000036670 - How to change RSA Archer advanced workflow communication settings

Document created by RSA Customer Support Employee on Sep 18, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036670
Applies ToRSA Product Set: Archer
RSA Product/Service Type: Advanced Workflow
RSA Product Version: 6.2 and above
Platform: Windows
IssueYou have configured Advanced Workflow during the installation, but now you would like to change the settings; for example, changing from using HTTPS to HTTP, or vice versa. The following instructions provide some use cases on modifying these values.
Resolution

To change from HTTPS to HTTP



1.  Modify the registry



  1. Using RDP, login to the system on which the Advanced Workflow component is installed.
  2. Open regedit.
  3. Navigate to the key HKLM\Software\Workpoint LLC\Workpoint\4.1
  4. Refine the following values:

ServerTcpPort             : 8001
ServerHttpsPort          : <anything you desired>
ServerHttpPort            : 8000
RestApiUseSsl            : 0
RestApiSupport           : 1
DesignerUseSsL         : 0
DesignerSupport         : 0



2.   Modify the workpoint config file



  1. While still in the system through RDP, navigate to C:\Program Files\RSA Archer\Services\Workpoint\conf.
  2. Open the WorkpointSettings.config using Notepad.
  3. Locate <!-- Eventing Services Begin --> section
  4. Modify the metadataUrl value to: "http://<hostname of your system>:8000/workpoint/bpm/wseventing.svc".
  5. Save the file.

 



3.  Modify ACP and restart service



  1. Open the Archer Control Panel and navigate to Installation Settings > Advanced Workflow.
  2. Modify the Workflow Host or Load Balancer URL to http://localhost:8000/.
  3. Save the changes.
  4. Restart the RSA Archer Workflow service.

 



4.   Re-register port registration



  1. Check if port 8000 has been registered with the service account running the RSA workflow service. To confirm use the command:


netsh http show urlacl > netsh.txt


  1. Look for the Reserved URLs for https://+:8000/.... (there are many of them). Then check the user registered for it.  For example,

Reserved URL            : http://+:8000/workpoint/rest/trantemplates.svc/ 
User                            : ARCHER\administrator
Listen                          : Yes
Delegate                     : No
SDDL                          : D:(A;;GX;;;LA) 


  1. Validate the user account to see if it matches the service account running the RSA Workflow service:

User-added image


  1. If the user does not match, or there is no port registration for port 8000, then perform the following steps to re-register the port:
    1. Download the file remove-port-registration-AWF.txt, rename to .bat and run it. 
    2. Download the file add-port-registration-AWF.txt attached to this article.
    3. Rename the file extension to .bat for both files.
  2. Open the file in a text editor.
  3. Modify the file by changing the user parameter to the service account for each line of code. As an example, below is the user parameter:



netsh http add urlacl https://+:8000/workpoint/rest/trantemplates.svc/ user="domain\username"



  1. Save and close the file.
  2. Remove the existing port registrations by running batch file remove-port-registration-AWF.bat from step 4 above.
  3. Add the port registrations by running batch file add-port-registration-AWF.bat from step 4 above.
  4. Restart the RSA Archer Workflow service for the changes to take effect.

 



To change from HTTP to HTTPS




1.  Re-run the installer



  1. Please re-run the installer (matching the same version as of the current environment), then select Advanced Workflow as well as any existing components already installed on the system.

User-added image


  1. Reconfigure Advanced Workflow through the installation wizard, selecting:
    1. The appropriate protocol (HTTPS) and the certificate used for secure web communicates.

User-added image


Note that the certificate must have a valid subject name or a Subject alternate name ( that is, it must be DNS resolvable ).


 


  1. The URL and the port used for REST API communication. 

User-added image



Note the following:


  • The use of https in the URL
  • The hostname defined in the URL must match the subject name of the certificate as selected in step 2a, above.
  • The URL needs to contain the HTTPS port, e. g., 8443
  • For the Workflow communication port, use port 8000.

  1. Proceed with rest of the configurations to match with the existing setup


4.  Re-register port registration



  1. Check if port 8443 has been registered with the service account running the RSA workflow service. Use the command:


netsh http show urlacl > netsh.txt


  1. Look for the Reserved URLs for https://+:8443/.... (there are many of them). Then check the user registered for it. For example,

Reserved URL            : http://+:8000/workpoint/rest/trantemplates.svc/ 
User                            : ARCHER\administrator
Listen                          : Yes
Delegate                     : No
SDDL                          : D:(A;;GX;;;LA) 


  1. Validate the user account to see if it matches the service account running the RSA Workflow service:

User-added image


  1. If the user does not match, or there is no port registration for port 8000, then perform the following steps to re-register the port:
    1. Download the file remove-port-registration-AWF.txt, rename to .bat and run it. 
    2. Download the file add-port-registration-AWF.txt attached to this article.
    3. Rename the file extension to .bat for both files.
  2. Open the file in a text editor.
  3. Modify the file by changing the user parameter to the service account for each line of code. As an example, below is the user parameter:



netsh http add urlacl https://+:8443/workpoint/rest/trantemplates.svc/ user="domain\username"


  1. Save and close the file.
  2. Remove the existing port registrations by running batch file remove-port-registration-AWF.bat from step 4 above.
  3. Add the port registrations by running batch file add-port-registration-AWF.bat from step 4 above.
  4. Restart the RSA Archer Workflow service for the changes to take effect.

Outcomes