Troubleshooting SharePoint 2013 Service Bus and Workflow Manager


Trouble Shooting SB and WF

The Windows Event Logs actually have application Event logs for SB and WF that you can use for troubleshooting.

Windows Event Viewer -> Application and Service Logs -> Microsoft-Workflow

Windows Event Viewer -> Application and Service Logs -> Microsoft-ServiceBus


That being said, those logs are where you'll find clues as to what is going wrong when things aren't working in your setup.

 


Recently, I was setting up a new SP2013 Workflow farm and had to make use of those log files to get my Service Bus and Workflows started using CA generated certificates.


Most everything installed ok, except at the very end when it gave me a cryptic error that it wasn't able to do the last step of adding the workflow as a host. 


Fortunately, the Workflow config wizard shows you the PowerShell commands that it was attempting, and I discovered it was erroring out on the last command in the script which was to Add-WFHost.


I had attempted to use one SAN certificate for Encryption and SSL, and another for Workflow Outbound communications.


So one of the first things, I needed to do was to ensure that the service bus was using the load balanced farm dns name for my workflow service.

For the ServiceBus settings, after setting up my farm, I had to set the Farm DNS Name using the following command:

Set-SBFarm -FarmDNS spworkflow.domainname

Stop-SBFarm


#If you have multiple hosts, run the Update-SBHost on each host

Update-SBHost


Start-SBFarm

Get-SBFarm

Get-SBFarmStatus

 

For a NLB situation, it turns out that the service bus certificates may not support multiple SAN entries.  Therefore, it won’t work when you have multiple SAN entries in the cert. 

  

From Windows Event Viewer -> Application and Service Logs -> Microsoft-Workflow -> Admin log, I saw an error along these lines:

System.TimeoutException: Could not successfully send message to scope ‘/WF_Management’ despite multiple retries over a timespan of …..

The details of the error specified:

The expected DNS identity of the remote endpoint was [farm dns name], but the remote endpoint provided DNS claim ‘[servername01]’.  If this is a legitimate endpoint, you can fix the problem by explicitly specifying DNS identity ‘servername01’ as the identity property of the EndPointAddress when creating channel proxy.

 

The SAN cert, I was using had the farm dns name and the dns names of each server in the farm. The workflow was verifying the certificate based on the DNS SAN for one of the servernames instead of the farm dns name.

 

So, I wound up using a single DNS SAN with only the farm dns name for the service bus farm cert, service bus Encryption cert, and workflow encryption cert.


This allowed me to successfully run the Add-WFHost, but when looking at the Get-WFFarmStatus, I saw that the WFFrontEnd status was offline.


I was getting Workflow front end errors indicating the servername endpoint and cert didn’t match.

 

So, I changed the Workflow SSL cert to  use the multiple server SAN cert which contained all servers in the farm as well as the farm dns name.

Once that was done, I ran Remove-WFHost, and re-ran the Add-WFHost command with parameters from the PowerShell script from the config wizard.


If your running into similar issues setting up the workflows using CA certs, I hope this provides some help in getting your set up going.



Related Articles that helped me resolve my certificate issues for Service Bus and Workflow:

http://www.harbar.net/articles/wfm3.aspx

Microsoft Knowledge Base Archive (pkisolutions.com)



If all else fails, you can always start a new by uninstalling and reconfiguring a fresh Workflow Manager setup.  I actually did this once, and on the second attempt I was going to do this again and simply use the default non-CA signed certs, but decided to try a few troubleshooting steps before wiping out what I had gotten setup thus far.   Using the Powershell commands available for ServiceBus and Workflow, and the logs, I was able to resolve my issues.



Cannot load file or assembly Microsoft.ServiceBus, Version 1.8


I was setting up my COOP SPWorkflow farm and ran into this error when running the Add-WFHost portion of the PowerShell script for setting up the farm.  

I wound up getting a copy of gacutil.exe from my dev workstation and then running:
.\gacutil.exe /i "C:\Program Files\Service Bus\1.1\Microsoft.ServiceBus.dll"

I had to close and re-open Powershell after that.   Once I did that, I was able to complete the farm configuration script.  For some reason, the Microsoft.ServiceBus.dll didn't get registered into the GAC during the service bus installation.

Comments

Post a Comment

Popular posts from this blog

How To use ASPNET_SetReg to store encrypted data in the registry and then decrypt the data for use in your app

1) You may find it a bit unsecure storing usernames and passwords inside your web.config.  As an alternative to doing this, Microsoft has established a standard way to store that type of info in the registry of your server instead.  Yes, you can encrypt portions of the web.config using aspnet_regiis, but it can become quite a hassle if you need to make changes to some of your appSettings keys or change the account password over a number of different applications.   ( http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx ) 2) You can use a simple command line tool called aspnet_setreg.exe to create your registry entries.     You can find the tool here:              http://support.microsoft.com/kb/329290     The tool will use CryptProtectData to encrypt the values you put in the registry. The example in the article uses the following example: Run the following command...
Read more

Nostalgia for SNL's Il Returno De Hercules

Image
Source: http://snltranscripts.jt.org/86/86nhercules.phtml Now that SNL has an official YouTube channel, I had hoped SNL would add the "Il Returno de Hercules" skit to the channel.  The skit was from from SNL Season 12 Episode 14. I was able to find the script for the skit at snltranscripts.jt.org.  And here it is for your viewing pleasure.  If SNL doesn't put this on YouTube, maybe someone can remake it and put it up. Il Returno de Hercules King Laetes.....Dana Carvey/Tom Davis (voice) Helena.....Nora Dunn/Jan Hooks (voice) Hercules.....Bill Murray Guard.....A Whitney Brown Announcer : [ over SCROLL ] "In the time known as the Heroic Age, many centuries before the birth of Christ, Greece was still a savage and uncivilized land. In these dark times, one man alone defended the helpless - the Mighty Hercules. For many years the mighty Hercules fought for the common people, until at length his rich diet and increasingly sedentary lifesty...
Read more

PowerShell Script to Clean the Windows Installer Directory

Yesterday, I had a case of the Windows folder filling up the OS drive on a server. I already have scripts to archive the event log files in c:\windows\system32\winevt, as well as c:\inetpub\logs for web servers.  So I ran those again, but found the OS drive still down to less than 5 GB in space. Using a program called WinDirStat, I discovered that the Windows Installer directory had gotten pretty big, like over 40GB in size. I began my quest to Google for a solution. I saw one article talking about using DISM to clean up the winsxs directory.  https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/clean-up-the-winsxs-folder However, that didn't clean up the c:\windows\installer directory at all.  Also, installing the Desktop Experience Feature and using the cleanmgr.exe (Disk Clean up) utility didn't clean up the Installer directory either. Many blogs pointed towards a tool called Patch Cleaner. https://www.winhelponline.com/blog/windows-inst...
Read more