Workflow Manager 1.0- Installation, Configuration and Issues

Install Workflow Manager

Install workflow manager binaries from Microsoft Web Platform Installer 5.0
1) Workflow Manager 1.0 Refresh(CU2)
2) Workflow Manager 1.0 CU5

Workflow Manager 1.0 Refresh (CU2)

Open Microsoft Web Platform Installer 5.0 and search for Workflow Manager.

Select Workflow Manager 1.0 Refresh (CU2) and click on Add.

Click on I Accept

Select Use Microsoft Update and click Continue. It’ll install service bus and workflow manager on the server.

Click on continue. Run configuration wizard if you are configuring it for fresh installation. And don’t run configuration wizard if you have to restore the Workflow Manager from database backups.

Workflow Manager 1.0 CU5

Select Workflow manager 1.0 CU5 and click Add.

Click Install to begin installation.

Click I accept.

It’ll download and install CU5.

Click Finish to complete the installation.

Workflow Manager DR Configuration

Restore the 4 SQL databases

Restore following databases to new server:

1. WFResourceManagementDb, 
2. WFInstanceManagementDb, 
3. SBGatwayDatabase, 
4. SBMessageContainer01

WFManagementDB and SbManagementDB will be created by command during restore process.

Export/Import Service bus certificate

This step should be part of your backup process.

Export certificate (Fully Qualified Server name) from Local Computer-> Personal ->Certificate store having issued by field as AppServerGeneratedSBCA and Thumbprint same as we get by running Get-SBFarm cmdlet on prod server.

1. Type mmc in run.
2. File > Add or Remove snap-ins
3. Select Certificates and click Add
4. Select Computer Account click next.
5. Select Local Computer and click Finish and then click OK.
6. Click Personal > Certificates
   
   
7. Open Workflow Management Shell in admin mode.
8. Type Get-SBFarm
9. Now in Certificate store open <fully-qualified-server-name> certificate and match the thumbprint with the SBFarm’s thumbprint. If matched then download the certificate with private key.

Certificate Location

Import <fully-qualified-server-name> certificate into SP2019 server Local Computer-> Personal ->Certificate store, it will import 2 certificate

1) <fully-qualified-server-name>

2) AppServerGeneratedSBCA

Copy AppServerGeneratedSBCA from Personal store to Trusted Root CA store.

The Service Bus root certificate should be imported into the LocalMachine\TrustedRootAuthorities store.

The other Service Bus certs should be imported into the LocalMachine\Personal store.

Otherwise Restore-SBFarm will throw error not able to find certificate with Thumbprint...

Service Bus and Workflow Manager Farm Restore Commands

You need to run commands in following order otherwise it might corrupt database:

1. Restore-SBFarm
2. Restore-SBMessageContainer
3. Restore-SBGateway
4. Add-SBHost
5. Restore-WFFarm
6. Add-WFHost

I've created a single PowerShell Script to run all the steps. Save this script as Restore-WFMFarm.ps1 and update the highlighted values. Replace Certificate thumbprint obtained in previous step. And SBNamespace PrimarySymmetricKey can be obtained by running Get-SBNamespace on main server (must store in backup settings). 

[CmdletBinding()] param( [Parameter(Mandatory = $true)] [Int] $Step ) #$Step = 1 $date = (Get-Date).ToString().Replace(" ","_").Replace("/","_").Replace(":","_") Start-Transcript -Path "$PSScriptRoot\Logs\Restore-WFMFarm-$date.log" $GatewayConStr  ='Data Source=SP19SQLAlias;Initial Catalog=SbGatewayDatabase;Integrated Security=True;Encrypt=False' $SBFarmConStr   ='Data Source=SP19SQLAlias;Initial Catalog=SbManagementDB;Integrated Security=SSPI;Asynchronous Processing=True' $ContainerConStr='Data Source=SP19SQLAlias;Initial Catalog=SBMessageContainer01;Integrated Security=SSPI;Asynchronous Processing=True' $WFInstanceManagementDB ='Data Source=SP19SQLAlias;Initial Catalog=WFInstanceManagementDB;Integrated Security=True;Asynchronous Processing=True;Encrypt=False' $WFResourceManagementDB ='Data Source=SP19SQLAlias;Initial Catalog=WFResourceManagementDB;Integrated Security=True;Asynchronous Processing=True;Encrypt=False' $WFManagementDB         ='Data Source=SP19SQLAlias;Initial Catalog=WFManagementDB;Integrated Security=True;Encrypt=False' ##SPP_Farm Account Password $runAsAccount = 'domain\account' $myPassword= convertto-securestring 'EQpCALdAz3' -asplaintext -force $mykey= convertto-securestring 'gzhrcrmVg6' -asplaintext -force  $ConsistencyVerifierLogPath = "$PSScriptRoot\Logs\Restore-WFFarm-$date-log.txt"   try{     #STEP 1     if($Step -eq 1)     {         Write-Host 'Starting SBFarm Restore...' -ForegroundColor Yellow         Restore-SBFarm -RunAsAccount $runAsAccount -FarmCertificateThumbprint PEDESUBDJQDFBDBVPNTYFFSGQONGPDLMMSRXYTMR -GatewayDBConnectionString $GatewayConStr -SBFarmDBConnectionString $SBFarmConStr -AdminGroup 'BUILTIN\Administrators' -EncryptionCertificateThumbprint PEDESUBDJQDFBDBVPNTYFFSGQONGPDLMMSRXYTMR -Verbose         Write-Host 'SBFarm Restore command completed' -ForegroundColor Green     }         #STEP 2 - Donot run Restore-SBGateway before restoring SBMessageContainer as Gateway point to Old database and update the old database if found.     if($Step -eq 2)     {         Write-Host 'Starting SBMessageContainer Restore...' -ForegroundColor Yellow         Restore-SBMessageContainer -ContainerDBConnectionString $ContainerConStr -SBFarmDBConnectionString $SBFarmConStr –id 1 #-Verbose         Write-Host 'SBMessageContainer Restore completed' -ForegroundColor Green     }     #STEP 3        if($Step -eq 3)     {         Write-Host 'Starting SBGateway Restore...' -ForegroundColor Yellow         Restore-SBGateway -GatewayDBConnectionString $GatewayConStr  -SBFarmDBConnectionString $SBFarmConStr -Force -Verbose         Write-Host 'SBGateway Restore completed' -ForegroundColor Green     }     #STEP 4     if($Step -eq 4)     {         Add-SBHost -EnableFirewallRules $TRUE -RunAsPassword $myPassword -SBFarmDBConnectionString $SBFarmConStr -Verbose            Write-Host 'SBFarm Restored successfully.' -ForegroundColor Green     }     #STEP 5     if($Step -eq 5)     {         #Write-Host 'Updating Config file...' -ForegroundColor Yellow         #$filename = Resolve-Path "$PSScriptRoot\wfm.config"         #[System.AppDomain]::CurrentDomain.SetData("APP_CONFIG_FILE", $filename.Path)         #         #Add-Type -AssemblyName System.Configuration         #[Configuration.ConfigurationManager].GetField("s_initState", "NonPublic, Static").SetValue($null, 0)         #[Configuration.ConfigurationManager].GetField("s_configSystem", "NonPublic, Static").SetValue($null, $null)         #([Configuration.ConfigurationManager].Assembly.GetTypes() | where {$_.FullName -eq "System.Configuration.ClientConfigPaths"}).GetField("s_current", "NonPublic, Static").SetValue($null, $null)         #[Configuration.ConfigurationManager]::ConnectionStrings[0].Name         #Write-Host 'Config file Updated' -ForegroundColor Green                 Write-Host 'Starting WFFarm Restore...' -ForegroundColor Yellow             #To remove WorkflowDefaultNamespace Error         Set-SBNamespace -PrimarySymmetricKey JOnobvSwRo+DwBeVycBgXhMkKPFyKo0tDTowGcTNfoaZ -Name WorkflowDefaultNamespace -Verbose         #The remote server returned an error: (401) Unauthorized. Manage claim is required for this operation.         Set-SBNamespace -Name WorkflowDefaultNamespace -ManageUsers @($runAsAccount) -Verbose             $culture =[System.Globalization.CultureInfo]::CreateSpecificCulture("en-US");         $currentDate =(Get-Date).ToString("F",$culture);         Restore-WFFarm  -RunAsAccount $runAsAccount -InstanceDBConnectionString $WFInstanceManagementDB -ResourceDBConnectionString $WFResourceManagementDB -WFFarmDBConnectionString $WFManagementDB -InstanceStateSyncTime $currentDate -ConsistencyVerifierLogPath $ConsistencyVerifierLogPath -CertificateAutoGenerationKey $myKey -Verbose         Write-Host 'WFFarm Restored completed' -ForegroundColor Green     }     #STEP 6     if($Step -eq 6)     {         Add-WFHost -WFFarmDBConnectionString $WFManagementDB -RunAsPassword $myPassword -EnableFirewallRules $TRUE -CertificateAutoGenerationKey $myKey -Verbose            Write-Host 'WFHost Added successfully' -ForegroundColor Green     } } catch{     Write-Host $_ -ForegroundColor Red } finally{     Stop-Transcript -ErrorAction SilentlyContinue }

Open Workflow Manager PowerShell as run as administrator and navigate to the folder where script is placed.

Restore-SBFarm

Run following command to restore service bus farm from database backups:

.\Restore-WFMFarm -Step 1

Restore-SBMessageContainer

Run following command to restore message container from database backups:

.\Restore-WFMFarm -Step 2

Note: Do not run Restore-SBGateway before restoring SBMessageContainer as Gateway point to Old MessageContainer database and update the old database if found. You can check the old connection in ContainersTable in SBGatewayDatabase. Restoring Message container reset the connection string in SBGatewayDatabase and start pointed to new database.

Restore-SBGateway

Run following command to restore message container from database backups:

.\Restore-WFMFarm -Step 3

Add-SBHost

Run following command to Add service bus host:

.\Restore-WFMFarm -Step 4

Restore-WFFarm

Run following command to restore workflow manager farm from database backups:

.\Restore-WFMFarm -Step 5

Add-WFHost

Run following command to restore workflow manager farm from database backups:

.\Restore-WFMFarm -Step 6

Run Get-WFFarmStatus to check the status of Workflow services, both  front-end and back-end service should be running.

If both the service are not in running state check Issues. Run Get-WFFarm to get the farm configuration

If Endpoints doesn’t display http bindings then check HTTP Site at port 12291 not available in IIS.

Configure SharePoint to run Workflow

Install Workflow Manager Client

Install Workflow Manager Client on the all the server in SharePoint farm.

Open Web Platform Installer and search for Workflow Manager

Select Workflow Manager Client 1.0 CU4 and then click install.

Click finish to complete the installation.

Create Workflow Service Application

1. Logon to SharePoint Application Server -> Open Central Administration
2. Create Workflow Service Application in SharePoint farm.

Register-SPWorkflowService

Run following PowerShell script in elevated SharePoint Management Shell:

Register-SPWorkflowService -SPSite http://sharePoint/ -WorkflowHostUri http://workflowhost:12291/ -force -AllowOAuthHttp

Workflow Manager Certificate Expired 

Follow the msdn link to update the certificate
https://docs.microsoft.com/en-gb/archive/blogs/whereismysolution/changing-my-workflow-manager-farm-certificates

Once you have new cert in the cert store, you can update it using the below PowerShell:

1. So, the first step should be updating the Service Bus Services, for that you should start a Workflow Manager PowerShell console as an Administrator and run the below cmdlets.
   Set-SBCertificate -FarmCertificateThumbprint <YourThumbprint> -EncryptionCertificateThumbprint <YourThumbprint>
   Stop-SBFarm -Verbose
   Update-SBHost
   Start-SBFarm 
2. After this step, we need to update the Workflow Manager Services related Certificates
   Set-WFCertificate -SslCertificateThumbprint <YourThumbprint> -EncryptionCertificateThumbprint <YourThumbprint>
   Stop-WFHost
   Update-WFHost
   Start-WFHost

Re-installing workflow Manager

Remove WF Host and SBHost

Run following PowerShell command to remove WFHost and SBHost from Farm.

# Remove WF Host Remove-WFHost -Verbose; # Remove SB Host Remove-SBHost -Verbose;

OR you can remove from Workflow Configuration Wizard by selecting Leave Workflow Manager Farm and it will remove WFHost and SBHost both.

Uninstall Binaries

From control panel-> uninstall a Program remove following binaries in order:

1. Workflow Manager Client 1.0
2. Workflow Manager 1.0
3. Windows Fabric
4. Service Bus 1.1

Install and configure Workflow Manager

As described at the start of post.

Issues

Restore-SBFarm throws error cannot find Certificate

Restore-SBFarm will throw error not able to find certificate with Thumbprint ….. 

Resolution: Install service bus certificate.

Restore-SBGateway throws error cannot re-index database in Online mode

Restore-SBGateway command throws error “cannot re-index database in Online mode for SQL Standard version”.

Resolution: Follow the link to edit “C:\Program Files\Service Bus\1.1\CommonGatewayStoreUpgrade.sql” and replace ONLINE = ON with ONLINE = OFF

https://stackoverflow.com/questions/29930176/rebuild-indexes-on-invokesbfarmupgrade

Restore-SBGateway updates the live server SBMessageContainer database version

If you have run the Restore-SBGateway command before running Restore-SBMessageContainer command and it has updated the live message container database. And live environment started throwing error in event log 

Application and Services log > Microsoft-Workflow > Operations 

Service Bus exception swallowed at location NamespaceSender.SendMessageRetryAsyncResult.HandleException. System.OperationCanceledException: 50002: Provider Internal Error.TrackingId:69e7ea41-69da-4299-baea-5e4fd4ae5613_GSHAREPOINTSERVER,TimeStamp:24/02/2020 12:27:21 ---> Microsoft.ServiceBus.Messaging.MessagingException: 50002: Provider Internal Error.TrackingId:69e7ea41-69da-4299-baea-5e4fd4ae5613_GSHAREPOINTSERVER,TimeStamp:24/02/2020 12:27:21 ---> System.ServiceModel.FaultException: 50002: Provider Internal Error.TrackingId:69e7ea41-69da-4299-baea-5e4fd4ae5613_GSHAREPOINTSERVER,TimeStamp:24/02/2020 12:27:21 

Application and Services log > Microsoft-ServiceBus > Operations
TrackingId: d58a611d-bc40-49c1-80dc-2d2e239b1e4f, SubsystemId: NoSystemTracker. Failed to open message container 1 with error Microsoft.ServiceBus.Messaging.MessagingException: The current SQL store provider assembly is out-of-date and no longer compatible with the installed SQL logic and schema. Update the SQL store provider assembly to version '2.13.0.0' or greater. 

Resolution: Restore MinimumRequiredRuntimeVersionTable values and StoreVersionTable values. Directly update database with the old values (using Update command or directly edit table).

Restore-SPMessageContainer throws Error 'UpdateContainerStoreVersion' expects parameter '@databaseName'

VERBOSE: [18/02/2020 11:39:04]: Checking consistency for entities.
TerminatingError(Restore-SBMessageContainer): "Procedure or function 'UpdateContainerStoreVersion' expects parameter '@databaseName', which was not supplied."
Procedure or function 'UpdateContainerStoreVersion' expects parameter '@databaseName', which was not supplied. 

Resolution: 'UpdateContainerStoreVersion’ stored procedure is part of Gateway database and tries to update Messagecontainer database version in ContainersTable in Gateway database. Restore-SBGateway it’ll again check consistency for entities and update the container database version.

Restore-WFFarm: Could not load file or assembly 'Microsoft.ServiceBus

 Restore-WFFarm : Could not load file or assembly 'Microsoft.ServiceBus, Version=1.8.0.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

At D:\Brij\PowerShell\Restore-WFMFarm.ps1:40 char:1

+ Restore-WFFarm  -RunAsAccount 'europe\spp_farm' -InstanceDBConnection ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : OperationStopped: (:) [Restore-WFFarm], FileNotFoundException

    + FullyQualifiedErrorId : WFRuntimeSettingFailed,Microsoft.Workflow.Deployment.Commands.RestoreWFFarm

Resolution:

If using Service bus 1.1 then Create or Modify powershell.exe.config file and add assembly binding to target v2.1

<?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <runtime>
            <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
                 <dependentAssembly>
                       <assemblyIdentity name="Microsoft.ServiceBus" publicKeyToken="31bf3856ad364e35" culture="en-us" />
                       <bindingRedirect oldVersion="1.8.0.0" newVersion="2.1.0.0" />
                  </dependentAssembly>
            </assemblyBinding>
       </runtime>
</configuration>

OR if you don’t have permission to modify config file then 

1. copy powershell.exe and powershell.exe.config files to your desktop from “C:\Windows\System32\WindowsPowerShell\v1.0” location,
2. modify powershell.exe.config files on your desktop and 
3. Run powershell.exe from desktop in admin mode.

Restore-WFFarm: The token provider was unable to provide a security token while accessing ‘https://localhost:9355/WorkflowDefaultNamespace/$STS/Windows/’.

Resolution:

## To remove WorkflowDefaultNamespace Error

Set-SBNamespace -PrimarySymmetricKey Yvu9UR9o/Zt23KSuSIuk5LjxpOy7+NCbcy/zhGYjAHc= -Name WorkflowDefaultNamespace

SymmetricKey can be obtained from prod server by running Get-SBNamespace
Comments in this link https://blogs.msdn.microsoft.com/biztalknotes/2014/05/14/workflow-manager-disaster-recovery/

Restore-WFFarm: The remote server returned an error: (401) Unauthorized

Restore-WFFarm : The remote server returned an error: (401) Unauthorized. Manage claim is required for this

operation..TrackingId:0146b63b-77e0-420d-a765-0b49b4236ffe_GTEEIS10SHARE02,TimeStamp:22/08/2018 09:56:24

At D:\Brij\PowerShell\Restore-WFMFarm.ps1:40 char:1

+ Restore-WFFarm  -RunAsAccount 'europe\spp_farm' -InstanceDBConnection ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : OperationStopped: (:) [Restore-WFFarm], UnauthorizedAccessException

    + FullyQualifiedErrorId : WFRuntimeSettingFailed,Microsoft.Workflow.Deployment.Commands.RestoreWFFarm

Resolution: Current user doesn’t have permission to manage WorkflowDefaultNamespace namespace, add current user in ManageUsers

Set-SBNamespace -Name WorkflowDefaultNamespace -ManageUsers @($runAsAccount)

https://stackoverflow.com/questions/30023884/cannot-join-workflow-farm-add-wfhost

Workflow Manager Backend service stopping

HostName                                               ServiceName                              ServiceStatus
-------------------------------------------       ----------------------------------        ----------------------
WorkflowHost                                       WorkflowServiceBackend        Stopped
WorkflowHost                                       WorkflowServiceFrontEnd       Stopped

Workflow Manager Backend service stopped with error:

Application: Microsoft.Workflow.ServiceHost.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.InvalidDataException

   at Microsoft.Workflow.Common.AsyncResult.End[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.IAsyncResult)

   at Microsoft.Workflow.Service.WorkflowServiceBackendHost.OnStartCompleted(System.IAsyncResult)

Exception Info: Microsoft.Workflow.Common.FatalException

   at Microsoft.Workflow.Common.Fx+<>c__DisplayClass2.<FailFast>b__0()

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

And

Faulting application name: Microsoft.Workflow.ServiceHost.exe, version: 1.0.40131.0, time stamp: 0x52ef34e1

Faulting module name: KERNELBASE.dll, version: 10.0.14393.2430, time stamp: 0x5b691a19

Exception code: 0xe0434352

Fault offset: 0x0000000000033c58

Faulting process id: 0x3b94

Faulting application start time: 0x01d43a130aed2e66

Faulting application path: C:\Program Files\Workflow Manager\1.0\Workflow\Artifacts\Microsoft.Workflow.ServiceHost.exe

Faulting module path: C:\Windows\System32\KERNELBASE.dll

Report Id: 6dfb0c20-6c06-4c2d-bbb4-e51b5790ec31

Faulting package full name:

Faulting package-relative application ID:

Resolution: This error occurred due the version mismatch between installed product and version stored in WorkflowInstanceManagementDB. 

http://www.spjeff.com/2018/01/18/fixed-workflow-manager-backend-error-1067-http-500/

Issues after configuring Workflow Manager

HTTP Site at port 12291 not available in IIS

Configure Http Binding at port 12291 in IIS for workflow management site. 

401 Unauthorized access

Make sure User Profile Service is configured properly and running. Run full profile sync and check again. 

Workflow doesn’t start

Run Refresh Trusted Security Token Service Metadata feed timer job. 

HTTP Forbidden

Enable “Workflow can use App-Step” feature and update SPAuthenticationRealm. 

Cannot get app principal permission information

Update SPAuthenticationRealm. Follow the link to register the old realm that is required by the workflow: https://docs.microsoft.com/en-us/sharepoint/administration/upgrade-sharepoint-2016-to-sharepoint-2019-through-workflow-manager 

Workflow Suspended

Check logs about the last error logged by workflow. 

SharePoint 2013 Workflow Platform not available after registering workflow service

Run SharePoint configuration wizard (PSConfigGUI) to configure SharePoint environment and workflow service application.