IT Consultant Everyday Notes

Just some problems/solutions storage

Sharepoint 2013: Single server deployment on Windows Server 2012 + Claim-based authentication (Cloud simulation)

I followed http://blog.cloudshare.com/2012/09/05/how-to-install-sharepoint-server-2013-preview-with-sql-server-2012-sp1-ctp3-ssrs-ssas-and-powerpivot-and-powerview/

Microsoft documentation is available here: http://www.microsoft.com/en-us/download/details.aspx?id=30384

1. Prepare Windows Server 2012 media (!), SharePoint 2013 media and SQL 2012 media (with SP1, or a separate SP1 hotfix files).

3. Create four accounts in AD and give them Local Admin rights on Sharepoint (SPS Admin, SQL service, SQL Analysis Service, SQL Reporting Service)

4. Sharepoint deployment will need an internet access (at least for SQL 2012 native client), or it should be installed in advance

5. Start Pre-req’s installation:

image

it failed for me on IIS installation/configuration. I used this article for workaround: http://www.bullspit.co.uk/2012/10/25/sharepoint-2013-pre-requisites-configuration-error-on-server-2012/

Basically you need to use Add Roles/features to install

  • .Net Framework 3.5 Feature
    • .Net Framework 3.5
  • Web Server (IIS)
    • Web Server
      • Application Development
        • ASP.NET 3.5
        • .NET Extensibility 3.5

Do not forget to connect your Windows Server ISO and points to it as an alternative source! for ex: D:\Sources\SxS

6. Restart prereq’s installation. Now it passed IIS config and failed on SQL Native Client installation (I did not have Internet access from the server and setup could not download the prereq). I just connect a second adapter (with Internet) to the server. I guess you can just install the Client from SQL.

7. As soon as Internet was connected I restarted prereq setup again and it passed further this time.

image

8. Prereq setup will ask for reboot several times including a final reboot.

image

9. Finally the installation complete

image

Install SharePoint 2013

image

image

 

Do not start Config Wizard now.

 

 

10. Install a standalone SQL with All features (I hate it, but cannot find any clear indication what exactly SharePoint needs for different scenarios) on the same box. Use Accounts from Step 2 for their respective services. Note: SQL 2012 setup will download necessary update (or updates) automatically, so it is better to keep Internet available.

image

image

Add admin accounts:

image

Configure Analysis Services. Note: Tabular mode is greyed out for me because: http://msdn.microsoft.com/en-us/library/cc645993.aspx#BISemModel_tabular   – it is available for SQL Server 2012 Enterprise Edition, Business Intelligence Edition, Evaluation Edition, Developer Edition ONLY!

image 

image

image

do not forget to open necessary ports if Windows Firewall is on.

1. Start Sharepoint Configuration Wizard

image

 

image

image

Go to Application Management – Manage Web Application

Click New

image

In popup form observe parameters and click OK. App creation starts.

image

image

Go to Application Management – Create Site Collection’

image

Add name of the collection, a Primary Administrator and press OK

Collection is created

image

 

Configuring Claim-based Authentication

Environment:

Sharepoint Server is located in a “cloud": clovhvw12sp01.cloud.lab.onx.com (10.20.22.105)

AD infrastructure on Internal network: DC: DEMVVMW2k8AD01.demo.lab.onx.com (10.20.21.201)

Client on internal network: DEMVHVW12RDS02.demo.lab.onx.com

Proxy between Internal network and “cloud”: CORVVMW2k8PX01.lab.onx.com: one adapter is in Internal network (10.20.21.20); another adapter in the “Cloud” (10.20.22.20)

Traffic from Internal network is NATted by proxy; Proxy allows HTTP/HTTPS from Internal network to Cloud

SharePoint is pointed to Proxy as a gateway to 10.20.21.0 network.

Client is pointed to Proxy as a gateway to 10.20.22.0 network

Internal DNS contains “A” record: portal.demo.lab.onx.com pointing to 10.20.22.105

Cloud DNS contains “A” record fs.demo.lab.onx.com pointing to Proxy interface where ADFS server located on Internal network is published (10.20.22.20)

 

1. Add SSL certificate to SharePoint IIS

image

Change Alternative Mapping for the collection:

image

Test you can access the site using HTTPS:

image

Publish ADFS installed on Internal Domain DC on TMG Proxy (I tried a wild card *.demo.lab.onx.com certificate).

image

Configure ADFS:

Add a new relying Party Trust:

image

image

image

image

Do not forget trailing ‘/’ !

image

Remove URL!

image

 

image

Add New Rule

image

image

 

Export Toke-signing certificate to a DER file (token-signing-sharepoint.cer)

image

Put Token-decrypting certificate to a Trusted root on ADFS

image

IMPORTANT! If the token-signing certificate CRL (revocation List) location must be accessible from SharePoint! Otherwise you will see Event ID 8321 from SharePoint Foundation in Even Log

A certificate validation operation took XXX milliseconds and has exceeded the execution time threshold.  If this continues to occur, it may represent a configuration issue.  Please see http://go.microsoft.com/fwlink/?LinkId=246987 for more details.

Another issue I bumped: for some reasons I have two ADFS providers when CHEKING a user during addition (even though only one is visible in authentication provider)

image

I found it generates different names depending on which one is picked:

in my case it is a prefix i:05.t for the fist ADFS 2.0 Entry and  c:0e.t   for the second one

image

From my tests: it works with the “second” ADFS, not with the first one.

image

Links:

http://blog.cloudshare.com/2012/09/05/how-to-install-sharepoint-server-2013-preview-with-sql-server-2012-sp1-ctp3-ssrs-ssas-and-powerpivot-and-powerview/

http://shannonbray.wordpress.com/2010/10/02/claims-based-authentication-made-simple/

Microsoft LABs: http://social.technet.microsoft.com/wiki/contents/articles/1262.test-lab-guides.aspx

Test Lab Guide: Demonstrate SAML-based Claims Authentication with SharePoint Server 2013

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: