Configure SharePoint Workflow Manager - The Definitive Guide

May 15, 2024 / Andreas Glaser

How to: SharePoint step by step configuration of workflow manager with this definitive guide.

---

Applies to:

• SharePoint Server Server Subscription Edition 24H1
• SharePoint 2019

There are three different workflow technologies supported by SharePoint :

1. SharePoint 2013 Workflow platform
   This platform is the recommended workflow platform by Microsoft [1]. As of February 2023, SharePoint Workflow Manager (SPWFM) is used to integrate workflows into SharePoint. Microsoft Workflow Manager (WFM) and Service Bus are deprecated but supported. [2]


2. Power Automate
   Power Automate is a new cloud-based workflow platform. It has two limitations:
   • Each related user must have a PowerApps Plan 1 license which is not part of the SharePoint Server license.
   • Microsoft Flow is currently optimized for non-interactive workflows.


3. SharePoint 2010 Workflow platform
   This platform is supported for backward compatibility. If you want to create new Workflows please use one of the options above.

SharePoint provides workflows by using SharePoint Workflow Manager, which is based on Windows Workflow Foundation.

There are different tools to develop workflows [3]:

• SharePoint Designer 2013
  SharePoint Designer is the primary tool to develop workflows. It’s installed on your local computer and connects to a SharePoint site (you have permission to).


• Visual Studio
  Visual Studio is used to develop advanced workflows with custom actions and tasks that can interact with a custom application.

The end user interacts with workflows via a supported web browser like Edge, Firefox, or Chrome.

Back to top

There are different scenarios for installing and configuring Workflow Manager:

• Install Workflow Manager on a SharePoint server. Communication takes place using HTTP or HTTPS.
• Install Workflow Manager on a dedicated server that is not part of the SharePoint farm. Communication takes place using HTTP or HTTPS.

I'm going to use the following scenario to install and configure Workflow Manager:

Details:

• Workflow Manager will be installed on a dedicated server.


• SharePoint is already installed and a Web Application + Site Collection has been created. The URL "http(s)://www.domserver.com" returns content, e.g. a team site.


• A "Host (A)" entry for the sub domain "workflow.domserver.com" has been created using "DNS Manager". It points to the Workflows Manager server with IP address 192.168.137.4:
  


• Communication between SharePoint and Workflow Manager takes place using HTTPS. If you don’t want to use HTTPS you can easily replace it with HTTP during the following process.

Back to top

Azure Service Fabric Runtime 9.1 CU2 (9.1.1583.9590)

SharePoint Workflow Manager and SharePoint Workflow Manager Client

Back to top

Please verify the following SharePoint Workflow Manager requirements:

1. You need to use a SharePoint Farm Administrator account (e.g. spAdmin). This account needs the following permissions:
   
   • dbcreator and securityadmin on the SQL Server
   • Member of the "Administrators" group on every server where Workflow Manager will be installed.
   
   If you are unsure about specific SharePoint requirements please find more information here:
   • SharePoint Server Subscription Edition hardware, software and account requirements.
   • SharePoint 2019 hardware, software and account requirements.
   • SharePoint 2016 hardware, software and account requirements.


2. Please create a domain account (e.g. spWFM) under which the Workflow Manager service will run. This must be a domain account.


3. In SharePoint the App Management Service and Microsoft SharePoint Foundation Subscription Settings Service must be running.
   


4. SQL Server that hosts Workflow Manager databases needs to be configured [6]:
   • "Workflow Manager communicates by using TCP/IP or Named Pipes. Make sure that the appropriate communication protocol is enabled on the SQL Server instance that hosts the Workflow Manager databases."
   • "The SQL Browser Service must be running on the SQL Server instance that hosts the Workflow Manager databases."


5. Firewall has to allow communication over the following ports:
   • Workflow Manager Ports: 12290 & 12291
   • Service Bus Ports: HTTPS 9355 & TCP 9354
   • Message Broker Port: 9356
   • Internal Communication Port Range: 9000 - 9004


6. (Self-signed) SSL certificates are not allowed to create certificate warnings in your web browser.


7. Log on to the Workflow Manager server and successfully ping "www.domserver.com".


8. Log on to the SharePoint server and successfully ping "workflow.domserver.com".

If you didn't successfully install SharePoint please do this first:

• How to: successfully install SharePoint Server Subscription Edition
• How to: successfully install SharePoint 2019
• How to: successfully install SharePoint 2016

Also please make sure sure you have the newest SharePoint Cumulative Updates installed:

• Update SharePoint Server Subscription Edition
• Update SharePoint 2019
• Update SharePoint 2016

Back to top

Install Pre-requisites

Install Azure Service Fabric Runtime

Log on to the server where Workflow Manager will be installed:

1. Open a PowerShell console with "Run as Administrator":
   


2. Run the following command:
   
   .\MicrosoftServiceFabric.9.1.1583.9590.exe /accepteula


3. Wait until the installation has successfully finished:


4. Repeat the steps on every server where Workflow Manager will be installed.

Install Workflow Manager Client

Log on to the server where Workflow Manager will be installed:

• Install the Workflow Manager Client. The installation is done without a GUI.

Log on to every SharePoint server:

• Install the Workflow Manager Client. The installation is done without a GUI.

Configure Web Server (IIS) role

Apply these steps on every server where SharePoint should be installed.

1. Open Server Manager and click manage to "Add Roles and Features".
   


2. Select "Role-based or feature-based installation" and click next.
   


3. Select a server from the server pool which you want to prepare for the SharePoint installation.
   


4. Check "Web Server (IIS)".
   


5. Add required features if you are prompted.
   


6. Proceed to the "Web Server" role services selection and add the following services.
   Windows Server 2022 role services:
   
   Windows Server 2019 role services:
   


7. Click install.


8. Restart the server if the installation has finished.

Back to top

Install Workflow Manager

Log on to every server where Workflow Manager will be installed:

• Install SharePoint Workflow Manager. The installation is done without a GUI.

Back to top

Configure Workflow Manager

You’re still logged on to the server where Workflow Manager is installed:

1. Log on to the server where Workflow Manager is installed using a SharePoint Farm Administrator account (e.g. spAdmin)


2. Open "Start > SharePoint Workflow Manager > Workflow Manager Configuration".


3. Configure Workflow Manager with custom settings:
   


4. Configure the Farm Management database settings:
   
   
   Note: If you want SSL communication between your Workflow server and SQL Server make sure the firewall on SQL Server allows SSL traffic. Otherwise "Test Connection" will fail.
   Note: If you use SSL make sure you use a FQDN to reference your SQL Server instance. The common name in the SSL certificate must match the FQDN of the SQL Server instance.


5. Configure the Farm Management database name:
   


6. Configure the Instance Management database name:
   


7. Configure the Resource Management database name:
   


8. Provide the Workflow Manager service account:
   


9. Enable "Auto-generate" certificates to use HTTPS for communication between SharePoint and Workflow Manager. If you want to use your own certificate uncheck "Auto-generate".
   Provide a password:
   
   
   Note: The password is required if you want to join servers to the Workflow Farm later.


10. Keep the default ports:
    


11. Please select the options you need:
    
    Usually you can keep the default settings because most companies have a firewall enabled on the Workflow Manager server and want to use HTTPS.


12. Provide a group of users that will manage the workflow farm:
    


13. Please proceed to the second page and configure the same settings for the Service Bus.


14. Configure the Service Bus Farm Management database name:
    


15. Configure the Service Bus Gateway database name:
    


16. Configure the Message Container database name:
    


17. Select to use the same service accounts credentials as provided for Workflow Manager:
    


18. Enable "Auto-generate" certificate. If you want to use your own certificate uncheck "Auto-generate".
    Re-use the same certificate generation key as provided for Workflow Manager:
    


19. Keep the standard ports and enable firewall rules:
    


20. Provide a group of users that will manage the Service Bus farm:
    


21. Review your settings and finish the configuration:
    


22. After a couple of minutes, the installation process will finish:
    

Back to top

Export Workflow Manager Certificate

The Workflow Manager certificate will be imported to SharePoint. Start with step 10 if you use your own certificate.

1. Log on to the server where Workflow Manager has been installed with the account you used during installation, for example the SharePoint Farm Administrator account (e.g. spAdmin)


2. Open Internet Information Services (IIS), select the "Workflow Management Site" and click "Bindings":
   


3. Edit the existing binding:
   


4. View the SSL certificate:
   


5. Click on the details tab and copy the certificate to a file:
   


6. The "Certificate Export Wizard" will guide you through the process.
   Don’t export the private key:
   


7. Select the "DER encoded binary X.509 (.CER)" format:
   


8. Provide a file name and finish the export.


9. Copy the file to a SharePoint server so it can be imported to SharePoint.


10. Open "Central Administration > Security > Manage Trust":
    


11. Click "New" to create a new trust relationship:
    


12. Add a meaningful name:
    


13. Select the certificate:
    


14. Click "Ok" to finish the import.


15. You can see the newly created trust relationship:
    

Back to top

Register Workflow Proxy in SharePoint

The Workflow Proxy has to be registered in SharePoint:

1. Log on to a server where SharePoint has been installed using a SharePoint Farm Administrator account.


2. Open Central Administration and go to: http://CENTRALADMINISTRATION/_admin/WorkflowServiceStatus.aspx
   
   
   The Workflow Proxy has not been registered yet.


3. Open "SharePoint Management Shell" as an administrator and run the following command:
   
   

   Register-SPWorkflowService -SPSite "https://www.domserver.com" -WorkflowHostUri https://workflow.domserver.com:12290 -force

   Parameter SPSIte specifies a URL to an existing site collection.
   Parameter WorkflowHostUri specifies a URL to the workflow server.
   
   
   
   Important: You must use https for both URLs or http for both URLs. You can’t mix it.
   Note: For a non-SSL SharePoint site, the parameter "-AllowOAuthHttp" must be added.


4. Refresh the workflow status page to verify if workflow is now connected to SharePoint:
   

Please have a look at the next section if you get an error message during the registration process.

Back to top

Connection and SSL Certificate Issues

You want to register your Workflow proxy in SharePoint using "SharePoint Management Shell":

Error

Microsoft.Workflow.Client.InvalidRequestException: Failed to query the OAuth S2S metadata endpoint at URI 'https://SHAREPOINT-SERVERNAME/_layouts/15/metadata/json/1'.
Error details: 'An error occurred while sending the request.'.

HTTP headers received from the server - ActivityId: 43b6895a-6cec-44f7-a6b7-89efaaebd15e.
NodeId: WORKFLOW-SERVERNAME. Scope: /SharePoint. Client ActivityId : ce7cf99e-d231-1031-22d6-80126e9a7bda. --->

System.Net.WebException: The remote server returned an error: (400) Bad Request.

Reasons

One of the reasons can be connection issues:

Another reason can be a certificate error if you open your SharePoint site:

Solutions

Please make sure you can access "https://workflow.domserver.com:12290/" from your SharePoint server you run the management shell on:

(Log in using an Workflow Manager Administrator account if required.)

Make sure you can access your Web Application you want to connect to Workflow Manager (e.g. https://www.domserver.com/) on the Workflow Manager server:

Also make sure:

• The certificate is issued for the URL you are using
• Any self-signed certificate in a test environment should be added temporarily to the "Trusted Root Certification Authority" on the SharePoint server where you run the management shell and on the Workflow Server. Restart Internet Explorer and open the SharePoint site again.

Back to top

Permission Issues

You want to register your Workflow proxy in SharePoint using "SharePoint Management Shell":

Error

Microsoft.Workflow.Client.InvalidRequestException: Failed to query the OAuth S2S metadata endpoint at URI 'http://sp-2019-custom/_layouts/15/metadata/json/1'.

Error details: 'The metadata endpoint responded with an error. HTTP status code: Forbidden.'.

HTTP headers received from the server - ActivityId: 69be2f1d-dd90-4aaf-a6a3-442a4622432c.
NodeId: SP-2019-WORKFLO. Scope: /SharePoint. Client ActivityId : 037ff99e-82e9-1031-22d6-82a52cdc96c6. --->

System.Net.WebException: The remote server returned an error: (400) Bad Request.

Reason

The Workflow Manager service account doesn’t have permission to access the Web Application you want to connect to the Workflow Manager.

Solution

Open "Central Administration > Application Management", select your Web Application you want to connect to Workflow Manager and click on "User Policy":

Add the Workflow Manager service account and give it “Full Read” permission:

Back to top

Resources

• [1] Workflow in SharePoint Server
• [2] Announcing the release of SharePoint Workflow Manager for SharePoint Server
• [3] Workflow development tools
• [4] Configure Workflow Manager to work with the SharePoint Server farm,
• [5] SharePoint 2013/ 2016: Tips for Successful Installation of Workflow Manager
• [6] Troubleshooting
• [7] Prerequisites