Sunday, January 25, 2015

Disable Loopback a Best Practice for SharePoint 2013

When you install SharePoint, there is an issue using Integrated Authentication for a Web site that is mapped to a local loopback address. Your method of remediation depends on whether the environment is production or test.

Production

  1. Set the DisableStrictNameChecking registry entry to 1.
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  4. Right-click MSV1_0, point to New, and then click Multi-String Value.
  5. Type BackConnectionHostNames, and then press ENTER.
  6. Right-click BackConnectionHostNames, and then click Modify.
  7. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK. Enter hostnames as myhostname.domain.com on a separate line for each site in your farm.
  8. Quit Registry Editor, and then restart the IISAdmin service.

Test

This method can expose a security risk to your SharePoint farm, so be sure to only do this method in a test or development environment.

Open PowerShell and Run as Administrator. Type in the cmdlet:

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck"  -value "1" -PropertyType dword

Reboot the server.

References

Posted by at 1 comment:
Labels:

Sunday, January 18, 2015

Install SharePoint 2013 Prerequisites

Microsoft has made it very easy to install your server prerequisites for SharePoint. This holds true for SharePoint 2010 and SharePoint 2013.
  1. Login to your server with your install account.
  2. Mount your ISO file. I use Virtual Clone Drive and it mounts to the F: drive.
  3. On your mounted drive, run the prerequisiteinstaller.exe file and it will start installing the prerequisites.
  4. You will have to restart the server periodically when it tells you to.
  5. After each restart, mount the ISO again and in a CMD prompt type F: (mounted drive) to change the drive and then type prerequisiteinstaller.exe /continue . This will continue the installation where it left off. 
Do these steps on all servers in your SharePoint 2013 farm.
Posted by at No comments:
Labels: ,

Sunday, January 11, 2015

Turn Off UAC

It's easier to install SharePoint if you turn off UAC. It's not too difficult to do and it is preferred if you have created a script to automate your SharePoint install. Below are the steps:

Windows Server 2008

From your start menu, choose Run. Type in msconfig. The System Configuration window pops up.


Choose Change UAC Settings and click the Launch button. The UAC Settings window pops up.
Slide the bar down to Never Notify and click OK. You may need to reboot your server for the settings to take place.

Windows Server 2012

Turning off UAC in Windows Server 2012 is a little more involved. The first part is the same as listed above. After that, a registry change is required to fully disable UAC. I could not install my SharePoint CUs with the UAC not fully disabled.
  1. From start menu, choose Run and type msconfig. 
    1. Choose Change UAC Settings and Launch the program.
    2. Slide the bar to Never Notify.
  2. From start menu, choose Run and type in regedit.
    1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    2. Change the DWORD "EnableLUA" from 1 to 0
  3. Reboot Server
Posted by at No comments:
Labels:

Sunday, January 4, 2015

SharePoint 2013 Farm Prep Checklist

I’ve built a few SharePoint farms now. My memory is not the best so I put together this checklist to help me remember what I need to do even before I install SharePoint. There's lots to do before you can even think about installing SharePoint. Plus, depending upon your company structure, you may need help from many different teams that handle Exchange, Firewall, Database, DNS, and System Administration.

Below is the list I put together of things to do to build a production install of SharePoint. It suits my needs for my environments. Use it as a starting point. You can add steps or remove them depending upon your situation. If you have any suggestions on items to add, please comment below. I've  listed SharePoint 2013 for this list, but really this list translates well to any version of SharePoint.

Service Accounts

Hardware/Servers

To add users to local administrators, open up Server Manager > Configuration > Local Users and Groups > Groups > Admins.

NOTE you can do this all from one server. Right click on server name in server manager and choose Connect to...

Software

ISO Files

  • Obtain SharePoint 2013 ISO
  • Obtain SQL Server 2012 ISO
  • Copy  SharePoint ISO to all servers to an external drive in a folder called install\SharePoint

Updates

  • Copy the following important windows server 2008 R2 updates to an external drive folder called install\WindowsUpdates
    • Windows Server 2008 R2
      • The SharePoint parsing process crashes in Windows Server 2008 R2 (KB 2554876)
      • FIX: IIS 7.5 configurations are not updated when you use the ServerManager class to commit configuration changes (KB 2708075)
      • Hotfix: ASP.NET (SharePoint) race condition in .NET 4.5 RTM - Windows Server 2008 R2 SP1 (KB 2759112)
    • Windows Server 2012  (KB 2765317

Firewall

DNS 

  • Load balanced VIP needed between External WFEs
  • Load balanced VIP needed between Internal WFEs
  • Hostname required for MySites (CNAME). Must have this for User Profile service!!
  • Hostname for website via CNAME

SQL

  • Make sure parallelization is set to 1
  • Set ram to max allowed
  • Set model db to simple in TEST only
  • Give sp_install account public, dbcreator, and securityadmin SQL roles

SMTP

  • Add external WFEs to whitelist for SMTP server
  • Add internal WFEs to whitelist for SMTP server
Posted by at 4 comments:
Labels: ,
Subscribe to: Posts (Atom)