To bind this day content to exam objectives it was continuation of discussion of SP topology, but now with focus on design of logical architecture, whereas first day covered physical architecture and touched (just a bit) on information architecture.
Run CA As Administrator (there is some issues because of UAC, as some menu items will be missing, like Manage Services on server in System Settings section) when UAC is enabled.
SP configuration: 1. Create sites. 2. Set up and configure services. You need create sites first, as you need them to test services.
Create Web Application in SP.
Manage Web Application > Create New
Host Header, SSL optional
Authentication
Internal:
NTLM
Kerberos (requires extra setup, allows for delegation, faster in large networks)
Basic (passwords sent in plain text)
External:
Forms Based Authentication FBA (Exchange Web Access, external source for authentication date, e.g. SQL)
Claims Based (mainly for Internet portals – external providers like LiveId etc.)
Public URL (name + port)
Application pool name (just a name, make it nice and descriptive)
By default one DB per SP Web Application, but individual DBs can be created for each site collection (via PS)
It will create new site in IIS (host header, port – default HTTP/HTTPS or custom), setup authentication and create application pool (dedicated w3wp.exe process) and its service account (domain user is required for Kerberos, which won’t work if local account is being used)
With each application SP creates content DB on SQL
Site Collection: defines/contains templates, root site (template, administrators, quotas)
Site Collections can share one web app – managed path is used for differentiation (http://myportal/collection1 etc.)
Register account for portal-pool
CA > Security > Configure managed accounts
Despite the same name it doesn’t use the same Managed Service account functionality built-in into Windows Server, this one is separate thing for the same purpose
Once Web Application created we can start with site collection creation and first one will be top level site. Sub sites can be created (forum etc.)
Application Management > Manage Content Databases
Sites > Lists/Libraries
When you create new empty DB next collection will use it.
Upload file and check in content DB:
\n\n[code language=”sql”]\nSELECT * FROM dbo.AllDocs\nWHERE leafname=’%docname%’\n[/code]\n\n
CA > Application Management > View all site collections – to see database name for sites
SP Management Shell get-pssnapin
PS / PS ISE:
\n\n[code language=”powershell” light=”true”]\nadd-pssnapin Microsoft.SharePoint.PoweShell\n[/code]\n\n
To manage SP via PS you have to add your account to SP shell administrators (even if you already have farm admin rights)
\n\n[code language=”powershell”]\n#this command requires rights on SQL\nAdd-SPShellAdmin -username domainuser -database %ID%\n[/code]\n\n
List all site collections with databases:
Get-SPWebApplication | get-spsite | format-table hostname,url,contentdatabase -AutoSize > C:1.txt
\n\n[code language=”powershell”]\n# 1) Create web application\n# 2) Create managed paths\n# 3) Create number of site collections\n#1\nnew-spwebapplication -name "Contoso Internet WebApp" -port 80 -HostHeader sharepoint.contoso.com -URL "http://www.contoso.com" -ApplicationPoool "ContosoAppPool" -ApplicationPoolAccount("DOMAINjdoe") `\n-DatabaseName WSS_Content_Contoso\n#2\n$sites = 1..10\nForeach ($i in $sites)\n{\nNew-SPManagedPath "site$i" -WebApplication "http://sharepoint.itband.ru" – Explicit\n}\n#3\nForeach ($i in $sites)\n{\nNew-SPsite -name "Student Portal $i" -URL "http://sharepoint.itband.ru/site$i" `\n-Template "STS#0" -owneralias "itbandsp_install"\n}\n[/code]\n\n
Use klist to see if you have ticket to access SP (should contain user name and servername), if no ticket then kerberos is not in use
Configuring Kerberos:
DC setspn -S HTTP/portal.itband.ru itbandportal-pool
This can be done via editing Attribute of portal-pool account (DSA, user properties Attribute Editor tab then check servicePrincipalName attribute)
On SP server computer object enable delegation
Once done CA > Application Management, select application, click Authentication Providers on ribbon
Use klist command to verify or Even Viewer event ID 4624
SharePoint 2010 Kerberos configuration guide:
SSL Setup
Install CA
Allow enroll/write on Web Server template for Authenticated Users, gpupdate
Request web certificate, fill in Type CN=portal.domain.ru
Alternative Name DNS=portal.domain.ru
Enroll
On IIS add HTTPS binding for site
In CA add HTTPS entry in Alternate Access Mappings
HTTP URL Rewrite
WebApp can have 5 zones/names. Manage WebApp Extend. When you click OK in extend window don’t hurry to click around – it doesn’t give you any indication of work in progress and window also stays active, but you just have to vait. Pool stays the same.
Alternatively you may use DNS + IIS Bindings + SP CA Alternate Access Mappings
Extend allows for different authentication etc. All site settings.
