The following assumes that you are using Internet Information Services (IIS) 6.0 or higher and your operating system is Microsoft Windows Server 2003.
1. Create Application Pool
a. Click Start->Programs->Administrative Tools->Internet Information Services (IIS) Manager.
b. Right mouse click on “Application Pools”->New->“Application Pools”.
c. Type in name (say, “BAMAppPool”) of application pool to create.
d. On the properties page of the application pool, choose an application pool identity. Click OK when done.
e. Make sure that the application pool identity is added to the “IIS_WPG” local group and if Sharepoint is configured, make sure it is also added to the “STS_WPG” group.
2. Create Virtual Directory
a. Using Internet Information Services (IIS) Manager, create a virutal directory named “BAM”.
b. Expand “Web Sites” node->Right mouse click on “Default Web Site”->New->Virtual Directory.
c. In the “Virtual Directory Creation Wizard”, type in the virtual directory name, choose “<install location>\BAMPortal” as the content directory and only allow “Read” permissions.
d. On the properties page of the virtual directory, in the “Virtual Directory” tab, create an application named (say) “BAM”, choose “Script only” execute permissions and the application pool “BAMAppPool” created in previous step. Click “Edit” on the Authentication and access control tab. Uncheck the “Enable anonymous access” checkbox on the “Directory Security” tab and make sure that Integrated Windows Authentication checkbox is checked. Click OK when done.
e. On the properties page of the “BAMManagementService”, create an application named (say) “BAMManagementService”, choose “Script only” execute permissions and the application pool “BAMAppPool” created in previous step. Click “Edit” on the Authentication and access control tab. Uncheck the “Enable anonymous access” checkbox on the “Directory Security” tab and make sure that Integrated Windows Authentication checkbox is checked. Click OK when done.
f. On the properties page of the “BAMQueryService”, create an application named (say) “BAMQueryService”, choose “Script only” execute permissions and the application pool “BAMAppPool” created in previous step. Click “Edit” on the Authentication and access control tab. Uncheck the “Enable anonymous access” checkbox on the “Directory Security” tab and make sure that Integrated Windows Authentication checkbox is checked. Click OK when done.
3. Setup web.config For Web Services
There are 3 web.config files to create.
a. Web.config in <install location>\BAMPortal folder
i. Make a copy of web.config.tmpl in <install location>\BAMPortal folder and renamed it to web.config.
ii. Open the web.config file, replace “localhost” with the name of your server hosting the web service for the following two lines:
<add key="BamQueryWSUrl" value="http://localhost/BAM/BamQueryService/BamQueryService.asmx"/>
<add key="BamManagementWSUrl" value="http://localhost/BAM/BamManagementService/BamManagementService.asmx"/>
iii. Set culture to “neutral” for the assembly.
<assemblyIdentity name="Microsoft.BizTalk.Bam.WebServices" publicKeyToken="31bf3856ad364e35" culture="" />
iv. Replace “Everyone” with the group that you want to use for controlling access to the portal for the following line:
<allow roles="Everyone"/>
v. Save the web.config file.
b. Web.config in <install location>\BAMPortal\BAMManagementService folder
i. Make a copy of web.config.tmpl in <install location>\BAMPortal\ BAMManagementService folder and renamed it to web.config.
ii. Open the web.config file, replace “localhost” and “BAMPrimaryImport” with the name of your primary import server and database respectively.
<add key="BamServer" value="localhost"/>
<add key="BamDatabase" value="BAMPrimaryImport"/>
iii. Replace “Everyone” with the group that you want to use for controlling access to the web service for the following line:
<allow roles="Everyone"/>
iv. Save the web.config file.
c. Web.config in <install location>\BAMPortal\BAMQueryService folder
i. Make a copy of web.config.tmpl in <install location>\BAMPortal\ BAMQueryService folder and renamed it to web.config.
ii. Open the web.config file, replace “localhost” and “BAMPrimaryImport” with the name of your primary import server and database respectively.
<add key="BamServer" value="localhost"/>
<add key="BamDatabase" value="BAMPrimaryImport"/>
iii. Replace “Everyone” with the group that you want to use for controlling access to the web service for the following line:
<allow roles="Everyone"/>
iv. Save the web.config file.
4. Use ASP.Net To Encrypt Web Service Credentials
a. From the command prompt, type the following:
aspnet_setreg.exe -k:"SOFTWARE\Microsoft\BizTalk Server\3.0\BAM\WebServices\identity" -u:<yourDomainName\userName> -p:<password>
b. Press Enter.
Note For more information about aspnet_setreg.exe, see Knowledge Base article 329290, "Use the ASP.NET Utility to Encrypt Credentials and Session State Connection Strings" located at http://go.microsoft.com/fwlink/?LinkID=16728
5. Grant Permissions in Registry
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor (regedit.exe) at your own risk.
a. Grant the web service identity “Query Value”, “Enumerate Subkeys”, “Notify” and “Read Control” permissions to the following registry key.
i. HKLM\SOFTWARE\Microsoft\BizTalk Server\3.0
b. Grant the application pool identity “Query Value”, “Enumerate Subkeys”, “Notify” and “Read Control” permissions to the following registry key.
i. HKLM\SOFTWARE\Microsoft\BizTalk Server\3.0\BAM\WebServices\identity\ASPNET_SETREG
6. Grant Permissions to Folders
a. Grant the application pool identity “Traverse Folder / Execute File”, “List Folder / Read Data”, “Read Attributes”, “Read Extended Attributes”, “Create File / Write Data”, “Create Folders / Append Data”, “Write Attributes”, “Write Extended Attributes” and “Read Permissions” permissions to the Windows temp folder, its sub folders and files.
7. Update Bam Configuration
a. Insert the following as a child of BAMConfiguration element in the BamConfiguration.xml, replacing “yourServer” with the server where you want to install the BAM web service.
<GlobalProperty Name="BAMVRoot">http://yourServer/BAM </GlobalProperty>
b. Run "bm.exe update-config -FileName:BamConfiguration.xml"
8. Grant Permissions in BAM Primary Import Database
a. Add the web service identity to SQL Logins.
b. Add the web service identity to the “BAM_ManagementWS” role in the BAM Primary Import Database
9. Troubleshoot
a. I get an error in the event log that says that the "BAM Portal" event source cannot be created.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor (regedit.exe) at your own risk.
i. Create a key "BAM Portal" under HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
ii. Under the newly created key, create a key-value pair.
Key: "EventMessageFile".
Value: <.Net Framework Path>\<Installed Version>\EventLogMessages.dll
Type: Expandable string value.
If you have alerts configured, refer to my blog "BAM without BizTalk Configuration (Part 3)" for the additional step.
