I recently had to build a new Workflow 7.1 server and realized that the past KB articles didn't address product changes and the new requirements of Windows 2008 R2.
*Updated on Jun 10th, 2011 to reflect new findings on remote SQL*
My goal was to enable Active Directory pass through authentication for a WF 7.1 Process Manager portal running on a Windows 2008 R2 server. The SQL server hosting the Process Manager database was off-box.
Here's a simple illustration of the lab used in this article:
Prior to starting the Workflow install, I did the following:
I used a vanilla installation of Windows 2008 R2. I suspect that some of the existing KB articles may include steps that are only necessary when using an altered installation of the OS or enhanced security restrictions (Kerebos) enforced by Active Directory. With that in mind, here are a list of steps that either provided no value, or broke a functioning implementation for this article:
This is the default (working) authentication setting for the root ProcessManager virtual directory:
Thank you, thank you, thank you. I spent 3 days trying to figure this out. Worked like a champ. And for anyone else that's new, the default password for admin@logicbase.com is "admin".
Hi. When setting up AD sync did you use the pre-2k domain name? Also, was AD sync successful?
I've used this article for the general setup/installation which worked great, however, I've been attempting to get the AD auth pass-through working and it doesn't seem work. I get the "Active Directory Authentication in Progress", then get dumped to the login page.
I can login with my test account successfully as a normal user, just unable to get automatic pass-through to take.
Steps I've taken:
1. Process Manager Active-Directory Settings > Active-Directory Authentication selected. 2. DefaultAppPool Managed Pipeline Mode set to "Classic" / Identity configured as domain service account.
3. Added AD server to ServiceDesk > Ran AD sync and imported users.
4. Configured ServiceDesk URL as a site in the Intranet Zone in IE.
If there is something I am missing, please let me know. I'd really like to get this working in IE and rollout a GPO to make the configuration changes as necessary to the end-user systems.
Great article. Thanks for putting this together. I ran into almost all the same snags, and the information presented here is spot on.
The WF installer needs some TLC from Symantec, as it does not have any built in intelligence for off-box SQL installation. And, there is very little information provided in the "implementation guide".
This is the kind of stuff that should be included in an implementation guide... Actual implementation processes..
Thanks again!
Updated to reflect SMP support for Windows 2008 R2 SP1
I discovered some additional bugs in the WF installation wizard when using a remote SQL server. I now recommend using the Advanced install option, ignoring the subsequent replication and cubing steps, and most importantly, turn off attempts by the wizard to grant permissions to local-only IIS related accounts that don't exist on a remote SQL server.
All new entries are marked with *NEW*
It won't work. Just use Scott's guide and setup the AD Server connection after the fact.
There's a SD upgrade article that recommends against using AD authentication mode during the install here: http://www.symantec.com/docs/HOWTO49691
I can tell that a prior WF .1 installation attempt of mine failed with a SQL related error when I tried to install with AD auth mode enabled. I don't have any information beyond that, just an educated guess.
Is #16 sub step D documented somewhere? I'm running into a DB creation issue and i'm going through the installer now without the AD setup during the installer. Will report back.
I had to reinstall Workflow 7.1 several times trying to piece together the 7.0 MP2 Passthrough Article with other tips from the forums and learned the hard way some of the points above such as DONT change admin@logicbase.com, DONT mess with authentication, and DONT mess with Active Directory Integration at install. This guide is essential for anyone new to workflow 7.1's installation. Two thumbs up sir!