Fabian Williams SharePoint Blog

Solving problems with SharePoint day and night

How To: Configure and Consume Kerberos for use in SQL Server 2008 R2 and SharePoint 2010 Part 2


Part 1: – How To: Configure and Consume Kerberos for use in SQL Server 2008 R2 and SharePoint 2010 Part1

Part 2: – Configuring Service Applications, Sites, and Verifying our Work

Part 3: – Test out Using Web Parts and Communicating Securely across Web Applications with Kerberos



In Part 1 we covered the installation of SQL, creating SPN’s for SQL, creating and configuring Service Accounts for SharePoint and the requite SPNs for SharePoint Service Applications and Web Applications.  In this Part 2 we will pick up from there an build out the following

  • Create, Configure Search Service Application
  • Create Kerberos Authentication Web Applications for
    • Intranet Site – Portal
    • Team Site – Teams
    • My Site – My
  • Create Site Collections for all three

Part 5: How to Make it Work



So, right now my Service Applications is Naked.. lets get Search done first so when we create or Web Apps they will be added to the Content Source of the Search Service Applicaitons.


Screen clipping taken: 8/14/2010 11:29 AM


Screen clipping taken: 8/14/2010 11:39 AM


Screen clipping taken: 8/14/2010 11:49 AM


Screen clipping taken: 8/14/2010 11:51 AM

Now I will create my Web Apps for

  1. Portal
  1. Teams
  1. My

Right now the only Site is the Admin Site


Screen clipping taken: 8/14/2010 12:01 PM

We begin by creating a new Web App for our Portal


Screen clipping taken: 8/14/2010 12:03 PM

Change the Auth Provider to Kerberos


Screen clipping taken: 8/14/2010 12:04 PM

Create a new App Pool with the Managed Account that we have and already created the SPN for

Name your Content DB appropriately


Screen clipping taken: 8/14/2010 12:05 PM

Accept the other Defaults


Screen clipping taken: 8/14/2010 12:06 PM

Once you click OK you will get prompted about the use of Kerberos


Screen clipping taken: 8/14/2010 12:06 PM


Screen clipping taken: 8/14/2010 12:09 PM

Comfirmation is provided


Screen clipping taken: 8/14/2010 12:10 PM

Verify Auth Provider


Screen clipping taken: 8/14/2010 12:11 PM

Click Default


Screen clipping taken: 8/14/2010 12:14 PM


Screen clipping taken: 8/14/2010 12:14 PM

Now lets create a Site collection


Screen clipping taken: 8/14/2010 12:18 PM


Screen clipping taken: 8/14/2010 12:20 PM


Screen clipping taken: 8/14/2010 12:48 PM

And if all goes well


Screen clipping taken: 8/14/2010 1:22 PM

Let us now verify that Kerberos is what was used to get us to this point

We will use a variety of techniques



Screen clipping taken: 8/14/2010 1:27 PM


Screen clipping taken: 8/14/2010 1:31 PM


Screen clipping taken: 8/14/2010 1:32 PM


Screen clipping taken: 8/14/2010 1:39 PM

You can also run Klist on the WFE


Screen clipping taken: 8/14/2010 1:56 PM

This is also what we have as far as Databases created so far based on our configs


Screen clipping taken: 8/14/2010 1:57 PM


Screen clipping taken: 8/14/2010 2:07 PM


Screen clipping taken: 8/14/2010 2:07 PM


Screen clipping taken: 8/14/2010 2:08 PM


Screen clipping taken: 8/14/2010 2:09 PM


Then we should have the following Web Apps Created


Screen clipping taken: 8/14/2010 2:18 PM


Screen clipping taken: 8/14/2010 2:37 PM


Screen clipping taken: 8/14/2010 6:01 PM

On the MySite turn on Self Service Site Creation


Screen clipping taken: 8/14/2010 6:05 PM

August 15, 2010 Posted by | IIS, Kerberos, SharePoint 2010, SharePoint 2010 RTM, SharePoint How-To | 1 Comment

How To: Configure and Consume Kerberos for use in SQL Server 2008 R2 and SharePoint 2010 Part1

NB. In an effort to make this page load better I am breaking this Blog up into Parts, this is Part 1

Part 2: – Configuring Service Applications, Sites, and Verifying our Work

Part 3: – Configuring and Executing Search, Using Web Parts and Communicating Securely across Web Applications with Kerberos


I felt a compelling need to write this blog post because with the advent of SharePoint 2010, a whole new world opens up for access to information. With that comes the challenge of managing access and security.  An area that I spend most of my time is in Business Connectivity Services (BCS) and one of the challenges that I personally face is with the “Double Hop”; whereby, I have a desktop client that is using a Web Front End (WFE) via SharePoint to connect to an SharePoint Server in an Application Server Role to in-turn retrieve and consume information from a Line of Business (LOB) back-end database, Kerberos mitigates that problem through its protocol handling and service delegation. Secondly, I have clients who’s desktop environment is heterogeneous in that they have a mixture of Windows XP [yes still XP], Macs running Safari, with a need to avoid login prompts for authentication.

My colleagues out there constantly here me asking for an ‘Authoritative’ document/guidance when it comes to standing up SharePoint 2010 Features.  After looking out there for something like that as it relates to getting Kerberos, i found quite a bit of information but nothing really end to end. I think that is because depending on your need, you may start in one area and end up in the next.  In this document my approach is:

  • A Brand New SharePoint 2010 Installation that will use Kerberos for the Authentication everything being x64
    • Active Directory built on Windows Server 2008 R2
    • SQL Server is 2008 R2

In my quest I pulled information from the following sites and fellow SharePoint mates

  1. There is a really good article that Kathryn Birstein turned me on to when I met her at SharePoint Saturday in New York a few weeks ago. It is truly the Holy Grail for Kerberos – found here — Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products and Technologies (http://go.microsoft.com/fwlink/?LinkId=196600) (7.3 MB)
  2. For Registering a Service Principal Name for SQL Server I got a great piece of article here — http://msdn.microsoft.com/en-us/library/ms191153.aspx
  3. In terms of How to Implement Kerberos Constrained Delegation with SQL Server 2008 see this — http://technet.microsoft.com/en-us/library/ee191523(SQL.100).aspx
  4. Now, if you are going to be creating sites and you want them to be crawled, it suits you best to have your Search Service Application already configured before you create that Web Application; for that I checked out Bill Baer’s Twitter Handle: williamsbaer blog — http://blogs.technet.com/b/wbaer/archive/2009/11/23/step-by-step-provisioning-the-search-service-application.aspx
  5. Another good article that covers a good portion of SharePoint 2010 using Kerberos is here http://technet.microsoft.com/en-us/library/ee806870.aspx and it gives a good Scenario based example
  6. I also have a few Blog Post at https://fabiangwilliams.wordpress.com and my new SharePoint 2010 FPWeb Hosted Site http://www.sharepointfabian.com/blog which outlines how to Install and Configure SharePoint 2010, in light of that I take leaps over those items already covered and hope that you will use those blogs as a source of reference.The one thing I want to emphasize and it is a good segway into item number 6 is that I now DO NOT use the Farm Configuration Wizard (FCW) to create my service applications after a SharePoint 2010 Install; Spencer Harbar Twitter handle @harbars constantly preaches that unless you are doing a POC or a Demo Environment.. DO NOT USE IT… so I now dont. 
  7. The last two articles are from Spencer Harbar, in my opinion, one of the most Solid SharePoint gurus out there, I used his blogs for guidance not only in this example but for setting up User Profile Service which I also bring into this blog post — SharePoint 2010 and Kerberos and Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization

So how are we going to work this and make it flow?

  • Create the Service Accounts we need for SQL and SharePoint
  • I used a GPO that my work colleague and MVP Aaron Tiensivu twitter handle @atiensivu to restrict NTLM traffic to servers so that if Kerberos wasnt successful then audits and errors would be thrown, I will call this out later on
  • Tackle Installing SQL Server 2008 R2 and getting Kerberos Working there first—why
    • we need Service Principal Names (SPN) set for the MSSQLSvc under the Service Account SQL Server is running under if we intend to secure our communications with SQL Server with Kerberos
    • I went further by limiting the Network Transport (Protocol Name) to TCP and Named Pipes because I know in in SQL Server 2008 / Windows Server 2008 enhancements have been made for Named Pipes and typically I use TCP for communications anyway
    • I tested this by logging onto the SharePoint box and using the SQL Management Studio to connect back to the SQL Box, run a query to see what the Network Transport is and also the Authentication Scheme
  • Install SharePoint 2010 bits and set the Authentication to Negotiate(Kerberos) – Configure for Kerberos thereafter
    • Create the Managed Service Accounts for the Web Applications and other Service Applications
    • Set the SPN’s for the Web Application Service Accounts for the Portal, Team, and MySites
    • Create the Web Applications, Site Collections, and validate that Kerberos is the method used for connectivity
  • More Test and Verifications

My Envrionment (Lab) – VMWare  on my Lenovo T61p [dual core single proc with 8 GB RAM]

  • DC Box
    • Windows 2008 r2 x64 Ent
    • Active Directory in 2008 mode
    • SQL 2008 r2
    • ArgoSoft Mail Server
    • 1 GB Ram Allocated
  • SharePoint Box (Application Role)
    • Windows 2008 r2 x64 Ent
    • SharePoint with all Service Enables
    • 3 GB Ram Allocated
  • SharePoint Box (Web Server Role)
    • Windows 2008 r2 x64 Standard
    • WFE Role Only (so I can really test kerberos from another box other than the app box)
    • 1GB Ram Allocated
  • Guest System
    • Windows 7 x86
    • 1 GB Ram Allocated

Yes… this is pushing it to the limit, in fact my CPU is pegged constantly and my memory is tapped. But I dont run with the big dogs out there with SSD’s and 16 GB RAM, not yet.. 🙂

Part 1: SQL Server Squaring Away

After Installing SQL Server 2008 R2, the fist step I do is manage the Protocols under which SQL Server will run, this time because I am focusing on Kerberos I am only enabling TCP and Named Pipes for the reason I mentioned above.  I also enabled a GPO to restrict and/or audit NTLM traffic between the servers as seen below


As seen below the service that SQL Service runs under is ADOTOBLAB\SqlSvc and this is what we will create a SPN for


Screen clipping taken: 8/14/2010 3:27 AM


Screen clipping taken: 8/14/2010 3:26 AM

Below is where we create the SPN for the MSSQLSvc under the service account; it is also best practice to do both the FQDN and the NetBIOS names when doing SPN. I used the command line tool for one and the ADSI Edit tool for the second.


Screen clipping taken: 8/14/2010 12:06 AM

Below we also use the tool to validate the entries made.


Screen clipping taken: 8/14/2010 3:25 AM

Part 2: Installation and Configuration of SharePoint 2010 (Accelerated)

Installation of the bits for SharePoint 2010 comes next, I just want to call out the differnces that you will do if you DO NOT use NTLM, see my other blogs for details on installation of SharePoint


Screen clipping taken: 8/14/2010 2:27 AM

Here is your last chance to back out 🙂 — nah — so all this dialog box is telling you is that you need to make arrangements with the Domain Admins if you do not have the access to set up SPN’s for your Service Accounts that you will be using in the creation of Service Applications and Web Applications.


Screen clipping taken: 8/14/2010 2:30 AM


Screen clipping taken: 8/14/2010 2:30 AM


Screen clipping taken: 8/14/2010 2:30 AM


Screen clipping taken: 8/14/2010 2:39 AM

Above is verification that you are using Negotiate(Kerberos) as the Authentication Provider in this Installation of SharePoint 2010

Part 3: Validate that Kerberos is working






Part 4 – Configure Accounts (Service Accounts, Managed Service Accounts) and Service Principal Names (SPN)

First Register Managed Service Accounts


Screen clipping taken: 8/14/2010 10:15 AM

For User Profile Service and Search and just to Kick off Provisioning of UPS you will need to have Local Admin Righs set on a few accoutns


Screen clipping taken: 8/14/2010 10:17 AM

Make sure that the UPS account also has Replicate Changes and Create Child Objects in AD

Next I am going to create A Records for my Sites (Team, Intranet and MySite )


Screen clipping taken: 8/14/2010 10:30 AM

At this time I set SPN’ for the Service Accounts to be used for the Portal Site, Team Site and MySite. Again ensure that you do both NetBIOS and FQDN for SPNs


Screen clipping taken: 8/14/2010 10:40 AM


Screen clipping taken: 8/14/2010 10:40 AM

When Setting SPN’s ensure that you do both NetBIOS and FQDN


Screen clipping taken: 8/14/2010 10:42 AM


Screen clipping taken: 8/14/2010 10:43 AM

We do the same for :

  1. Teams
  2. My

However Teams and MY will be on port 4444 and 5555 respectively so we will do two entries because of a known issue with setting SPNS for SharePoint


Screen clipping taken: 8/14/2010 10:50 AM


Screen clipping taken: 8/14/2010 10:51 AM


Screen clipping taken: 8/14/2010 11:12 AM

Do the same thing for Service Account for the Team Site (svcAppPoolSites)

NEXT – Part 2

August 15, 2010 Posted by | Kerberos, SharePoint 2010, SharePoint 2010 RTM, SharePoint General, SharePoint How-To, SQL Server | 3 Comments

Error/Resolution: Could not load type ‘System.Data.Services.Providers.IDataServiceUpdateProvider’ from…


Cryptic message huh, but basically i got a tweet from @dfollette regarding using the Client Site Object Model (CSOM) in SharePoint to gain access to List Data and other LOB System and he also had a reference in a Web Cast to do the same thing using the REST API.  Even as tired as i was at 1:16 am in the morning it would just eat at me in bed, so i decided to review it before I tuck in.  However, when I tried to review the REST API by using a SharePoint Web Service I got an error…

The tweet was:


The Error was:




So after a little research I found this blog entry “REST and SharePoint 2010 Quick Start Guide: Table of Contents” on Scott Currier Blog; and it indicated that you need to install install the ADO.NET Data Services Update for .NET 3.5 SP1 Depending on what flavor OS you are running you may need one over the other, the one i need was here because I am running WIN 2 K8 R2 http://www.microsoft.com/downloads/details.aspx?familyid=79d7f6f8-d6e9-4b8c-8640-17f89452148e&displaylang=en

Once you install it you will be prompted to restart.



Trust but Verify

So after my reboot, let us now go to my SharePoint Site Collection and query the REST API again.

What i wanted to test was a little nugget I learned from the web cast…


You know come to think of it, I should have done a snapshot before running that update, but oh well, with finger crossed…


and it worked, lets drill down now


Looking at the XML you see the actual data..


July 6, 2010 Posted by | SharePoint 2010, SharePoint 2010 RTM, SharePoint Bug, SharePoint Development, SharePoint Error/Resolution, Strange Stuff | Leave a comment

How To: Create Content Types with Site Columns in Code Visual Studio 2010 for SharePoint 2010

Synopsis: So why would you Ever Ever need to feel the pain of creating Content Types from scratch and associate Site Columns also in code with them? Well, the one glaring reason is that if you create site columns and content types out of Code, you loose the control of assigning the GUID which is in effect the id designator of the object.  If you cannot control that, then as you move through a proper SDLC with a DTP environment, you in essence loose control over the same ID’s [objects] being the same across all the environment.  The second reason is that you have a clean and automated way to deploy your solution to any environment, inherently you could package and sell this solution if you wanted to.

So how do you do it?

Sahil Malk (@sahilmalik)has a great book in Building Solution in SharePoint 2010 and he has a great chapter on this topic. I used that as my premise for creating a full fledge Content Type with Site Columns to boot. Doing this in Visual Studio 2010 on SharePoint 2010 and the entire process to deploy is so easy now, even a caveman can do it.

Like Bud Light — Here we go!

First we need to start a new SharePoint Empty Project and start to build your solution out.


Next, and very appropriately, we are doing this as a Sandbox Solution because EVERYTHING we are doing for this effort will be in the Database, nothing will be on the File System. This is where you as a developer can do all the damage you want without worrying about the Farm Admin calling you saying “…hey dude, you brought down the server..” will never happen, sure you can bring down the Site Collection but hey, thats on you buddy..


Once you have your Sandbox Solution set, lets had some “SharePoint Items” first will be a Content Type


As you see below, I am calling mine AdotobClient. The idea here is that for my company Adotob, LLC, I am creating a Content Type that inherits from the Item Content Type which will hold Client specific data. The important thing here is that as a Content Type, this can  be used all across the Enterprise in any Web by anyone.  Build it once, use it many.


Once named, now your project will look like this.


As I mentioned before and as you will see below, everything in SharePoint inherits from a base, in this example I am inheriting from the Item Content Type, the wizard asks me to choose and i selected my choice



Now we will do some clean up. When you add the Content Type, you also get an elements.xml file created for the definition of the Content Type, now realistically if this content type is to be of any use, it will need Site Columns, but for now, we will just rename the elements.xml to something more descriptive.



So, this Content Type will have a few site columns to express what it is about the client we want to capture, it will be of many data types, text, date/time, etc. lets go and add an Empty Element which will be the Site Columns and populate the Elements.xml with the fieldtypes.


Before we do lets spot check what our Project looks like now.


As for clean up, lets rename the Site Columns elements.xml to a more representative name…


Lets us now flesh out the Site Columns, as you see below i am capturing all the necessary information one would capture about a client. Name, address, contact info, social content, etc. Below I use the Make Guid tool in Visual Studio to create those Field ID’s, and i with all my cut and paste, i screwed up the last entry, that type was to be a Text but i left it as date time.. oops.


Once we do that, we now associate those site columns via the GUID [Field ID == Field Ref] in what was the elements.xml of the Content Type


Once you are done, go ahead and build and deploy your solution. Oh make sure that you have Sandbox Solution Service turned on in the Central Administration before you do that, it is not on by default. Below if you inspected your Site Settings at the top level you will find the new Content Type

Trust but Verify



Click inside the Content Type, and you will find the site columns we defined.


Once we have done that lets spin up a new Custom List. We will include this content type in there and create an entry


To do that we need to manage content types…


We select the one we created and move it over


I also disabled the Item default content type what was there before so the only one that is an option is the one we created.. see below


Now we will make an entry for a new client



And our result is..


Voilla! you have a Content Type with Site Columns that you can manage NOT ONLY across the enterprise, but between Development, Test and Production Environment.

As usual, your comments, critique and questions are welcomed.

July 3, 2010 Posted by | Content Types, SharePoint 2010, SharePoint 2010 RTM, SharePoint Development, Site Columns, Visual Studio 2010 | 8 Comments

How To: Use SharePoint 2010 WebParts with a GridView Control to get SQL Image Data type and other Values

Recently I was faced with a challenge

  • Render a LOB System Data in SharePoint. Datatypes include an Image (BLOB) , char and int
  • Provide a means to filter by Last Name

Initial Approach

So as all professionals we should ‘Strive For’ the solution that can be done Out-Of-Box before trying to code a solution.  That said, I came up with a few ideas

  1. Use Business Connectivity Services (BCS)[yeah my one an only true SharePoint Love] to get this information, why, because it is in a LOB system and its SQL, and… well you get the drift: failing that
  2. Use a Visual WebPart in Microsoft Visual Studio 2010 arsenal of weapons, why, because I can just have the gridview auto create the columnd and be on my way: failing that
  3. Use a gridview control as part of a WebPart in Visual Studio 2010.. this is what won otherwise there would be a 4,5,etc….

The Gotchas

Well with the BCS approach; using SharePoint Designer 2010, we are not able to get the Image data type to come accross, much less map to an office property (a nice to have)



Screen clipping taken: 6/29/2010 6:09 PM


Screen clipping taken: 6/29/2010 6:20 PM

Now that we have put that to bed. Lets try some of our coded approaches.

    One approach that we could take would be to do a visual webpart with a gridview control on the page with "Auto-Generate Field" turned on; yeah, that was my first instinct too. However that will not work


    What will happen here is that the fields will in fact auto-generate however the only fields that will come across will be textual fields and of course our SQL Data Type is of type "Image". So in the end if you use exactly what we saw in our Business Connectivity Services example with SharePoint Designer 2010 visualized in an External List.

    Not to be dissuaded; my next thought was NOT to abandon the gridview control but to add a ‘Template Field’ and include an ‘Image Control’ inside with a reference to a HTTP Web Event Handler… sure this has to work, because I will explicitly stream the bytes in the Handler.ashx file and call it in the ImageUrl Property of the control….


    Yeah that wont work either because by the time the page [a User Control page ".ascx"], it is too far gone…. But a Visual Web Part would have made it sooooo eassyyyyy. But alas we have to look for another way.

    So your results will look like this….



    The Solution

    Interestingly enough, the solution lies in all of the above with the exception that we cannot use a "User Control Page", we have to use an ".aspx" page. We will still have to use a HTTP Web Event Handler because we need to deal with the fact that we are pulling an Image directly from a SQL Database as a BLOB. So here are the steps I took


    1. Create an Empty SharePoint 2010 Visual Studio Project
    2. Add your Mapped SharePoint Folders for the _Layouts Directory as we are creating an Application Page. If you plan to add images too especially for your Feature, then go ahead and map the Images Folder also


    1. Next in the same manner add an Elements Section
    2. When you are done, right click on your Folder within your mapped folder [coincidentally it will be the same name as your Project] and ‘Add a new Item’ which will be an application page.


    1. I call mine "DisplayEmployeesWithPic.aspx" and this will create your page and your code-behind .cs file


    1. So as it is an Application Page in our Visual Studio Template, it ready to go with the ContentPlaceHolders; we will be targetting the PlaceHolder for "Main" and wire-up our GridView and I am using a Button to add a filter.


    1. We code against that in our code behind page to set our Datasource [which because I am a lazy developer, we will use the LINQ to SQL Data Connection], perform our query, data-bind and apply filter. You will notice below that I moved away from "Integrated Security" to "Standard Security" in my SQL Connection string because I met into two (2) specific problems (a) ‘Double Hop Problem’ when I ran the code from my Virtual Workstation and (b) Unless I had the End User to the LOB System, they didn’t have access to the dataset. I could have used Kerberos to solve my Double Hop issue, but I still would have the data access to deal with and I use that database to showcase my Business Connectivity Services / Secure Store [Single Sign-On] demos also, and how could I reasonably say that I am doing single sign on when I have folks there all willy nilly in the DB.


    Screen clipping taken: 6/30/2010 7:42 PM

    1. The next thing we have to do because we are going after a non character data type in the SQL Database and trying to display it on a Grid View control is we need an HTTP Web Handler (a .ashx) file. This little code here is what intercepts traffic and steams the image to the image control previously seen in Step 5


    1. Next we will add a Feature and ensure that the files are copied into the "Items in the Feature" section. The Elements .xml should auto configure it self also. You will notice I set the Scope to Site not the Default "Web".


    Below are the options now in Visual Studio 2010 Teamplates


    1. You Debug or Build and Deploy your Solution to the Farm. Yes, Farm, this cannot be done as a Sandbox Solution because it is touching the file system.

Trust but Verify Section

So that you can see that I have nothing up my sleeves [if you have ever sit in one of my Confrences or Speaking engagements, you know I always say and do this part] I will show you the results as is, then I will walk you through adding a recoredset and see the live results in SharePoint

  1. This is what we expect to see based on what is in the LOB System Now


With a Filter


Screen clipping taken: 6/30/2010 7:57 PM

  1. Next and in the spirit of the World Cup where Spain WILL / MUST WIN!!! (I now digress), we will add David Villa and the guy I so love to pick on; and yeah maybe it’s a little haterism, cry baby Ronaldo. Lets go get some stats…


Screen clipping taken: 6/30/2010 8:00 PM (curtosy of Fifa.com) so I don’t get sued…


Screen clipping taken: 6/30/2010 8:04 PM




Screen clipping taken: 6/30/2010 8:07 PM


The Proof is in the pudding


Hope this helps everyone who comes across it, as usual, your comments, critiques, and questions are welcomed.

June 30, 2010 Posted by | Business Connectivity Services, SharePoint 2010, SharePoint 2010 RTM, SharePoint Designer 2010, SharePoint How-To, SQL Server, Strange Stuff, Visual Studio 2010 | 5 Comments

How To: Installation of SharePoint 2010 in a Small Farm Topology

Part1:  Full Installation on Small Farm up to Managing Service Applications

Synopsis:  This is a two part blog, I will be focusing on the General Installation and configuration, then I will discuss how to set up User Profile Services which I know gives a few folks he willies in part 2.

In this blog  we will run through the process of installing SharePoint 2010 in a small Farm Environment.  In this topology we have two servers and a Windows 7 Guest. The roles are below:

Server 1: VMWare Windows Server 2008 Standard

Role:  Domain Controller and Mail Server

Specs: Windows 2008 Standard 2048 MB Ram, 80 GB HDD

Server 2: VMWare Windows Server 2008 Enterprise

Role: SharePoint 2010 Server

Specs: Windows 2008 Standard 3072 MB Ram, 80 GB HDD

Additional Software: Visual Studio 2010 Professional

Workstation: VMWare Windows 7 Ultimate

Role: Guest

Specs: Windows 7 Ultimate 2048 MB Ram, 60 GB HDD

Additional Software: Microsoft Office 2010 Professional Plus, Visio 2010, Project 2010, Adobe Acrobat


The first thing that i advise clients and something that I do even for my environment is prepare whats know as a Farm Preparation Guide which details the Physical Architecture, Logical Architecture, Specs, Accounts Username and Passwords, License keys, etc. I also go as far and moving the installation bits locally on the server to reduce I/O.  Once I am satisfied, I run setup…


Above: Launching Setup


Once setup is launched, the very first thing you need to do is “Install software Prerequisites”

N.B. I thoroughly advise you to Uninstall any items that maybe on your computer that constitutes one of the prerequisites that you will be installing in this section I specifically call out “Windows Identity Foundation” which will blow up your installation if already installed. Click the link to install pre-reqs


Above: Splash screen with Options for Installation

Below are the items that will be installed as prerequsites for SharePoint 2010, if any of these fail, you MUST correct it before moving forward even though the installation may allow you to continue. I have seen instances where my “Microsoft SQL Server 2008 Analysis Service ADOMD.NET” failed to install and it allowed me to continue then blew up later on.  Click Next to begin…


Above: SharePoint Pre-Reqs


Above: Accept the Terms and Proceed


Above: Status Bar as the Pre-reqs are installed

Below here is an instance where I had a failure and I installed the Pre-Req directly by downloading it of MSDN and applying it myself, w/out doing it in the tool.  That is why you see that some of the items are set to “no action taken”


Above: All Pre Reqs installed

Next you need to provide the appropriate license key.  I am often asked if the build installs anything different based on the Key.  The answer is the build installs everything but features are disabled or not available based on the key, but can be later turned on by providing the necessary key.


Above:  Enter your License key here


Above: Accept the Terms…

Personally, I will tell you that I have NEVER chosen “Standalone”; I always do Server Farm, because I want the extensibility ‘yes even in my lab environment’ to add Servers and Roles Later on. So in this Instance I choose “Server Farm” and continued. 


Above: Options for Installation

Yeah, you want to select “Complete” here if you have your own instance of SQL already and want more options for configuration later on.


Above: Determining the role of the Server you are installing


Above:  Installation Progress

Once the Installation is complete (assuming that there is only one server in the Farm) if there are more than one server then stop here and complete the installation of the other servers and then run the “Products and Configuration Wizard” on the sever that will be doing Central Administration Duties.


Above: Once the installation of the bits are complete, the Configuration of the Farm Begins once you click close and the check box is enabled.

Make sure that you have your Farm Prep guide (previously mentioned in this post) with all your information before moving forward, you will need account names, server names, etc


Above:  This begins the configuration phase of the Farm

As part of the configuration, a few services has to be stopped and restarted.


Above:  Installation about to begin.

If this is the first server then you choose “Create a new Farm” if it isnt then you must choose the other.


Above:  Choosing whether you are creating our adding to a farm


Above:  My DC is also hosting my SQL Server

New to SharePoint 2010 is the concept of a Passphrase for configuration; this passphrase is used for such things as

  1. Adding additional severs to the farm
  2. Acting as the Public Key in your Secure Store Configuration
  3. etc


Above: Applying the passphrase

Here you will get a random port number to begin with, typically i use 9999 in my installations. and here is where you will choose NTLM or Kerberos as your authentication provider. If you are using Kerberos see this techNet article http://technet.microsoft.com/en-us/library/ee806870.aspx 


Above: Configuring SharePoint


Above: Configuring SharePoint


Above: Progress bar in part of the Configuration


Above: Configuration Complete

The next steps in the Configuration is done in the Central Administration page.  The wizard is pretty good here, I would highly recommend you use it, even for as much as going back afterwards and making changes to the Service Applications or deleting and/or recreating to suit your needs, it is invaluable in teaching you how the configuration should be


Above: the initial configuration page in Central Admin

Point to note here is that the Wizard driven configuration uses the Farm Account for all the Service Applications, you will need to go to the “Services on Server” or “Service Applications” themselves to change the relationship of the Default App Pool and Service Accounts to which you want to run your specific Service Application under. Obviously, before you do that you create your Managed Accounts first.



Above: the conclusion of the Wizard Driven Configuration


Above: Just a demonstration of what the Service Application and Service Account looks like

Next, I am going to register a few Managed Accounts to run some of my Service Applications. Things I want to run separately are:

  • User Consumable Web Application/ Sites
  • User Profile Service
  • Search/ Crawl
  • Secure Store

to name a few


Above: Registering a Managed Account


Above: Consuming that Managed Account for a specific Service Application


Below I am setting up all my Managed Account so you can see which ones i separate out


Above:  All the Managed Accounts that I configured. This assumes that you have these accounts configured in Active Directory

Below is an example of me changing not only the Managed Account but also the Application Pool that a Service Application runs under. I want my Secure Store Service to run under its own App Pool and its own Managed Account



Above: by NOT clicking on the word “Secure Store Service” but clicking on the blue bar between the words, then clicking on Properties in the Ribbon..


Above: This is the properties window of the Service App


Above: I am creating a new Application Pool and associating it with my Managed Account.


Above: the progress bar for the activity i am doing

Once completed you will see the display window below


Above: A successful change to a Service Application


Above: the new Properties window for the Secure Store Service Application

Conclusion and Prelude to Part 2 of the Blog

So after you finish the initial configuration and before you get into the Managed Accounts as I did, you are prompted to create a Top Level Site, you can either elect to do it or skip, choice is your; I omitted that from this blog for brevity. Next we will go into Configuring User Profile Service.


Hope this was useful, as always, comments, critiques are welcomed.


June 6, 2010 Posted by | SharePoint 2010, SharePoint 2010 RTM, SharePoint Administration, SharePoint General, SharePoint How-To | 21 Comments

SharePoint 2010 RTM Answers – Connectivity Options: Did we get More

Synopsis:  In CTP we had a few connectivity options, some of which were removed in Beta and Release Candidate, now that RTM has shipped, what did we get.  The reason this question is important is due to the fact that you may not always be connecting to a Microsoft LOB system.  I constantly get the question “what about LDAP”, “What about Oracle”, “What about… “?  My answers were and based on the image below STILL IS, “you will have to either use two options” if you are not connecting to a SQL LOB System

  1. Use Web Service or WCF, and with that you can also have an abstraction between your data and the calling system to do whatever you want; i.e. more security, more logic…
  2. Use .NET Assembly to create your connectivity and do the same as above.



April 25, 2010 Posted by | Business Connectivity Services, SharePoint 2010 RTM, SharePoint Designer 2010 | 2 Comments