Thursday, December 3, 2015

Installing Microsoft Azure BizTalk Services SDK


Microsoft Azure BizTalk Services SDK can be installed on any of the operating systems Windows 7/Windows Server 2008 R2/Windows 8/Windows Server 2012 but as of now only Visual Studio 2012 is supported.

.Net 3.5 and 4.5 are to be enabled before we start and make sure the Visual studio has Microsoft Visual C# .NET selected while you installed as it is under it the BizTalk Services template is added.

Couple of certificates are to be kept ready before we start installation:
1. Certificate needed when we deploy BizTalk services application developed on local machine to the BizTalk service provisioned on the cloud. This public certificate is created when you provision BizTalk Service on Azure, just download it and make sure it is added in Trusted Root Certification Authorities Store .

Go to Azure portal, login and navigate to BizTalk Service which you have created. Click on Dashboard, at right bottom there is section quick glance

 Click Download SSL certificate


 Click on Install Certificate...


Select Local Machine


Now browse to certificate store


and locate Trusted Root Certification Authorities


Click Next




Note: We can do BizTalk Service SDK installation without certificate also, you would be able to do develop application but while deploying the applications you would need it. If not provided then following error is thrown :- The underlying connection was closed: Could not establish trust relationship for SSL/TLS secure channel 

2. Certificate needed for securing BizTalk Adapter Service web service which is installed in IIS. This certificate is needed to have Private key associated with it.

Open Developer Command Prompt for VS2012 and with help of makecert  we create a self signed certificate

makecert -pe -r -n "CN=demo" -e "12/01/2019" -sr LocalMachine -ss root


-pe : Marks the generated private key as exportable
-r : Creates a self-signed certificate.
-e : Specifies the end of the validity period
-sr : Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine
-ss: Specifies the subject's certificate store name that stores the output certificate


You should see that the certificate is created under Trusted Root Certification Authorities of the Local Computer certificate store


Next is to export the private key of the above created certificate from certificate store using certutil


certutil -exportPFX -p "demopassword" root demo demo.pfx


-exportPFX : Export certificate and private key
-p : Password


After we are done with export, we need to provide this to IIS server as when we install the Runtime an on-premise web service running in IIS is installed and this  BAS web service needs to be secured and for that we need a self-signed certificate for which we have a private key. To provide IIS the certificate, open IIS manager, navigate to Server Certificate


Right-click on the screen and select Import. Click on the ellipsis (...) on the Import Certificate Window, select the private key (.pfx file) we exported in the previous step



and enter the password (the one provided while exporting) and leave the default values as it is



 You can see the certificate added in Server Certificates



and Personal store as well




Note: For the development machine we can go ahead with Self Signed certificate, but for production it is supposed to be collected from Certificate Authority.

When you run the setup you would see three components which can be installed.
1. Developer SDK : It is required to develop Windows Azure BizTalk Services applications using Microsoft Visual Studio. Should be installed on development machines only and not on production. BizTalk Services project template (bridges) and BizTalk Services Artifacts project template (transforms and schemas) is added to Visual Studio under Visual C# section.

2. Tools : The Windows Azure BizTalk Services Tools installs the PowerShell extensions for managing Windows Azure BizTalk Service and BizTalk Adapter Service. It can be installed on both development and production machine.

3. Runtime : The BizTalk Adapter Service Runtime is required to connect to an on-premise Line of Business Application from a Windows Azure BizTalk Services application. It can be installed on development/production machines if BizTalk services developed needs to interact with LOB systems on premise. A web service (BizTalk Adapter Service) is created in IIS.
To begin with you need to Close Visual Studio instances, if any is opened and download the SDK files from here.


I have selected all, but in case you won't be working on EDI solutions then you can uncheck it. It is must to have the BizTalk Service created already as the URL of the service and certificate which is created while provisioning the BizTalk service is required while installing the BizTalk Services SDK.


Run the wizard, and specify the location to unzip. Rest leave as it is

 


On completion of unzip process, you should see files as in above image and setup window as below

 

 Accept the License term and click Next

Based on which env you are installing, features can selected. For production env you don't need Developer SDK and if you are not going to deal with LOB system then Runtime component can also be unchecked. As am installing on development machine I opted all three.
Click Install

Once you reach this step, another window pops up --- BizTalk Adapter Service setup Wizard


Click Next

Accept the License term and click Next



Here I have used my local account and domain can be left blank in case of local account , I  just gave my machine name. The account used should have admin rights as  it is used to run Biztalk Adapter Service (BAS) IIS application pool - BizTalk Adapter AppPool. We can also create a service account and add it to the local Administrators Group instead of using a local user account.

Here you provide the url of the BizTalk Service which you have already provisioned using Azure portal

Select Use SSL to secure the management service, it is to encrypt HTTP communication with the on-premise BAS Management Web Service with SSL. And select the certificate which has Private Key associated with it and specify the port on which you want the web service to run, I have used default, but you can create new port and use that.



Click Install


Click Ok

Click Finish

To verify installation is successful, open visual studio and select new project, you should see Templates added





and in Server Explorer, you should see following



 And in IIS Manager















Wednesday, December 2, 2015

Microsoft BizTalk Adapter Service Setup Wizard Ended Prematurely


Azure BizTalk Services SDK installation was interrupted, during the installation of last component(Runtime Component) i.e., BizTalk Adapter Service



Clicked on the log file to see the actual reason for failure.


As can be seen in image below nothing significant was there


Why it happened:


So why it happened? to find it had a look at Event Viewer --> Windows Logs--> System  and there it was "The SSL server credential's certificate does not have a private key information property attached to it"



The error says that the certificate provided does not have private key associated with it. It makes sense, I had provided the self signed certificate which was downloaded after provisioning the BizTalk service and it has only public key associated with it.


What to do:

We need to provide certificate with private key as it will be used while creating the web site on the machine where you are running this setup.

We can create a self signed certificate for which we have private key, to create it ,open Developer Command Prompt for VS2012 and with help of makecert  we create a self signed certificate 

makecert -pe -r -n "CN=demo" -e "12/01/2019" -sr LocalMachine -ss root


-pe : Marks the generated private key as exportable
-r : Creates a self-signed certificate.
-e : Specifies the end of the validity period
-sr : Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine
-ss: Specifies the subject's certificate store name that stores the output certificate

You can see the certificate created under Trusted Root Certification Authorities of the Local Computer certificate store

And using certutil we export the private key of the above created certificate from certificate store

certutil -exportPFX -p "demopassword" root demo demo.pfx



After we are done with export, we need to provide this to IIS server as when we install the Runtime an on-premise web service running in IIS is installed and this  BAS web service needs to be secured and for that we need a self-signed certificate for which we have a private key. To provide IIS the certificate, open IIS manager, navigate to Server Certificate

 
Right-click on the screen and select Import. Click on the ellipsis (...) on the Import Certificate Window, select the private key (.pfx file) we exported in the previous step



and enter the password (the one provided while exporting) and leave the default values as it is

 

You can see the certificate added in Server Certificates




and Personal store as well





Allright, so next is to rerun the installation of Runtime component, this time I selected the above created certificate (demo) instead of the certificate downloaded from portal while provisioning BizTalk Service on portal(testbizserv1.biztalk.windows.net)
Port left as default 8080



And the installation was successful