Installing BizTalk Server 2010 in a Basic Multi-Computer Environment: Preparing Computers for Installation – Important considerations before set up the servers (Part 3)

Posted: January 4, 2012  |  Categories: Administration Advance Configurations BizTalk

There are some important considerations or suggestions, since these operations are not mandatory, that we can set before starting the installation and configuration of both servers.

Machine name

If your computer name is longer than 15 characters, BizTalk Server Configuration will not work.

Join the Local Administrators Group

To be able to install and configure BizTalk Server 2010, you have to log on the server using a Domain User who has Administrator rights on both the SQL Server and the BizTalk Server.

So the next step is to add BizTalk Server Administrators group to the Local Administrators Group in both machines.

To join to Local Administrators Group:

  • Click ‘Start’, ‘Control Panel’, ‘Administrator Tools’, ‘Computer Management’, ‘Local Users and Groups, ‘Groups’
  • Add you user account and BizTalk Server Administrators group to the ‘Administrators’ group

By default, the Windows Builtin\Administrators group has the sysadmin SQL role on the SQL Server.

The user running the BizTalk Server configuration must belong…

The user running the BizTalk Server configuration must belong to the following user groups:

  • To the Administrators group on the local computer
  • To the System Administrators group on the SQL Server computer
  • To the domain group used for the BizTalk Server Administrators group
  • And to the domain group used for the SSO Administrators group

To simplify things put this user on the BizTalk Server Administrators group. After BizTalk Server is configured and installed, the user does not have to be part of the BizTalk Server Administrators group anymore.

By default, the Windows Builtin\Administrators group has the sysadmin SQL role on the SQL Server.

Once SQL Server is installed, you will be able to check that by opening the SQL Server Management Console, go to “Security\Server Roles” and double click on the “sysadmin” role. The pop-up window will show all the windows and SQL logins having the sysadmin role.

Install Critical Windows Updates

Before installing BizTalk Server or its prerequisites, make sure you have installed the latest critical Windows updates from Microsoft.

To install Windows updates:

  • Click Start, point to All Programs and then click Windows Update.
  • Follow the directions on the Windows Update site.
  • If prompted, restart your computer

Disable IPv6

IPv6 is the latest address protocol that will eventually replace IPv4. Windows Server 2008 R2 kept this protocol enabled by default, but it is also a fact that IPv6 is not yet common and many software, routers, modems, and other network equipment do not support it yet. So it may be a wise approach to disable it for now. Also by turning off, it will facilitate the process of detecting which port certain application are listening.

IPv6 can be disabled either through the DisabledComponents registry value or through the check box for the Internet Protocol Version 6 (TCP/IPv6) component in the list of items on the Networking tab for the properties of connections in the Network Connections folder. The following figure shows an example:

disable-ipv6

Turn off Internet Explorer Enhanced Security Configuration

Internet Explorer Enhanced Security Configuration established a configuration for your server and for Microsoft Internet Explorer that decreases the exposure of your server to potential attacks that can occur through Web content and application scripts. As a result, some Web sites may not display or perform as expected.

By default, Internet Explorer Enhanced Security Configuration is enabled on Windows Server 2008 R2 and can be configured through Server Manager.

To Turn off Internet Explorer Enhanced Security Configuration in Windows Server 2008 R2:

  • Open the Server Manager by going to Start > Server Manager
  • In the Server Manager browse to the Security Information section and click Configure IE ESC. In the figure below, IE ESC is located in the very lower right-hand corner of the window.

disable-ie-esc

  • A dialog box appears, letting Internet Explorer Enhanced Security Configuration be enabled/disable separately for normal users and administrators, turn off both.

disable-ie-esc-off

Disable User Account Control

User Account Control (UAC) is a security component that allows an administrator to enter credentials during a non-administrator’s user session to perform occasional administrative tasks.

Whenever you need to configure a Windows Server 2008 R2 setting, even if you are logged on as the administrator – you need elevated privileges.  This is by design, and part of the fierce security initiative in Windows Server 2008.   Before you can complete any administrative task, the User Account Control manager pop-up with a ‘Continue’ message.

To Disable User Account Control (UAC):

  • Click Start, and type “Change User Account Control Settings”

Change-User-Account-Control-Settings

.NET Framework 3.5 SP1 requirement

The .NET Framework 3.5 SP1 (also referred to as .NET Framework 3.5.1) is a prerequisite for SQL Server 2008 R2, however, you should install .NET Framework 3.5 SP1 on both machines (BizTalk Server and SQL Server).

NET-Framework-requirement

In Windows Server 2008 R2, the .NET Framework is a feature and installing it is different when compared to older versions of Windows Operating System. In previous versions, one could either download the .NET Framework 3.5.1 install binaries from Microsoft download site or use the install binaries from of the SQL Server 2008 installation media. Starting with Windows Server 2008, the method of installing .NET Framework 3.5.1 has changed.

To install/enable .Net 3.5 SP1 on Windows Server 2008:

  • Using PowerShell
    • Click the Start button in the lower left-hand corner of the display.
    • Highlight All Programs and select Accessories
    • Expand Windows PowerShell and right click Windows PowerShell and select Run as administrator. Click Yes on the User Account Control box.
    • At the PowerShell command prompt, type the following commands, and then press ENTER after each command:
      • Import-Module ServerManager
      • Add-WindowsFeature as-net-framework

PowerShell-Add-WindowsFeature

Turn Windows Firewall

In you scenarios I advise you to turn Windows Firewall off on both machines However as I explained earlier, I will use firewalls in both machines to emulate network access

To turn Windows Firewall off:

  • Click Start, and type “Windows Firewall”

Turn-Windows-Firewall-off

  • Select “Turn Windows Firewall on or off” option
  • And select the option “Turn off Windows Firewall (not recommended)” in all the three settings

Turn-Windows-Firewall-off-options

Configure Microsoft Distributed Transaction Coordinator (MS DTC)

In Windows server 2008 R2 MSDTC is installed by default.

In order for BizTalk to run against its databases located on a remote SQL server, you will need to turn on MS DTC options (both on the SQL Server and BizTalk Server).

Configure MSDTC on BizTalk and SQL Servers:

  • Click ‘Start’, ‘Run’, type ‘dcomcnfg’, and hit the ‘Enter’ key
  • Under ‘Component Services’, ‘My Computer’, ‘Distributed Transaction Coordinator’, right-click ‘Local DTC’ and select ‘Properties’, click the ‘Security’ tab.
  • Ensure that the ‘Network DTC Access’, ‘Allow Inbound’, ‘Allow Outbound’, and ‘No Authentication Required’ options are selected and all others are cleared.

Configure-MSDTC-BS

  • Click ‘OK’

Configure-MSDTC-msg

  • Click ‘Yes’

NOTE1: It is suggested that a minimum of 100 ports are set, between ports 1024 to 10000.

NOTE2: If you receive COM+ related events or errors because of this setting you can revert it later or increase the ports range accordingly.

References:

Network COM+ access considerations

Network COM+ access must also be enabled for all BizTalk and SQL servers. It is turned off by default on Windows Server 2008 R2.

The Application Server role installation process provides an option for enabling COM+ Network Access. When COM+ Network Access is enabled, a firewall exception rule is created that opens port 135.

In order to make DCOM applications work in Windows Server 2008 R2, you need to do install the Application role Application and then select the COM+ network access role service.

install-COM-network-access-role-service

A quick test of DCOM access is the DCOM test client/server app, however, to do this test is still necessary to give permissions at the firewall level.

Related Links

Author: Sandro Pereira

Sandro Pereira lives in Portugal and works as a consultant at DevScope. In the past years, he has been working on implementing Integration scenarios both on-premises and cloud for various clients, each with different scenarios from a technical point of view, size, and criticality, using Microsoft Azure, Microsoft BizTalk Server and different technologies like AS2, EDI, RosettaNet, SAP, TIBCO etc. He is a regular blogger, international speaker, and technical reviewer of several BizTalk books all focused on Integration. He is also the author of the book “BizTalk Mapping Patterns & Best Practices”. He has been awarded MVP since 2011 for his contributions to the integration community.

One Platform Operations, Monitoring and Analytics Software
BizTalk360

microsoft biztalk

Learn more

Over 500 customers across 30+ countries depend on BizTalk360

ServiceBus360

Azure service bus

Learn more

Start managing your Azure Service Bus namespaces in minutes

One Platform - Operations, Monitoring and Analytics Software
BizTalk360

microsoft biztalk

Learn more

Over 500 customers across 30+ countries depend on BizTalk360

One Platform - Operations, Monitoring and Analytics Software
ServiceBus360

Azure service bus

Learn more

Start managing your Azure Service Bus namespaces in minutes

Back to Top