Workflow Manager 1.0- Installation, Configuration and Issues

-

Install Workflow Manager

Install workflow manager binaries from Microsoft Web Platform Installer 5.0
1) Workflow Manager 1.0 Refresh(CU2)
2) Workflow Manager 1.0 CU5


Workflow Manager 1.0 Refresh (CU2)

Open Microsoft Web Platform Installer 5.0 and search for Workflow Manager.
Select Workflow Manager 1.0 Refresh (CU2) and click on Add.
Click on I Accept
Select Use Microsoft Update and click Continue. It’ll install service bus and workflow manager on the server.



Click on continue. Run configuration wizard if you are configuring it for fresh installation. And don’t run configuration wizard if you have to restore the Workflow Manager from database backups.


Workflow Manager 1.0 CU5

Select Workflow manager 1.0 CU5 and click Add.
Click Install to begin installation.
Click I accept.

It’ll download and install CU5.


Click Finish to complete the installation.

Workflow Manager DR Configuration

Restore the 4 SQL databases

Restore following databases to new server:
  1. WFResourceManagementDb, 
  2. WFInstanceManagementDb, 
  3. SBGatwayDatabase, 
  4. SBMessageContainer01
WFManagementDB and SbManagementDB will be created by command during restore process.

Export/Import Service bus certificate

This step should be part of your backup process.
Export certificate (Fully Qualified Server name) from Local Computer-> Personal ->Certificate store having issued by field as AppServerGeneratedSBCA and Thumbprint same as we get by running Get-SBFarm cmdlet on prod server.

  1. Type mmc in run.
  2. File > Add or Remove snap-ins
  3. Select Certificates and click Add
  4. Select Computer Account click next.
  5. Select Local Computer and click Finish and then click OK.
  6. Click Personal > Certificates
  7. Open Workflow Management Shell in admin mode.
  8. Type Get-SBFarm
  9. Now in Certificate store open <fully-qualified-server-name> certificate and match the thumbprint with the SBFarm’s thumbprint. If matched then download the certificate with private key.

Certificate Location

Import <fully-qualified-server-name> certificate into SP2019 server Local Computer-> Personal ->Certificate store, it will import 2 certificate
1) <fully-qualified-server-name>
2) AppServerGeneratedSBCA
Copy AppServerGeneratedSBCA from Personal store to Trusted Root CA store.

The Service Bus root certificate should be imported into the LocalMachine\TrustedRootAuthorities store.
The other Service Bus certs should be imported into the LocalMachine\Personal store.
Otherwise Restore-SBFarm will throw error not able to find certificate with Thumbprint...

Service Bus and Workflow Manager Farm Restore Commands

You need to run commands in following order otherwise it might corrupt database:
  1. Restore-SBFarm
  2. Restore-SBMessageContainer
  3. Restore-SBGateway
  4. Add-SBHost
  5. Restore-WFFarm
  6. Add-WFHost
I've created a single PowerShell Script to run all the steps. Save this script as Restore-WFMFarm.ps1 and update the highlighted values. Replace Certificate thumbprint obtained in previous step. And SBNamespace PrimarySymmetricKey can be obtained by running Get-SBNamespace on main server (must store in backup settings). 

[CmdletBinding()]
param(
[Parameter(Mandatory = $true)]
[Int] $Step
)
#$Step = 1

$date = (Get-Date).ToString().Replace(" ","_").Replace("/","_").Replace(":","_")
Start-Transcript -Path "$PSScriptRoot\Logs\Restore-WFMFarm-$date.log"

$GatewayConStr  ='Data Source=SP19SQLAlias;Initial Catalog=SbGatewayDatabase;Integrated Security=True;Encrypt=False'
$SBFarmConStr   ='Data Source=SP19SQLAlias;Initial Catalog=SbManagementDB;Integrated Security=SSPI;Asynchronous Processing=True'
$ContainerConStr='Data Source=SP19SQLAlias;Initial Catalog=SBMessageContainer01;Integrated Security=SSPI;Asynchronous Processing=True'


$WFInstanceManagementDB ='Data Source=SP19SQLAlias;Initial Catalog=WFInstanceManagementDB;Integrated Security=True;Asynchronous Processing=True;Encrypt=False'
$WFResourceManagementDB ='Data Source=SP19SQLAlias;Initial Catalog=WFResourceManagementDB;Integrated Security=True;Asynchronous Processing=True;Encrypt=False'
$WFManagementDB         ='Data Source=SP19SQLAlias;Initial Catalog=WFManagementDB;Integrated Security=True;Encrypt=False'

##SPP_Farm Account Password
$runAsAccount = 'domain\account'
$myPassword= convertto-securestring 'EQpCALdAz3' -asplaintext -force
$mykey= convertto-securestring 'gzhrcrmVg6' -asplaintext -force 


$ConsistencyVerifierLogPath = "$PSScriptRoot\Logs\Restore-WFFarm-$date-log.txt"  

try{

    #STEP 1
    if($Step -eq 1)
    {
        Write-Host 'Starting SBFarm Restore...' -ForegroundColor Yellow
        Restore-SBFarm -RunAsAccount $runAsAccount -FarmCertificateThumbprint PEDESUBDJQDFBDBVPNTYFFSGQONGPDLMMSRXYTMR -GatewayDBConnectionString $GatewayConStr -SBFarmDBConnectionString $SBFarmConStr -AdminGroup 'BUILTIN\Administrators' -EncryptionCertificateThumbprint PEDESUBDJQDFBDBVPNTYFFSGQONGPDLMMSRXYTMR -Verbose
        Write-Host 'SBFarm Restore command completed' -ForegroundColor Green
    }
   
    #STEP 2 - Donot run Restore-SBGateway before restoring SBMessageContainer as Gateway point to Old database and update the old database if found.
    if($Step -eq 2)
    {
        Write-Host 'Starting SBMessageContainer Restore...' -ForegroundColor Yellow
        Restore-SBMessageContainer -ContainerDBConnectionString $ContainerConStr -SBFarmDBConnectionString $SBFarmConStr –id 1 #-Verbose
        Write-Host 'SBMessageContainer Restore completed' -ForegroundColor Green
    }

    #STEP 3   
    if($Step -eq 3)
    {
        Write-Host 'Starting SBGateway Restore...' -ForegroundColor Yellow
        Restore-SBGateway -GatewayDBConnectionString $GatewayConStr  -SBFarmDBConnectionString $SBFarmConStr -Force -Verbose
        Write-Host 'SBGateway Restore completed' -ForegroundColor Green
    }

    #STEP 4
    if($Step -eq 4)
    {
        Add-SBHost -EnableFirewallRules $TRUE -RunAsPassword $myPassword -SBFarmDBConnectionString $SBFarmConStr -Verbose   
        Write-Host 'SBFarm Restored successfully.' -ForegroundColor Green
    }

    #STEP 5
    if($Step -eq 5)
    {
        #Write-Host 'Updating Config file...' -ForegroundColor Yellow
        #$filename = Resolve-Path "$PSScriptRoot\wfm.config"
        #[System.AppDomain]::CurrentDomain.SetData("APP_CONFIG_FILE", $filename.Path)
        #
        #Add-Type -AssemblyName System.Configuration
        #[Configuration.ConfigurationManager].GetField("s_initState", "NonPublic, Static").SetValue($null, 0)
        #[Configuration.ConfigurationManager].GetField("s_configSystem", "NonPublic, Static").SetValue($null, $null)
        #([Configuration.ConfigurationManager].Assembly.GetTypes() | where {$_.FullName -eq "System.Configuration.ClientConfigPaths"}).GetField("s_current", "NonPublic, Static").SetValue($null, $null)
        #[Configuration.ConfigurationManager]::ConnectionStrings[0].Name
        #Write-Host 'Config file Updated' -ForegroundColor Green
       

        Write-Host 'Starting WFFarm Restore...' -ForegroundColor Yellow
   
        #To remove WorkflowDefaultNamespace Error
        Set-SBNamespace -PrimarySymmetricKey JOnobvSwRo+DwBeVycBgXhMkKPFyKo0tDTowGcTNfoaZ -Name WorkflowDefaultNamespace -Verbose

        #The remote server returned an error: (401) Unauthorized. Manage claim is required for this operation.
        Set-SBNamespace -Name WorkflowDefaultNamespace -ManageUsers @($runAsAccount) -Verbose
   
        $culture =[System.Globalization.CultureInfo]::CreateSpecificCulture("en-US");
        $currentDate =(Get-Date).ToString("F",$culture);
        Restore-WFFarm  -RunAsAccount $runAsAccount -InstanceDBConnectionString $WFInstanceManagementDB -ResourceDBConnectionString $WFResourceManagementDB -WFFarmDBConnectionString $WFManagementDB -InstanceStateSyncTime $currentDate -ConsistencyVerifierLogPath $ConsistencyVerifierLogPath -CertificateAutoGenerationKey $myKey -Verbose
        Write-Host 'WFFarm Restored completed' -ForegroundColor Green
    }

    #STEP 6
    if($Step -eq 6)
    {
        Add-WFHost -WFFarmDBConnectionString $WFManagementDB -RunAsPassword $myPassword -EnableFirewallRules $TRUE -CertificateAutoGenerationKey $myKey -Verbose   
        Write-Host 'WFHost Added successfully' -ForegroundColor Green
    }

}
catch{
    Write-Host $_ -ForegroundColor Red
}
finally{
    Stop-Transcript -ErrorAction SilentlyContinue
}


Open Workflow Manager PowerShell as run as administrator and navigate to the folder where script is placed.

Restore-SBFarm

Run following command to restore service bus farm from database backups:
.\Restore-WFMFarm -Step 1


Restore-SBMessageContainer

Run following command to restore message container from database backups:
.\Restore-WFMFarm -Step 2


Note: Do not run Restore-SBGateway before restoring SBMessageContainer as Gateway point to Old MessageContainer database and update the old database if found. You can check the old connection in ContainersTable in SBGatewayDatabase. Restoring Message container reset the connection string in SBGatewayDatabase and start pointed to new database.

Restore-SBGateway

Run following command to restore message container from database backups:
.\Restore-WFMFarm -Step 3

Add-SBHost

Run following command to Add service bus host:
.\Restore-WFMFarm -Step 4



Restore-WFFarm

Run following command to restore workflow manager farm from database backups:
.\Restore-WFMFarm -Step 5


Add-WFHost

Run following command to restore workflow manager farm from database backups:
.\Restore-WFMFarm -Step 6


Run Get-WFFarmStatus to check the status of Workflow services, both  front-end and back-end service should be running.



If both the service are not in running state check Issues. Run Get-WFFarm to get the farm configuration

If Endpoints doesn’t display http bindings then check HTTP Site at port 12291 not available in IIS.

Configure SharePoint to run Workflow

Install Workflow Manager Client

Install Workflow Manager Client on the all the server in SharePoint farm.

Open Web Platform Installer and search for Workflow Manager

Select Workflow Manager Client 1.0 CU4 and then click install.


Click finish to complete the installation.

Create Workflow Service Application

  1. Logon to SharePoint Application Server -> Open Central Administration
  2. Create Workflow Service Application in SharePoint farm.

Register-SPWorkflowService

Run following PowerShell script in elevated SharePoint Management Shell:
Register-SPWorkflowService -SPSite http://sharePoint/ -WorkflowHostUri http://workflowhost:12291/ -force -AllowOAuthHttp



Workflow Manager Certificate Expired 

Follow the msdn link to update the certificate
https://docs.microsoft.com/en-gb/archive/blogs/whereismysolution/changing-my-workflow-manager-farm-certificates

Once you have new cert in the cert store, you can update it using the below PowerShell:
  1. So, the first step should be updating the Service Bus Services, for that you should start a Workflow Manager PowerShell console as an Administrator and run the below cmdlets.
    Set-SBCertificate -FarmCertificateThumbprint <YourThumbprint> -EncryptionCertificateThumbprint <YourThumbprint>
    Stop-SBFarm -Verbose
    Update-SBHost
    Start-SBFarm 
  2. After this step, we need to update the Workflow Manager Services related Certificates
    Set-WFCertificate -SslCertificateThumbprint <YourThumbprint> -EncryptionCertificateThumbprint <YourThumbprint>
    Stop-WFHost
    Update-WFHost
    Start-WFHost

Re-installing workflow Manager

Remove WF Host and SBHost

Run following PowerShell command to remove WFHost and SBHost from Farm.
# Remove WF Host
Remove-WFHost -Verbose;

# Remove SB Host
Remove-SBHost -Verbose;
OR you can remove from Workflow Configuration Wizard by selecting Leave Workflow Manager Farm and it will remove WFHost and SBHost both.

Uninstall Binaries

From control panel-> uninstall a Program remove following binaries in order:

1. Workflow Manager Client 1.0
2. Workflow Manager 1.0
3. Windows Fabric
4. Service Bus 1.1

Install and configure Workflow Manager

As described at the start of post.

Issues

Restore-SBFarm throws error cannot find Certificate
Restore-SBFarm will throw error not able to find certificate with Thumbprint ….. 
Resolution: Install service bus certificate.

Restore-SBGateway throws error cannot re-index database in Online mode

Restore-SBGateway command throws error “cannot re-index database in Online mode for SQL Standard version”.
Resolution: Follow the link to edit “C:\Program Files\Service Bus\1.1\CommonGatewayStoreUpgrade.sql” and replace ONLINE = ON with ONLINE = OFF
https://stackoverflow.com/questions/29930176/rebuild-indexes-on-invokesbfarmupgrade

Restore-SBGateway updates the live server SBMessageContainer database version

If you have run the Restore-SBGateway command before running Restore-SBMessageContainer command and it has updated the live message container database. And live environment started throwing error in event log 
Application and Services log > Microsoft-Workflow > Operations 
Service Bus exception swallowed at location NamespaceSender.SendMessageRetryAsyncResult.HandleException. System.OperationCanceledException: 50002: Provider Internal Error.TrackingId:69e7ea41-69da-4299-baea-5e4fd4ae5613_GSHAREPOINTSERVER,TimeStamp:24/02/2020 12:27:21 ---> Microsoft.ServiceBus.Messaging.MessagingException: 50002: Provider Internal Error.TrackingId:69e7ea41-69da-4299-baea-5e4fd4ae5613_GSHAREPOINTSERVER,TimeStamp:24/02/2020 12:27:21 ---> System.ServiceModel.FaultException: 50002: Provider Internal Error.TrackingId:69e7ea41-69da-4299-baea-5e4fd4ae5613_GSHAREPOINTSERVER,TimeStamp:24/02/2020 12:27:21 
Application and Services log > Microsoft-ServiceBus > Operations
TrackingId: d58a611d-bc40-49c1-80dc-2d2e239b1e4f, SubsystemId: NoSystemTracker. Failed to open message container 1 with error Microsoft.ServiceBus.Messaging.MessagingException: The current SQL store provider assembly is out-of-date and no longer compatible with the installed SQL logic and schema. Update the SQL store provider assembly to version '2.13.0.0' or greater. 
Resolution: Restore MinimumRequiredRuntimeVersionTable values and StoreVersionTable values. Directly update database with the old values (using Update command or directly edit table).

Restore-SPMessageContainer throws Error 'UpdateContainerStoreVersion' expects parameter '@databaseName'

VERBOSE: [18/02/2020 11:39:04]: Checking consistency for entities.
TerminatingError(Restore-SBMessageContainer): "Procedure or function 'UpdateContainerStoreVersion' expects parameter '@databaseName', which was not supplied."
Procedure or function 'UpdateContainerStoreVersion' expects parameter '@databaseName', which was not supplied. 
Resolution: 'UpdateContainerStoreVersion’ stored procedure is part of Gateway database and tries to update Messagecontainer database version in ContainersTable in Gateway database. Restore-SBGateway it’ll again check consistency for entities and update the container database version.

Restore-WFFarm: Could not load file or assembly 'Microsoft.ServiceBus

 Restore-WFFarm : Could not load file or assembly 'Microsoft.ServiceBus, Version=1.8.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
At D:\Brij\PowerShell\Restore-WFMFarm.ps1:40 char:1
+ Restore-WFFarm  -RunAsAccount 'europe\spp_farm' -InstanceDBConnection ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [Restore-WFFarm], FileNotFoundException
    + FullyQualifiedErrorId : WFRuntimeSettingFailed,Microsoft.Workflow.Deployment.Commands.RestoreWFFarm

Resolution:

If using Service bus 1.1 then Create or Modify powershell.exe.config file and add assembly binding to target v2.1
<?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <runtime>
            <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
                 <dependentAssembly>
                       <assemblyIdentity name="Microsoft.ServiceBus" publicKeyToken="31bf3856ad364e35" culture="en-us" />
                       <bindingRedirect oldVersion="1.8.0.0" newVersion="2.1.0.0" />
                  </dependentAssembly>
            </assemblyBinding>
       </runtime>
</configuration>



OR if you don’t have permission to modify config file then 
  1. copy powershell.exe and powershell.exe.config files to your desktop from “C:\Windows\System32\WindowsPowerShell\v1.0” location,
  2. modify powershell.exe.config files on your desktop and 
  3. Run powershell.exe from desktop in admin mode.

Restore-WFFarm: The token provider was unable to provide a security token while accessing ‘https://localhost:9355/WorkflowDefaultNamespace/$STS/Windows/’.

Resolution:
## To remove WorkflowDefaultNamespace Error
Set-SBNamespace -PrimarySymmetricKey Yvu9UR9o/Zt23KSuSIuk5LjxpOy7+NCbcy/zhGYjAHc= -Name WorkflowDefaultNamespace

SymmetricKey can be obtained from prod server by running Get-SBNamespace
Comments in this link https://blogs.msdn.microsoft.com/biztalknotes/2014/05/14/workflow-manager-disaster-recovery/

Restore-WFFarm: The remote server returned an error: (401) Unauthorized

Restore-WFFarm : The remote server returned an error: (401) Unauthorized. Manage claim is required for this
operation..TrackingId:0146b63b-77e0-420d-a765-0b49b4236ffe_GTEEIS10SHARE02,TimeStamp:22/08/2018 09:56:24
At D:\Brij\PowerShell\Restore-WFMFarm.ps1:40 char:1
+ Restore-WFFarm  -RunAsAccount 'europe\spp_farm' -InstanceDBConnection ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [Restore-WFFarm], UnauthorizedAccessException
    + FullyQualifiedErrorId : WFRuntimeSettingFailed,Microsoft.Workflow.Deployment.Commands.RestoreWFFarm

Resolution: Current user doesn’t have permission to manage WorkflowDefaultNamespace namespace, add current user in ManageUsers
Set-SBNamespace -Name WorkflowDefaultNamespace -ManageUsers @($runAsAccount)
https://stackoverflow.com/questions/30023884/cannot-join-workflow-farm-add-wfhost

Workflow Manager Backend service stopping

HostName                                               ServiceName                              ServiceStatus
-------------------------------------------       ----------------------------------        ----------------------
WorkflowHost                                       WorkflowServiceBackend        Stopped
WorkflowHost                                       WorkflowServiceFrontEnd       Stopped

Workflow Manager Backend service stopped with error:
Application: Microsoft.Workflow.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.InvalidDataException
   at Microsoft.Workflow.Common.AsyncResult.End[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.IAsyncResult)
   at Microsoft.Workflow.Service.WorkflowServiceBackendHost.OnStartCompleted(System.IAsyncResult)

Exception Info: Microsoft.Workflow.Common.FatalException
   at Microsoft.Workflow.Common.Fx+<>c__DisplayClass2.<FailFast>b__0()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()


And
Faulting application name: Microsoft.Workflow.ServiceHost.exe, version: 1.0.40131.0, time stamp: 0x52ef34e1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.2430, time stamp: 0x5b691a19
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0x3b94
Faulting application start time: 0x01d43a130aed2e66
Faulting application path: C:\Program Files\Workflow Manager\1.0\Workflow\Artifacts\Microsoft.Workflow.ServiceHost.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 6dfb0c20-6c06-4c2d-bbb4-e51b5790ec31
Faulting package full name:
Faulting package-relative application ID:

Resolution: This error occurred due the version mismatch between installed product and version stored in WorkflowInstanceManagementDB. 

Issues after configuring Workflow Manager

HTTP Site at port 12291 not available in IIS

Configure Http Binding at port 12291 in IIS for workflow management site. 

401 Unauthorized access

Make sure User Profile Service is configured properly and running. Run full profile sync and check again. 

Workflow doesn’t start

Run Refresh Trusted Security Token Service Metadata feed timer job. 

HTTP Forbidden

Enable “Workflow can use App-Step” feature and update SPAuthenticationRealm. 

Cannot get app principal permission information

Update SPAuthenticationRealm. Follow the link to register the old realm that is required by the workflow: https://docs.microsoft.com/en-us/sharepoint/administration/upgrade-sharepoint-2016-to-sharepoint-2019-through-workflow-manager 

Workflow Suspended

Check logs about the last error logged by workflow. 

SharePoint 2013 Workflow Platform not available after registering workflow service

Run SharePoint configuration wizard (PSConfigGUI) to configure SharePoint environment and workflow service application.

Comments

Post a Comment

Popular posts from this blog

Installation and Configuration of Office Online Server with SharePoint 2019

-
Image
Installation and Configuration of Office Online Server In this blog post I'm going to show you how to install and configure Office Online Server(OOS) farm and then configure OOS Farm with SharePoint to display Word, Excel etc in web browser. Install prerequisite software for Office Online Server https://docs.microsoft.com/en-us/officeonlineserver/deploy-office-online-server Open the Microsoft PowerShell prompt as an administrator and run this command to install the required roles and services Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,NET-Framework-Features,NET-Framework-45-Features,NET-Framework-Core,NET-Framework-45-Core,NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-HTTP-Activation45,Windows-Identi
Read more

SharePoint 2019 Upgrade Part 6: SharePoint Upgrade Issues

-
Image
SharePoint 2019 Upgrading Issues In this blog post we are going to cover the issues that might occurs SharePoint 2019 Upgrade. In this blog series we have already covered following topics related to SharePoint upgrade from 2013 to SharePoint 2019 environment: SharePoint 2016 Installation and Configuration. Upgrading Service Applications and Web Applications from SharePoint 2013 to 2016. SharePoint 2019 Installation and Configuration. Upgrading Service Applications Databases from SharePoint 2016 to 2019. Upgrading Content Databases and Site Collections from SharePoint 2016 to 2019. SharePoint Upgrade Issues As issues are the critical part of any process and troubleshooting and resolving them might be very tedious job. So, I'm going to cover as many issues as I've faced during multiple migrations. IIS Configuration Error While running SharePoint prerequisite, it throws following error: Installation of one or more roles, role services, or features failed.
Read more