Workflow Manager connections fail for some load-balanced URLs

Symptoms

Consider the following scenario:
  • You try to create a Workflow Manager farm that has a load-balanced URL.
  • The load-balanced URL is in a different DNS domain than the domain of the Workflow Manager servers. 
  • You try to create the Workflow Manager farm by using the Autogenerate option for the Workflow Manager certificates.
In this scenario, workflows that are initiated from SharePoint fail. When SharePoint Designer tries to create the workflow, it fails and generates SSL error 0x6.

Consider the following example:

The Workflow Manager servers are in the corp.contoso.com domain. You configure Workflow Manager with a load-balanced URL such as one of the following: 
  • A URL in the parent domain: wfm.contoso.com 
  • A URL in a subdomain: wfm.subdomain.corp.contoso.com 
  • A URL in a sibling domain: wfm.sibling.contoso.com  
  • A URL in the different domain: wfm.contososervices.com  
In this example, this load-balanced URL will cause the symptoms that are described earlier in this section.

Cause

Workflow Manager's auto-generated certificates cover only the domain of the servers. The certificates include a wildcard entry on that domain. For example, the certificates include a wildcard entry for *.corp.contoso.com for the example that is mentioned in the "Symptoms" section. When this name does not match the DNS name that is assigned to the load-balanced URL, client connections fail with SSL errors.

Resolution

Resolution 1
For the load-balanced URL, use a DNS name that is in the same domain as the servers.

Resolution 2
Supply your own certificate for the Workflow Manager certificates. The certificate should contain the desired DNS name of the load-balanced URL.  You can use "autogenerate" for the ServiceBus certificates. 
  1. Create a secure communications certificate (TLS/SSL certificate) with CN=<load-balanced URL>. This certificate will be used by the Workflow Manager components but not Service Bus. 
  2. In the Workflow Manager Configuration Wizard, select the Custom option. 
  3. For Workflow Manager certificates, select the certificate that you created in step 1. 
  4. For Service Bus certificates, select auto generate.
  5. Complete the installation as usual by using the Configuration Wizard. Or, use the wizard-generated script.

Propriedades

ID do Artigo: 3060282 - Última Revisão: 7 de mai de 2015 - Revisão: 1

Comentários