Workflow Manager Farm – 3 Server Topology

Posted on by ridhvi

The purpose of this post is to describe in technical terms the steps necessary to install the SharePoint workflow farm and make it operational. Before proceeding to the deployment, the below checklist must be validated aligning to the infrastructure preparedness

Server Details

Host SPWF01
Role Workflow Manager Farm (Main server)
Features Windows Server 2019 Standard or Datacenter
Host SPWF02
Role Workflow Manager Farm
Features Windows Server 2019 Standard or Datacenter
Host SPWF03
Role Workflow Manager
Features Windows Server 2019 Standard or Datacenter

Accounts

Role Description Account
Setup / Install Account Installation of Workflow Manager SP-Admin
RunAsAccount Service Account of Workflow Manager SP-WFM

Pre-Requisites Installation

Service account

Till the farm is set up and operational, the service account should have the local administrator rights. This rights are required to start and stop the service bus and workflow services during the installation and configuration.

Workflow Manager Server Binaries

  • Install Web platform installer on a Internet access machine
  • Download the below binaries in a folder for later to copy them to the workflow farm servers
WebpiCmd.exe /offline /Products:ServiceBus_1_1_TLS_1_2 /Path:C:\temp\wfmserverbinaries\ServiceBus_1_1_TLS_1_2

WebpiCmd.exe /offline /Products:WorkflowManagerRefresh /Path:C:\temp\wfmserverbinaries\wfmcu2

WebpiCmd.exe /offline /Products:WorkflowCU5 /Path:C:\temp\wfmserverbinaries\WorkflowCU5

Offline Installation Instructions

  • Install Web platform installer on all the servers
  • Copy the Workflow Server Binaries from the downloaded location and place them in the sever
  • Run the following commands using command prompt
WebpiCmd.exe /Install /Products:ServiceBus_1_1_TLS_1_2 /XML:C:\temp\wfmserverbinaries\ServiceBus_1_1_TLS_1_2\feeds\latest\WebProductList.xml

WebpiCmd.exe /Install /Products:WorkflowManagerRefresh /XML:C:\temp\wfmserverbinaries\wfmcu2\feeds\latest\WebProductList.xml

WebpiCmd.exe /Install /Products:WorkflowCU5 /XML:C:\temp\wfmserverbinaries\WorkflowCU5\feeds\latest\WebProductList.xml

Certificates

In this case we do not use pre-created certificate. The Workflow Manager will create its own certificates during the installation (auto generated).

Registry Entries

SharePoint workflow Manager Needs TLS 1.0. The reason for that service Bus 1.1/1.0 supports only TLS 1.0. And WFM 1.0 works only with service bus 1.1. If this is not enabled, service message broker service is stuck in starting in windows services.

Create a text file and modify its extension to be .reg and put the following lines in the file, save and import by double clicking the reg saved file. 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]

"SchUseStrongCrypto"=dword:00000001

The above steps should be repeated on every Workflow server and restart

Workflow Manager Installation

Databases

Database Name Database
WSBGateway WSB GatewayDatabase
WSBManagement WSB ManagementDB
WSBMsg WSB MessageDB
WFMMgt WFManagementDB
WFMInsMgt WFInstanceManagementDB
WFMResMgt WFResourceManagementDB

Configure Workflow Manager Farm

Change the environment variables and run the below script 

 Clear-Host
 To be run in Workflow Manager PowerShell console that has both Workflow Manager and Service Bus installed
 Import-Module WorkflowManager
 TODO: Change based on environment
 $sqlServer = "sharepoint-db-instance"
 $sqlDBPrefix = "WFM_SharePoint_"
 $runAsAccount = "DOMAIN\SVCWFM"
 $runAsAccountPassword = "{PASSWORD}"
 $nameSpaceAdminGroup1 = "DOMAIN\ADMIN1"
 $nameSpaceAdminGroup2 = "DOMAIN\ADMIN2"
 #
 Write-Host "Configuring the Workflow Manager and Service Bus" -ForegroundColor White
 $RunAsPassword = ConvertTo-SecureString -AsPlainText -Force -String "$runAsAccountPassword"
 $sqlDBWSBManagement = $sqlDBPrefix + "WSBMgt"
 $sqlDBWSBGateway = $sqlDBPrefix + "WSBGateway"
 $sqlDBWSBMessage = $sqlDBPrefix + "WSBMsg"
 $sqlDBWFMManagement = $sqlDBPrefix + "WFMMgt"
 $sqlDBWFMWFInstanceManagement = $sqlDBPrefix + "WFMIngMgt"
 $sqlDBWFMWFResourceManagement = $sqlDBPrefix + "WFMResMgt"
 $wfmAdminGroup = "BUILTIN\Administrators"
 $sbCertificateAutoGenerationKeyPassword = $runAsAccountPassword
 $wfCertificateAutoGenerationKeyPassword = $runAsAccountPassword
 #Create new SB Farm
 Write-Host "Creating new Service Bus Farm" -ForegroundColor White
 #Change based on environment
 $SBCertificateAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String $sbCertificateAutoGenerationKeyPassword
 New-SBFarm -SBFarmDBConnectionString "Data Source=$sqlServer;Initial Catalog=$sqlDBWSBManagement;Integrated Security=True;Encrypt=False" -InternalPortRangeStart 9000 -TcpPort 9354 -MessageBrokerPort 9356 -RunAsAccount "$runAsAccount" -AdminGroup "$wfmAdminGroup" -GatewayDBConnectionString "Data Source=$sqlServer;Initial Catalog=$sqlDBWSBGateway;Integrated Security=True;Encrypt=False" -CertificateAutoGenerationKey $SBCertificateAutoGenerationKey -MessageContainerDBConnectionString "Data Source=$sqlServer;Initial Catalog=$sqlDBWSBMessage;Integrated Security=True;Encrypt=False" | Out-Null
 #To be run in Workflow Manager PowerShell console that has both Workflow Manager and Service Bus installed.
 Write-Host "Creating new Workflow Farm" -ForegroundColor White
 #Create new WF Farm
 $WFCertAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String "$wfCertificateAutoGenerationKeyPassword"
 New-WFFarm -WFFarmDBConnectionString "Data Source=$sqlServer;Initial Catalog=$sqlDBWFMManagement;Integrated Security=True;Encrypt=False" -RunAsAccount "$runAsAccount" -AdminGroup "$wfmAdminGroup" -HttpsPort 12290 -HttpPort 12291 -InstanceDBConnectionString "Data Source=$sqlServer;Initial Catalog=$sqlDBWFMWFInstanceManagement;Integrated Security=True;Encrypt=False" -ResourceDBConnectionString "Data Source=$sqlServer;Initial Catalog=$sqlDBWFMWFResourceManagement;Integrated Security=True;Encrypt=False" -CertificateAutoGenerationKey $WFCertAutoGenerationKey | Out-Null
Write-Host "Adding service bus host" -ForegroundColor White
#Add SB Host
Add-SBHost -SBFarmDBConnectionString "Data Source=$sqlServer;Initial Catalog=$sqlDBWSBManagement;Integrated Security=True;Encrypt=False" -RunAsPassword $RunAsPassword -EnableFirewallRules $true -CertificateAutoGenerationKey $SBCertificateAutoGenerationKey | Out-Null
Try
{
     #Create new SB Namespace
     Write-Host "Creaing Service Bus namespace 'WorkflowDefaultNamespace' " -NoNewLine
     New-SBNamespace -Name "WorkflowDefaultNamespace" -AddressingScheme "Path" -ManageUsers "$nameSpaceAdminGroup1","$nameSpaceAdminGroup2","$runAsAccount" | Out-Null
     Write-Host "Succeeded"
     Start-Sleep -Seconds 90
}
Catch [system.InvalidOperationException]
{
     Write-Host "Failed"
}
#Get SB Client Configuration
$SBClientConfiguration = Get-SBClientConfiguration -Namespaces "WorkflowDefaultNamespace"
Write-Host "Adding workflow host" -ForegroundColor White
# Add WF Host
 Add-WFHost -WFFarmDBConnectionString "Data Source=$sqlServer;Initial Catalog=$sqlDBWFMManagement;Integrated Security=True;Encrypt=False" -RunAsPassword $RunAsPassword -EnableFirewallRules $true -SBClientConfiguration "$SBClientConfiguration" -CertificateAutoGenerationKey $WFCertAutoGenerationKey | Out-Null 
 Get-SBFarm
 Get-WFFarm 
 Get-SBFarmStatus
 Get-WFFarmStatus

Connect Other Servers to the farm

Change the environment variables and run the below script. This is not needed if you have 1 server topology

 Clear-Host
 Import-Module WorkflowManager
 TODO: Change based on environment
 $sqlServer = "sharepoint-db-instance"
 $sqlDBPrefix = "WFM_SharePoint_"
 $runAsAccount = "DOMAIN\SVCWFM"
 $runAsAccountPassword = "{PASSWORD}"
 $sbCertificateAutoGenerationKeyPassword = $runAsAccountPassword
 $wfCertificateAutoGenerationKeyPassword = $runAsAccountPassword
 #
 $RunAsPassword = ConvertTo-SecureString -AsPlainText -Force -String "$runAsAccountPassword"
 $sqlDBWSBManagement = $sqlDBPrefix + "WSBMgt"
 $sbConnString="Data Source=$sqlServer;Initial Catalog=$sqlDBWSBManagement;Integrated Security=True;Encrypt=False"
 $sqlDBWFMManagement = $sqlDBPrefix + "WFMMgt"
 $wfConnString="Data Source=$sqlServer;Initial Catalog=$sqlDBWFMManagement;Integrated Security=True;Encrypt=False"
 Write-Host "Adding host to Service Bus Farm…"
 $SBCertificateAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String $sbCertificateAutoGenerationKeyPassword
 Add-SBHost -SBFarmDBConnectionString $sbConnString -RunAsPassword $RunAsPassword -CertificateAutoGenerationKey $SBCertificateAutoGenerationKey -EnableFirewallRules $true -Verbose
 try 
 { 
     $SBClientConfiguration = Get-SBClientConfiguration -Namespaces 'WorkflowDefaultNamespace' -Verbose
 } 
 Catch [system.InvalidOperationException] 
 {
     Write-Host "Failed"
 }
 Write-Host -ForegroundColor Yellow "Adding host to Workflow Manager Farm…" 
 $WFCertAutoGenerationKey = ConvertTo-SecureString -AsPlainText -Force -String "$wfCertificateAutoGenerationKeyPassword"
 Add-WFHost -WFFarmDBConnectionString $wfConnString -RunAsPassword $RunAsPassword  -CertificateAutoGenerationKey $WFCertAutoGenerationKey -EnableFirewallRules $true -SBClientConfiguration $SBClientConfiguration -Verbose
 Write-Host -ForegroundColor Green "Completed."

Test the deployment

Run the below commands using workflow manager PowerShell on the 1st server. Every service should be in the running state 

Get-SBFarmStatus
Get-WFFarmStatus

Successful installation will show the output like below

SharePoint Server Workflow Manager Integration

Workflow Manager Client

Download the file WorkflowManagerClient_x64.msi and install on every web front end server

Connect Workflow Manager Farm with SharePoint Farm

Fetch the end point url by running Get-WFFarm on the 1st workflow server

Get-WFFarm

Run this Script on the first SharePoint WFE Server       

 Clear-Host
 Write-Host "Registering Workflow Manager with SharePoint farm " -ForegroundColor White
 Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue | Out-Null
 $registerSPFarmSite = "https://sp2019.com/"
 $wfmFarmUrl = "https://{your workflow end point url}:12290"
 #SPSite must be a site on your SharePoint farm that will not be removed and to which Workflow Manager will be linked
 WorkflowHostUri must contain your server name on which you just installed Workflow Manager
 Register-SPWorkflowService -SPSite "$registerSPFarmSite" -WorkflowHostUri "$wfmFarmUrl" | Out-Null

Upload certificate to SharePoint certificate store

The generated certificates should be exported from the first server and imported to the SharePoint server as trusted root certificates.

$trustCert = Get-PfxCertificate "C:\CERTS\APPSRV-WF-Farm.cer"
New-SPTrustedRootAuthority -Name "Workflow Manager Farm" -Certificate $trustCert

Refresh Trusted Security Timer Job

After deploying workflow manager, run the Refresh Trusted Security Token Services Metadata Feed Timer job else the Workflows we start will cancel out.

Load user profile

For secure token app pool, set the load user profile value to true

load user profile

Perform IIS RESET on all SharePoint Web front end servers

Testing Workflow Manager with SharePoint Designer 2013

For testing Workflow Manager with SharePoint Designer 2013, provision a new Site Collection using the classic Team Site template. If using an existing site, make sure the Site Feature “Workflow Task Content Type Feature” has been enabled.

On the site, create a new List named Workflow Test. No additional configuration on the List needs to be performed for this test. Using SharePoint Designer 2013 from a client computer, connect to the Site Collection and create a new List Workflow. Give the workflow a name and select the SharePoint 2013 Workflow under Platform Type as shown in Figure

On item creation, implement some simple log. The figure below depicts the successful implementation.

With this workflow configuration is complete.

2 thoughts on “Workflow Manager Farm – 3 Server Topology

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.