Chapter 3

Installing and Configuring SharePoint

WHAT’S IN THIS CHAPTER?

  • SharePoint prerequisites
  • Installing SharePoint 2013 Enterprise
  • Creating and configuring the farm
  • Creating web applications and site collections

Just as we urged in the 2010 edition of this book: Please read this chapter! After many years of reviewing SharePoint farms, we can count on one hand the number that were built correctly. It isn’t because SharePoint is especially hard to install and configure, it’s just very particular about numerous settings.

The focus of this chapter is installing SharePoint Server 2013 Enterprise — using the least-privilege security model and meaningful database names. This approach is the opposite of the two most commonly used approaches. The first is to use an account for everything, assign it super administrator privileges, and then use all of the wizards, which results in a train wreck. At the other extreme is the second approach, which is to just download a PowerShell script and run it to magically create a SharePoint farm. While that is undoubtedly handy, you don’t learn anything from the process, so the first time you hit a bump in the road you are stuck. No train wrecks or magic occur in this chapter, just a clear, production-level install done in a slow, deliberate fashion that explains all the steps.

PREPARING THE ENVIRONMENT

Before starting the SharePoint installation and configuration for this environment, several servers were built with dedicated roles to make it easier to translate to your environment. There is a dedicated domain controller, a dedicated SQL Server, and a dedicated SharePoint server. All machines are running Windows Server 2012 Standard with the GUI. All current Windows Server Windows Updates have been applied.

The domain controller, named DC, is a single-processor machine with 1GB of RAM. A new Active Directory (AD) forest was created for the domain Contoso.com. DC has all the AD roles and hosts DNS for the domain.

The SQL Server, named SQL, is a four-processor machine with 8GB of RAM. It is running SQL Server 2012 Standard RTM. The machine is a member of the Contoso.com domain. SQL was installed using the blog post at http://msmvps.com/blogs/shane/archive/2012/09/17/a-simple-install-of-sql-server-2012-for-sharepoint-server-2013-or-2010.aspx. Even if you have SQL Server already installed, confirm that you have changed the Max Degrees of Parallelism setting to 1 and have set up the permissions correctly. Both of these steps are covered in the blog post as well. For this environment the AD account Contososp_install has been given the SQL Server roles of dbcreator, public, and securityadmin.

The SharePoint server, named Server, is a four-processor machine with 8GB of RAM. It is a member of the Contoso.com domain. The AD account Contososp_install has been made a local administrator on the SharePoint server. Nothing else has been done to the machine. Tasks such as adding the Web Server (IIS) role will be handled by the prerequisite installer included with SharePoint.

For a better understanding of the supporting servers, the hardware requirements, and all the software you need in place to make SharePoint happy, please see Chapter 2, “Architecture and Capacity Planning,” which covers all of these topics in detail.

LOGGING IN AND MOUNTING THE FILE

In order to install SharePoint you need to login to the SharePoint server with an account that is a local administrator on that server. Therefore, in this example you will use Contososp_install to remote desktop into Server.

Once you are logged into the server you need to get a copy of SharePoint Server 2013. Whether you download the trial version from the Internet or have the official DVD copy, when you run setup.exe the same thing happens. You are prompted for a license key, and based on that key you get your version of SharePoint.

To ensure an experience consistent with the examples in this chapter, download the SharePoint Server 2013 trial from http://technet.microsoft.com/en-us/evalcenter/hh973397.aspx. For some reason, the download for this version is an IMG file. If you are using Windows Server 2012, then you can right-click the file and mount it, which works the same as inserting a DVD. If you aren’t using Windows Server 2012 or are otherwise having problems working with the file, then check out http://www.slysoft.com/en/virtual-clonedrive.html. This handy free utility enables you to mount IMG and ISO files natively in Windows. This is quite handy, especially if you used TechNet’s download, which is in the form of an ISO file. Thank goodness for consistency.

RUNNING THE PREREQUISITE INSTALLER

The prerequisite installer is a wonderful little tool that you are likely already familiar with, as Microsoft uses a similar tool with several other Server products. As the name suggests, it handles the download and installation of any programs that you need to install before you install SharePoint. Otherwise, you must manually download and run at least 11 different programs from http://technet.microsoft.com/en-us/library/cc262485(v=office.15).aspx. There’s useful information on that page, but if you’re interested solely in the prerequisite installer, here’s the direct section link: http://technet.microsoft.com/en-us/library/cc262485(v=office.15).aspx#section5. The prerequisite installer will also install and configure the Windows Server roles and features you need, such as IIS.

This section uses the prerequisite installer but it is quite possible that your SharePoint server will not have access to the Internet, which makes it hard to automate the process. In that case, you have a couple of options. You can either download the programs from the preceding link and then manually install them individually or you can script the process. The latter method isn’t really scripting, but running the program with a whole bunch of parameters. If you run prerequisiteinstaller.exe /? from a command prompt, the screen shown in Figure 3-1 appears, displaying all your available options. You need to download all of these bits, place them in a directory and then create a command line that tells SharePoint where to find them. If you decide to go the route of creating your own command line, be sure you save all your work for future reference, as it will prove extremely helpful if you will be installing a lot of SharePoint servers without Internet access. If not, this is a lot of work with very little gain. TechNet has a nice article at http://technet.microsoft.com/en-us/library/ff686793(v=office.15) with additional details if the command line is your chosen path.

FIGURE 3-1

image

Whatever you decide, you must still run the prerequisite installer to ensure that installation is complete. In other words, even if you manually install and configure everything you still need to run the tool to confirm you did everything successfully. It only takes a couple of minutes and prevents any unpleasant surprises later.

It isn’t unusual for the prerequisite installer to require rebooting your machine once or twice as it runs. Don’t fight it; instead, go get something to drink while it reboots. When you log back in to Windows, the prerequisite installer will automatically restart — that is, assuming it can get to the file. If you had to previously mount an IMG or ISO file, that mounting often doesn’t survive rebooting, so when you log back in you get an error. Not a big deal. Just click OK, mount the file again, and then manually run prerequisite installer again. It will skip the steps it has already completed and continue. Just keep running it until the Installation Complete message appears.

Use the following steps to run the prerequisite installer on the SharePoint server. You can be logged in as any local administrator on the server. The account type isn’t important until you are ready to install SharePoint in the next section.

1. Open the folder containing the SharePoint install files. If you downloaded an IMG or ISO file, then you have to mount that first.
2. Double-click prerequisiteinstaller.exe.
3. At the Welcome screen, click Next.
4. Read all of that license goodness and select “I accept the terms of the License Agreement(s),” then click Next.

After several minutes the install will do one of three things: complete successfully, prompt you to reboot so it can keep going, or error out. If it prompts you to reboot, just click Finish and the server will reboot. When you log in after the reboot, the installer will automatically resume. If it does not, you may need to remount your ISO or IMG file. See the Login and Mount the ISO section if you need to troubleshoot the error message seen in Figure 3-2.

FIGURE 3-2

image

If you get an error, it will contain a link to the error log. The log file is relatively readable, so you should be able to determine the cause of the failure. Usually it is an Internet connection issue. Also, sometimes it doesn’t hurt to just try again before troubleshooting. SharePoint 2010 had a bad habit of just wanting to be run twice. When you get the Installation Complete message, click Finish.

ADDING FORGOTTEN PATCHES

As great as the prerequisite installer is, ensure that you install any appropriate additional patches, depending on your OS. Hopefully, in the near future such patches will be rolled out as Windows Updates, but currently you need to handle this yourself.

Windows Server 2008 R2

If you are using Windows Server 2008 R2, not Windows Server 2012, you need to manually request, register, download, and install the following patches:

Windows Server 2012

For those of you using Windows Server 2012, Microsoft didn’t leave you out of the fun:

RUNNING SETUP

Now that your environment is primed and ready to go, you can use the following steps to install SharePoint:

1. Remote desktop into the SharePoint server as your install account — Contososp_install for this example. See the earlier section, “Preparing the Environment,” if you need a reminder about what permissions this account needs.
2. From the folder in which the SharePoint files are mounted, run setup.exe.
3. At this point, SharePoint will confirm you have installed all the prerequisites and that there are no pending reboots. If you get any setup error message here, then you need to either reboot or note which prerequisite you did not install. Assuming you did everything correctly, you will see the Enter your Product Key dialog. Enter your key and click Continue. Remember that if you use the trial key, it is valid for 180 days only. Also, if you are having a hard time finding the trial key, it is located at the bottom of the page on which you started the process of downloading the trial version, in a very light font.
4. Read the license terms (don’t you always?), select “I accept the terms of this agreement,” and click Continue.
5. Stop! When people screw up installs, this is where it happens most frequently. When the dialog shown in Figure 3-3 appears, choose Complete! If you choose Stand-alone, then SharePoint will automatically install SQL Express on this machine and configure everything with a bunch of crazy defaults. Don’t do it.

FIGURE 3-3

image
After choosing Complete, click Install Now. If you want to change the default file locations you can, but note that this doesn’t install all of the SharePoint files to that new location. You will still have the files in the c:program filescommon filesMicrosoft sharedweb server extensions folder no matter what. This is why the previous chapter emphasized that you need at least 100GB of space for your C: drive. Even if you accept the default for the Search files location when you configure the search service application, you can still specify the location of those Search files.
6. When setup finishes, the Run Configuration Wizard window will appear. SharePoint is offering to kick off the wizard to help you create or join a farm. Say, “No thank you!” by deselecting “Run the SharePoint Products Configuration Wizard now.” Then click Close.

You don’t want to run the configuration wizard because it is recommended that you do some of the initial configuration steps using PowerShell in order to avoid having the Central Administration content database created with a GUID in its name.

AUTOMATING SETUP

If the preceding steps seem too complicated or you build so many SharePoint farms that you would like to automate that process, SharePoint provides that capability through the use of a config.xml file. If you look in the folder where you mounted the SharePoint install files, you will see a folder called files. This folder contains several other folders, each of which contains a different config.xml preconfigured to its scenario; and because it is just an XML file you can make changes as necessary. At the time of writing, Microsoft has not released a 2013 guide to using config.xml, but the 2010 guide, located at http://technet.microsoft.com/en-us/library/cc261668.aspx, should work fine in its absence.

Another option to consider is more radical: all the steps in this entire chapter could potentially be automated. If you flip over to Chapter 7, “Administering SharePoint 2013 with Windows PowerShell,” it describes several different scripts you can leverage to really add some flavor to your installs. While that is great fun, those scripts assume a certain comfort level with installing SharePoint. The best way to attain that comfort level is to keep reading this chapter, which breaks down the whole process without using any magic.

CREATING THE FARM

Now that SharePoint is installed you need to create a SharePoint farm. If you are going to have only one SharePoint server in your farm, then simply follow the steps in this section. If you are going to have several SharePoint servers in your farm, then you need to follow these steps on one server to create the farm, and then all the other servers will follow a slightly different process to join the farm. The server on which you run these steps will be the server that hosts Central Admin by default, so determine which lucky server will have that role and then solider on:

1. Make sure you are still logged into the SharePoint server as your install account — Contososp_install in this example.
2. Open the SharePoint 2013 Management Shell.
3. When the window opens you will see an error message at the top: “The local farm is not accessible. Cmdlets with FeatureDependencyId are not registered.” This is expected, as you have not yet created the farm. Although you can ignore this error for now, keep in mind that it should not appear after you create the farm.
4. At the prompt, run the following PowerShell command and press Enter. You need to change the DatabaseServer parameter value to your server’s name. In this example, the SQL server is named sql, so that is what is used. You can also use Figure 3-4 to check your work.

FIGURE 3-4

image 
New-SPConfigurationDatabase -DatabaseName SharePoint_Config -DatabaseServer sql
-AdministrationContentDatabaseName SharePoint_Admin_Content
PINNING THE SHAREPOINT 2013 MANAGEMENT SHELL TO THE TASKBAR
You will be using the SharePoint 2013 Management Shell constantly throughout your SharePoint career, so here is a trick to make your life easier: Pin the Management Shell shortcut to the taskbar. To do so, right-click the file in the Start menu and select Pin to Taskbar. After doing that, you need to set the shortcut to always run as administrator. You will never do anything with the SharePoint 2013 Management Shell that doesn’t require you to run as an administrator. After it is pinned, hold down the Shift key and right-click it to expose the properties option. When the properties panel opens, click Advanced. Now you have the option to always have the program run as administrator.
5. A dialog will appear in which you enter your Windows PowerShell credentials. A common mistake is entering the wrong account here. It doesn’t want your username and password; it wants your farm account’s username and password. This needs to be a dedicated account, as it is the most fragile in the farm. For the book example, use ContosoSP_farm. This account needs to be created in AD, and at this point it only needs to be a domain user. Enter the domainusername and password and then click OK.
6. Now you are returned to the Management Shell to enter the farm passphrase. This passphrase is used to allow servers to join and leave this SharePoint farm. In order to qualify as a secure passphrase, it must meet the following guidelines:
  • It must contain at least 8 characters.
  • It must contain at least 3 of the following 4 character groups:
    • English uppercase characters (A through Z)
    • English lowercase characters (a through z)
    • Numerals (0 through 9)
    • Non-alphabetic characters: “! “ # $ % & ‘ ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~
Type in your passphrase and press Enter. Be sure to make note of it, as you will need it later if you add more servers.
Now would be a good time to take a break. This will run for a while, as it is doing a lot of heavy lifting behind the scenes, such as creating your configuration database and the Central Admin database.
7. When the commands are done running, your Management Shell will return to the slow blinking cursor and in typical PowerShell fashion you will not see any messages, which is a good thing. Open the SharePoint 2013 Products Configuration Wizard from the Start menu.
8. At the Welcome to SharePoint Products dialog, click Next.
9. A pop-up will appear warning you that some services will be stopped or restarted. That’s fine; just click Yes.
10. In the Modify server farm Settings dialog, leave the default of “Do not disconnect from this server farm,” and click Next. Seeing any other screen at this point is a bad thing and means something went wrong in steps 1-6.
Most likely the farm failed to create and you got an error message. You will need to go back and work through that error message. If any databases were created when you got the error message, you will probably need to delete those from the SQL server on your own.
11. In the Configure SharePoint Central Administration Web Application dialog, click Specify port number and enter any number you can remember.
12. Under Configure Security Settings, use the default of NTLM. Keep in mind that this is asking if you want Central Administration to use NTLM or Kerberos. It is not asking if you want Kerberos anywhere in your farm. You always want NTLM for Central Administration. Confirm your settings using Figure 3-5 as an example. If everything looks good, click Next.

FIGURE 3-5

image
13. On this screen quickly double-check all of your settings and then click Next to finish creating this fabulous farm. You might notice the progress bar goes straight to step 4 of 9. This is because you did the earlier steps using PowerShell.
14. After a couple of quick minutes you should get a Configuration Successful screen. Click Finish.

After a few moments Internet Explorer will open and the Central Administration website will load. Don’t get trigger-happy and start pressing buttons. You’ll explore how to configure your new farm after a brief message about multi-server farms.

Adding More Servers to the Farm

One of the great things about SharePoint is its ability to scale. As described in Chapter 2, it is easy to create some extremely flexible topologies with multiple SharePoint servers. Obviously, before you can start scaling, you first need to install SharePoint on those servers. That means following the steps outlined in the earlier sections to run the prerequisite installer, add the forgotten patches, and setting SharePoint up as you did on your first server. It is completely safe to perform those steps on all your servers at once.

After deploying all the necessary bits, you would create the farm on one server only, keeping in mind that this server will have Central Administration installed on it by default, and therefore planning accordingly. With that step completed on the first server, you are ready to add the other servers to the farm. Repeat the following steps on all additional servers in your farm:

1. Remote desktop to the server using a local admin account. It should be the same account you used to do the first server. For this example, that is Contososp_install.
2. From the Start menu, run the SharePoint Products and Technology Configuration Wizard.
3. At the Welcome to SharePoint Products screen, click Next.
4. A dialog will appear warning you that some services will be stopped or restarted. Click Yes.
5. For the Connect to a server farm dialog, select “Connect to an existing server farm” and click Next.
6. For Database server: enter your SQL Server name and click Retrieve Database Names. In this example, the SQL server name is sql.
7. After a moment the screen will refresh. In the drop-down database, select your configuration database name. It should be SharePoint_Config unless you changed it when creating your farm initially. Also, if you have multiple databases listed, ensure that you choose the correct one. Click Next.
8. In the Specify Farm Security Settings dialog, enter the passphrase you specified when creating the farm. For this example, use pass@word1. Click Next.
9. In the Completing the SharePoint Products Configuration Wizard dialog, click Next to join the farm. The Advanced button is used for configuring this server to also host the Central Administration website. If you are the curious type, it is safe to click; and if you would like to have this server host Central Administration, you can select the option. This example assumes you do not.
10. When these steps are completed, click Finish to close the configuration wizard.
11. After a moment Internet Explorer will open and take you to Central Administration. Note that Central Administration is running on the first server you provisioned. Close the window.

That’s it. At this point you would return to the first server and continue building out your farm and following these exact steps on all your additional servers. As mentioned earlier, it is safe to run these steps on all the servers at the same time. Unlike Black Friday shoppers, the servers will take orderly turns adding themselves to the farm. If they could get you one of those fancy $99 TVs, life would be perfect.

Configuring the Farm

You have a farm but it isn’t very helpful yet. You still need to configure the core services of SharePoint. SharePoint provides these services through the service application framework. Check out Chapter 4, “Understanding Service Applications,” for a deeper dive of how service applications work. Each of the various services — such as Search, User Profiles, and Excel Services, to name a few — are offered in an a la carte fashion. As you create each service application, you can connect your various SharePoint web applications to it to consume it. In this section, you will do the initial configuration of the core service applications. You will do this in a scalable fashion, in order to avoid some of the goofiness that tries to sneak in along the way.

The following sections describe all the service applications and outline the steps to create and configure each one. While it is not necessary to create the service applications in the following order, it is recommended because some of them automatically register themselves with other service applications if they are present, saving you extra configuration steps. Note that the service applications appear in Central Administration in alphabetical order. In addition, as you work through the list, some of the service applications are considered “required” or “highly recommended,” while others are optional. They are identified as such as you work through the sections.

NOTE You might also notice that an initial farm configuration wizard, or white wizard, is available to do all of this configuration for you. Although you are ­welcome to use it, this chapter avoids it because the wizard automatically does a lot of little things that are less than ideal, such as adding a GUID to all your database names and setting up My Sites to run on a web application named after the server. We highly recommend skipping the wizard and following along to configure your service applications the way the cool kids do.
1. Make sure you are still on the first SharePoint server with Internet Explorer open logged in as your install account.
2. You should see a pop-up dialog asking whether you want to Help Make SharePoint Better. Make your selection and click OK. (You might be surprised to know that the authors recommend you select Yes. Microsoft actively monitors any feedback you provide and prioritizes fixes based in part on this information — so if they are looking for problems to fix, wouldn’t you like them to fix yours?)
3. From the Welcome dialog, choose, “No, I will configure everything myself,” by clicking Cancel.

Now you will find yourself at the home screen of Central Administration. You can create most of the service applications from here by clicking through and providing some basic information. Unfortunately, some don’t work that way, such as the State Service and the Usage and Health Data Collection Service. Never fear, however, as where there is a will there is a way, and PowerShell is that way. Before you do anything else, you need to open the SharePoint Management Shell.

1. From the taskbar, click the SharePoint Management Shell link you created earlier.

Creating a Managed Account

Before continuing, you need to create a managed account. This is an Active Directory (AD) account you register with SharePoint, which you can use to run services and application pools. This enables you to manage one account’s password in a central location from which SharePoint can update all the places it is used in the farm. SharePoint can even automatically change the password for you. It’s a great feature, but it isn’t optional, so you have to follow along in this section.

To get started you will need two AD accounts, sp_serviceapp and sp_webapp. If you are creating these two accounts in Active Directory, for now they just need to be domain users with no special permissions at all.

1. Open Central Administration.
2. From the right-hand side of the page, click Security.
3. Under General Security, click Configure managed accounts.
4. From the menu bar, click Register Managed Account. You may notice that sp_farm is already registered. SharePoint did this for you automatically when you made it the farm account.
5. In the Service account credentials section, enter Contososp_serviceapp in the User name field if you are following the example. Remember to always add Domain in front of your account name.
6. For Password, enter your password. In the example, pass@word1 is used.
7. Ignore the other check boxes and click OK.
8. From the menu bar, click Register Managed Account.
9. In the Service account credentials section, enter Contososp_webbapp if you are following the example. Remember to always add Domain in front of your username.
10. For Password, enter your password. In the example, pass@word1 is used.
11. Ignore the other check boxes and click OK.

Now you have three managed accounts registered, which you will be able to use as you continue configuring your farm.

Creating the Service Application App Pool

Each service application has a service application proxy, which is really just a web service. Those proxies, when created, have to run within an IIS application pool. By default in SharePoint, all your service applications should run in the same application pool unless there is a specific reason to otherwise handle them.

NOTE For more details on service applications, check out Chapter 4, “Understanding Service Applications.”

When you create your first service application using Central Administration, you can use that page to create an application pool. Alternately, if you are the enterprising type, you can create the app pool using the SharePoint Management Shell. To simplify the instructions, use the following steps to create it using PowerShell:

1. Open the SharePoint 2013 Management Shell.
2. Type the following and press Enter: 
New-SPServiceApplicationPool -Name "Default SharePoint Service App Pool" -
Account contososp_serviceapp
3. Confirm your work using the screen shown in Figure 3-6.

FIGURE 3-6

image

Provisioning the State Service

The State Service service application is used to maintain state. This is one of those goofy .NET developer things which is the equivalent of writing on your hand. It holds the information temporarily while you use it and then it goes away. Some people assume this isn’t necessary but even out-of-the-box features use it so just go ahead and provision it to save looking up the error messages later. Because there is no GUI to do you will be using the SharePoint Management Shell.

1. At the prompt, type the following and press Enter: 
New-SPStateServiceApplication -Name "State Service Application"
2. At the prompt, type the following and press Enter: 
Get-SPStateServiceApplication| New-SPStateServiceApplicationProxy
-defaultproxygroup
3. At the prompt, type the following and press Enter: 
Get-SPStateServiceApplication| New-SPStateServiceDatabase -Name
"State_Service_DB"
4. At the prompt, type the following and press Enter: 
Get-spdatabase | where-object {$_.type -eq
"Microsoft.Office.Server.Administration.StateDatabase"} |
initialize-spstateservicedatabase
5. Confirm your work using the screen shown in Figure 3-7.

FIGURE 3-7

image

Success. Now you have created the State Service application.

Usage and Health Data Collection

Monitoring the status of your farm’s health is a critical aspect of SharePoint administration. This service application collects the various logging information stored in SharePoint and writes it to the logging database. This service application should always be created.

1. At the prompt, type the following and press Enter: 
New-SPUsageApplication -Name "Usage and Health Data Collection"
2. At the prompt, type the following and press Enter: 
$proxy = Get-SPServiceApplicationProxy | where {$_.TypeName -eq "Usage and
Health Data Collection Proxy"}
3. At the prompt, type the following and press Enter: 
$proxy.Provision()
4. Review Figure 3-8 to confirm your work.

FIGURE 3-8

image

That will do it. Now you have created the Usage and Health Data Collection service application.

Checking Your Available Service Applications

Your list of available service applications varies according to what version of SharePoint you have and what, if any, third-party service applications you have installed. This walk-through assumes that you have SharePoint Server Enterprise with no third-party service applications installed. If you are using SharePoint Server Standard, your list will be slightly shorter:

1. From the left side of Central Administration, click Application Management.
2. Under Service Applications, click Manage service applications.
3. From the Ribbon, click New. Figure 3-9 shows the list of service applications for SharePoint Server Enterprise.

FIGURE 3-9

image

These are the service applications covered in the following sections. One additional “secret” service application, called the Subscription Settings Service, will be created with PowerShell.

Access Services

The Access Services service application is used to create some very powerful applications and publish them through SharePoint. Called, appropriately if unimaginatively, Access apps, they are a new type of database that you build using Access 2013 and then access through SharePoint using a web browser. Business users are very excited about this functionality. SharePoint and SQL Server administrators do not share their enthusiasm. For one thing, each app creates its own database, which must be hosted on SQL Server 2012. The instance of SQL Server that hosts those databases must have some scary changes made to it, such as enabling SQL Server Authentication and named pipes.

Because of all of these requirements, Access Services are not considered part of a standard SharePoint server build, so feel free to skip it. No, this isn’t a total cop-out. Readers who are interested in configuring this service application can jump to Chapter 8, “Configuring SharePoint 2013 for Business Intelligence,” which contains a section dedicated to all of the chaos.

Access Services 2010

This is your old friend from SharePoint 2010. Another downside of the Access app model described in the preceding section is that there is no standard way to convert an Access Services 2010 service application to the new 2013 model. Therefore, if you are bringing over any Access applications from 2010, you would attach the service application database from Access Services in SharePoint 2010 to this service application to continue to host those applications. Note also that if you are using any of the reporting functionality of Access Services 2010, then SQL Server Reporting Services must be installed and configured, just as it was with SharePoint 2010. For more information on installing and configuring Reporting Services, see Chapter 8. After that is complete, you can follow these steps to create the Access Services 2010 service application. Access Services 2010 is a completely optional service application and should only be created if you have a specific purpose for it.

1. From Central Administration, select Application Management ⇒ Service Applications ⇒ Manage service application, and then click New.
2. In the drop-down menu, select Access Services 2010.
3. In the Create New Access Services Application dialog, enter Access Services 2010 for the Name field.
4. For Application Pool, select Use existing application pool.
5. From the drop-down, select Default SharePoint Service App Pool.
6. Leave the check box selected for “Add this service application’s proxy to the farm’s default proxy list.”
7. Confirm your settings against Figure 3-10 and then click OK.

FIGURE 3-10

image

Starting the Service on Server

Now that you have created the service application you need to start its corresponding service on server on the appropriate server. If you just have one server, then the choice is clear; but if you have a lot of servers, then you need to balance out your load and determine which server should host the given service. For more details on server topologies, please see Chapter 2, “Architecture and Capacity Planning.” For the steps in this section, one server is assumed.

Because you will alternate between creating a service application and then starting its corresponding service on server, to make your life easier it is recommended that you open a second tab in Internet Explorer. Leave that tab on the Services on Server page while your first tab stays on Manage service applications. That way, you can avoid navigating around a lot and instead just move from tab to tab.

1. In Internet Explorer, create a new tab. If you are unfamiliar with that process, just press Ctrl+T on your keyboard.
2. From the new tab, open Central Administration. In this example, the URL is http://server:5555 but yours may vary.
3. From the homepage of Central Admin, click Application Management.
4. Under Service Applications, click Manage services on server.

Now you are all set to move back and forth and quickly start the corresponding service for each service application you create. If in the previous section you created the Access Service 2010 service application, then start that service.

1. On the Services on Server page, find Access Database Service 2010.
2. To the right of the name, click the Start link. After a moment you should be returned to the Services on Server page, and the status should now be Started.

If your farm has multiple servers, you can use the Server: link at the top of the page to specify the server for which you are starting the service. If you click the displayed server’s name, you can then click Change Server. From the pop-up window that appears, you then select the server whose services you want to manage.

Configuring the App Management Service

The App Management Service is the service application that brings apps and the SharePoint and Office store in SharePoint to life. Chapter 11, “Managing and Configuring Apps,” covers all the fun that apps brings to the table and the different ways you can use the functionality. As part of building a smoothly functioning farm, you need to configure this application, so the steps are included in this chapter. Chapter 11 repeats the steps but with a different spin, explaining more details along the way. Note that configuring this service application also requires creating the Subscription Service application and making some changes to DNS.

Creating the Subscription Service Application

The Subscription Service application in SharePoint 2010 was used only for multi-tenant environments. It is still used for that purpose in SharePoint 2013, but now it also plays a key role in the delivery of the App Management service as well. As such, you must create it before you continue. Also, to keep you on your toes you have to do it from the Management Shell.

1. Make sure you are in the Management Shell.
2. Type the following and press Enter: 
$sa = New-SPSubscriptionSettingsServiceApplication -ApplicationPool "Default
SharePoint Service App Pool" -Name "Subscription Settings Service" -
DatabaseName "Subscription_Settings_Service_DB"
3. Type the following and press Enter: 
New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $sa
4. Type the following and press Enter: 
Get-SPServiceInstance | where{$_.TypeName -eq "Microsoft SharePoint
Foundation Subscription Settings Service"} | Start-SPServiceInstance
5. Confirm your work against the screen shown in Figure 3-11.

FIGURE 3-11

image

Configuring DNS for the App Management Service

Each app that you publish is published to its own URL. To facilitate this across your farm, these apps are created either as a subdomain of your current domain or as a new, unique domain. The subdomain route is easier but it opens the door to cross-site scripting vulnerabilities, so this section walks you through the more secure option. To learn more about the two options, check out the TechNet page at http://technet.microsoft.com/en-us/library/fp161236(v=office.15).

Because these changes are domain wide, your company’s DNS administrator may need to make these changes. The following section assumes you are the person with the required permissions, and it steps through the most typical scenario. There are hundreds of variables in play here, of course, so your steps may vary for your production environment. For example, you might use a Linux DNS server making the how-to below, useless. Regardless, you will need to create the DNS records.

As a reminder, the example primary domain name is Contoso.com. The domain controller name is DC, the SharePoint server name is Server, and you will be creating a new DNS Zone called ContosoApps.com:

1. Log onto a Domain Controller as a Domain Administrator.
2. From the Start menu, open DNS Manager.
3. Double-click the server name so you see Forward Lookup Zones in the main pane.
4. Double-click Forward Lookup Zones.
5. From the right pane, right-click Forward Lookup Zones (see Figure 3-12).

FIGURE 3-12

image
6. From the fly out, select New Zone to start the wizard.
7. At the Welcome screen of the New Zone Wizard, click Next.
8. For the Zone Type, accept the default of Primary zone and click Next.
9. For Active Directory Zone Replication Scope, accept the default and click Next.
10. In the Zone Name dialog, enter ContosoApps.com for the zone name and click Next.
11. For Dynamic Update, accept the default and click Next.
12. At the Completing the New Zone Wizard screen, click Finish.
13. From the right pane, double-click ContosoApps.com.
14. Right-click ContosoApps.com and select New Alias (CNAME)..., as shown in Figure 3-13.

FIGURE 3-13

image
NOTE The official guidance from Microsoft is to use a CNAME record, but most other DNS recommendations are to use a HOST (A) record instead of an Alias. In some load-balanced environments there is not a registered DNS entry for the load-balancer and other DNS entries reference the IP address of the load balancer, which would cause additional confusion here.
15. For Alias name, enter *.
16. For Fully qualified domain name (FQDN) for target host:, enter server.contoso.com.
POINTING YOUR NEW DNS ZONE
The example assumes you have only one SharePoint server, so it is clear where you point your new DNS Zone. If you have more than one SharePoint server serving web traffic, then you most likely have a network load balancer. If so, then you would point your alias at the load balancer. No trickery going on here. You just want to ensure that all the web requests for apps go to all your SharePoint web servers.
17. Check your work against the dialog shown in Figure 3-14 and click OK.

FIGURE 3-14

image
18. Close DNS Manager and log off the domain controller quickly, before you break something.

That completes the configuration of the new DNS zone. Assuming you don’t change your farm configuration drastically, you should never have to modify the settings made here.

WEB APPLICATION CONSIDERATIONS
Later in this chapter you will learn about web applications and how to create them; but to ensure that you get the whole story about the App Management service application, note the following: if you are going to use path-based site collections with a host header named web application, as 99% of admins did with SharePoint 2010, then in order to make the App Management service work you must also create a SharePoint web application with no host header, listening on port 80 (or 443 if you are using SSL). For this web application you also need to create a site collection at the root, which enables SharePoint to get the App requests. If you are using host header–based site collections, then you can ignore all this fun. If you are confused, don’t worry; later in this chapter you will create a web application and site collection for portal.contoso.com. Just run through the steps in the Web Application section, and for step 5 leave the host header blank.

Creating the App Management Service

Now that you have configured all the ancillary pieces, you can create the actual service application:

1. Make sure you are still on the Manage service applications page in Central Administration.
2. Click the New button in the Ribbon.
3. From the menu, select App Management Service.
4. For Name, enter App Management Service.
5. For Database Name, use App_Management_DB. The key here is to get rid of that nasty GUID on the end.
6. For Application pool, select Use existing application pool.
7. From the drop-down, select Default SharePoint Service App Pool.
8. Leave the default of Create App Management Service Application Proxy and add it to the default proxy group. Click OK.

After a minute the displayed message “This shouldn’t take long,” should go away and you are returned to the Manage service applications screen. Now you need to start the service instance:

1. Switch over to your Internet Explorer (IE) tab for Services on Server.
2. Find App Management Service and click Start to the right of it.

After a moment the screen is refreshed and the status should be set to Started. If so, you are doing great and are in the home stretch.

Configuring the App Management Service

The final step is to configure the App Management Service to use that awesome Contosoapps.com DNS Zone you created in DNS earlier:

1. Switch back over to the Manage service applications tab in IE.
2. From the left-hand menu, click Apps.
3. In the App Management section, click Configure App URLs. The page may take a minute to load, so be patient.
4. In the Configure App URLs dialog, for App domain: enter ContosoApps.com.
5. For App prefix:, enter app. Click OK.
6. Navigate back to the Manage service applications page by clicking Application Management ⇒ Service Applications ⇒ Manage service applications.

That’s all, folks. You are now ready to use apps. For more information about how to do that, remember to check out Chapter 11, which provides all the details, including how to verify that you have everything set up correctly. From an administrative standpoint, however, you are done. Move on to the next service application on your list.

Configuring the Business Data Connectivity Service

The Business Data Connectivity (BDC) service application facilitates connecting SharePoint to external data sources such as web services and databases so that information can be exposed within SharePoint. This useful tool can be used by developers or power users, so as an administrator configuring the farm you just need to create the service application, start the service, and you are done:

1. From the Manage service applications screen, click the New button in the Ribbon.
2. From the menu, select Business Data Connectivity Service.
3. For Name, enter BDC.
4. For Database Name, enter BDC_Service_DB. Remember to get rid of that evil GUID.
5. Scroll down to Application Pool and select Use existing application pool.
6. From the drop-down, select Default SharePoint Service App Pool.
7. At the bottom of the page, click OK. Then click OK again in the Success pop-up window.

To start the service:

1. Switch to your IE tab for Services on Server.
2. Find Business Data Connectivity Service and then click Start to the right of it.

Before users can begin creating models, external systems, and external content types, however, you need to give them the appropriate permissions. You can do that by opening the BDC service application and selecting Set Metadata Store Permissions from the Ribbon. In the dialog that appears, you can assign permissions for Edit, Execute, Selectable in Clients, and Set Permissions.

Creating the Excel Services Application

The Excel Services Application enables you to host and publish Excel workbooks within SharePoint so users can consume and even work with the information without using the Excel client. For example, you could create an Excel chart that is displayed on the home page of your team site for all visitors. This shouldn’t be confused with the Excel Office Web App, which is used to create and edit workbooks in a browser version of the client. In the grand scheme of things, the Excel Services Application is optional. Chapter 8 covers how to really use Excel Services in nerdy detail, including examples, if you are interested.

To create the service application, follow these steps:

1. From the Manage service applications screen, click the New button in the Ribbon.
2. From the menu, select Excel Services Application.
3. For Name, enter Excel Services.
4. Scroll down to Application Pool and select Use existing application pool.
5. From the drop-down, select Default SharePoint Service App Pool.
6. Leave the default of “Add this service application’s proxy to the farm’s default proxy list.” Click OK at the bottom of the page.

To start the service:

1. Switch to the IE tab for Services on Server.
2. Find Excel Calculation Services and then click Start to the right of it.

That will do it. Excel is up and running.

THE MACHINE TRANSLATION SERVICE
This service application enables SharePoint to provide automatic translation of content through the use of an external translation service. Microsoft has a service called Microsoft Translator that will probably be the go-to provider for these translations. However, because configuring and using this service application is a complicated proposition, and not considered part of a typical farm build, it is not included in this book. For more information, see http://technet.microsoft.com/en-us/library/jj553772(v=office.15).aspx, where you will find details about the various configuration steps.

Configuring the Managed Metadata Service

The managed metadata service application is an old friend from SharePoint 2010 that has even more of a starring role in 2013. You can use it to manage terms in order to create a structured corporate taxonomy, but it is flexible enough to be used for a user-driven folksonomy. It also supports terms in multiple languages, and if you want to define enterprise content types you can do so through the use of its content hub feature. New in 2013, now you will see some WCM solutions using managed metadata to create new types of navigation, a topic discussed in Chapter 21, “Configuring and Managing Web Content Management and Internet Sites.”

Several service applications, such as Search, User Profiles, and even the Machine Translation Service, depend on the managed metadata service application being provisioned, so you should consider it required. For now, you just need to concern yourself with creating the service application:

1. From the Manage service applications screen, click the New button in the Ribbon.
2. From the menu, select Managed Metadata Service.
3. For Name, enter Managed Metadata Service.
4. For Database Name, enter Managed_Metadata_Service_DB.
5. Scroll down to Application Pool and select Use existing application pool.
6. From the drop-down, select Default SharePoint Service App Pool.
7. Leave all the other defaults. If you wanted to use the Content Type Hub, you would edit the Managed Metadata Service later to provide the location.
8. Click OK at the bottom of the page.

This service application doesn’t provide any “working on it” messages, so don’t be alarmed when nothing happens after you click OK. Just wait a minute or two and you will be returned to the Manage service applications screen, where you will see your new service application.

Now start the service:

1. Switch to the IE tab for Services on Server.
2. Find Managed Metadata Web Service and then click Start to the right of it.

Although your service application is ready to go, there is one more configuration task to perform if you want to use all of its features. One of the useful features enabled by the managed metadata service application is the capability to save your custom navigation to it; but before you can play with that feature you need to set your service application to be the default storage location:

1. From the Manage service applications page, locate the Managed Metadata Service you just created but this time click to the right of the second listing of the name. If you click the name it will open the Term Store Management Tool. That is not what you want; you need the Properties option to be enabled in the Ribbon, as shown in Figure 3-15.

FIGURE 3-15

image
2. Click Properties from the Ribbon.
3. The dialog shown in Figure 3-16 should appear. Select the option “This service application is the default storage location for column specific term sets,” and click OK.

FIGURE 3-16

image

Configuring PerformancePoint Services

PerformancePoint Services (PPS) is a SharePoint Server 2013 Enterprise feature that is used for building dashboards. It is particularly useful for integration with SQL Server Analysis Services. This section describes how to get the Service application going. This service application is optional. The service application is also covered with great fanfare in Chapter 8 with working examples.

Note that in order to properly connect this service application to SQL Server Analysis Services, you must also install ADOMD.NET v11 (which is interesting because the SharePoint prerequisite installer already installed v9 for you, and some situations require v10). In any case, install v11 before continuing. No reboot is required:

1. Download the 64-bit version from http://go.microsoft.com/fwlink/?LinkID=239662&clcid=0x409.
2. Run the download MSI.
3. At the Welcome screen, click Next.
4. Read the license, select “I accept the terms in the license agreement,” and click Next.
5. At the Ready to Install screen, click Install.
6. At the Completing screen, click Finish.

Now that v11 is installed, create the service application. This part should be very familiar at this point:

1. From the Manage service applications screen, click the New button in the Ribbon.
2. From the menu, select PerformancePoint Service Application.
3. For Name, enter PerformancePoint Service.
4. Check the box for “Add this service application’s proxy to the farm’s default proxy list.”
5. For Database Name, enter PerformancePoint_Service_DB. This time you are getting rid of the GUID and the spaces in the name. Spaces are even worse than GUIDs.
6. Scroll down to Application Pool and select Use existing application pool.
7. From the drop-down, select Default SharePoint Service App Pool.
8. At the bottom of the page, click Create.
9. After a minute a screen will pop up indicating that the service application was created successfully and specifying the additional steps you need to perform. Click OK.

Now start the service:

1. Switch to the IE tab for Services on Server.
2. Find PerformancePoint Service and then click Start to the right of it.

The service application is up and running. The last step you need to perform is to set up the unattended service account. To do that, however, you have to create the Secure Store service application first. Therefore, jump ahead to “Configuring the Secure Store” and do that. When you are done, come back here. Don’t worry; this page will wait.

NOTE It might seem odd to have you jump ahead; the editors are very uncomfortable right now! However, I have taught it this way for years; alphabetical order is the correct order. You may just want to mark this page to return to after you’ve finished Chapter 8, as PPS is worthless without completing Chapter 8 anyway.

You’re back? Great. To set up the unattended service account, follow these steps:

1. From the Manage service applications page, scroll down and click PerformancePoint Service from the list of service applications you have created. Note you must click the top one in the list.
2. From the Manage PerformancePoint Services: PerformancePoint Service page, click PerformancePoint Service Application Settings.
3. For Unattended Service Account:, enter the User Name for the account you want to use for data connections. Typically you would create a regular domain user account dedicated to this role. In this example, use ContosoSP_PPS. As you build out PerformancePoint applications, you will give this account permissions to your data sources as appropriate.
4. Enter your account’s password for Password:.
5. Click OK.

That takes care of everything. If you want to confirm that the new application has been created, you can navigate back over to the secure store service. When you are done poking around, navigate back to the Manage service applications page.

Configuring the Search Service Application

Search is still the most awesome feature SharePoint provides — and while lucky Chapter 13, “Configuring and Managing Enterprise Search,” is devoted to all things Search, before you can have fun with those things you need to create the service application. However, before creating Search, which is a required service application, you should be aware that there is an easy way and a right way. The easy way is to use Central Administration. If you go that route, you just specify a name and some application pools and it will provision it. The downside is you are left with databases with some nasty names, which are not readily fixable. It does work, however, so if you don’t care about awful names go for it.

We disdain databases with bad names, however, so to create Search the “right” way you have to do everything with PowerShell. The following code example represents the mother of all scripts to perform the necessary magic. It should be run as administrator from the SharePoint 2013 Management Shell. The version shown here has been modified slightly from the script that Todd Klindt has made available at www.toddklindt.com/createsearch2013, which is based on work done by Spence Harbar, whose blog is at www.harbar.net. You can either download this script from Todd’s SharePoint blog or type it all in. If you prefer to type it, note the following tips:

  • You can skip any line that starts with a #, which is the PowerShell symbol for a comment.
  • Make sure the second line of the following script contains your service application pool name. If you have been following along with this chapter, then the script is correct.
  • Run this script on the server you want to be your primary search server. This script uses a variable to set the server name.
# Get App Pool - Make sure that is what your farm uses.
$saAppPoolName = "Default SharePoint Service App Pool"
 
# Search Specifics, we are single server farm
$searchServerName = (Get-ChildItem env:computername).value
$serviceAppName = "Search Service Application"
$searchDBName = "SearchService_DB"
 
# Grab the Appplication Pool for Service Application Endpoint
$saAppPool = Get-SPServiceApplicationPool $saAppPoolName
 
# Start Search Service Instances
Start-SPEnterpriseSearchServiceInstance $searchServerName
Start-SPEnterpriseSearchQueryAndSiteSettingsServiceInstance $searchServerName
 
# Create the Search Service Application and Proxy
$searchServiceApp = New-SPEnterpriseSearchServiceApplication -Name $serviceAppName 
-ApplicationPool $saAppPoolName -DatabaseName $searchDBName
$searchProxy = New-SPEnterpriseSearchServiceApplicationProxy -Name "$serviceAppName
 Proxy" -SearchApplication $searchServiceApp
 
# Clone the default Topology (which is empty) and create a new one and then 
activate it
$clone = $searchServiceApp.ActiveTopology.Clone()
$searchServiceInstance = Get-SPEnterpriseSearchServiceInstance
New-SPEnterpriseSearchAdminComponent –SearchTopology $clone -SearchServiceInstance
 $searchServiceInstance
New-SPEnterpriseSearchContentProcessingComponent –SearchTopology $clone -
SearchServiceInstance $searchServiceInstance
New-SPEnterpriseSearchAnalyticsProcessingComponent –SearchTopology $clone -
SearchServiceInstance $searchServiceInstance 
New-SPEnterpriseSearchCrawlComponent –SearchTopology $clone -SearchServiceInstance 
$searchServiceInstance 
New-SPEnterpriseSearchIndexComponent –SearchTopology $clone -SearchServiceInstance
 $searchServiceInstance
New-SPEnterpriseSearchQueryProcessingComponent –SearchTopology $clone -
SearchServiceInstance $searchServiceInstance
$clone.Activate()

The script takes several minutes to run, but when it is done Search is set up and ready to rock. Note that you should make two changes now that the service application is created: change the default content access account to a dedicated account and define a Global Search Center. Both changes can be made from the home page of Search Administration and are covered in Chapter 13, “Configuring and Managing Enterprise Search.”

Configuring the Secure Store Service

The Secure Store Service is used for storing credentials for service applications such as PerformancePoint and by developers who need to make external data connections and need a location to map user credentials to other accounts. As an administrator you don’t do much here, but this service application is required, so this section demonstrates how to create the service application and then generate an encryption key so it is ready to be used by service applications and developers.

Follow these steps to create the service application:

1. From the Manage service applications screen, click the New button in the Ribbon.
2. From the menu, select Secure Store Service.
3. For Name, enter Secure Store Service.
4. For Database Name, enter Secure_Store_Service_DB (again knocking that GUID off the end of the name).
5. Scroll down to Application Pool and select Use existing application pool.
6. From the drop-down, select Default SharePoint Service App Pool.
7. Leave the check box for Audit log enabled selected.
8. At the bottom of the page click OK.
9. After a minute a dialog will pop up indicating that the service application was created successfully. Click OK.

To start the service:

1. Switch to the IE tab for Services on Server.
2. Find Secure Store Service and then click Start to the right of it.

With everything up and running there is still a final task: you need to generate a key. Ensure that you keep track of this key, because if you ever restore the database you will need it.

1. Switch back over to the Manage service applications tab in IE.
2. In the list of service applications, click Secure Store Service. You should get in the habit of clicking the top one when two are listed, but in this case it actually doesn’t matter which one you click.
3. You can ignore the red warning on the page, which is normal. From the Ribbon, click the Generate New Key button in the Key Management section.
4. Here you will be prompted for a new key. Enter the key twice and then click OK. In this example, pass@word1 works well. Like the farm passphrase, the key must meet certain requirements:
  • It must contain at least eight characters.
  • It must contain at least three of the following four character groups:
    • English uppercase characters (A through Z)
    • English lowercase characters (a through z)
    • Numerals (0 through 9)
    • Non-alphabetic characters: “! “ # $ % & ‘ ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~
5. After a moment the screen will refresh and the New button will be an option. Success! Switch back to the Manage service applications screen by clicking Application Management ⇒ Manage service applications.

That does it. Your Secure Store is up and running. If you created the PerformancePoint service application earlier, now is the time to complete its configuration.

Configuring the User Profile Service

The user profile service application is the life blood of the user and social experience in SharePoint. Even if you feel tempted to skip this service application because you think you don’t need it, every SharePoint farm should have the user profile service set up and configured. As described in Chapter 14, “Configuring User Profiles and Social Computing,” there are numerous fun reasons why you should be excited about what this service application brings to the table. Although you need to perform a lot of little steps in order to get the service application provisioned properly before you can import profiles, if you did this with your SharePoint 2010 farm the process remains the same.

Before you provision the service application, you need to create a My Site web application and a My Site host site collection. You will create the web application as http://my.contoso.com:

1. In Central Administration, click Application Management from the left-hand menu.
2. Under Web Applications, click Manage web applications.
3. From the Ribbon, click New.
4. Ensure that the port is 80.
5. For Host Header, type in my.contoso.com. Remember that whatever you use for a host header needs to resolve in DNS.
6. For authentication, leave the defaults of Integrated Windows authentication and NTLM.
7. Scroll down to the Application Pool section and select Create new application pool.
8. For Application pool name, set it to Default SharePoint Web App Pool or any other fancy name you like.
9. In the Select a security account for this application pool, select Configurable.
10. From the drop-down menu, select ContosoSP_WebApp. If that name doesn’t appear in your list, then you need to return to the section, “Creating a Managed Account,” as you skipped a step.
11. Scroll down to Database Name and set it to WSS_Content_My.
12. Leave everything else at their default, scroll to the bottom of the page, and click OK.

We’ll defer a detailed explanation of those steps until later in the chapter when you create another web application. For now you just need to perform the preceding steps to get the user profile service application going.

Now create the host site collection:

1. When the Application Created page pops up, don’t click OK. At the bottom of the window, in blue, is a link to Create Site Collection. Click that.
2. In the Create Site Collection dialog, enter Contoso My Sites for Title.
3. For URL, accept the default of http://my.contoso.com.
4. For Select a template, click the Enterprise tab.
5. From the list of templates, select My Site Host.
6. You should always have both a primary and a secondary site collection administrator. In this example, for primary User name: enter Contososp_install. For secondary site collection administrator User name:, enter ContosoAdministrator.
7. Scroll to the bottom of the page and click OK. Then click OK again when the Site successfully created window appears.

For the web application, you need to also enable self-service site creation to allow users to create their own personal site:

1. In the list of web applications, click SharePoint - my.contoso.com80.
2. From the Ribbon, click Self-Service Site Creation.
3. For Site Collection, click On.
4. Leave all the other settings at their default and click OK.

Now that the web application and site collection are ready to go, you can create the actual service application. The main point here is to ensure you don’t end up with ugly database names.

1. Return to Manage service applications (Application Management ⇒ Manage service applications).
2. Click the New button in the Ribbon.
3. From the menu, select User Profile Service Application.
4. For Name:, enter User Profile Service.
5. For Application Pool, select Use existing application pool.
6. From the drop-down, select Default SharePoint Service App Pool.
7. Scroll down to Profile Database section and for Database Name enter User_Profile_DB. The purpose of this step is to eliminate spaces (which break your DBA’s scripts) in your database names. Putting User_ in front of all the database names keeps them together in SQL Management Studio. This isn’t required but it will prove handy.
8. Scroll down to Synchronization Database, and for Database Name enter User_Sync_DB.
9. Scroll down to Social Tagging Database, and for Database Name enter User_Social_DB.
10. Scroll down to My Site Host URL, and enter the URL of the site collection you created previously. In this example, use http://my.contoso.com.
11. Accept all the other defaults and click Create.
12. When the Site successfully created window appears, click OK.

Now start the service:

1. Switch to the IE tab for Services on Server.
2. Find User Profile Service and then click Start to the right of it.

For now you can ignore the User Profile Synchronization Service. That monster is covered in Chapter 14, “Configuring User Profiles and Social Computing.” You will need to complete the steps in that chapter to import users into the profile store.

At this point you may be wondering how to disable the creation of personal sites by your users. It’s a fair question, because personal sites can be a breeding ground for craziness if left unchecked. You don’t want users using their personal site for work that should be stored and managed in a departmental location. For most new SharePoint deployments, this feature is best left to phase 2. Keep in mind that if you do disable personal sites, users will not be able to use the social features of SharePoint. If disabling the user’s capability to create a personal site sounds like a good idea to you, then follow these steps:

1. From the Manage service applications page, click User Profile Service. Remember to click the first one in the list.
2. It is very likely you will get an error, depending on your farm topology and SharePoint’s mood. If you do, then you need to do an IISReset on the SharePoint server hosting Central Administration. If that’s unclear, then rebooting that server works also.
3. Now that you have found your way to the Manage Profile Service: User Profile Service page, find the People section and click Manage User Permissions.

As shown in Figure 3-17, by default Authenticated Users have the permission of Create Personal Site. To disable My Sites you would deselect that permission for both user groups and click OK. Note that this action also disables personal storage, which is what you likely wanted, but it also removes newsfeeds and followed content. Therefore, weigh this decision before doing anything rash.

FIGURE 3-17

image

Again navigate back to the Manage service application page. Only three more service applications to go.

Visio Graphics Service

This fabulous service application enables users to embed Visio diagrams on the page so they can be viewed by someone without Visio and also provides for those diagrams to have external data connections that can be refreshed. This service application is considered one of the many SharePoint BI tools. It is not required in your farm unless you plan to use it, but is covered in Chapter 8.

Follow these steps to create this service application:

1. From the Manage service applications screen, click the New button in the Ribbon.
2. From the menu, select Visio Graphics Service.
3. For Name, enter Visio Services.
4. Scroll down to Application Pool and select Use existing application pool.
5. From the drop-down, select Default SharePoint Service App Pool.
6. Leave the “Create a Visio Graphics Service Application Proxy and add it to the default proxy group” checked and click OK.

Now start the service:

1. Switch to the IE tab for Services on Server.
2. Find Visio Graphics Service and then click Start to the right of it.

Now you are ready to use Visio services. Note that there are a few settings for tuning the diagrams you display and such like. In addition, if you plan to work with data connections, you will need to look at the Trusted Data Providers section and possibly provide an unattended account. Chapter 8 has an example and walks through the additional configuration.

Word Automation Service

The Word automation service is used to automate the conversion of Word documents into other formats. This isn’t something that just magically happens; it generally requires developer involvement to make it all run well. As an administrator, you just need to create the service application, letting other people handle the automation. This service application is considered highly optional in your farm.

Follow these steps to create the service application:

1. From the Manage service applications screen, click the New button in the Ribbon.
2. From the menu, select Word Automation Services.
3. For Name, enter Word Automation Service.
4. Scroll down to Application Pool and select Use existing application pool.
5. From the drop-down, select Default SharePoint Service App Pool.
6. Check the box for “Add this service application’s proxy to the farm’s default proxy list.”
7. At the bottom of the page click Next.
8. For Database Name, enter Word_Automation_DB.
9. At the bottom of the page click Finish.

Now start the service:

1. Switch to the IE tab for Services on Server.
2. Find Word Automation Services and then click Start to the right of it.

Work Management Service Application

This final service application, new to SharePoint 2013, is used to combine the tasks throughout your farm and beyond and then expose them on your My Site. The beyond might include Exchange 2013 or Project Server 2013. This cool feature enables users to keep track of all of those pesky tasks they have been overlooking (or ignoring).

Even better, no real configuration is required by the administrator; just create the service application as follows:

1. From the Manage service applications screen, click the New button in the Ribbon.
2. From the menu, select Work Management Service Application.
3. For Name, enter Work Management Service.
4. Scroll down to Application Pool and select Use existing application pool.
5. From the drop-down, select Default SharePoint Service App Pool.
6. Leave the box checked for “Create a proxy for this service application?” and click OK.

Now start the service:

1. Switch to the IE tab for Services on Server.
2. Find Work Management Service and then click Start to the right of it.

CREATING WEB APPLICATIONS AND MORE

Woo hoo! You have everything installed and a fully functional farm. Before you can invite users to the party, however, you need to create something for them to access — web applications, site collections, and webs. The first subsection takes a brief detour to ensure that these terms are clearly understood. Then you will walk through the steps to create these items.

Terminology

Don’t skip this section. Even if you are quite certain you know all the terminology, humor us by reading this material. Even the most seasoned SharePoint “professional” can lack an understanding of exactly what each part of the SharePoint hierarchy represents.

Figure 3-18 is the SharePoint containment hierarchy. The main thing to understand as you look at the items is that a one-to-many relationship is reflected as you work down the list, whereas a many-to-one relationship is reflected as you work up the list. For example, a content database can (and often does) contain more than one site collection, but a site collection can only be located in one content database.

FIGURE 3-18

image

The most commonly misunderstood term is site, which end users often use when they actually mean web, and which developers often use when they actually mean site collection. This leads to utter chaos when it comes to troubleshooting or scaling your farm because they represent totally different things. As a best practice, never use the word “site,” and take every opportunity to encourage your fellow SharePoint admins to do the same if you catch them using it. Remember site is a four letter word and should be treated as such.

Web Applications

It’s easiest to think of a web application as the thing that lives in IIS. This is the address that your users will enter in their browser. Because it is something users will work with on a regular basis, you should try to choose a short, meaningful name. Names like http://portal.contoso.com or http://intranet.contoso.com work much better than a name like http://scificharacter.scifiplanet.scifigalaxy.local. You want to choose a name that is both memorable to your users and easy to type. Also, the temptation is to only use the NetBIOS name http://portal, but that can cause confusion in different ways later. Best practice is to use a fully qualified domain name from the beginning.

SharePoint 2010 introduced claims-based authentication, although many users continued to use the classic Windows authentication because they had no idea what the new method was or why they should care about it. In SharePoint 2013, claims-based authentication is now the standard. Indeed, when creating a web application using Central Administration, it’s the only available option. The three seemingly different options — Windows claims, forms-based authentication (FBA), or Trusted Identity provider — are just different flavors of claims. Fortunately, this important topic is covered in detail in Chapter 6, “Claims Identity Management and Security.”

Use the following steps to create the web application http://portal.contoso.com:

1. Return to the home page of Central Administration.
2. Under Application Management, click Manage web applications.
3. From the Ribbon, click New.
WHEN THE NEW BUTTON IS GRAYED OUT
On the Manage web applications page, generally speaking things work as expected; but every now and then SharePoint will throw you a curveball. For example, you might find the New button is grayed out. There are a couple of reasons why this might be the case. One is if you are not a local administrator on the SharePoint server but you are a farm administrator. In this case, you can access central admin but you don’t have the Windows rights to create a new web application so SharePoint doesn’t display the option. The second reason is harder to catch and happens only when you are opening Central Administration from the server itself. When you launch Central Administration using the shortcut on the Start menu, it actually runs psconfigui.exe, which launches IE and disables all the lockdown behavior. If you open IE and type in the URL for Central Administration, there is a good chance that the scripts you need run to enable the button will be grayed out. Moral of the story? Anytime you are troubleshooting the New button being grayed out, you should RDP into the SharePoint server and run the shortcut. That is the solution most likely to resolve the problem.
4. For Port, enter 80. You could use a different port but users often don’t understand URLs with ports, so use the default of 80.
5. For Host Header, enter portal.contoso.com. You want to have more than one web application using port 80, so you have to make them all unique by using host headers.
6. In most scenarios, all the defaults until you get to Application Pool will be fine. For this section, select Use existing application pool.
7. From the drop-down, select Default SharePoint Web App Pool (Contososp_webapp). If you don’t have that application pool, return to the section, “Configuring the User Profile Service.” In that section, you created the my.contoso.com web application, which should create the application pool.
8. In the next section, change the Database Name to WSS_Content_Portal. The idea here is to ensure that anyone looking at the list of database names can easily identify the purpose of each web app. A simple naming convention saves a lot of headaches later.
9. Accept all the other defaults and click OK.
10. After a moment you will get a pop-up window indicating that the application has been created. Click OK to close the window.

Now your web application and content database have been created. Because you just created the host header portal.contoso.com, you need to ensure that you have a DNS entry that resolves portal.contoso.com to your SharePoint server. As a word of caution, use a host or a record in DNS. Don’t use an alias or CNAME, as those just lead to trouble.

Because you are using portal.contoso.com to access the server named Server, if you try to open that URL from the SharePoint server itself you will get an authentication error. This is because of a security mechanism called the loopback check that protects you from reflection attacks. There are two ways to work around the issue, both of which are covered at http://support.microsoft.com/kb/896861. You can review the article and choose which method you prefer. Method 1 is very specific and disables the check just for names you specify, whereas method 2 turns off the security feature entirely. The choice is yours but you need to select one for SharePoint to be happy.

To make it easier to manage SharePoint in a multi-server farm, it is recommended that you modify the hosts file on each machine so that each web application points to the local server. You can find the file in c:windowssystem32driversetc and it is named just hosts with no extension. Using Notepad, modify it to add an entry to point 127.0.0.1 to portal.contoso.com as shown in Figure 3-19. If you have a problem trying to save the file, that is because you have the user access control still enabled. In that case, you need to run Notepad as an administrator.

FIGURE 3-19

image

For an automated way to change both the hosts file and the loopback setting using a PowerShell script, see Todd Klindt’s blog post at http://www.toddklindt.com/edithosts.

Site Collections and Webs

Now that you have a web application sitting there, you need to create a site collection so it has something to serve up. Site collections are the unit of scale in SharePoint. The easiest way to think of a site collection is as a bag, because it is really just a boundary or container. It is not actually content users can touch. The reason why this “bag” is so important is because it determines a lot about how your information is stored.

Site collections are a storage boundary and they are stored in one and only one content database. They cannot span multiple databases. When you create a site collection it is created in a database, where it will stay unless you manually move it. If, for example, you want to limit all your content databases to 40GB because that is the largest size you are comfortable with, then you need to ensure that no site collection is larger than 40GB. Similarly, if you have multiple site collections (and everyone does), then you would need to apply quotas to those site collections to ensure that the sum of the site collections doesn’t exceed your 40GB database limit. For instance, if you had 10 site collections, then you would set your quotas to 4GB per site collection.

Site collections are the only objects in SharePoint to which you can apply a storage quota. If you want to limit a user to storing only 10GB of content in a particular document library, there is no way to do that. You would have to set that entire site collection to a 10GB limit. If you have two document libraries and you want to give each one 10GB of storage, then you have to ensure that each document library is in its own site collection.

Even if you have no intention of holding users to limits, quotas are generally recommended for all site collections, as they serve as a checkpoint and prevent runaway site collections. If a user calls and says that he is getting warnings or errors because he has met his quota, it is a simple process for you to increase his quota, and it gives you a chance to ask, “So what are you doing with SharePoint that you need so much storage space?” It would be good to know if he is just backing up his MP3 collection to SharePoint.

Site collections also serve as an administrative boundary. Site collection administrators are a special group of users who have complete power over the site collection without necessarily having any access to other site collections. The Site Settings page contains an entire menu of configuration options that only a site collection admin can set. If you have two groups — such as HR and Accounting, for example — in the same site collection and one of them approaches you because they need to administer one of these special settings, you have to do some rearranging. If you make Nicola from Accounting a site collection administrator, then she can fully administer the account site as needed but she also has full control over the entire site collection, including the HR web. You need to instead move the Accounting web to its own site collection and then make Nicola an administrator there.

Site collections are also boundaries for out-of-the-box functionality such as navigation and the various galleries. This can be a drawback of many site collections. Out of the box, it is impossible to enforce consistent, self-maintaining navigation across site collections. The galleries such as the themes, Web Parts, lists, and solutions are all scoped at the site collection level. For example, if you need a list template to be available to multiple site collections, then you have to manually deploy it to each one.

Site collections also serve as security boundaries. The All People list and the various SharePoint groups are all scoped at the site collection level and are not accessible for reuse outside of the site collection.

Inside of site collections you have one or more “webs.” A web is the object that is referred to throughout the user interface as a site. It can also be called a subsite or a subweb. Again, because the term “site” can be very confusing, whenever possible refer to these as webs. This is the first object users can actually touch. You can apply security to it, and it contains all the user content. Each web has its own lists (libraries are just a special type of list) and all of those lists store items, which refers to the actual content, such as documents and contacts.

All of that is said to remind you not to take site collections lightly. Create them deliberately and often because they will keep you out of trouble down the road.

Follow these steps to create that first site collection:

1. Return to the home page of Central Administration.
2. Under Application Management, click Create site collections. Avoid the temptation to make fun of the fact that the link says Create site collections even though you can only create one site collection using the link.
3. Confirm at the top of the page that Web Application says http://portal.contoso.com; if not, you can click the link to change web applications.
4. For Title and Description, enter something helpful or creative. In this example, use Contoso Portal for Title and leave Description blank.
5. For URL:, you need to choose the root site collection by selecting the / from the drop-down. Creating this site collection first is a requirement.
6. The Select experience version drop-down is interesting. You can choose 2013 or 2010. For this example, choose 2013. Keep this setting in your memory bank. It is a new twist to SharePoint that you might find handy down the road.
7. In the Select a template section, choose Team Site.
8. For Primary Site Collection Administrator User Name, enter Contososp_install. In a real-world environment you would use an account that makes sense for the site collection you are creating.
9. For Secondary Site Collection Administrator User Name, enter Contosoadministrator. Again, in your environment use a better account. The key point is that every site collection should have both a primary and a secondary owner.
10. While every site collection in the world should have a quota, you haven’t learned about them yet so you can leave this at No Quota for the moment.
11. Double-check all your settings and click OK.

After a minute or so you will get a message indicating that the site collection was successfully created. Click the link to dive into the awesomeness that is SharePoint 2013.

SUMMARY

What a fun ride. If you made it through this whole chapter then congratulations are in order. You now have a properly configured SharePoint farm that you can build on for years to come. Hopefully with enough practice working through this chapter you will become more comfortable with how the farm works. This will make your life of supporting and troubleshooting SharePoint much easier. Speaking of understanding how things work that is what the next chapter is all about. Digging into the underpinnings of those service applications you just created.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.14.131.212