Update CU WFM 1.0 Refresh(CU2) + CU5 with "SB 1.1 with TLS 1.2" (will install WFM 1.0 CU4 client)

Update CU  WFM 1.0 Refresh(CU2) + CU5 with "SB 1.1 with TLS 1.2" (will install WFM 1.0 CU4 client)

Cumulative Updates installation on Workflow Manager

 

Please find the compatible / Supportability table to verify the current versions on your server.

https://www.linkedin.com/pulse/workflow-manager-10-windows-service-bus-ahmed-kelani/

 

Types of Cumulative Updates in Workflow Manager farm

 

1.       When you have RTM-CU1 WFM, Upgrade first:

2.       Once WFM is updated - Upgrade to Service Bus to 1.1 with TLS 1.2

 

Get Output of MFA tool.

1.       Gather the MFA report of your Workflow Manager environment (so that We can give compatibility health checks and review the final status of your changes)

 

Title: Run MFA (Messaging Farm Analyzer) report to get  workflow manager health details

 

Steps:

 

This tool gathers information about a Workflow Manager (WFM) and Service Bus Server farm and generates warnings when issues are detected.

Gather the MFA report of your Workflow Manager environment (so that We can give compatibility health checks and review the final status of your changes)

 

1.       Login to the WFM primary server with a Run as account or service account.

a.       MFA.exe can be downloaded here. https://www.microsoft.com/en-US/download/details.aspx?id=103244

b.      Create a new folder named MFA Report.

c.       Move the MFA36.exe downloaded file into the MFA report folder.

d.      Right click on the MFA36.exe file and Run extract the files here.

e.      Run the MFA.exe file.

f.        Select the check box. ETL Traces and Workflow Publish test

g.       Click on the Start button.

h.      An MFA report will be generated in the downloaded file location.

2.       If you are not able to generate a WFM report.

a.       Login to WFM primary server with Rus as Account/administrator/ farm account/ Service account.

b.      Open workflow Manager PowerShell Run as administrator mode.

c.       Please run the below Commands one after one and save the screenshots and save as a text file.

                                       i.            Get-WFFarm

                                     ii.            Get-WFFarmStatus

                                    iii.            Get-SBFarm

                                   iv.            Get-SBFarmStatus

                                     v.            Get-NameSpace

 

3.       When you have RTM -CU1 WFM, Upgrade first:

a.       IF service bus 1.0 is installed, apply CU1 as a pre-requisite before 1. upgrading WFM

b.      Upgrade WFM to CU3 - then CU4 (for SharePoint Up to (not including) December 2017.

c.       Upgrade WFM to CU5 - for SharePoint from December 2017

 

4.       Once WFM is upgraded - upgrade Service Bus to 1.1

 

If you're from is already with WFM CU5, you can directly perform SB1.1 with TLS 1.2 upgradation. IF not, you need to first perform WFM CU5 upgradation then only you need to perform SB1.1 with TLS 1.2 upgradation.

 

Note:

a.       Make sure you have Certificate Generated Key if you have Auto Generated Certificate. if you have an Auto Generated certificate. If you don’t have we need to reset the Certificate Generated Key password.

b.      If we have a custom Generated Certificated Certificate, not required Certificate Generated Key.

c.       Make sure you can log in to the workflow manager server with Run As Account.

 

Steps for WFM CU5 Upgradation:

 

1. Please find the below steps you have to before updating.
2. Please find the below steps you have to do before updating on Workflow Manager server Backup.

3.       Please find the below steps you have to do before update on the WFM server.

4.       We ensure that you have back your databases up for WFM and Service Bus, in order to ensure that you have a rollback available.

5.       Run the below commands on WFM PowerShell in RunAsAdmin mode before you take them

1.       Stop-WFHost

2.       Stop-SBHost

6.       Backup all WFM, SQL, and SharePoint snapshots of VMs to endure that you have a rollback available.

7.       WFM and service Bus Databases to backup before the change are done(workflow manager default naming shown below)

1.       WFResourceManagementDB

2.       WFManagemntDB

3.       WFInstanceManagementDB

4.       SBManagementDB

5.       SBGateWayDB

6.       SBMessageContainer

 

Please find the below permissions or access required Service account/ Run As Account for Workflow Manager Farm.

 

1)      Login to WFM primary server with Rus as Account/administrator/ farm account/ Service account.

a.       Verify Run as Account have farm account is part of below groups, if not need to be added.

b.      Open Run and type the below command.

c.       Command: lusrmgr.msc

d.      "Go to groups"

e.      Examine your login account in the groups listed below, if not need to be added.

                                       i.            Administrator

                                     ii.            Distributed COM users

                                    iii.            Remote Desktop Users

                                   iv.            Windows Fabric Administrator

                                     v.            Windows Fabric allows users

                                   vi.            IIS users

                                  vii.            Azure fabric Administrator

                                viii.            Azure Fabric allowed users.

2)      The installation account must have the "sysadmin" role on the SQL server.

Please find the references:

https://docs.microsoft.com/en-us/previous-versions/service-bus-archive/jj193011(v=azure.100)

 

1.       The Workflow Manager client is installed on all SharePoint servers. If not installed on all SharePoint servers,

2.       Verify all the certificates are available in a personal and trusted location, including intermediate certificates.

3.       Verify all the certificates are available in All Workflow Manager servers, Web front-end servers, and Application servers. personal and trusted location, and an intermediate certificate.

4.       You can get an offline package either way.

1.       If you have raised a support case to perform this operation, request the MS SE with whom you are working to provide an offline package.

2.       The MS team will upload the offline package of WFM/SB and also the steps that need to be followed to install WFM in the DTM workspace. The MS team will share while installing You need to log in to Microsoft Shared Link with a Corp Microsoft account in order to view and download files.

3.       You can download the offline installation package by running the below PowerShell commands on your server.

1.       Find the Offline Package:

 

WebpiCmd.exe /list /listoption:Available|{$_.Contains("ServiceBus")}

 

Create offline Package for "SB 1.1 with TLS 1.2" (will install WFM 1.0 CU4 client):

 

WebpiCmd.exe /Offline /Products:ServiceBus_1_1_TLS_1_2 /Path: D:/Tools/ServiceBus_1_1_TLS_1_2

 

Note:

Please change the path D:Tools to whatever directory and folder you decide to download the WEBPi files from.

4.       If you have auto-generated certificates in the current WFM configuration, make sure you have a certificate auto-generated key.

5.       If you don’t have a certificate auto-generated key, When you cannot re-join the farm because you do not know the certificate Auto-Generation Key. You can change the farm configuration state instead.

6.       follow one of the methods.

                                      i.      We need to generate one first. We recommend performing the process with Microsoft SE assistance.

                                    ii.      Or convert an auto-generated certificate to a custom-generated certificate and run the SQL commands.

 

5.       Enable the Required TLS1.2 Registry setting by clicking on the below link.

6.       If you have workflow Manager installed in 3 servers leave 3rd and 2nd workflow manager farm one after one using configuration wizard or PowerShell

7.       Make sure before leaving farm you have "Certificate Generation Key/ passphrase / encryption key". This is needed to join the farm again.

8.       Leave the primary / 1st workflow manager server installed farm using configuration wizard or PowerShell.

9.       Or

10.   Leave the farm or Remove SB farm using the below command.

1.       Remove-SBHost-HostName Hostname -SBFarmDBConnectionString 'Connection String' -verbose

2.       Ex:

3.       Remove-SBHost-HostName ServerName -SBFarmDBConnectionString 'Data Source=vvvvvv;initilal catlog=wfmnanagementDB database name;Integrated Security=True; Encrypt=False' -verbose

4.       Note: Data Source you need to copy from Get-WFFarm output value.

11.   Uninstall or delete the required binaries following the steps.

1.       Navigate to the control panel, then to programs and features, then to uninstall a program. View installed updates on the left panel by clicking on that.

1.       Uninstall all the patches related to Service Bus.

2.       Control Panel--> Programs and Features--> Uninstall a Program-->

3.       Uninstall all the patches related to Service Bus.

 

4.       Click on start on windows and open run and type "Regedit" click on enter. Registry Editor Application is opens

5.       Navigate to the "HKEY_LOCAL_MACHINE\SOFTWARE|Microsoft" path

6.       Delete the registry hives for WFM and SB under HKLM\software\Microsoft\Service Bus (if exists).

 

7.       If you still see the Service Bus gate on services.msc

8.       Delete the registry hives for WFM and SB under HKLM\SYSTEM\CurrentControlSet\Services\ServiceBus GateWay (if exists).

 

2.       Navigate to the below path and check if any folders are present. Proceed to delete.

 

1.       C:\Program Files\Service Bus

2.       C:\Program Files(X86)\Service Bus

3.       C:\Program Data\Service Bus

4.       C:\Program Data\SF --> Delete folder

 

3.       Open "services.msc" and verify workflow manager-related services are still running, restart the server.

12.   Reboot the server

13.   Install Service Bus using the bellow command, the highlighted path should be changed with the path you copied the offline package in your server.

1.       WebpiCmdline.exe /Products:ServiceBus_1_1_TLS_1_2 /XML:C:\WFM\All\feeds\latest\webproductlist.xml /AcceptEula

14.   Open Workflow Manager PowerShell with Run as Administrator mode and Run the below commands

15.   for Auto-Generated certificate have in Workflow Manager Farm.

16.   $certKey=Convertto-securestring 'PASSPHRASE' -asplaintext -force

17.   Invoke-SBFarmUpgrade-SBFarmDBConnectionString "Data Source=********-InitialCatlog=SbMnagementDB;Integrated Security=True;AsynchronousProcessing=True;Encrypt=False" -CertificateAutoGenerationKey $CerKey

 

18.   for Custom-Generated certificate have in Workflow Manager Farm.

19.   $certKey=Convertto-securestring 'PASSPHRASE' -asplaintext -force

20.   Invoke-SBFarmUpgrade-SBFarmDBConnectionString "Data Source=********-InitialCatlog=SbMnagementDB;Integrated Security=True;AsynchronousProcessing=True;Encrypt=False"

 

21.   Refer the below article

22.   https://docs.microsoft.com/en-us/previous-versions/azure/dn448366(v=azure.10)?redirectedfrom=MSDN 

23.   Join the farm again and it will successful

24. SSL, Outbound, Encryption, and Farm certificates should be present in all WFM, App and workflow manager Servers(trusted, personal and Intermediate)
25. Verify Workflow Manager client CU4 is installed in all SharePoint servers(Webapp front end, Application servers, workflow manager servers).

https://support.microsoft.com/en-us/topic/description-of-the-cumulative-update-4-for-workflow-manager-1-0-3869fdf8-3af3-256b-3c0d-cb7cd8487460

26. Browse the endpoint of WFM

27.   Login to Workflow Manager installed 2nd server.

28.   Follow the Steps for WFM CU5 Upgradation from Step to Step

29.   Follow the Steps for Service Bus 1.1 with TLS 1.1 Upgradation from Step WFM5

30.   Join the farm

31.   Login to Workflow Manager installed 3rd server.

32.   Follow the Steps for WFM CU5 Upgradation from Step to Step

33.   Follow the Steps for Service Bus 1.1 with TLS 1.1 Upgradation from Service Bus 1.1 with TLS1.2

34.   Join the farm