You are viewing limited content. For full access, please sign in.

Question

Question

Initiate a workflow from a DMZ server

Workflow
Updated April 17, 2019
asked on April 15, 2019

I am wondering if it is possible to initiate a workflow from a server located in DMZ, for a public form. 

The connection could not be made using the following code, even when all ports are open.

WorkflowConnection connection = WorkflowConnection.CreateConnection(workflowServer, workflowApplication)

According to Miruna Babatie, since Workflow uses Windows Authentication for security, an active directory is required when connecting from machines other than the WF server. However, since our public forms portal server is in DMZ, it is not connected to Active Directory system. 

https://answers.laserfiche.com/questions/49235/Workflow-Designer-Connection-Fail-Error0604WFSO0#49247

 

Would there be a way to manually set the user account when connecting from machines other than WF server? Or is there any other way to make this connection work?

 

Error message: 

[SocketExceptio (0x2746) : An existing connection was forcibly closed by remote host]

[CommunicationException: The socket connection was aborted. This could be caused by an error processing you message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:30']

[IOException: The write operation failed, see inner exception]

[CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:30']

[WFSOException: An error occurred communicating with the workflow server. View error log for more details. [0604-WFSO0]]

0 0

Replies

replied on April 15, 2019

The error above seems to be a timeout because you haven't configured port forwarding to the WF server, so I don't think you're hitting the authentication problem yet.  If you don't want to set up a domain in the DMZ with a trust relationship with your internal domain, another solution would be to host a web service internally that could proxy the requests to WF for you.  I don't mean a literal proxy, as you would want the server in the middle to supply its own credentials and you would probably send it the parameters over HTTP and have it convert to WCF.

0 0
replied on April 15, 2019

Same error messages are provided when all ports are open from DMZ server to the WF server, and I was using the IP address for the parameter. If I am missing anything, please let me know.

 

And while trying to involve the workflow web service, I got the following error via Visual Service. http://workflowserver/workflow returns a working page. Could you please help me to find out what might be the cause of this issue?

There was an error downloading 'http://workflowserver/workflow/api/restworkflowapi.svc/$metadata'.
The request failed with HTTP status 404: Not Found.
Metadata contains a reference that cannot be resolved: 'http://workflowserver/workflow/api/restworkflowapi.svc'.
The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html> <!--[if !(IE 6) | !(IE 7) | !(IE 8)  ]><!--><html lang=en-US prefix="og: https://ogp.me/ns#" class=no-js> <!--<![endif]--><head><link rel=stylesheet href=https://www.laserfiche.com/wp-content/cache/minify/a1063.default.include.fd253a.css media=all> <script src=https://www.laserfiche.com/wp-content/cache/minify/a1063.default.include.56e259.js></script> <meta charset=UTF-8><meta name=viewport content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"><meta name=theme-color content=#ff6305><link rel=profile href=https://gmpg.org/xfn/11> <script>if(/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)){var originalAddEventListener=EventTarget.prototype.addEventListener,oldWidth=window.innerWidth;EventTarget.prototype.addEventListener=function(eventName,eventHandler,useCapture){if(eventName==="resize"){originalAddEventListener.call(this,eventName,function(event){if(oldWidth===window.innerWidth){return;}else if(oldWidth!==window.innerWidth){o'.
If the service is defined in the current solution, try building the solution and adding the service reference again.

Thanks!

0 0
replied on April 16, 2019

This looks like a suboptimal configuration. You are opening up both the Forms server and the Workflow server to outside traffic.

A more secure setup would be to only expose the Forms front-end in the DMZ and set up the Forms Routing Service inside your firewall. That way you would be minimizing your surface area as well as making it easier for Forms to connect to Workflow. More information about this setup can be found in the documentation.

0 0
replied on April 17, 2019

In DMZ, we only opened Forms public portal, with the routing service disabled. The internal Forms routing service stays inside the firewall as you mentioned.

Since some of the steps of this business process involves the connection to an external web application (via Redirect to website, [On Event Completion]), I am trying to initiate a workflow outside the Forms, using C# application. With some passed parameters, I was able to find the necessary information to create the connection and it worked on local environment. However, the connection does not work on DMZ server. 

Would there be another way of initiating a workflow?    

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...