Managing Farms and Nodes (Workflow Manager 1.0)
Updated: October 24, 2012
Service Bus is a pre-requisite for Workflow Manager. You must create and configure a Service Bus farm first and then configure a Workflow Manager farm.
The Service Bus steps that are required to create a new Workflow Manager farm are:
Create the Service Bus farm.
Add the machines to the Service Bus farm.
Create the Service Bus service namespace that will be used by Workflow Manager.
Get the Service Bus client configuration for the service namespace that will be used by Workflow Manager.
The cmdlets described in this section create or delete Workflow Manager farms and the nodes they contain.
Creating a New Workflow Manager Farm
The New-WFFarm cmdlet creates a new farm of Workflow nodes. To create a farm with auto generated certificates use the following format:
New-WFFarm -WFFarmMgmtDBConnectionString <string> [-AdminGroup <string>] [-CertificateAutogenerationKey <SecureString>] [-HTTPPort <int>] [-HTTPSPort <int>] [-InstanceMgmtDBConnectionString <string>] [-ResourceMgmtDBConnectionString <string>] [-RunAsAccount <string>]
To create a farm with custom certificates use the following format:
New-WFFarm -WFFarmMgmtDBConnectionString <string> [-EncryptionCertificateThumbprint <String>] [-AdminGroup <string>] [-HTTPPort <int>] [-HTTPSPort <int>] [-InstanceMgmtDBConnectionString <string>] [-OutboundCertificateThumbprint <thumbprint>] [-ResourceMgmtDBConnectionString <string>] [-RunAsAccount <string>] [-SSLCertificateThumbprint <Thumbprint>]
If an error occurs or you are forced to reboot during farm creation, the farm management database that is created may be left in a corrupt state. In that case, when you try to join a farm the process may display an error indicating that the machine you are trying to add to the farm is not a part of any farm. When you encounter such an error, you must drop the farm management database and recreate it before you can join any new nodes to the farm.
The following table describes the options for this cmdlet.
| Option | Effect |
|---|---|
| –WFFarmMgmtDBConnectionString <connectionstring> | Represents a connection string of the configuration database. |
| [-RunAsAccount <string> | Specifies the user account under which services will run. |
| -Admingroup <adgroup> | Specifies the user group whose members receive administrative access to the databases in the farm. Defaults to the BuiltIn\Administrators group on the machine. |
| -CertificateAutogenerationKey <SecureString>] | Specifies a key that the installer uses to generate a new services SSL certificate to secure communications between the services and their clients. |
| -InstanceMgmtDBConnectionString <string> | Specifies the connection string for the SQL Server database instance that will be used for the instance management database. The instance management database contains data for each instance of Workflow that is currently running. |
| -ResourceMgmtDBConnectionString <string> | Specifies the connection string for the SQL Server database instance that will be used for the resource management database. The resource management database manages the workflows. |
| -HttpPort <portno> | Specifies the port that will be used for HTTP communication. The default value is 12291. |
| -HttpsPort <portno> | Specifies the port that will be used for HTTPS communication. The default value is 12290. |
| -EncryptionCertificateThumbprint <string> | This certificate is used for securing the SQL connection strings. If not provided, it will take the value of the SslCertificate. Represents the encryption certificate. |
| -SslCertificateThumbprint <String> | This certificate is used for securing the service communication. Do not provide this if you areproviding CertificateAutogenerationKey for auto generation of certificates. |
| -OutboundCertificateThumbprint <String> | This certificate is used for securing the outbound communication. Do not provide this if you areproviding CertificateAutogenerationKey for auto generation of certificates. |
Adding a New Node to a Farm
The Add-WFHost cmdlet adds a node to an existing farm. The Add-WFHost cmdlet has the following format:
Add-WFHost [-EnableFirewallRules [<Boolean>]] [-EnableHttpPort [<SwitchParameter>]] [-SBClientConfiguration <String>] -CertificateAutoGenerationKey <SecureString> -RunAsPassword <SecureString> -WFFarmDBConnectionString
<String> [<CommonParameters>]
The following table describes the options for this cmdlet.
| Option | Effect |
|---|---|
| –WFFarmDBConnectionString <connectionstring> | Specifies the connection string for the SQL Server instance being added as the farm management database. |
| -RunAsPassword <SecureString> | Specifies the password for the user account under which services are running on the farm. If all the machines in a farm share the same service account and the security policy requires the service account password to be changed at regular intervals, you must perform specific actions on each machine in the farm to be able to continue adding and removing nodes in the farm. See the section titled Handling Farm Password Changes for this procedure. |
| -CertificateAutogenerationKey <SecureString>] | Specifies the key that the farm uses to secure the auto generated certificates. This is the same key that was passed in to New-WFFarm. |
| -enableHttpPort | Specifies whether HTTP needs to be enabled on this machine. HTTP is disabled by default. |
| -SBClientConfiguration | Workflow Manager must know the Service Bus farm information that it will be using. You must run the Get-SBClientConfig with the service namespace that Workflow Manager will be using and pass in the text returned by this cmdlet as a value for this parameter |
The installation program auto generates the following certificates based on your selections when it adds the node to the farm:
| Certificate Type | Name | Issuer |
|---|---|---|
| CA | AppServerGeneratedWFCA | |
| Outbound certificate | Workflow Manager outbound | AppServerGeneratedWFCA |
| SSL machine certificate | Machine fully qualified domain name. | AppServerGeneratedWFCA |
Removing a Node from a Farm
The Remove-WFHost cmdlet removes a node from an existing farm.
This cmdlet has the following format:
Remove-WFHost [-WFFarmDBConnectionString <connectionstring>]
If you want to rename a machine that belongs to a farm, you must use this cmdlet to remove it from the farm before you rename it, then add it back to the farm using the Add-WFHost cmdlet. If this cmdlet encounters a timeout error, you can still try to run the Add-WFHost cmdlet to try to add it back to the farm. If Add-WFHost succeeds, you can ignore the earlier timeout error.
The following table describes the options for this cmdlet.
| Option | Effect |
|---|---|
| -WFFarmDBConnectionString <connectionstring> | Specifies the connection string for the SQL Server instance being removed from the farm. If you do not provide this parameter the cmdlet finds the connection string in the registry. |
| -HostName<string> | Specifies the connection string for the SQL Server instance being removed as the Service Bus for Windows Server management database. |
When you leave a farm, any certificates that you installed on the machine remain. If you want to remove those certificates, you must remove them manually.