How to Change BizTalk Service Accounts and Passwords

Here are the useful links for changing your BizTalk service account password.

http://msdn.microsoft.com/en-us/library/aa561505.aspx
http://msdn.microsoft.com/en-us/library/aa559192.aspx
http://msdn.microsoft.com/en-us/library/aa560589.aspx

OWC11 Causing SQL Installation Failure

If you have not properly installed Office Web Components - OWC11, it will cause catastrophic failure in your SQL Server 2005 installation. You can download and install OWC11 from
http://www.microsoft.com/downloads/thankyou.aspx?familyId=7287252c-402e-4f72-97a5-e0fd290d4b76&displayLang=en Then only you start your SQL installation.

See the other disscussions at
http://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?FeedbackID=282227

Performance tuning with BizTalk 2006

Here is a useful link for BizTalk Performance Tuning.

http://zeetalks.wordpress.com/2008/06/24/biztalk-from-a-hardware-and-software-performance-perspective/

SSODB Configuration Store for BizTalk Orchestration

Came accross this very usefull posting. I am adding this link for my referecne.
Thanks a lot Bembeng Arifin!!!

http://bembengarifin-tech.blogspot.com/2008/01/ssodb-configuration-store-for-biztalk.html

There is one more posting from Richard Seroter (MVP) which is also useful:

http://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data-storage-tool/

This tool can be dowloaded and code can obtained. Dont know why it not compiling, but you can get the class SSOHelper.cs class which can be compied to your helper class. Remember this class references "C:\Program Files\Common Files\Enterprise Single Sign-On\ Microsoft.BizTalk.Interop.SSOClient.dll"
Once you compile your class, you can used the SSOHelper.Read(..) method to read your SSO DB keys.

HTTP with SSL certificates using BizTalk - Complete Scenario

HTTP posting from a BT HTTP send port may fail due to 3 reasons:

1. Wrong or incomplete configuration at HTTP port
2. Wrong certificate location, or
3. Wrong certificate installation.

PART#1
Configuration steps at BizTalk server HTTP Send port: (outgoing SSL Encryption)

Note: If the Destination Web Server (the Trading partner server) wants to enforce SSL certificate on your HTTP posting, then only you need to install Certificates in your box and configure the BizTalk HTTP send port with the Thumbprint of the certificate. This means, you are Encrypting the outgoing message with SSL using a client side certificate.

Open BizTalk Admin Console and open the HTTP Send port. Or open the same from BizTalk Server Explorer. And do the following configurations:

Step1:
Transport Type : HTTP and Click the Configure Button.

Step2:

In the General Tab of HTTP Transport Properties dialog box:Type the URL you are going to post. (Other information like, Request Timeout etc. are as per your requirements).

Step3:

In the Proxy Tab, put the Proxy server IP or name (if you are using a proxy server) and password for this. This setting will override the handler proxy settings. If you handler is already configured with a proxy server, then select “Use Handler’s default proxy config” option.

Step4:

In the Authentication Tab: Select the correct authentication type along with Credentials if your trading partner is enforcing login user ID and password. Leave it blank if your trading partner is not enforcing any user id and password.

For internal sites, If you have SSO to handle user access, select “Use SSO option”. And moreover, NTLM authentication is not going to work for Internet transmissions with your trading partner. Its only meant for internal EAI or A2A purpose.

Step5:

In the Thumbnail field, Copy-paste the thumbnail of the certificate that you installed from your trading partner. (see below section for how to install certificates). This is only required if you trading partner is enforcing you use the certificate. Otherwise, it will work with user name and password.


PART#2
How to install Public Certificates from Trading partner (ie. Client side certificate):

To Send http post (encrypt) with SSL, you need to have the Trading partner’s public certificate installed in the Other People folder in MMC-Certificate store:

Before you Install Cert in MMC, here are the steps to open the MMC:
a. Start Run > MMC
b. File Add remove snap-in
c. Click the Add button and choose Certificates from the snap-in list
d. Click Add and then Computer Account from the next prompt
e. Click Finish

Now open the MMC for Certificates as below:

Note: You need to log in to the server using the BizTalk Service Acc (the acc under which BT runs) to install the certificate both own private certificates into Personal folder or trading partner public certificates into Other People folder.

All the information is available on MSDN, here is the coolest link.http://msdn2.microsoft.com/en-us/library/aa953654.aspx

How to install Trading partner Public Certificates in server:

Step1:

Open the trading partner URL (eg. https://staging.myappro.com/access/Main.asp ) in IE and it may ask for UserName and Password if login credential is imposed by your trading partner.

Step2:

Once the page opens go to File menu -> Properties ->Click Certificate Button

You can get the Thubmprint of the certificate there at the Detail tab

Step3:

Click Install Certificate button. It will open the cert installation wizard.

Step4:

Use default settings and install it. It will install the certificate in the Other People folder (this is the default location for public certificates from your trading partner).

You can also change the folder location of the certificate to install in a diff folder.

NOTE: If your trading partner’s certificate is from a non-trusted vendor, you probably need to install the root certificate from you trading partner into the Trusted Root Certification Authority folder. It will prompt for warning, accept that.

The thumbprint needs to be put in the HTTP send port configuration while configuring the BT HTTP send port.

Other way:

If your trading partner has provided you a certificate file, you can install it another way (as mentioned here)

Step1:

Open IE, got to Tools menu --> Internet Options --> Content Tab

Step2:

Click certificate button to open certificate store: you can see the all certificate stores as tabs

Step3:

Select the appropriate tab (certificate store) and click Import button to open certificate import wizard and rest you know. If your partner is providing you the root certificate, then place in the trusted root certificate authorities store.

You probably also need to install the same certificate using MMC – Certificate console.


PART#3
How to install Own Private Certificate:

You need to have your own certificate from a certificate authority and copy the certificate file to your local hard disk. Open MMC-Certificate snap-in, the right click on Personal folder and Import the certificate.

To receive http post (decrypt) with SSL you need to have your own Private certificate installed in your Local Machine’s Personal folder under Certificate snap-in in MMC.

It will Pop-up the certificate import wizard.
Browse the certificate file and import / install the certificate.

Note: HTTP Receive locations need not be configured using Certificates as HTTP receive is handles at the IIS level using BizTalk Isolated host. All inbound HTTP messages can be decrypted at IIS level by proper certificate configuration at IIS.



PART#4
Configuration steps at BizTalk Server to Sign all Send Messages: (using own Private Cert)

For BizTalk Server 2004, configure the server with the certificate thumbprint.

Start the BizTalk Administration console. Then, configure the signing certificate thumbprint on the General tab in the Microsoft BizTalk Server 2004 (Local) Properties dialog box:

For BizTalk Server 2006, configure the server with the certificate name and thumbprint.

Start the BizTalk Administration Console, Right click the BizTalk Server Group, select Properties. It will pop-up Properties Dialog Box. Go to Certificate section on the left pane and browse to select the certificate.
The Certificate you are going to select here, are stored in the Personal Folder of the Certificate store. These are your own Private certificates that you want to sign all your outgoing messages from that particular BizTalk group.

Another Excellent piece of article is available in the web at
http://seroter.wordpress.com/2007/03/05/building-a-complete-certificate-scenario-with-biztalk-server-2006/
Thanks to this gentleman for making our life easy.

Ceating a Windows Service

Adding this link for my reference.
I have found this link to be very usefull in creating Windows Service.
http://www.developer.com/net/csharp/article.php/10918_2173801_1

Creating MSI Deployment Package for BizTalk Application

Step1
Compile and deploy your application. GAC all you dependent assemblies. All ports created and configured. Test the application and the application should be in running condition.

Step2
Create the Binding files using BizTalk Admin Console: RightClick on that particular application à Export à Bindings

Give a name of the Binding xml file and save it to a folder.

Binding File is basically an XML file which can be read easily. You can copy your binding file edit it according to your Staging or Production environment, save it along with your Dev binding file.

Playing with the Binding Files:
Under Port section you can see port names:

Under SendPortCollection you see sent port path, which can be modified for your DEV or STG or PRD envUnder ReceivePortColletion you can see receive port paths, which can be modified for you DEV or STG or PRD env.

Step3
Include the resources for MSI : RightClick Resources folder under your Application à Add à BizTalk Assemblies

It pops up the Add Resources DialogBox

a) Add all the BizTalk Assemblies from its Bin folders of the projects.
b) Add all the .Net/Helper Assemblies from its Bin folders of the project.
c) Add all the Binding files (DEV/STG/PRD) from its location (ref. Step2)

Make the following selections for BizTalk Assemblies:
a) Check “Overwrite All” checkbox
b) Check all 3 check boxes for Global assembly Cache for MSI as give below.

Make the following selections for Helper/.Net Assemblies:
a) Check “Overwrite All” checkbox
b) Check first 3 check boxes related to GAC (these are self-explaining)

Make the following selections for Binding XML Files:
a) Check “Overwrite All” checkbox
b) Type DEV or STG or PRD for corresponding Bindings files to set the appropriate environments.

That’s All. Click OK the create the MSI package.

Step 4
Deployment to target Env:
Now, copy the MSI file to the target machine (say DEV) and open BizTalk Admin Console.
RightClick on Applications à Import à MSI files

It will pop up the Import Wizard. Browse to the MSI file and click Next.

In the Application Settings page, select Overwrite resources check box and click Next.

In the Application Target Environment Settings page, select the appropriate Env from the dropdown list as DEV or PRD or STG. This will tell the wizard to pick up the appropriate binding file while deploying.

Click Next will take you to the Summary page and then you need to click Import to complete the deployment.

This MSI import will create all the ports and configure it with orchestrations. Only thing you need to is to run the application from you BizTalk Admin Console.

Note: Import or Deployment might fail if you have not created all the necessary folders (identically named as in your binding files) in the hard disks for the Receive locations and Send port locations. So, before you import the MSI, create the appropriate paths for the Receive and Send ports.

Thanks for reading this ill-prepared doc.

Error in creating a port or deploying a BizTalk solution using MSI

Error in creating a port or deploying a BizTalk solution using MSI:

I recently came across this error while deploying a BizTalk 2006 solution and importing the MSI that I created in dev box. I was clueless on this error. It seems that some permission issue is there.

Then I tried to create a send port manually in the BT admin Console. I got similar error:

The I figured out that my login should be a part of BizTalk Administrators Group in the Box. I added myself in the group and it worked fine.