Thursday, December 19, 2013

EWS Not Deployed on the Lync

Here is my check list:

1- Check EWS URLs in the Lync client configuration

2- Manual access EWS URLs

3- Check if EWS enabled:
    Get-OrganizationConfig

4- If not Enable it: 
    Set-OrganizationConfig -EWS Enabled $true -EWSApplicationAccessPolicy EnableBlockList

5- Check the Virtual directory if exist:
     Get-WebServicesVirtualDirectory

6- If there is no Virtual directory add it:
     Set-WebServiceVirtualDirectory -Server <CAS Server Name> -InternalURL  <http://CASFQDN/EWS/Exchange.aspx> -External <http://CASFQDN/EWS/Wxchsnge.aspx>
-BasicAuthentication $true

7- Make Sure EWS Virtual Directory have "anonymous" & "Windows Integrated" Authentication is selected from IIS manager

8- Check Auto Discover SVR record
_autodiscover._tcp.domain.com. @ SRV 0 0 443 mail.domain.com

9- Check Autodiscovery Virtual Directory:
    Get-AutodiscoverVirtualDirectory
10- Setup the internal and external URL, including HTTPS and Basic Authentication
Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (default Web site)' -ExternalURL 'https://mail.domain.name/autodiscover/autodiscover.xml' -InternalURL 'https://mail.domain.name/autodiscover/autodiscover.xml' -BasicAuthentication $true

Saturday, December 14, 2013

Setup and Configuration guide for K2 Blackpearl

Software Prerequisites by K2 Blackpearl by Component

The information below describes all the software requirements for a K2 installation.
K2 Server (KP-DV-K2-V01)
Server Component
Windows Components
K2 Core
-       No Windows Components
K2 Server
-       A User Manager: The default User Manager is Active Directory (AD)
-       Install Microsoft Message Queuing (MSMQ) Services Feature
-       Message Queuing Server
-       Directory Service Integration
-       Install Microsoft.Net Framework 3.5 Feature
-       Install Windows Identity Foundation 3.5 Feature
-       Enable Distributed Transaction Coordinator (DTC)
-       Allow Remote Clients
-       Allow Inbound & Outbound
-       Incoming Caller Authentication Required
-       Enable SNA
-       IPv4 (IPv6 can exist, but IPv4 must also be configured)
K2 Workspace
-       Install Microsoft.Net Framework 3.5 Feature
-       Install Web Server Role
-       Install IIS 8 Management Tools Feature
-       Install ASP.NET Feature
-       Install Windows Authentication Role Services Feature
-       Enable Distributed Transaction Coordinator (DTC)
-       Allow Remote Clients
-       Allow Inbound & Outbound
-       Incoming Caller Authentication Required
-       Enable SNA
-       IPv4 (IPv6 can exist, but IPv4 must also be configured)
K2 Studio                      
-       Install Microsoft.Net Framework 3.5 Feature
Server Component
Additional Software
K2 Core
-       No Additional Software
K2 Server
-       Microsoft Internet Explorer 8 or 9 or Microsoft Internet Explorer 10 (Plug-in support is only available in Internet Explorer on the desktop, and this version of Internet Explorer 10 must be used for items built in Silverlight, such as the K2 Designer for SharePoint).
K2 Workspace
-       Visual Studio 2010 Web Deployment Projects (required for Forms Technology): http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24509
-       Microsoft Report Viewer Redistributable 2008 SP1
-       Microsoft Internet Explorer 8 or 9 or Microsoft Internet Explorer 10 (Plug-in support is only available in Internet Explorer on the desktop, and this version of Internet Explorer 10 must be used for items built in Silverlight, such as the K2 Designer for SharePoint).
-       Microsoft Silverlight 5: (required for View Flow)
K2 Studio
-       User Manager: The default User Manager is Active Directory (AD).
-       Microsoft Exchange 2013
-       Windows PowerShell
-       Microsoft Dynamics CRM 2011
-       Microsoft Dynamics CRM 4.0 SDK (installed on the K2 Server)
-       Visual Studio 2010 Web Deployment Projects (required for Forms Technology): http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24509
-       OpenXML SDK 2.0 Redistributable (required for Inline Functions)
http://msdn.microsoft.com/en-us/office/bb265236.aspx
-       Microsoft SharePoint Server 2013
-       Excel Services Application with Trusted file locations for Excel spreadsheets 

SharePoint Server (KP-DV-SP-V01)
Server Component
Windows Components
K2 for SharePoint
-       Install Microsoft.Net Framework 3.5 Feature
-       Install Web Server Role
-       Install IIS 8 Management Tools Feature
-       Install ASP.NET Feature
-       Install Windows Authentication Role Services Feature
-       Enable Distributed Transaction Coordinator (DTC)
-       Allow Remote Clients
-       Allow Inbound & Outbound
-       Incoming Caller Authentication Required
-       Enable SNA
-       IPv4 (IPv6 can exist, but IPv4 must also be configured)
K2 for Visual Studio
-       Install Microsoft.Net Framework 3.5 Feature
Server Component
Additional Software
K2 for SharePoint
-       Microsoft SharePoint Server 2013
-       Microsoft Internet Explorer 8 or 9 or Microsoft Internet Explorer 10 (Plug-in support is only available in Internet Explorer on the desktop, and this version of Internet Explorer 10 must be used for items built in Silverlight, such as the K2 Designer for SharePoint).
-       Microsoft Dynamics CRM 2011
-       Microsoft Dynamics CRM 4.0 SDK (installed on the K2 Server)
-       Visual Studio 2010 Web Deployment Projects (required for Forms Technology): http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24509
K2 for Visual Studio
-       A User Manager: The default User Manager is Active Directory (AD).
-       Microsoft Visual Studio 2012
-       Windows PowerShell
-       Microsoft Dynamics CRM 2011
-       Microsoft Dynamics CRM 4.0 SDK (installed on the K2 Server)
-       OpenXML SDK 2.0 Redistributable (required for Inline Functions)
http://msdn.microsoft.com/en-us/office/bb265236.aspx
-       Microsoft SharePoint Server 2013
-       Excel Services Application with trusted file locations for Excel spreadsheets 



Initial deployment administrative and service accounts in K2 Blackpearl

To deploy K2 Blackpearl on a server farm, you must provide credentials for several different accounts.
The following table describes the accounts that are used to install and configure K2 Blackpearl.
Account
Purpose
Requirements
K2 Service Account
This account is used for the identity in which the K2 Server operates. This account will need permissions on the K2 Server and SharePoint Server.
·         Domain user account.
·         Logon as a Service permission

K2 Setup and Administration Account
The Installation Account is the account which the person installing and configuring K2 logs on to the servers with.
This account is used for basic administration of the K2 Server, such as setting security for the environment and managing services.
·         Domain user account.
·         Local Administrator.
·         SQL Server login on the computer that runs SQL Server.
·         Member of the following SQL Server roles:
·         SECURITYADMIN fixed server role
·         DBCREATOR fixed server role
K2 Workspace Service Account
This account is used by the application pool that runs the K2 Workspace.
·         Domain user account.
·         Member of IIS_IUSRS security group.

Below are the configurations done at company name
K2 Service Account:                                   Domain\K2ADMIN
K2 Setup and Administration Account: Domain\K2ADMIN
K2 Workspace Service Account:                        Domain\K2ADMIN



K2 Blackpearl Licensing

The K2 Blackpearl product requires a license to install. Unless a License Key has been obtained, the product installation will be unable to complete and you will be unable to use K2 Blackpearl. The License Key provided will depend on the product option that has been purchased by the organization.

System Key

The System Key is obtained during the configuration step of the K2 Server. The System Key is required to obtain a License Key, regardless of the mechanism used to obtain the License Key.

License Key

License Keys can be obtained via E-mail, Telephone, or directly through the K2 Customer and Support Portal.

 


Install K2 Blackpearl Stand Alone

When installing K2 Blackpearl, the Setup Manager will walk you through selecting the components based on the prerequisites or dependencies being available prior to install. The Setup Manager will install the selected components and configure them.

Install K2 Blackpearl Stand Alone

To install and configure K2 Blackpearl on a single server, you will follow these steps:
1.    On the Welcome screen, click Next
2.    The Setup Manager will check for the latest version of K2 Blackpearl.
3.    The End User License Agreement needs to be agreed to before continuing.
4.    The Installation Type screen allows the user to select either a Simple install or a Custom install. The Simple install allows for a Full install (follow the steps below).
5.    On the License Configuration screen, the user must enter the license corresponding the system key displayed.
6.    On the K2 Pass-Through Authentication screen, select Kerberos authentication method.
7.    On the K2 Server Configuration screen:
a.    Enter the Host Service Port.
b.    Enter the Workflow Service Port.
c.    Enter the Discovery Service Port.
8.    Once the license has been entered, the K2 Workspace web site must be configured.
a.    Enter the Web Site Name.
b.    Select New Application Pool.
c.    Enter the Application Pool Name.
d.    Enter the Username and Password
9.    On the next screen the SQL connection details need to be set for the database configuration.
a.    Write down the SQL Server Name.
b.    Write down the K2 Configuration Database Name.
c.    Select the Windows Authentication Option.
10.  The next step is to configure the CRM server details.
a.    Choose CRM Version to be used.
b.    Type the CRM Server URL that can be obtained from the main page of the Microsoft CRM Service.
c.    Add your Organization name as it appears in the CRM Service.
d.    Use the Test button to check the entered data.
11.  On the Outgoing Email screen, enter the email server details and address.
a.    Enter the physical machine name of the SMTP Server
b.    Enter the address for the K2 Server e-mail account
12.  If an Exchange Server is being used in the environment K2 is being installed to, it needs to be configured as follows:
a.    Write down the Microsoft Exchange Server and click the Test button to test the connection.
b.    Enter the Exchange Web Service URL
Note:
Integration with Exchange will require the following:
1-      Run the below Command on the Exchange Server
New-ManagementRoleAssignment -Role:ApplicationImpersonation -User:"Domain\Username"
2-      Domain\Username should be member of View-Only Organization Management AD Group and Recipient Management AD Group
13.  Smart Actions are enabled by default and set up on the Smart Actions Configuration screen.
a.    Tick the checkbox to Enable Smart Actions for Exchange
b.    Write down the Microsoft Exchange Server and click the Test button to test the connection.
c.    Select the Use K2 Service account
14.  Finally, the Configuration Summary screen will be shown where the installation can be reviewed.
15.  Before the install begins, the Additional Actions screen is displayed if there are any actions that need to be performed.
16.  The Installing Components screen displays the status of the installation and then displayed the Configuration Status screen.
17.  Once the components are installed and configured, the Configuration Analysis tool runs to verify settings.
18.  This Finished page appears when the K2 Setup Manager is complete.


System Key:                                                    
License Key:                                         
K2 Authentication:                    
Server Name:                                                 
Host Service Port:                                       
Workflow Service Port:                         
Discovery Service Port:                     
K2 Workspace Port:                              
K2 Workspace Web Site:                       K2 Blackpearl
K2 Application Pool:                    K2 Blackpearl
Username:                               
Password:                                
SMTP Server:                                         
From Address:                                                    
CRM Version:                                       
CRM Server URL:                                   
CRM Organization:                                  
Exchange Server:                                    
Exchange Web Service URL:       
Outlook Web Access:                   
SQL Server Name:                          
K2 Configuration Database:             
Database Login:                               
 
Configure Kerberos Authentication for K2 Blackpearl
The Kerberos protocol supports an authentication method that uses tickets that a trusted source provides. Kerberos tickets indicate that the network credentials of a user who is associated with a client computer were authenticated. The Kerberos protocol defines how users interact with a network service to gain access to network resources. The Kerberos Key Distribution Center (KDC) issues a ticket-granting-ticket (TGT) to a client computer on behalf of a user. In Windows, the client computer is a member of an Active Directory Domain Services (AD DS) domain and the TGT is proof that the domain controller authenticated the user credentials.
Before establishing a network connection to a network service, the client computer presents its TGT to the KDC and requests a service ticket. Based on the previously issued TGT, which confirms that the client computer was authenticated, the KDC issues a service ticket to the client computer. The client computer then submits the service ticket to the network service. The service ticket must also contain an acceptable Service Principal Name (SPN) that identifies the service. To enable Kerberos authentication, the client and server computers must already have a trusted connection to the KDC. The client and server computers must also be able to access AD DS.

Trust server for delegation

By default, no server is trusted for delegation, meaning that a service on a server in the Active Directory, cannot act on a user’s behalf, basically this means that a service if trusted for delegation, can impersonate a user and request a Kerberos ticket in the users name.
1.    Open Active Directory Users and Computers.
2.    In the console tree, click Computers.
3.    Right-click the computer you want to be trusted for delegation, and click Properties
4.     On the Delegation tab, click ‘Trust this computer for delegation to any service (Kerberos only)’