NOTE ABOUT ADMIN GROUP: Group that contains the principals whom will administer the Workflow Manager farm By default this will be the built in Administrators group on each server in the farm. If you wish to have more control across a three server farm, this should be (not must be) a Domain Group and contain the user accounts needed. Under no circumstances whatsoever is it necessary to add SharePoint Service Accounts into this group.
Helpful to note if troubleshoot is needed later:.NET Framework 4 Platform Update 3 or.NET Framework 4.5 Service Bus 1.0 Workflow Client 1.0 PowerShell 3.0 Instance of SQL Server 2008 R2 SP1, SQL Server Express 2008 R2 SP1, or SQL Server 2012. TCP/IP connections or named pipes must be configured in SQL Server Windows Firewall must be enabled Ports 12290 and 12291 must be available. Prerequisites
Central Certificate Requirements If you select an existing certificate, make sure the certificate: Has a subject name, subject alternative name, and both a private and public key Is installed in the personal store of all computers in the farm or any computer that intends to join the farm Is Valid in with respect to the start date, end date, trust chain Has AT_KeyExchange set Can be used as a server certificate Corresponding CRL list for signing authority is present Prerequisites
High Availability Workflow Manager farm supports a farm of a single computer running both Workflow Manager farm and the required Service Bus farm. If you require high availability you must expand the farm to three (3) computers. Two node farms cannot guarantee high availability. Prerequisites
Installation 3. Install Workflow Manager updates Go to Microsoft Download Center and check for Workflow Manager updates: http://www.microsoft.com/en-us/download/default.aspx NOTE – You can find cumulative updates in the WPI as well
Installation Search for workflow. Sort results by most recent.
Configuration 6. Run Workflow Manager Configuration After you have Workflow Manager installed, Workflow Manager update, and Service Bus update (Service Bus gets installed with Workflow Manager) and have verified they are all there, you are ready to run the Workflow Configuration Manager. From: http://www.harbar.net/articles/wfm2.aspxhttp://www.harbar.net/articles/wfm2.aspx
Configuration Note: Configuration Wizard generates PowerShell to perform and execute the install 6. Select Default Settings option
Configuration 8. Complete Farm Configuration Service Account (Run As user from earlier) HTTP - > Not recommended for Production Remember the key you choose for the certificate!
Configuration Workflow Manager summarizes what will happen… Note – You can click to open text file with PowerShell commands
Configuration POWERSHELL: # To be run in Workflow Manager PowerShell console that has both Workflow Manager and Service Bus installed. # Create new SB Farm $SBCertificateAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with Service Bus Certificate Auto-generation key ******' -Verbose; New-SBFarm -SBFarmDBConnectionString 'Data Source=PASRVSQL2;Initial Catalog=SbManagementDB;Integrated Security=True;Encrypt=False' -InternalPortRangeStart 9000 -TcpPort 9354 -MessageBrokerPort 9356 - RunAsAccount 'PROACTIVE\sysSharePoint' -AdminGroup 'BUILTIN\Administrators' - GatewayDBConnectionString 'Data Source=PASRVSQL2;Initial Catalog=SbGatewayDatabase;Integrated Security=True;Encrypt=False' -CertificateAutoGenerationKey $SBCertificateAutoGenerationKey - MessageContainerDBConnectionString 'Data Source=PASRVSQL2;Initial Catalog=SBMessageContainer01;Integrated Security=True;Encrypt=False' -Verbose;
Configuration # To be run in Workflow Manager PowerShell console that has both Workflow Manager and Service Bus installed. # Create new WF Farm $WFCertAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with Workflow Manager Certificate Auto-generation key ******' -Verbose; New-WFFarm -WFFarmDBConnectionString 'Data Source=PASRVSQL2;Initial Catalog=WFManagementDB;Integrated Security=True;Encrypt=False' -RunAsAccount 'PROACTIVE\sysSharePoint' -AdminGroup 'BUILTIN\Administrators' -HttpsPort 12290 -HttpPort 12291 -InstanceDBConnectionString 'Data Source=PASRVSQL2;Initial Catalog=WFInstanceManagementDB;Integrated Security=True;Encrypt=False' - ResourceDBConnectionString 'Data Source=PASRVSQL2;Initial Catalog=WFResourceManagementDB;Integrated Security=True;Encrypt=False' -CertificateAutoGenerationKey $WFCertAutoGenerationKey -Verbose; # Add SB Host $SBRunAsPassword = ConvertTo-SecureString -AsPlainText -Force -String '***** Replace with RunAs Password for Service Bus ******' -Verbose; Add-SBHost -SBFarmDBConnectionString 'Data Source=PASRVSQL2;Initial Catalog=SbManagementDB;Integrated Security=True;Encrypt=False' -RunAsPassword $SBRunAsPassword -EnableFirewallRules $true - CertificateAutoGenerationKey $SBCertificateAutoGenerationKey -Verbose;
Configuration 11. Test HTTPS Endpoint You will receive a certificate error. This is OK.
Configuration 12. Export the Certificate 1.Click the Certificate Error icon to the right of the Address Bar 2.Click View Certificates 3.Click the Details tab 4.Click the Copy to File… button 5.On the Welcome to the Certificate Export Wizard page, click Next 6.On the Export File Format page, click Next 7.In the File name text box enter c:\wfm.cer and click Next 8.Click Finish, followed by OK twice http://www.harbar.net/articles/wfm2.aspx
Configuration IMPORTANT: Watch out with this cmdlet. If the certificate file doesnt exist it will still create a trust! Watch the output for any errors. If there are some, you will need to delete the trust before running New- SPTrustedRootAuthority again after resolving the problem.
Configuration 14. Register Workflow Service Connection Register-SPWorkflowService -SPSite "https://intranet.pa-tech.com" -WorkflowHostUri "https://pasrvsp2.pa-tech.com:12290"https://intranet.pa-tech.comhttps://pasrvsp2.pa-tech.com:12290 Note: You CAN register the HTTP (non-Production environments) Register-SPWorkflowService -SPSite "http://pasrvsp2" - WorkflowHostUri "http://pasrvsp2.pa-tech.com:12291"http://pasrvsp2http://pasrvsp2.pa-tech.com:12291 CAUTION: Watch out with this cmdlet. If this command fails the Service Application Proxy will still be created, but it will be effectively broken. Monitor the output for any errors. If necessary, clean up the connection and re-run Register-SPWorkflowService after resolving the problem.