Friday, December 4, 2015

Installing Microsoft Azure BizTalk Services SDK


Microsoft Azure BizTalk Services SDK can be installed on any of the operating systems Windows 7/Windows Server 2008 R2/Windows 8/Windows Server 2012 but as of now only Visual Studio 2012 is supported.

.Net 3.5 and 4.5 are to be enabled before we start and make sure the Visual studio has Microsoft Visual C# .NET selected while you installed as it is under it the BizTalk Services template is added.

Couple of certificates are to be kept ready before we start installation:
1. Certificate needed when we deploy BizTalk services application developed on local machine to the BizTalk service provisioned on the cloud. This public certificate is created when you provision BizTalk Service on Azure, just download it and make sure it is added in Trusted Root Certification Authorities Store .

Go to Azure portal, login and navigate to BizTalk Service which you have created. Click on Dashboard, at right bottom there is section quick glance
login and navigate to BizTalk Service

 Click Download SSL certificate

Download SSL certificate

 Click on Install Certificate...

Install Certificate..

Select Local Machine

Select Local Machine

Now browse to certificate store

browse to certificate store

and locate Trusted Root Certification Authorities

locate Trusted Root Certification Authorities

Click Next
locate Trusted Root Certification Authorities next

certificate import

certificate import wizard


Note: We can do BizTalk Service SDK installation without certificate also, you would be able to do develop application but while deploying the applications you would need it. If not provided then following error is thrown :- The underlying connection was closed: Could not establish trust relationship for SSL/TLS secure channel 

2. Certificate needed for securing BizTalk Adapter Service web service which is installed in IIS. This certificate is needed to have Private key associated with it.

Open Developer Command Prompt for VS2012 and with help of makecert  we create a self signed certificate

makecert -pe -r -n "CN=demo" -e "12/01/2019" -sr LocalMachine -ss root

makecert  we create a self signed certificate

-pe : Marks the generated private key as exportable
-r : Creates a self-signed certificate.
-e : Specifies the end of the validity period
-sr : Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine
-ss: Specifies the subject's certificate store name that stores the output certificate


You should see that the certificate is created under Trusted Root Certification Authorities of the Local Computer certificate store


Next is to export the private key of the above created certificate from certificate store using certutil


certutil -exportPFX -p "demopassword" root demo demo.pfx

certutil to export  self signed certificate

-exportPFX : Export certificate and private key
-p : Password


After we are done with export, we need to provide this to IIS server as when we install the Runtime an on-premise web service running in IIS is installed and this  BAS web service needs to be secured and for that we need a self-signed certificate for which we have a private key. To provide IIS the certificate, open IIS manager, navigate to Server Certificate

IIS manager, navigate to Server Certificate

Right-click on the screen and select Import. Click on the ellipsis (...) on the Import Certificate Window, select the private key (.pfx file) we exported in the previous step


Import Certificate Window

and enter the password (the one provided while exporting) and leave the default values as it is

Import Certificate Window 1


 You can see the certificate added in Server Certificates


certificate added in Server Certificates

and Personal store as well

certificate added in personal stores



Note: For the development machine we can go ahead with Self Signed certificate, but for production it is supposed to be collected from Certificate Authority.

When you run the setup you would see three components which can be installed.
1. Developer SDK : It is required to develop Windows Azure BizTalk Services applications using Microsoft Visual Studio. Should be installed on development machines only and not on production. BizTalk Services project template (bridges) and BizTalk Services Artifacts project template (transforms and schemas) is added to Visual Studio under Visual C# section.

2. Tools : The Windows Azure BizTalk Services Tools installs the PowerShell extensions for managing Windows Azure BizTalk Service and BizTalk Adapter Service. It can be installed on both development and production machine.

3. Runtime : The BizTalk Adapter Service Runtime is required to connect to an on-premise Line of Business Application from a Windows Azure BizTalk Services application. It can be installed on development/production machines if BizTalk services developed needs to interact with LOB systems on premise. A web service (BizTalk Adapter Service) is created in IIS.

To begin with you need to Close Visual Studio instances, if any is opened and download the SDK files from here.

download sdk

I have selected all, but in case you won't be working on EDI solutions then you can uncheck it. It is must to have the BizTalk Service created already as the URL of the service and certificate which is created while provisioning the BizTalk service is required while installing the BizTalk Services SDK.


BizTalk Services SDK
Run the wizard, and specify the location to unzip. Rest leave as it is

 Run the wizard
Run the wizard unzip

Run the wizard unzip location

On completion of unzip process, you should see files as in above image and setup window as below

 BizTalk adapter service setup

 Accept the License term and click Next

License term
Based on which env you are installing, features can selected. For production env you don't need Developer SDK and if you are not going to deal with LOB system then Runtime component can also be unchecked. As am installing on development machine I opted all three.
Runtime component
Click Install
Install

Once you reach this step, another window pops up --- BizTalk Adapter Service setup Wizard

BizTalk Adapter Service setup Wizard

Click Next
BizTalk Adapter Service setup Wizard next

Accept the License term and click Next

Accept the License term and click Next


Here I have used my local account and domain can be left blank in case of local account , I  just gave my machine name. The account used should have admin rights as  it is used to run Biztalk Adapter Service (BAS) IIS application pool - BizTalk Adapter AppPool. We can also create a service account and add it to the local Administrators Group instead of using a local user account.

Accept the License term and click Next 1
Here you provide the url of the BizTalk Service which you have already provisioned using Azure portal
Accept the License term and click Next 2

Select Use SSL to secure the management service, it is to encrypt HTTP communication with the on-premise BAS Management Web Service with SSL. And select the certificate which has Private Key associated with it and specify the port on which you want the web service to run, I have used default, but you can create new port and use that.


biztalk services sdk installation

Click Install

biztalk services sdk installation

Click Ok
biztalk services sdk installation

Click Finish

To verify installation is successful, open visual studio and select new project, you should see Templates added



open visual studio and select new project, you should see Templates added


and in Server Explorer, you should see following

Server Explorer


 And in IIS Manager

IIS Manager












Wednesday, December 2, 2015

Microsoft BizTalk Adapter Service Setup Wizard Ended Prematurely


Azure BizTalk Services SDK installation was interrupted, during the installation of last component(Runtime Component) i.e., BizTalk Adapter Service

BizTalk Wizard


Clicked on the log file to see the actual reason for failure.

Wizard ended prematurely

As can be seen in image below nothing significant was there

log file

Why it happened:


So why it happened? to find it had a look at Event Viewer --> Windows Logs--> System  and there it was "The SSL server credential's certificate does not have a private key information property attached to it"

Event viewer


The error says that the certificate provided does not have private key associated with it. It makes sense, I had provided the self signed certificate which was downloaded after provisioning the BizTalk service and it has only public key associated with it.


What to do:

We need to provide certificate with private key as it will be used while creating the web site on the machine where you are running this setup.

We can create a self signed certificate for which we have private key, to create it ,open Developer Command Prompt for VS2012 and with help of makecert  we create a self signed certificate 

makecert -pe -r -n "CN=demo" -e "12/01/2019" -sr LocalMachine -ss root


-pe : Marks the generated private key as exportable
-r : Creates a self-signed certificate.
-e : Specifies the end of the validity period
-sr : Specifies the subject's certificate store location. location can be either currentuser (the default) or localmachine
-ss: Specifies the subject's certificate store name that stores the output certificate
command prompt

You can see the certificate created under Trusted Root Certification Authorities of the Local Computer certificate store

trusted root certificate store
And using certutil we export the private key of the above created certificate from certificate store

certutil -exportPFX -p "demopassword" root demo demo.pfx

cert util


After we are done with export, we need to provide this to IIS server as when we install the Runtime an on-premise web service running in IIS is installed and this  BAS web service needs to be secured and for that we need a self-signed certificate for which we have a private key. To provide IIS the certificate, open IIS manager, navigate to Server Certificate

 iis manager
Right-click on the screen and select Import. Click on the ellipsis (...) on the Import Certificate Window, select the private key (.pfx file) we exported in the previous step

Import certificate


and enter the password (the one provided while exporting) and leave the default values as it is

  Import certificate 1

You can see the certificate added in Server Certificates



server certificate

and Personal store as well

personal store




Allright, so next is to rerun the installation of Runtime component, this time I selected the above created certificate (demo) instead of the certificate downloaded from portal while provisioning BizTalk Service on portal(testbizserv1.biztalk.windows.net)
wizard setup
Port left as default 8080
port left as default

wizard setup


And the installation was successful

installation successful






 

Related Post