How to Install and Configure Microsoft BizTalk 2013 R2 Accelerator for RosettaNet: Preparing your BizTalk Server 2013 R2 environment for BTARN (Part 2)

Posted: May 29, 2015 in BizTalk
Tags: , , , , , ,

This may be the most important section in order for you to accomplish a successfully BTARN installation and configuration and at the same time preventing further additional problems. Again, the installation and configuration process is very simple, however be able to correctly configure the accelerator in order to work properly can be difficult if you do not plan correctly for it.

This part will focus on how to prepare your existing BizTalk Server 2013 R2 environment for BTARN.

Create a new account to be associated with the BTARN hosts

As mention before the accelerator requires both BTARN in-process and BTARN isolated host to be marked as “Authentication Trusted” and “32-bit only“ and the account associated with these Host instances should be the same, otherwise, BTARN will not work correctly.

“Authentication Trusted” is off by default when you create a new host, or if you don’t specify in the BizTalk Server configuration process that you want this setting enable. And BizTalk will not allow you to use the same user account for both trusted and untrusted hosts.

Also because, for security aspects, we don’t want to have all our host instances marked as “Authentication Trusted” it is necessary for us to create:

  • A new user account that will be associated to the trusted hosts.
  • And a new user account (support account) that will help us in the switching host process from untrusted to trusted.

Note: Sometimes it is often easier/more desirable to create a new User Group with the same privileges of the “BizTalk Application Users” group (let’s say: BTARN BizTalk Application Users) and a new user account that will be associated with this group to run all the BTARN processes.

To accomplished that we need to:

  • Press the “Windows key” to switch to the Start screen, type “Computer Management” and click in “Computer Management” option from the Search menu
  • On the left three of the “Computer Management” screen,, expand “System Tools à Local Users and Groups” and select “Users”
  • Right click under “Users” folder, and then select “New User…”

01-BTARN-Add-New-User-local-computer

  • In the “New User” dialog box, do the following:
    • User name: Type the user name. For this guide let’s assume “btsadmin
    • Full name: Optionally, type a full user name for this account.
    • Description: Optionally, type a description for this account.
    • Password: Type a password for the user.
    • Confirm password: Confirm the password for the user.
    • And leave only the “Password never expires” check box enabled

Note: Make sure that the user that you are creating (btsadmin) it has:

  • The same privileges of the existent BizTalk Admin Account (in my case or in developer environments)
  • It has the same privileges of the existent Account associated in the “BizTalk Application Users” group

Repeat the same steps to create another account for support, let´s call it “supportacc”:

  • This account will be deleted after the installation/configuration
  • Normal user account, it doesn’t requires any particular privileges
(Re)Configure BizTalk Host and Host Instances to support BTARN

BizTalk Server provides great flexibility for addressing high availability, because you can strategically dedicate logical hosts to run specific areas of functionality such as receiving messages, sending messages or processing orchestrations.

By default the BizTalk configuration will create two BizTalk Host and Host Instances:

  • BizTalkServerApplication: This is the default Host and Host Instance created during configuration that will do all the work on the BizTalk Server, i.e. is the default send and receive handler for all installed adapters (other than HTTP, WCF (BasicHttp, CustomIsolated, WebHttp and WSHttp) and SOAP Receive Handlers), and is also used for processing orchestration and tracking.

02-BTARN-BizTalkServerApplication-Host

  • BizTalkServerIsolatedHost: The logical container for HTTP, WCF (BasicHttp, CustomIsolated, WebHttp and WSHttp) and SOAP Receive Handlers.

03-BTARN-BizTalkServerIsolatdHost-Host

Although a single BizTalk Host can contain items that receive, send, and process messages, it is considered a best practice to create different hosts for each function to create security boundaries and for easier management and scalability. In particular, we recommend that you use different hosts for processing and for receive/send operations, and that you separate trusted and non-trusted items.

While there are benefits to creating additional host instances, there are also potential drawbacks if too many host instances are created.

  • Each host instance is a Windows service (BTSNTSvc.exe), which generates additional load against the MessageBox database and consumes computer resources (such as CPU, memory, threads).

Regarding to BTARN installation and configuration process, it becomes more difficult to configure when we have multiple host and host instances created, compared with the default configuration (with only two BizTalk Host and Host Instances) and the reasons are:

  • The accelerator requires both in-process and isolated hosts that will run BTARN artifacts to be marked as “Authentication Trusted” (this setting is off by default when you create a new host), “32-bit only” and should run under the same service account.

To ensure everything is installed and configured properly we have different options:

  • Temporarily mark all the hosts as “Authentication Trusted” and the “32-bit only” host as the default host
    • Of course, this is not the recommended solution, but is the easier one.
  • Or we need to properly configure the hosts and host instances to handle correctly BTARN.

Because I have all my environments, even my developer environments, with host separation according to some of the best practices described here: BizTalk Server Best Practices: Create and Configure BizTalk Server Host and Host Instances. I need to properly configure the hosts and host instances to handle correctly BTARN, to accomplish that we need to:

  • Press the “Windows key” to switch to the Start screen, type “BizTalk Server” and click in “BizTalk Server Administration” option from the Search menu
  • In the console tree, expand “BizTalk Server Administration”, expand the “BizTalk group”, click “Platform Settings”, and then click “Host Instances”.
  • Now we need to change all the host instances, with the exception of “BizTalkServerApplication” and “BizTalkServerIsolatedHost” (these two will be running the BTARN artifacts), to run under this last user that we just created in the last section: “btsadmin
    • Right-click in the host instance name, for example “BizTalkServerReceiveHost”, and select “Stop”

04-BTARN-stop-host-instances

    • In the details pane, right-click the host instance you want to modify, and then click “Properties, for example: “BizTalkServerReceiveHost”
    • In the “Host Instance Properties” dialog box, click “Configure” to modify the service account information.

05-BTARN-configure-host-instances-logon-credentials

    • Change the logon credentials to run under the “btsadmin” account

06-BTARN-configure-host-instances-logon-credentials

    • Do the rest for all the host instances that you have with the exception of “BizTalkServerApplication” and “BizTalkServerIsolatedHost” host instances.

07-BTARN-configure-host-instances-logon-credentials

The next step is to configure the both BTARN in-process and isolated hosts to be marked as “Authentication Trusted” and “32-bit only” but because we still have two non-trusted host instances running with the same account that we need to mark as trusted and we cannot have the same account being used as “Authentication Trusted” and non “Authentication Trusted”, we first need to provisionally change one of the host instance, to use the “supportacc” account, we can use for example the “BizTalkServerIsolatedHost” host instance

  • Right-click in the “BizTalkServerIsolatedHost” name, and then click “Properties
  • In the “Host Instance Properties” dialog box, click “Configure” to modify the service account information.
    • Change the logon credentials to run under the “supportacc” account

Now we need to change the “BizTalkServerApplication” Host configuration and mark it as:

  • “32-bit only” à by default is already marked as 32-bit only
  • And “Authentication Trusted”

To accomplish that we need to:

  • In the BizTalk Server Administration console tree, under “Platform Settings”, click “Hosts”.

08-BTARN-BizTalk-administration-console-hosts

  • In the “Hosts” pane, right-click the host that is not trusted, in this case “BizTalkServerApplication”, and then click Properties.
  • In the “Host Properties” dialog box, on the “General” tab:
    • Verify if the “32-bit only” check box is selected, if not select the “32-bit only” check box
    • Verify if the “Authentication Trusted” check box is selected, if not select the “Authentication Trusted” check box

09-BTARN-Authentication-trusted

  • And then click OK.
  • Now do the exact same to the “BizTalkServerIsolatedHost” host

10-BTARN-Authentication-trusted

Because the BTARN BizTalk Host Instance Account and the BizTalk Isolated Host Instance Account should be the same we need to change the “BizTalkServerIsolatedHost” host instance logon account, which we momentarily configured to run under the “supportacc” account to be the same of the “BizTalkServerApplication” host instance: “Administrator”.

  • In the BizTalk Server Administration console tree, under “Platform Settings”, click “Host Instances”.
  • Right-click in the “BizTalkServerIsolatedHost”, and then click “Properties
  • In the “Host Instance Properties” dialog box, click “Configure” to modify the service account information.
    • Change the logon credentials to run under the “Administrator” account

10-BTARN-host-configurations

Finally you should restart all the BizTalk Host instances services.

Note: Because we don’t really want to run all our isolated processes under a trusted host instance, I recommend you to create a new Isolated Host and Host Instance that you should configured as non-“Authentication Trusted” and set to run under the “btsadmin” account (in this scenario). For that operation please check the following MSDN articles:

Configure the Default Host and Default Handlers

The last concern that you need to have regarding with BizTalk Host and Host instances are the:

  • General Default Host in the group
  • And the Default send handler of HTTP Adapter and SQL Adapter

Again, as explained previously, when we are installing the RosettaNet Accelerator, the installer will install all the BTARN assemblies into the default BizTalk Application: “BizTalk Application 1”, and will attempt to configure all the orchestrations and ports (receive and send) to run not with the first host that it finds that is marked as “Authentication Trusted” but instead with the default host and handlers that are configured in the environment.

To ensure that everything will be configured properly, or at least minimize some problems, with the BTARN configuration process you need to:

  • Make sure the BTARN in-process host (BizTalkServerApplication) is the general Default Host in the group

11-BTARN-BizTalkServerApplication-mark-as-default-host

  • Make sure the BTARN in-process host (BizTalkServerApplication) is the default send handler of the SQL Adapter (yes the old obsolete one – not the WCF-SQL) and it is also associated with the receive handler.

12-BTARN-BizTalkServerApplication-default-send-handler

  • Make sure the BTARN in-process host (BizTalkServerApplication) is the default send handler of the HTTP Adapter.

13-BTARN-BizTalkServerApplication-default-send-handler

  • And of course the BTARN isolated host (BizTalkServerIsolatedHost) is configured to be the receive handler of the HTTP Adapter.

14-BTARN-BizTalkServerApplication-http-receive-handler

Create the IIS_WPG group

When configuring BTARN on Windows 8.1, Windows Server 2012, and Windows Server 2012 R2, you must create the IIS_WPG group manually. We need this because RosettaNet accelerator requires the IIS_WPG group (group provided by IIS 6.0 that provides the minimum set of user rights and permissions required to run an application) but unfortunately for us this group doesn’t exist anymore in the SO listed above, so you need to create it manually. Otherwise, BTARN installation will fail.

To accomplished that you need to:

  • Press the “Windows key” to switch to the Start screen, type “Computer Management” and click in “Computer Management” option from the Search menu
  • In the console tree, expand “System Tools”, expand the “Local Users and Groups”, and then click “Groups”.

15-BTARN-Computer-Management-Local-Users-and-Groups

  • Right click under “Groups” folder, and then select “New Group…”
  • In the New Group dialog box, set the following parameters:
    • In Group name, type “IIS_WPG”.
    • In Description, type “RosettaNet IIS group”

16-BTARN-create-IIS_WPG-group

  • Click “Create”, and then click “Close”.
Create a WebService extension for BTSHTTPReceive.dll

BTARN uses the HTTP adapter to send (left picture) or receive (right picture) PIPs to and from different partners:

17-BTARN-architecture

If the PIP process is asynchronous, each message transmission over the Internet occurs on a different HTTP connection. If the PIP is synchronous, each message transmission occurs on the same connection, which the HTTP adapter holds until the process is complete.

For that reason we need to create a WebService extension for the BTSHTTPReceive.dll and configure the IIS isolation mode. To accomplish that we need to:

  • Press the “Windows key” to switch to the Start screen, type “IIS” and click in “Internet Information Services (IIS) Manager” option from the Search menu
  • In Internet “Information Services (IIS) Manager” screen, select the root Web server entry. In the “Features View”, double-click “Handler Mappings”

18-BTARN-Information-Services-Manager-Handler-Mappings

  • And then in the Actions pane, click “Add Script Map…”

19-BTARN-Information-Services-Manager-Handler-Mappings-Add-Script-Map

  • In the “Add Script Map” dialog box, in the “Request path” field, type “BtsHttpReceive.dll”.
    • In the “Executable” field, click the ellipsis () button and browse to “C:\Program Files (x86)\Microsoft BizTalk Server 2013 R2 \HttpReceive”.
      • And select “BtsHttpReceive.dll” and then click “OK”.
    • In the “Name” field, type “BizTalk HTTP Receive”

20-BTARN-IIS-Add-Script-Map-BtsHttpReceive.dll

    • Then click “Request Restrictions”.
    • In the “Request Restrictions” dialog box, click the “Verbs” tab and then select “One of the following verbs”.
      • Enter “POST” as the verb.

21-BTARN-IIS-Add-Script-Map-BtsHttpReceive.dll

  • On the “Access” tab, select “Script”, and then click “OK”.

22-BTARN-IIS-Add-Script-Map-BtsHttpReceive.dll

  • When prompted to allow the ISAPI extension, click “Yes”.
  • Do the exact same process this time using the “C:\Program Files (x86)\Microsoft BizTalk Server 2013 R2\HttpReceive64\BTSHTTPReceive.dll”

23-BTARN-IIS-Add-Script-Map-BtsHttpReceive.dll-64-bit

Related links:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s