection with SharePoint by executing the following Windows PowerShell:
1Register-SPWorkflowService-SPSite"https://intranet.fabrikam.com"-WorkflowHostUri"https://wfm.fabrikam.com:12290"
Again watch out with this cmdlet. Notice a trend here? If this command fails the Service Application Proxy will still be created but it will be effectively broken. Again monitor the output for any errors. Clean up the connection and re-run Register-SPWorkflowService after resolving the problem.
- We can open up Central Administration and click the Workflow Service Application Proxy in Manage Service Applications to view the Workflow Service Status Page:
If there is a problem, in some cases we will see a different display:
But be wary, this will not always be the case. It’s entirely possible to have a broken Workflow connection, and this page display a connection.
The only real way to test properly is to crack open SharePoint Designer and attempt to create a SharePoint 2013 Workflow and then actually execute it.
On FABCLIENT1 perform the following steps:
- Launch SharePoint Designer and open https://intranet.fabrikam.com, wait whilst WebDAV gets it act together.
- Click the Site Workflow button on the ribbon
- Ensure that SharePoint 2013 Workflow is available in the Platform Type combo box:
If you are feeling pointy and clicky you can go ahead and configure and execute a Workflow. For the purposes of this article we will leave it here. Trust me, it works! :)
Comentarios
Publicar un comentario
Dime si la información de este blog te sirvio.