Workflow Platform types available in SharePoint Server 2013
Note: Workflow Manager must be downloaded and installed separately from SharePoint Server 2013. It does not install automatically when you install SharePoint Server 2013.Platform Type / Platform Framework / Requirements
SharePoint 2013 Workflow / Windows Workflow Foundation 4 / Requires SharePoint Server 2013 and Workflow Manager.
hardware and software requirements
Install and configure SharePoint Server 2013
Install and configure Workflow Manager
Manager Service has to be downloaded, installed and configured manually before it can be used in SP 2013
Configure Workflow Manager to work with the SharePoint Server 2013 farm
Consider the following two key factors before configuring Workflow Manager to work with SharePoint Server 2013.
- Is Workflow Manager installed on a server that is part of the SharePoint farm?
- Will communication between Workflow Manager and SharePoint Server 2013 useHTTPorHTTPS?
To configure Workflow Manager on a server that is part of the SharePoint 2013 farm and on which communication takes place by using HTTP
- Log on to the computer in the SharePoint Server 2013 farm where Workflow Manager was installed.
- Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking theSharePoint 2013 Management Shelland choosingRun as administrator.
- Run theRegister-SPWorkflowServicecmdlet
Log on to each server in the SharePoint Server 2013 farm.
Each server in the SharePoint Server 2013 farm must have the Workflow Manager Client installed.
To configure Workflow Manager on a server that is NOT part of the SharePoint 2013 farm and on which communication takes place by using HTTPS
Determine whether you need to install Workflow Manager certificates in SharePoint 2013.
Install Workflow Manager certificates. If your installation requires that you obtain and install these certificates, you must complete that step before continuing
- Log on to each server in the SharePoint Server 2013 farm.
- Install the Workflow Manager Client on each server in the SharePoint farm.
Download and install the Workflow Manager Client here:
- Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking theSharePoint 2013 Management Shellcommand and choosingRun as administrator.
- Run theRegister-SPWorkflowServicecmdlet.
Note:You must install the Workflow Manager Client on each server in the SharePoint farm before you run the pairing cmdlet.
Register-SPWorkflowService -SPSite " -WorkflowHostUri "
Validate the installation
To validate the installation
- Add a user to your SharePoint site, and grant the user Site Designer permissions.
For security reasons, the Setup account cannot be used to create a workflow based on the SharePoint 2013 Workflow platform. If you try to create a workflow based on the SharePoint 2013 Workflow platform by using SharePoint Designer 2013
Servies bus update 1
Wf 1.o
Check the update
Windows febric
Wf client cu3 add new install
Wf cu3 instrall
Test and run again and again then fine…
Check status get-wffarm . get-fwfarm status , start-wfhost
To verify the installs completed correctly, you can check the file versions for both products.
- For Service Bus, look inC:\Program Files\Service Bus\1.0for theMicrosoft.Cloud.ServiceBus.dll. This should be version2.0.30207.2.
- For Workflow Manager, look inC:\Program Files\Workflow Manager\1.0\Workflow\Artifactsfor theMicrosoft.Workflow.Service.dll(*not* the EXE). This is the DLL that runs the workflow backend service. It should be version1.0.30207.2.
image:
The image has been scaled down for this page.
Click the image view actual size in a new window.
- Or you can look in theAdd Remove Programsapp, selectView Installed Updatesand find both Service Bus 1.0 & Workflow Manager 1.0:
The image has been scaled down for this page.
After applying the updates, you should rerun the workflow pairing PowerShell cmdlet (Register-SPWorkflowService) with the-Forceflag set.
Minimum which version of Workflow Manager is stable till today?
(24-Jan-2016) I have installed Workflow Manager > CU1 > CU2 and it worked fine. However recently Microsoft released the CU3 (on 3-12-2015) of Workflow Manger which i have installed. After installing i noticed that my Workflow Manager Backend service is not running anymore. I tried to fix but no gain. So i would say till today the CU2 is the more stable release. Workflow Manager without CU2 is not a stable release. When you'll be registering your web application against a scope, it will give you a File Not Found Error. So, better to install the CU2 refresh. CU2 refresh is dependent on Service Bus CU1, so first install Service Bus CU1 and then CU2 refresh. All these can be installed from Web Platform Installer
Least Privilege Configuration for Workflow Manager with SharePoint 2013
RATE THIS
BrianGre
20 Feb 2013 2:33 PM
- 13
I went about setting up Workflow Manager with SharePoint 2013 and found that there were plenty of articles and content that said "install this", "run this", but none of them really addressed the issue of a least privileged setup. So I figured it might do someone else some benefit to document this... (and, for what it's worth, I have spoken with the documentation team and the official TechNet documentation is being currently updated).
My configuration consists of the following servers:
- Domain Controller - Contoso.com
- SQL Server
- SP2013-1
- SP2013-2
For service accounts, I'm using the following:
- CONTOSO\svcSetupAcct - SharePoint setup account (note, this is not the Farm account, but it is an account used to install SharePoint)
- CONTOSO\svcWFAcct - RunAs account for WF
- CONTOSO\svcSBAcct - RunAs account for Service Bus
- CONTOSO\WFAdmin - domain group for WF Admin group
- CONTOSO\SBAdmin - domain group for SB Admin group
According to the following link on TechNet: requirements for installation are local admin rights on the server where you are installing Workflow Manager and the SysAdmin role in the destination SQL Server. My gut feeling is that full sysadmin isn't required, but more likely something like dbcreator and maybe securityadmin (similar to SharePoint). However, since the TechNet documentation says sysadmin, then sysadmin it is.. (I've elevated the SQL rights for this account to sysadmin for the duration of the installation/configuration).
Installation/Configuration of Workflow Manager
Logon locally to SP2013-2 and install Workflow Manager. I'm not going to walk through the installation here as that is fairly straightforward,
<Sample WF Manager Account Configuration Screenshot>
Once the service is installed, you then need to configure it using either the wizard or PowerShell. You can also walk through the wizard and then create a PowerShell script from the settings you choose in the wizard. Also, rather than show the screenshots for my wizard settings, I've listed above which accounts are being used where. The only other configuration that is relatively important for my setup is that I'm allowing HTTP (since it's a lab environment), auto-generating the certificates, and enabling firewall rules.
After you see green checkmarks, then the next step is where I got hung up on the least privileged configuration.
Registration with SharePoint Server 2013
Verify that Workflow Client 1.0 is installed on each web-front end (WFE) in the SharePoint 2013 farm.
Logon locally to one of the WFEs using an account that has the following rights:
- member of CONTOSO\WFAdmins
- member of SharePoint Farm Administrators
- has been added to the ShellAdmin role for the target contentDb, refer toAdd-SPShellAdmin
Open a SharePoint Management Console as administrator and execute the following PowerShell command:
Register-SPWorkflowService –SPSite “<site collection url>” –WorkflowHostUri “ –AllowOAuthOverHttp
where:
- -SPSite is the site collection where you want to bind the Workflow Manager
- -WorkflowHostUri is the uri where you have installed and bound the Workflow Manager, including the port number
- -AllowOAuthOverHttp is to allow non SSL traffic between the farms, but this would not be recommended in production
Verification
According to you can validate that it worked by attempting to create a workflow through SharePoint Designer and verifying that you have the SharePoint 2013 workflow platform available.
Potential Errors
You may receive one of the following errors and I’ve commented each with the resolution I used:
ERROR / PROBLEM / RESOLUTIONRegister-SPWorkflowService : The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope. HTTP headers received from the server - ActivityId: 5e2b96c5-f971-48c9-b3fd-405c3616e1c7. NodeId: SP2. Scope: /SharePoint. Client ActivityId : 8e592951-0027-40c6-b996-ba3dd194fdea. / CONTOSO\svcSetupAcct is not a member of the workflow admin group, CONTOSO\WFAdmins. / Add CONTOSO\svcSetupAcct to CONTOSO\WFAdmins and re-run Register-SPWorkflowService PowerShell cmdlet. You may need to logout and log back in to acquire an updated security token.
Register-SPWorkflowService -SPSite-WorkflowHostUri–AllowOAuthHttp Register-SPWorkflowService : Cannot open database "WSS_Content_WFTest" requested by the login. The login failed.
Login failed for user 'CONTOSO\svcsetupacct'. / CONTOSO\svcSetupAcct has not been granted ShellAdmin access to the WSS_Content_WFTestcontent database. / Grant CONTOSO\svcSetupAcct shell admin access to the desired content database using PowerShell similar to the following:
Add-SPShellAdmin CONTOSO\svcSetupAcct –database (Get-SPContentDatabaseWSS_Content_WFTest)
Register-SPWorkflowService -SPSite -WorkflowHostUri Register-SPWorkflowService : Failed to query the OAuth S2S metadata endpoint at URI ' Error details: 'The metadata endpoint responded with an error. HTTP status code: Forbidden.'. HTTP headers received from the server - ActivityId: b5163152-3e31-4809-a532-5e20d1320027. NodeId: WF. Scope: /SharePoint. Client ActivityId : b66b0ea4-d9a7-4d2d-8be8-3a0c58ab728c. / Incorrect use of parameters / Notice that the SharePoint site is non-SSL, but the parameter for –AllowOAuthHttp was not specified. For a non-SSL SharePoint site, the parameter –AllowOAuthHttp must be used.
Special thanks to a couple of my peers for their assistance during this investigation!
Joe Rodgers
.