Deploy a WES

In the following procedures, you will deploy a Well-Enabled Service (WES). These procedures can be used to deploy any of the Well-Enabled Services available with this kit. Server names used in these procedures follow the conventions established in the associated Microsoft Solutions for Hosters. See the following list for additional details about the solutions upon which each WES depends:


A WES must be deployed on a server that has been preconfigured as a Microsoft Provisioning System (MPS) client.

Procedure CSFINT.1: To install Web Service Enhancements (WSE) 3.0
  1. Log on to PROV01 as a member of the Domain Admins group.
  2. Launch Microsoft Internet Explorer and navigate to Web Services Enhancements (WSE).
  3. Follow the instructions for downloading and installing WSE 3.0.
Procedure CSFINT.2: To install a Well-Enabled Service
  1. Log on to PROV01 as a member of the Domain Admins group.
  2. Copy the Connected Services Framework (CSF) Integration Kit installer, CSFKIT.msi, to PROV01.
  3. Double-click CSFKIT.msi, and then click Next to begin the installation process.
  4. On the License Agreement page, choose I accept the terms in the license agreement, and then click Next.
  5. Fill out the Customer Information form, and then click Next.
  6. On the Setup Type page, select the Custom option, and then click Next.


    Leave Complete selected if you want to install all WESes and the WES Generator at once. You must have Microsoft Visual Studio 2005 installed on PROV01 to be able to install the WES Generator.

  7. On the Custom Setup page, click the drive icon to the left of any components you do not want to install, select Entire feature will be unavailable, and then click Next.
  8. On the Ready to Install the Program page, click Install.
  9. On the Installer Wizard Completed page, click Finish.


The following procedure only needs to be performed once per domain.

Procedure CSFINT.3: To create a Well-Enabled Service application pool account
  1. Log on to AD01 using an account that is a member of the Domain Administrators group.
  2. On the taskbar, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  3. Right-click Users, point to New, and then click User.
  4. In the New Object-User dialog box, type MPSWesAppPoolAcct as the First name and the User logon name, and then click Next.
  5. In the next New Object - User dialog box, clear the User must change password at next logon check box. Enter the password twice, and then select Password never expires.


    The service account cannot have a blank password or a password that will expire.

  6. Click Next. Verify the information you have entered, and then click Finish.
  7. In Active Directory Users and Computers, select Users organizational unit (OU), and then, in the right pane, double-click the MPSWesAppPoolAcct account.
  8. Select the Member Of tab, and then click Add.
  9. In the Name field, type MPFClientAccts, and then click OK.
  10. Click OK.
Procedure CSFINT.4: To add the MPSWesAppPoolAcct to the IIS_WPG group
  1. Log on to PROV01 as a member of the Domain Admins group.
  2. On the taskbar, click Start, point to Administrative Tools, and then click Computer Management.
  3. Expand System Tools, expand Local Users and Group, and then click Groups.
  4. In the Group list in the right-hand pane, right-click IIS_WPG (IIS Worker Process Group).
  5. Click Add to Group.
  6. Click Add.
  7. Type Fabrikam\MPSWesAppPoolAcct. Click OK, and then click OK again.

In the following procedure, you will configure the MPSWesAppPoolAcct with permissions to the registry. This allows the WES to raise application events when the Microsoft.Practices.Enterprise.Logging features are enabled via the Web.Config file.

Procedure CSFINT.5: To configure the MPSWesAppPoolAcct for event logging
  1. On PROV01, click Start, click Run, and then type Regedit. Click OK.
  2. In the Registry Editor, expand HKEY_LOCAL_MACHINE, expand SYSTEM , expand CurrentControlSet, expand Services, and then expand Eventlog.
  3. Right-click the EventLog key, and then choose Permissions.
  4. Click the Add button.
  5. Type Fabrikam\MPSWesAppPoolAcct, and then click OK.
  6. Ensure that Allow permission is selected for Full Control, and then click OK.
  7. Close the Registry Editor.
Procedure CSFINT.6: To create an application pool for the WES
  1. Log on to PROV01 as a member of the Domain Admins group.
  2. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  3. Right-click Application Pools, click New, and then select Application Pool.
  4. In Application pool ID, type MPSWesAppPool, and then click OK.
  5. Right-click the new application pool, and then select Properties.
  6. Click the Identity tab, and then choose the Configurable option.
  7. In User name, type Fabrikam\MPSWesAppPoolAcct.
  8. In Password, enter the password you set when creating the MPSWesAppPoolAcct. Enter the password again when prompted, and then click OK.


    IIS does not confirm that the password you entered is correct for the MpsWesAppPoolAcct. If your application pool fails to function, an incorrect password may be the problem.

Perform the following procedure once for each WES you plan to deploy.

Procedure CSFINT.7: To configure each WES Virtual Directory
  1. Log on to PROV01 as a member of the Domain Admins group.
  2. Click Start, point to Administrative Tools, and then click to Internet Information Services (IIS).
  3. Click PROV01, expand Web Sites, and then click Default Web Site.
  4. Right-click the WESname virtual directory, and then select Properties.
  5. On the Virtual Directory tab, select MPSWesAppPool from the Application Pool drop-down list.
  6. Select the ASP.NET tab, and then select the 2.0.* version from the ASP.NET version list.
  7. Click Apply, and then click OK.


    • The Well-Enabled Services described in this kit support anonymous access with MPS credentials passed in Simple Object Access Protocol (SOAP) messages. It is critical that you secure this communication channel by installing a Secure Sockets Layer (SSL) certificate on the Web server and requiring secure communications between all calling systems and the server hosting these pages. To learn how to install an SSL Certificate, see Enable Secure Sockets Layer.
    • Alternatively, the user can use Web Services Enhancements 3.0 (WSE) security - for instance, using X509 certificates. Review the WSE 3.0 documentation supplied with the WSE 3.0 distribution you downloaded in the To install Web Service Enhancements (WSE) 3.0 procedure earlier in this topic.
    • The Well-Enabled Services described in this kit each have a policyCache.config file that is utilized to configure WSE features.