EricHarlan

Install SharePoint 2010 and Manually Configure Service Accounts

(update) For a non default walk through of a SharePoint installation and to really understand the nuts and bolts click here http://www.ericharlan.com/Moss_SharePoint_2007_Blog/install-sharepoint-2010-and-manually-configure-service-accounts-a179.html

 

I got the chance to catch up on a SharePoint 2010 install the other week. This one was different; they understood the pros and cons to segmenting out information through proper service account management, service accounts run by their own isolated identities giving a properly setup farm as a result.

 There have been a lot of blog entries on installing 2010 in a single server farm, I did one early on with adoption of the 64 bit platform and filling the gap between products (How To Install SharePoint 2010 Guide) but I was surprised to find that there were few breaking ground on full blown installs. There some good ones out there that Joel Oleson highlights a few of them out there (CJG being one of them).

I wanted to bridge some of the gap and provide a visual walk through of what is going on in full install of SharePoint 2010. I won’t spend too much time on the actual installing of the bits. There are plenty out there who have covered this (do your prereq’s, create your service accounts, give permissions etc). All that stuff is REALLY REALLY important to do correctly and do it before you really dig into the nuts and bolts of a SharePoint 2010 install.

A good frame of reference is that if your install of 2010 (including components I mention above) took less than a full work day and you didn’t install it as a single server install, chances are you didn’t do something right.

 

 

The first section of this guide is what you’ve all seen; the initial installation of SharePoint so there won’t be any commentary on this section. However the real meat of the post comes when setting your Service Applications. Specifically the User Profile Service, this service along with the Search Service (possibly FAST) is in my opinion the Service Applications with the most likelihood that something won’t go right in configuration. So I am going to focus on this one with the hopes that if you can do this one, you can do any of them.

So away we go. (clicking any image will open it in a new window)

 

 

 

Decide to run the wizard at this step. There are a few important decisions to make before deciding.

First thing to decide, do you want to run each Service application (or any) under its own service account. For more information about SharePoint 2010 Service accounts go here http://technet.microsoft.com/en-us/library/ee662513.aspx

If you choose to run the wizard you may choose which service accounts run under any given previously setup service account. HOWEVER, if you deselect some applications (such as search) you will be able to re run the wizard to create them. The only caveat to this is that you will not be able to select an alternate service account for which to use for said Search Service Account (or any other that you wish to add after the fact). The same service account you used to create the initial Service Accounts will be selected and “grayed out” and you must use it if you run via the wizard.

The alternative is to NOT run the wizard and configure the service applications manually.

In the guide below we have run the wizard for some service applications. We then configured Excel Services and User Profile (my sites.

Best practice is typically to create all the service applications manually. Use what you need and isolate via service accounts and proper permissions.

 

When running the wizard you must input the Service Account you wish to use. If you are using best practices you should be logged in as the SharePointInstall service account. You’ll want to make sure you use the SharePointApp service account.

When you enter in your credentials SharePoint takes this ALREADY EXISTING AD ACCOUNT and add it to its managed accounts list.

 

 

After this step you will receive a screen that shows the service applications installed and their statuses. You will click “Finish

Next you will be presented with the screen to create your first outward facing (i.e. intra/extra/internet site). You may choose to hit skip here or you can go ahead and create your site.

Possible reason’s to skip would be you are not satisfied with the default settings that SharePoint automatically gives your default Web Application. (SharePoint – 80). If you plan to delete this web application and recreate it with specific settings, there is no reason to waste time creating a site collection at this step.

Excel Services Application

 

Now the next step in the process is to create the Service Applications you need for your Enterprise but did not create with the wizard earlier. Again, in our deployment we only have Excel Services and User Profile service to create manually.

Go to “Application Management” > “Manage Service Applications” > select “New” from the ribbon and choose the service you want to create, in our case the Excel Services Application

Click on “Register new managed account”

Now you will enter in the Service Account you want to use for this Service Application in our case we are using the Excel Services Account

Once you create your managed account and click “OK” you will be taken back to the previous screen to enter in your Service Application details. Here you will enter your title, Application pool name, and make sure your appropriate service account is selected.

Click “OK” to proceed

The Service account creation will process…

Then you will be taken back to your Service Application management page complete with your new Excel Services Service Application.

User Profile Service Application

 

The next Service Application we will address is one of (if not the) most complicated SA in the SA stack. The User Profile Service Account.

The first step is to understand what makes up the User Profile Service.

The User profile service contains features such as My Sites, Profile Database, Sync Database, Social/Tagging Database.

The real value here is to setup My Sites under its own Service Account. The isolation of having that in place will be valuable down the road and it’s an overall best practice.

However the process that is automated in the Service Application Wizard does quite a few things for this service and it’s very important to understand what it does and the steps it takes. To outline what the wizard does:

· Creates MySites Web Application

· Creates Site Collection using “My Site Host” template

· Creates Profile, Social & Sync Databases

· Connects to all the default Service Connections

· Sets Managed path /personal

It is important to proceed with the following steps in the order outlined.

Order as follows:

· Create My Site Web Application

· Create My Site Site collection via “My Site Host” template

· Create managed path for My Sites

· Create actual User Profile Service Application

· Enable User Profile and User Profile Sync Service

 

Step 1 is to create a new web application for your My Sites.

Go to “Application Management” > “Manage web applications” > “New” (on the ribbon)

Here you will be able to select which Service Accounts you would like your User Profile Service to have access to. Keep in mind, depending on the order in which you create your Service Applications will determine what is available in the Service Application Connections list.

Here you are specifying an application pool name and the account its running under for the My Sites web application. There is nothing special about the account and it is not linked to the User Profile Service in any way.

When ready select “Ok”.

Once you’ve created your My Site Web Application we need to create the actual site collection.

Go to “Application Management” > “Create Site Collection”

Make sure the yellow drop down box has the Web Application of the My Site you just created. Proceed to name your site collection and choose “My Site Host” under the “Enterprise tab”.

Once you create your site collection, click next to the My Sites site collection to highlight that entry in the list (this will enable using the ribbon for that site collection). Select “Managed Paths” and add the new wild card inclusion managed path of “/personal”.

Select “OK” to see your managed path added.

Now to actually create the User Profile Service Application.

Proceed to “Application Management” > “Manage Service Applications”.

Under “New” select “User Profile Service Application”.

In the first option you have the option to use an existing application pool. You also have the option to create your own. A new application pool will be represented by a web application in IIS with a GUID naming convention with the User Profile Service Application tied to the IIS web app pool application.

Here you will confirm your database server and Sync Database Name. If you require SQL authentication (not recommended) you can place that as well as the failover database server here.

 

NOTE: by simply placing an additional database server as a failover database does not give SharePoint an automatic fail over point. You must configure the additional server as well.

Do the same for your Social Database here.

At this stage you will designate the managed path you have allocated for your My Sites “/personal”. As well as choose the my site, site creation naming convention.

When ready select “Create”.

Success.

Our last step is to enable the services that will operate our User Profile Services.

Go to “Application Management” > “Services on Server”.

Click “Start” for the “User Profile Service.

Now that you think you’re finished, you need to do one more step. It’s already been highlighted by my friend Jeremy ThakeSharePoint Dev Wiki as well as by Spencer Harbar. Essentially you need to start the actual syncing of the User Profiles. This step by step will get you the rest of the way there. No reason to recreate what’s been done. out on

http://www.sharepointdevwiki.com/display/spadmin2010/15+-+Configure+User+Profile+Synchronization+Service

Enjoy and be sure to leave some comments.

Tagged on:

Leave a Reply

Your email address will not be published.

No seriously, are you human? *