Upload a Windows 2003 Hyper-V VHD to Azure (Part 2 of 2)

In part one of this two part blog post, I created a Hyper-V VHD disk from a Windows 2003 VMWare VM. Now I want to upload the VHD disk to Azure and create a VM there. I will run the Domino server on the VM and test connecting to it with a web browser and a Notes client.

Note: I provide an abundance of details with screenshots.

Log in to Azure

If you don’t already have PowerShell version 1.4 or above installed, read How to install and configure Azure PowerShell.

  1. Open Azure PowerShell and sign in to your Azure account. A pop-up window opens for you to enter your Azure account credentials.

Login-AzureRmAccount

  1. Get the subscription names for your available subscriptions.

Get-AzureRmSubscription | Sort-Object subscriptionName | Select-Object SubscriptionName

  1. Set the correct subscription using the subscription ID. Replace<subscriptionName> with the ID of the correct subscription.
Select-AzureRmSubscription -SubscriptionName Pay-As-You-Go

AzureSubscription

Get the storage account

You need a storage account in Azure to store the uploaded VM image. You can either use an existing storage account or create a new one.

To show the available storage accounts, type:

Get-AzureRmStorageAccount

If you need to create a storage account, follow these two steps:

1. You need the name of the resource group where the storage account should be created. To find out all the resource groups that are in your subscription, type:

Get-AzureRmResourceGroup

To create a resource group named vmResourceGroup in the Central US region, type:

New-AzureRmResourceGroup -Name vmResourceGroup -Location “Central US” -Tag @{Name = ‘Created By’;Value = ‘Randy’}

AzureResourceGroup

2. Create a storage account named vmrhrstorageaccount in this resource group by using the New-AzureRmStorageAccount cmdlet:

New-AzureRmStorageAccount -ResourceGroupName vmResourceGroup -Name vmrhrstorageaccount -Location “Central US” -SkuName “Standard_LRS” -Kind “Storage”

Valid values for -SkuName are:

  1. Standard_LRS– Locally redundant storage.
  2. Standard_ZRS– Zone redundant storage.
  3. Standard_GRS– Geo redundant storage.
  4. Standard_RAGRS– Read access geo redundant storage.
  5. Premium_LRS – Premium locally redundant storage

AzureStorage

Upload the VHD to your storage account

I know of three ways to upload the VHD to a storage account. I will briefly review how to use each one. I think PowerShell will always work; but Cloudberry has a Pause feature that I really like.

  1. PowerShell
  2. Storage Explorer
  3. Cloudberry Explorer

PowerShell

Use the Add-AzureRmVhd cmdlet to upload the image to a container in your storage account. I am uploading the file windows2003.vhd from “F:\Users\Randy\Documents\Virtual Machines\Domino R8.5 Azure\” to a storage account named vmrhrstorageaccount in the vmResourceGroup resource group. The file will be placed into the container named vmcontainer and the new file name will be vmWindows2003VHD.vhd.

The first time I ran this code, I specified 4 uploader threads to see if that would improve upload performance.

–NumberOfUploaderThreads 4

My understanding is that I need a bigger pipeline for uploading as the number of uploader threads is increased. So setting it to 32 with my current pipeline would be of no benefit. This time I am just going to use a single thread.

$rgName = “vmResourceGroup”$urlOfUploadedImageVhd = “https://vmrhrstorageaccount.blob.core.windows.net/vmcontainer/vmWindows2003VHD.vhd”Add-AzureRmVhd -ResourceGroupName $rgName -Destination $urlOfUploadedImageVhd -LocalFilePath “F:\Users\Randy\Documents\Virtual Machines\Domino R8.5 Azure\Windows2003.vhd”

AzureUpload

AzureMD5Hash

EmptyBlock

AzureUploading

21 hours later …

AzureUploading2

If successful, you get this response:

AzureUploadResponse

Storage Explorer

I will assume that you already have Azure Storage Explorer installed. Click on Upload.

AzureStorageExplorer

I select the VHD file that I want to upload.

AzureStorageExploreUpload

Initializing Upload took several minutes without any updates.

AzureStorageExplorerInitialize

The upload begins! Only 1407 hours …

AzureStorageExplorer1407

A few minutes later there is no change in how much is uploaded.

AzureStorageExplorer1848

I cancel the upload.

AzureStorageExplorerCancel

Perhaps Storage Explorer is not the right tool for what I need here.

Cloudberry Explorer

I download CloudBerry Explorer for Azure Blob Storage from http://www.cloudberrylab.com.

I install and run the software. I choose the Freeware edition.

CloudBerry

I configure a connection to my vmrhrstorageaccount on Azure.

CloudBerryConnection

I select my Windows2003.vhd file and click on Copy as a Page Blob. Page blob is mainly used for VHD’s. The Copy process begins.

Note the Pause button is what excites me! I want to be able to pause the upload at times. For example, I use my Internet connection for all voice calls.

CloudBerryPause

The Blob file is being updated …

CloudBerryVMcontainer

The upload is 100% completed. It took about 24 hours to complete … just a few hours longer than the initial estimate.

CloudBerryCompleted

Check Azure Storage

I open my Azure site to the storage account that I created:

AzureStorageAccount

I open the Blobs. I can see the vmcontainer that I created.

AzureBlobStorage

I click on vmcontainer. I can see the vhd file that I uploaded.

AzureResourceContainerCreated

Create a Managed Disk from the VHD

I am creating a managed disk. A managed disk manages the storage accounts used for the VM disks for you. You specify the type (Premium or Standard) and size of disk you need, and Azure creates and manages the disk for you. You don’t have to worry about placing the disks across multiple storage accounts in order to ensure you stay within the scalability limits for the storage accounts — Azure handles that for you.

I am referencing another resource for creating the VM. I like to use PowerShell.

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-specialized

I run the PowerShell code to create a new resource group and a new OS disk from the uploaded VHD.

Note: I had problems with New-AzureRmDiskConfig. So I went to this webpage and followed the instructions.

https://docs.microsoft.com/en-us/powershell/azure/install-azurerm-ps?view=azurermps-5.1.1

I closed and restarted PowerShell. Then went through the login process again.

Login-AzureRmAccount

Then I continued with the PowerShell commands below.

$location = “Central US”

$destinationResourceGroup = “myWindows2003ResourceGroup”

New-AzureRmResourceGroup -Location $location -Name $destinationResourceGroup

$sourceUri = “https://vmrhrstorageaccount.blob.core.windows.net/vmcontainer/Windows2003.vhd

$osDiskName = “myWindows2003Disk”

$diskconfig = New-AzureRmDiskConfig -Location “Central US” -AccountType StandardLRS  -CreateOption Import -SourceUri $sourceUri

$osDisk = New-AzureRmDisk -DiskName $osDiskName -Disk $diskconfig -ResourceGroupName $destinationResourceGroup

The new resource group is created

AzureResourceGroupCreated

The operating system disk is also created! I can see it in the new resource group that I created.

The disk is listed in the new resource group.

AzureOSDisk

I can click on the disk to view the properties.

AzureOSDiskDetails

Create the new VM

First I need to create the subNet and vNet of the virtual network.

Below is the PowerShell I used to create the subnet and vNet.

$subnetName = ‘win2003SubNet’

$singleSubnet = New-AzureRmVirtualNetworkSubnetConfig `

   -Name $subnetName `

   -AddressPrefix 10.0.0.0/24

$location = “Central US”

$destinationResourceGroup = “myWindows2003ResourceGroup”

$vnetName = “win2003VnetName”

$vnet = New-AzureRmVirtualNetwork `

   -Name $vnetName -ResourceGroupName $destinationResourceGroup `

   -Location $location `

   -AddressPrefix 10.0.0.0/16 `

   -Subnet $singleSubnet

I receive a warning:

WARNING: The output object type of this cmdlet will be modified in a future release.

Now I must be able to log in to my VM using RDP. I need to have a security rule that allows RDP access on port 3389. Because the VHD for the new VM was created from an existing specialized VM, I can use an account from the source virtual machine for RDP.

The Lotus Notes Domino web server uses port 80 to distribute and receive http requests.

The Lotus Notes Client uses port 1352 by default to communicate with the Lotus Notes Server.

Lotus Notes servers use port 1352 by default to replicate with each other.

Thus, I also want to allow access on port 80 and 1352.

$nsgName = “myWindows2003NSG”

$rdpRule = New-AzureRmNetworkSecurityRuleConfig -Name “myRDPRule” -Description “Allow RDP” `

    -Access Allow -Protocol “Tcp” -Direction Inbound -Priority 110 `

    -SourceAddressPrefix Internet -SourcePortRange * `

    -DestinationAddressPrefix * -DestinationPortRange 3389

$httprule = New-AzureRmNetworkSecurityRuleConfig -Name “myHTTPRule” -Description “Allow HTTP” `

    -Access “Allow” -Protocol “Tcp” -Direction “Inbound” -Priority “100” `

    -SourceAddressPrefix “Internet” -SourcePortRange * `

    -DestinationAddressPrefix * -DestinationPortRange 80

$notesrule = New-AzureRmNetworkSecurityRuleConfig -Name “myIBMNotesRule” -Description “Allow IBM Notes” `

    -Access “Allow” -Protocol “Tcp” -Direction “Inbound” -Priority “120” `

    -SourceAddressPrefix “Internet” -SourcePortRange * `

    -DestinationAddressPrefix * -DestinationPortRange 1352

$nsg = New-AzureRmNetworkSecurityGroup `

   -ResourceGroupName $destinationResourceGroup `

   -Location $location `

   -Name $nsgName -SecurityRules $rdpRule, $httprule, $notesrule

I receive the same warning:

WARNING: The output object type of this cmdlet will be modified in a future release.

I review the virtual network that I created.

AzureVirtualNetwork

I click on the win2003VnetName virtual network and then on Subnets.

AzureNetworkSubnets

I see one warning in Address space. I just have to be careful not to run my SharePoint server at the same time! But I will probably change the Vnet settings soon.

AzureVnetSetting

Next I open my new network security group. I can see that my inbound security rules were successfully created.

AzureNSG

The RDP rule has a warning.

RDPWarning

Create a public IP address and NIC

To enable communication with the virtual machine in the virtual network, I need a public IP address and a network interface.

$destinationResourceGroup = “myWindows2003ResourceGroup”

$ipName = “myWindows2003IP”

$pip = New-AzureRmPublicIpAddress `

   -Name $ipName -ResourceGroupName $destinationResourceGroup `

   -Location $location `

   -AllocationMethod Dynamic

$nicName = “myWindows2003NicName”

$nic = New-AzureRmNetworkInterface -Name $nicName `

   -ResourceGroupName $destinationResourceGroup `

   -Location $location -SubnetId $vnet.Subnets[0].Id `

   -PublicIpAddressId $pip.Id `

   -NetworkSecurityGroupId $nsg.Id

I open the new NIC that I created in Azure. Everything looks like it set correctly.

AzureNIC

The IP address for the Public IP address is not set yet.

AzureIPAddress

Next I select the VM type, VM name, disk size, and the NIC.

My VMWare VM has a 40GB disk drive, dual core processor, and 3032MB of memory. I need something similar on Azure. I can see the list of available VMs at the URL here:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general

The Basic_A1 series has 1 CPU, 1.75GB of memory, 40GB disk drive, and 1 NICs. It is one less CPU and half the memory that I currently have on my VMWare VM.

The Basic_A2 series has 2 CPU, 3.5GB of memory, 60GB disk drive, and 1 NICs. A Basic is an economical option for development workloads, test servers, build servers, code repositories, low-traffic websites and web applications, micro services, early product experiments, and small databases.

I want to try the Basic_A2 series; but I will exceed my quota limit of 10 cores by 1 core.

I create a Support Request to increase my quota to 20. https://portal.azure.com/#create/Microsoft.Support

My Support Request is approved within two minutes!!! Awesome!

I will proceed with Basic_A2 series.

$vmName = “myWindows2003VM”

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize “Basic_A2”

$vm = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $nic.Id

$vm = Set-AzureRmVMOSDisk -VM $vm -ManagedDiskId $osDisk.Id -StorageAccountType StandardLRS `

    -DiskSizeInGB 40 -CreateOption Attach -Windows

New-AzureRmVM -ResourceGroupName $destinationResourceGroup -Location $location -VM $vm

I check Azure for my new Windows 2003 VM. It is running!

AzureVMCreated

I click on the VM to view the Overview details.

AzureVMDetails

I click on Connect to view the VM. I click Open to continue.

RDP

I click Connect to continue.

Note: Ignore the IP address in the screenshot below. It should match the public IP address.

RDP2

I click Yes to continue.

RDP3

The first time I tried this, I got a warning message. Basically, I believe that it failed because I did not have a network adapted on the VM that I uploaded.

RDPCannotConnect

But this time it looks like it is working! I have a connection and can log into the server.

RDP4

Logon

I successfully login.

VMlogon

Auto-Shutdown of Azure VM

As a precaution, I set my VM to auto-shutdown at 5:00PM Central Time. This setting is made in Azure. I try to do this as soon as possible to avoid any unnecessary expenses while I am testing.

AzureVMAutoShutdown

Update Windows Firewall to Open Port 1352

I had to update the Windows Firewall on the Windows 2003 VM to open port 1352 for the Notes client. I open the Local Area Connection. Then I open Windows Firewall and click on the Exceptions tab. Then click on Add Port.

FirewallExceptions

I add the details for port 1352 as seen below. I do not make any changes to the default scope. I click OK to accept the changes.

FirewallPort

I click OK to close the Windows Firewall dialog.

Update Hosts, LMHosts.sam, and Server Connection

I updated the IP address in the hosts and lmhosts.sam files to point to the local IP address. You may need to do the same if you use these files for host resolution.

I also updated the connection record in the local address book in the Lotus Notes client to use the new local IP address.

ServerConnection

Start the Domino Server

I start up the Domino 8.5.3 Server successfully.

ServerScreen

Test Connection via Web Browser

I came back a day later to test connecting to the Domino web server on Azure. I start the VM and the Domino server.

I have to run “load http” on my Domino server to start the web services. You may not have to do so.

Then I open a web browser on my computer and open up the URL http://52.165.134.152/test.nsf

The IP address 52.165.134.152 is the new public IP address. It will change every time I start the Azure VM.

Test.nsf is a Lotus Notes database on my Domino server. The test database opens in a web browser. Success!

WebTestConnection

Test Connection via Lotus Notes Client

Next I will test connecting from my Lotus Notes client. I update the connection document to point connections to the Domino server to the public IP address:

ServerConnection2

I updated the IP address in the hosts and lmhosts.sam files to point to the public IP address.

Then I attempt to open a Notes database on the Domino server. Success!

OpenApplication

I select my Test.nsf database and open it. Success again!

TestDatabase

Next Steps

To make this a permanent solution, I need to configure a permanent IP address for the public IP address in the resource group and a permanent IP address for the Windows 2003 Server in the virtual network / subnet. Then I won’t need to update the IP address references everywhere each time I restart the Azure VM.

I should update the Domino Server record to point to the updated IP address or DNS name.

I should also validate the licensing of the Windows 2003 server. It is warning me that I need to validate the licensing again since the hardware changed significantly.

I could try a lift-and-shift migration using Azure Site Recovery. I think that would be a good approach for a large scale migration of VMs.

Conclusion

Thus, I was able to successfully migrate a Windows 2003 VMWare VM to an Azure VM. I was also able to connect to the Domino server running on the VM via a web browser and the Notes client.

Additional Resources

The link below provides documentation on how to create and upload a Windows virtual hard disk (VHD) to be used in creating an Azure VM. You can upload a VHD from either a generalized VM or a specialized VM.

https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-upload-image

For a complete walk-through of how to prepare, upload and create a new VM using managed disks, see Create a new VM from a generalized VHD uploaded to Azure using Managed Disks or Upload a specialized VHD to create a VM in Azure.+

For more details about disks and VHDs in Azure, see About disks and VHDs for virtual machines.

 

RDP

Preparing a Windows 2003 Server VMWare VM for Import to Azure VM (Part 1 of 2)

Introduction

I have a read a few blog posts on uploading old VMs to Azure. Some of the blog posts make it look like it is a very simple process. However, the comments to the posts often describe a failure and request additional details. I’m going to post the details about my experience. I will also provide some explanation on where I ran into some problems and explain what I do to resolve them.

This is part one of a two part blog posting. Part one ends with the conversion of a Windows 2003 VMWare VM to a Hyper-V VHD disk. Part two provides the details to upload the VHD disk to Azure and create a VM there. Then I run the Domino server on the VM and test connecting to it with a web browser and a Notes client.

Note: I provide an abundance of details with screenshots.

My Current VMWare VM

I have an old Windows 2003 Server running in a VMWare Workstation VM. I used to run a SharePoint 2010 Server on it; but now I use it to run a Domino R8.5 Server. I suspect that a lot of organizations have Domino Servers running on Windows 2003 Servers. The preparation steps would be slightly different if they upgraded their Windows 2003 Server to Windows 2008 or 2012. The differences would be with the configuration of remote access on the server.

I want to upload the Windows 2003 Server to an Azure VM. It has a 40GB disk drive with 7GB of free disk space. It is running a 32-bit version of Windows 2003 Server with Service Pack 2 installed. I know that Azure provides best effort support only for running Windows 2003 servers – both 32-bit and 64-bit.

Below you can see a screenshot of the System Properties of my Windows 2003 Server.

SystemProperties

I know that I can upload both generalized and specialized VHDs to Azure. Each type requires that you prepare the VM before starting. I want to create a specialized VM.

Generalized VHD – a generalized VHD has had all of your personal account information removed using Sysprep. If you intend to use the VHD as an image to create new VMs from, you should:

Specialized VHD – a specialized VHD maintains the user accounts, applications and other state data from your original VM. If you intend to use the VHD as-is to create a new VM, ensure the following steps are completed.

  • Prepare a Windows VHD to upload to Azure.
  • Do not generalize the VM using Sysprep.
  • Remove any guest virtualization tools and agents that are installed on the VM (i.e. VMware tools).
  • Ensure the VM is configured to pull its IP address and DNS settings via DHCP. This ensures that the server obtains an IP address within the VNet when it starts up.

Create a Clone

I make sure that my Windows 2003 Server VM is shut down. Then I create a clone of my Windows 2003 Server VM.

The Welcome Screen appears. I click Next to continue.

CloneWelcome

The Clone Source screen appears. I accept the current settings and click Next to continue.

CloneSource

The Clone Type screen appears. I select Create a full clone and click Next to continue.

CloneType

The Clone Name screen appears. I update the name and click Finish to continue.

CloneName

The cloning process begins.

CloningProcess

The final screen appears and I click Close.

CloneClose

Preparing the VM

I power on the cloned VM.

ClonePowerOn

I often get this error displayed; but it never seems to be a problem. I click OK to continue.

ServiceError

I check the VMWare VM Network Configuration.

IP1IP2IP3

I changed the setting to obtain an IP address automatically. This is the right configuration; but it won’t really matter since I lose the network adapter when I convert to a Hyper-V disk drive.

I clicked OK.

IP4

Windows Management Core Package

I want to check that I have installed the Windows Management Core Package installed on my Windows 2003 Server.

I run PowerShell. I happen to have it on my desktop.

Powershell

I double-click on the icon and PowerShell starts. It looks like I have v1.0 installed.

Powershell2

The package I want to download contains PowerShell 2.0.

I can download the package from here: http://www.microsoft.com/en-us/download/details.aspx?id=4045

I click on Download.

Windows2003update

I have to click on click here to download manually.

downloadUpdate

But that still does not download the file.

I know that the URL to the file is https://download.microsoft.com/download/1/1/7/117FB25C-BB2D-41E1-B01E-0FEB0BC72C30/WindowsServer2003-KB968930-x86-ENG.exe

I return to my PowerShell window.

I copy and paste the following commands:

$url = “http://download.microsoft.com/download/1/1/7/117FB25C-BB2D-41E1-B01E-0FEB0BC72C30/WindowsServer2003-KB968930-x86-ENG.exe&#8221;

$path = “C:\download\WindowsServer2003-KB968930-x86-ENG.exe”

# param([string]$url, [string]$path)

if(!(Split-Path -parent $path) -or !(Test-Path -pathType Container (Split-Path -parent $path))) {

      $path = Join-Path $pwd (Split-Path -leaf $path)

    }

“Downloading [$url]`nSaving at [$path]”

$client = new-object System.Net.WebClient

$client.DownloadFile($url, $path)

#$client.DownloadData($url, $path)

$path

Note that I removed the “s” in https://.

I confirmed that I have a download folder on the C: drive.

Powershell3

I hit Enter. The file downloads.

Powershell4

I run the file in C:\download.

WMFCoreSetup

Good news! I already have the Core installed!

Run Windows Update

I also checked Windows Update in Internet Explorer to see if I was missing an update.

WindowsUpdate

I have not updated this server in almost 10 years. It is taking a long time to check!

I expect this to be the situation for most companies, too.

WindowsUpdate1

But I know that a process is running. I checked Windows Task Manager.

TaskManager

The process completes almost an hour later.

WindowsUpdate2

I will install the first updates.

WindowsUpdate3

I click on Review and install updates.

ReviewAndInstallUpdates

Then I click on Install Updates.

InstallingUpdates

The installation completes and I click on Restart Now.

InstallationComplete

The Windows 2003 Server restarts.

I check Windows Update again. This time I will install all high-priority updates. There are 169 updates to apply. I expect this to take an hour or more.

SelectPriorityUpdates

Note: Update 17 required me to install Internet Explorer 8. I had to click on some dialog boxes.

I restart the VM after the installation completes.

Set Windows configurations for Azure

On the virtual machine you plan to upload to Azure, run all the following commands from the command prompt window with administrative privileges. In this case, I run as Administrator.

RunAs

CommandPrompt

Change to the C:\windows\system32 directory.

Remove any static persistent route on the routing table:

To view the route table, run route print from the command prompt window.

Check the Persistence Routes sections. If there is a persistent route, use route delete to remove it. The VM has none because I changed the IP settings to obtain an IP address automatically.

RoutePrint

Remove the WinHTTP proxy:

netsh winhttp reset proxy

netsh

Set the disk SAN policy to Onlineall.

diskpart

 san policy=onlineall

 exit

diskpart

Set Coordinated Universal Time (UTC) time for Windows and the startup type of the Windows Time (w32time) service to Automatically:

REG ADD HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation /v RealTimeIsUniversal /t REG_DWORD /d 1

Enter Yes and hit Enter

sc config w32time start= auto

scconfig

Set services startup to Windows default values

Make sure that each of the following Windows services is set to the Windows default values. To reset the startup settings, run the following commands:

sc config bfe start= auto

sc config dcomlaunch start= auto

sc config dhcp start= auto

sc config dnscache start= auto

sc config IKEEXT start= auto

sc config iphlpsvc start= auto

sc config PolicyAgent start= demand

sc config LSM start= auto

sc config netlogon start= demand

sc config netman start= demand

sc config NcaSvc start= demand

sc config netprofm start= demand

sc config NlaSvc start= auto

sc config nsi start= auto

sc config RpcSs start= auto

sc config RpcEptMapper start= auto

sc config termService start= demand

sc config MpsSvc start= auto

sc config WinHttpAutoProxySvc start= demand

sc config LanmanWorkstation start= auto

sc config RemoteRegistry start= auto

I saw multiple messages stating that the specified service does not exist; but I continued with the process.

scconfig1

scconfig2

Update Remote Desktop registry settings

If there are any self-signed certificates tied to the Remote Desktop Protocol (RDP) listener, remove them:

REG DELETE “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SSLCertificateSHA1Hash”

This registry key did not exist on my VM.

RegDelete

For more information about configuring certificates for RDP listener, see Listener Certificate Configurations in Windows Server

Configure the KeepAlive values for RDP service:

REG ADD “HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services” /v KeepAliveEnable /t REG_DWORD  /d 1 /fREG ADD “HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services” /v KeepAliveInterval /t REG_DWORD  /d 1 /fREG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp” /v KeepAliveTimeout /t REG_DWORD /d 1 /f

KeepAlive

Configure the authentication mode for the RDP service:

REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” /v UserAuthentication /t REG_DWORD  /d 1 /fREG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” /v SecurityLayer /t REG_DWORD  /d 1 /fREG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” /v fAllowSecProtocolNegotiation /t REG_DWORD  /d 1 /f

authentication.jpg

Enable RDP service by adding the following subkeys to the registry:

REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD  /d 0 /f

EnableRDP

Configure Windows Firewall rules

The steps for later versions of Windows server are very different because of a new and improved version of Windows Firewall. It is relatively easy on a Windows 2003 Server.

First, I confirmed that Windows Firewall was on.

ConfirmFirewall

I made sure that the Remote Desktop setting in Windows Firewall on my Windows 2003 server is set to TCP 3389 with Scope set to “Any”.

Firewall3389

Service3389

Run PowerShell as an administrator.

Run the following command in PowerShell to allow WinRM through the firewall and enable PowerShell Remote service.

Enable-PSRemoting –force

Powershell5

Verify VM is healthy, secure, and accessible with RDP

I do not have a way to confirm that the Windows Management Instrumentation (WMI) repository is consistent. That is, there is no command that I can run on Windows 2003 Server. If the repository is corrupted, see the blog post WMI: Repository Corruption, or Not?

I cannot run the bcdedit commands to set the Boot Configuration Data (BCD). I am listing them below so that you know what they are.

bcdedit /set {bootmgr} integrityservices enable

bcdedit /set {default} device partition=C:

bcdedit /set {default} integrityservices enable

bcdedit /set {default} recoveryenabled Off

bcdedit /set {default} osdevice partition=C:

bcdedit /set {default} bootstatuspolicy IgnoreAllFailures

Remove any extra Transport Driver Interface filters, such as software that analyzes TCP packets.

To make sure the disk is healthy and consistent, run the CHKDSK /f command in the command prompt window. Type “Y” to schedule the check and restart the VM.

chkdsk

windows2003chkdsk

Uninstall any other third-party software and driver related to physical components or any other virtualization technology.

I uninstall the VMWare Tools. I restart the VM as required.

Note: This is likely where I lose my network adapter since it is a VMWare network adapter.

VMWareTools

I click Cancel when the Found New Hardware Wizard appears.

FoundNewHardware

Regardless, a new device was installed. I click Yes to restart my VM again.

SystemSettingsChange

Make sure that a third-party application is not using Port 3389. This port is used for the RDP service in Azure. You can run netstat -anob in the command prompt window to see the ports that are used by the applications.

It looks like TermService (svchost.exe) is using Port 3389. This is the Remote Desktop Service.

netstat

If the Windows VHD that you want to upload is a domain controller, follow these extra steps to prepare the disk.

Reboot the VM to make sure that Windows is still healthy and can be reached by using the RDP connection.

I check that my Administrator account has the right to logon onto the server via Remote Desktop.

LocalSecuritySettings

I will add my Administrator account.

AllowLogon

I click Add User or Group. I enter Administrator and click on Check Names.

SelectObject

I click OK to continue. The Administrator name appears in the list.

AllowLogon2

I click OK to continue.

LocalSecuritySettings2

I am certain that I have no network connection in the VM now. Later I will use Hyper-V Integration Services to enable network connectivity.

Shut down the VM!

 

Convert the VMWare VMDK to Hyper-V VHD

Microsoft offers a VMWare VM conversion kit: http://www.microsoft.com/en-us/download/details.aspx?id=42497

I tried this kit; but afterwards I was unable to connect to the VM on Azure using RDP. I think it is because I lost the VMWare VM network adapter. Maybe the conversion kit works; but I need to run the converted VHD file in Hyper-V and add a network adapter. That is what I am doing next; but using a different tool for the conversion from VMWare to VHD.

Convert the VMWare VMDK to Virtual PC VM

I still do not have a network adapter in the VMWare VM. I will add one later.

I downloaded and install StarWind V2V Converter 8.0.167. StarWind Software V2V Image Converter is a virtual machine conversion utility. The package can convert many existing virtual machine formats to others.

I convert the VMWare Workstation VM disk to a Virtual PC pre-allocated image. The series of screenshots that follow show the steps that I followed.

StarWind1

StarWind2

StarWind3

StarWind4

StarWind5

I have successfully converted my VMWare VM to a MS Virtual PC VM.

Enable Hyper-V

My current setup does not have Hyper-V configured. However, I do have Windows 10 Pro installed with Intel(R) Core(TM) i7-3840QM CPU @ 2.80GHz processors. So I am able configure Hyper-V.

Hyper-V1

I have to configure my Windows 10 computer to support Hyper-V and Virtual PC. I followed the steps in the following blog posts:

https://www.groovypost.com/howto/create-virtual-machine-windows-10-hyper-v/

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v

More information on Hyper-V running on Windows 10:

https://www.tenforums.com/tutorials/2087-hyper-v-virtualization-setup-use-windows-10-a.html

Hyper-V2

Hyper-V Manager

For more information on Hyper-V running on Windows 10:

https://www.tenforums.com/tutorials/2087-hyper-v-virtualization-setup-use-windows-10-a.html

I run Hyper-V Manager.

First, I create a virtual switch connected to the External network. See the steps documented in Part Three in the URL above.

Second, I create a new VM.

Hyper-VManager1

Hyper-VManager2

Hyper-VManager3

Assign 3032MB of memory (or however much you need to allocate). It may change when you select your Azure VM series.

Hyper-VManager4

MISSING A SCREEN HERE

I chose the virtual switch for my network configuration that I created as a first step.

Hyper-VManager6

Hyper-VManager7

New VM appears in Hyper-V Manager

Hyper-VManager8

Start the VM

Windows2003starting

It is running, but needs a network connection.

Windows2003runing

Installing a Network Adapter

Map the CD drive to vmguest-HyperV.iso. If you do not have the file, you have to find it somewhere on the Internet.

Click OK to upgrade the HAL.

HALupgrade

Installation starts

Hyper-Vdetect

Click Yes to restart

Hyper-Vrestart

Installation continues after reboot and logging in

Hyper-Vrinstall

Click Yes to restart

Hyper-Vrestart2

After restart, additional settings are applied.

Windows2003applying

Finally, I have a Local Area Connection again! The Microsoft Hyper-V Network Adapter is installed.

ServerLAN

serverVM

Shut down the VM!

That concludes this blog post. Part two of this two part blog posting will continue with uploading the VHD to Azure.

Installing my SharePoint Virtual Machines on My New Dell M6700

I joined Dell recently and had to give up my previous laptop. I decided to purchase my own Dell M6700 mobile workstation to support my SharePoint virtual machines. The M6700 has the following hardware specifications:

 

CPU

Intel® Core™ i7-3840QM (3.80 GHz, 8MB L3, 1333MHz FSB)

Memory

32GB RAM (2 x Crucial CT3291640 16GB kit (8GBx2), 204-pin SODIMM)

Drive 1

256GB SSD

Drive 2

512GB SSD

Drive 3

128GB SSD

Optical Drive

Internal CD/DVD

SDHD Card

32GB Memory Card (if needed)

This is a slightly faster workstation in terms of CPU power. The real difference is that this workstation has 3 SSDs and still has a CD/DVD drive.

My plan was to move the VM images to the SDDs and run them. But it is never that easy. It seems that VMWare does not make it easy to move VM images that have two drives. I could not get the SQL Server VM to start up. I kept getting variations of the same error message. Basically, a file is missing and I cannot find it. I don’t think it ever really existed. I think that the problem is that I am not moving the files to the exact same disk drives.

 

error-msg

I finally gave up and reinstalled the SQL Server 2012 virtual machine. This time I installed it all in one drive. Besides, I have three SSDs – one for each VM! I run the Operating System and the domain controller VM on one SSD.

I had to load a snapshot of the SharePoint VM from just before the SharePoint software installation started. I still need to configure the Search features that I created in a later blog posting. But I have what I need for now! I will be taking this workstation with me for demos at conferences.

I also need to configure a backup drive for the backup software that I use.

Installing and Configuring SharePoint 2013: Part 4 of 4

This blog entry provides the details on installing and configuring SharePoint 2013 on a Windows 2012 server. I include some PowerShell scripts for setting up a few services and a content database. I also show how to configure and run the crawler service for the first time.

This is a copy of the blog post that I originally posted here:

Installing and Configuring SharePoint 2013: Part 4 of 4

As a reminder, I am separating the details into four blog posts:

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4
Installing and Configuring the Windows Domain Controller: Part 2 of 4
Installing and Configuring SQL Server 2012: Part 3 of 4

Installing and Configuring SharePoint 2013: Part 4 of 4

RHR (2012/04/25): I made several corrections to this entry after I ran into multiple problems during a second attempt at installation and configuration.

I setup another VMWare virtual machine for the SharePoint 2013 server. I plan to configure it as below.

SharePoint 2013 Server

  • Windows Server 2012
  • SharePoint Server 2013
  • Memory: 8GB RAM <— I am tempted to increase this to at least 12GB when running search!
  • CPU: 4
  • Drive: 1x80GB
  • IP Address: 192.168.67.13
  • Domain: contoso.com
  • Name: server2012sp
  • Target Drive: 2

Make sure that you select VMnet8 (NAT) for the Custom: Specific virtual network in Network connection in the Virtual Machine Settings.

Make sure that you select “2012 Standard” and not “2012 Datacenter”.

image image

Also, change the server name (server2012sp), domain (Contoso), and IP address (192.168.67.13) after installing the operating system.

Note: I had a problem once with the server connecting to the domain controller. So I added the following entries to the hosts file in the C:\Windows\System32\Drivers\etc directory.

I first had to give the Admin user account Full control access to the hosts file.

192.168.67.11 server2012dc
192.168.67.12 server2012sql

I install the Windows 2012 operating system just as with the other two servers. I add the sp_install and sp_farm user accounts to the Administrators group on this server.

I click on Tools \ Computer Management.

image

The Computer Management windows opens. I click on Local Users and Groups.

clip_image003

I double-click on Groups and the list of group accounts is displayed.

clip_image005

I double-click on the Administrators entry and the Administrators Properties screen opens.

clip_image006

I click on Add… and the Select Users, Computers, Service Accounts, or Groups screen displays. I enter the sp_install user account name and click Check Names.

clip_image007

The Windows Security screen appears. I enter the Administrator credentials and click OK to continue.

clip_image008

The Select Users … screen returns. I click OK to continue.

clip_image009

The Administrators Properties screen is updated. I click OK to close the screen.

clip_image010

IMPORTANT! Repeat the process for the contoso\sp_farm user account!

I close the Computer Management screen.

I want to logon as the sp_install user. I click on Local Server.

clip_image011

I click on Tasks and select Shut Down Local Server.

clip_image012

I select Switch User on the What do you want the computer to do? drop down list and click OK to continue.

clip_image013

The server restarts. I click Other user.

clip_image014

I enter the credentials for sp_install and click the arrow.

clip_image015

I am now logged in with the sp_install user account and have Administrator rights. I also have the appropriate rights on the SQL Server with this account.

Install Prerequisites

I click on VM \ Settings on the VMWare toolbar.

clip_image016

The Virtual Machine Settings screen appears.

clip_image017

I click on Add… and the Add Hardware Wizard screen appears. I click on CD\DVD Drive and click Next.

clip_image018

I select Use ISO image and click Next.

clip_image019

I browse to the ISO image (en_sharepoint_server_2013_x64_dvd_1121447.iso) that I have for SharePoint Server 2013. I click Finish to continue.

clip_image020

I click OK to close the Virtual Machine Settings screen. A message appears in the top right corner of the screen.

clip_image021

I tap on the message and another message appears.

clip_image022

I click on Open folder to view files. The Explorer window opens.

clip_image024

I scroll down and find prerequisiteinstaller and double-click on it. I click Yes on the User Account Control screen.

clip_image025

The Microsoft SharePoint 2013 Products Preparation Tool screen appears. I click Next to continue.

clip_image027

The License Terms for software products screen appears. I click on the I accept terms … and click Next.

clip_image029

The installation begins.

clip_image031

A restart message appears in the screen when the process completes. I click Finish to continue.

Note: I did have a major problem at this stage once. I had no connection to the DNS server from this server. I disabled the network adapter, added a new network adapter in VM Tools, and configured it. I then deleted the old network adapter in VM Tools. The new network adapter had the same configuration as the old one. It connected to the DNS server and displayed an Internet connection.

clip_image033

Windows Server restarts.

clip_image034

Windows is configuring features.

clip_image035

I login to the server

clip_image036

A User Account Control screen is displayed. I click Yes to continue.

clip_image037

The Microsoft SharePoint 2013 Products Preparation Tool screen is displayed.

clip_image038

I wait for the prerequisites to be installed. Another restart message is displayed. I note that all tasks are completed successfully. I click Finish to continue.

clip_image039

Another restart and login. A User Account Control screen is displayed. I click Yes to continue.

clip_image040

The Microsoft SharePoint 2013 Products Preparation Tool screen is displayed.

clip_image041

The process runs quickly and is soon replaced by the Installation Complete screen. I click Finish to continue.

I see that I have two additional roles displayed in the Dashboard: App Server and IIS.

clip_image043

clip_image044

Install SharePoint 2013

I click on the explorer icon on the task bar, expand Computer \ DVD Drive (E:) and find the setup file.

clip_image046

I double-click on the setup file to start the installation process. A SharePoint 2013 screen is displayed.

clip_image047

It is soon replaced with a larger screen that includes a menu.

clip_image048

I click on Install SharePoint Server and a User Account Control screen is displayed. I click Yes to continue.

clip_image049

The Enter your Product Key screen is displayed. I enter the product key and click Continue.

clip_image050

The Read the Microsoft Software License Terms screen is displayed. I click on I accept the terms of this agreement and click Continue to continue.

clip_image051

The Server Type screen appears. I keep Complete selected and click Install Now.

clip_image052

The Installation Progress screen appears.

clip_image053

Installation nears completion.

clip_image054

Installation completes. The Run Configuration Wizard screen appears. I uncheck the Run the SharePoint Products Configuration Wizard and click Close.

clip_image055

I click Exit on the SharePoint 2013 screen to close it.

Creating Content Databases without GUIDs in the Name

Click on the Windows button on your keyboard.

Right-click on the SharePoint 2013 Management Shell on the Start workspace

clip_image056

Click on Run as administrator.

Note: I read about the Run as administrator requirement here: http://tomresing.com/blog/Lists/Posts/Post.aspx?ID=57

Click on Yes in the User Account Control window.

clip_image057

The SharePoint Management Shell window opens in the workspace.

image

——————————————————————————————————-

Note: I did run into an error on this step once. The Powershell script could not connect to the SQL server.

image

I tried pinging the server2012sql SQL server from a command prompt without success. So I added the following entries to the hosts file in the C:\Windows\System32\Drivers\etc directory..

192.168.67.11    server2012dc
192.168.67.12    server2012sql

I had to give Full Control permission to the sp_install user account to the hosts file before I was able to edit and save changes.

Pinging will not work because of the firewall; but at least the IP address was available. So I tried running the script again. This time it worked!

I also changed the hosts file at the beginning of this blog entry for a different reason.

——————————————————————————————————-

Copy and paste the following text into the SharePoint Management Shell window. Check that the spaces appear correctly!

I sometimes paste it into Notepad on the VM first.

New-SPConfigurationDatabase –DatabaseName SharePoint_Config -DatabaseServer server2012sql –AdministrationContentDatabaseName SharePoint_Admin_Content

clip_image061

Press the Enter key on the keyboard. The Shell screen refreshed and requests credentials.

clip_image063

A Credentials screen appears. I enter the sp_farm credentials. I click OK to continue.

clip_image064

I’m still being asked to supply a passphrase for FarmCredentials. I enter the credentials passphrase and hit Enter on the keyboard.

clip_image066

I wait for something to happen … but I am impatient. I go to the server2012sql server and run the Microsoft SQL Server Management Studio.

I expand the Object Explorer to see the Databases. I see that the databases are created!

clip_image067

I return to the server2012sp server and see that the prompt has returned in the Shell window.

clip_image069

The process has completed successfully! I close the Shell window.

Run Configuration Wizard

I click on the Windows key on the keyboard and then click on the SharePoint 2013 Products Configuration Wizard icon on the Start screen.

clip_image070

The User Account Control window appears. I click Yes to continue.

clip_image071

The SharePoint Products Configuration Wizard screen appears. I click Next to continue.

clip_image072

A prompt appears warning me about services being started or reset. I click Yes to continue.

clip_image073

The Modify server farm Settings screen appears. I review and accept the settings. I click Next to continue.

clip_image074

The Configure SharePoint Central Administration Web Application screen opens. I review and accept the settings. I record the port number 11747. I click Next to continue.

clip_image076

The Completing the SharePoint Products Configuration Wizard screen opens. I review and accept the settings. I click Next to continue.

clip_image077

The SharePoint product is configuring …

clip_image078

The Configuration Successful screen is displayed. I click Finish to close the screen.

clip_image079

Welcome Wizard

The Central Administration page begins to load. A Windows Security prompt appears. I login with the sp_install credentials. I leave Remember my credentials unchecked and click OK.

clip_image080

The web page continues to load. The Help Make SharePoint Better screen appears. I click No and OK to continue.

clip_image082

The Welcome page is displayed. I click Cancel. I can always restart the Welcome Wizard from the Central Administration screen later.

The Central Administration webpage is displayed.

clip_image084

Creating Service Apps with PowerShell Scripts

I am going to run some PowerShell scripts to create the State Service Application and the Usage and Health Data Collection application. These came from a presentation that Todd Klindt made at the SharePoint Technical Conference in San Francisco.

Click on the Windows button on your keyboard.

Right-click on the SharePoint 2013 Management Shell on the Start workspace

clip_image056[1]

Click on Run as administrator.

Click on Yes in the User Account Control window.

clip_image057[1]

The SharePoint Management Shell window opens in the workspace.

clip_image059[1]

Copy and paste the following text into the SharePoint 2013 Management Shell window. Make sure to remove any empty lines.

New-SPStateServiceApplication -Name “State Service Application”

Get-SPStateServiceApplication| New-SPStateServiceApplicationProxy -defaultproxygroup

Get-SPStateServiceApplication| New-SPStateServiceDatabase -Name “State_Service_DB”

Get-spdatabase| where-object {$_.type -eq”Microsoft.Office.Server.Administration.StateDatabase”} | initialize-spstateservicedatabase

New-SPUsageApplication -Name “Usage and Health Data Collection”

$proxy = Get-SPServiceApplicationProxy| where {$_.TypeName-eq”Usage and Health Data Collection Proxy”}

$proxy.Provision()

You may have to click Enter on the keyboard to get the last command to run, too. It runs successfully as seen below.

image

You can validate that the applications are created by opening the Central Administration web page and clicking on Manage service applications in the Application Management section. You should see the new service applications listed by name.

clip_image086

The accounts that I use for the Search service (SP_Search), the Search Admin Web Service application pool (SP_Crawl), and the Search Query and Site Settings Web Service application pool (SP_Search) must be registered as managed accounts in SharePoint Server 2013 so that they are available when I create the Search service application. I used the procedure defined at this site (http://technet.microsoft.com/en-us/library/gg502597.aspx) to register each of these accounts as a managed account.

I see the Managed Accounts screen displayed as below when completed.

image

Next, I will create the Search Service Application and topology.

RHR (2012/04/25): I tried running a PowerShell script to do so that I downloaded the PowerShell script from http://melcher.it/2012/07/sharepoint-2013-create-a-search-service-application-and-topology-with-powershell/.

I modified the applicable parameters. It worked once for me; but I have since received errors every time that I run it.

I read a blog posting here that suggested installing Windows Updates. So I did so. But it still failed to run. So I decided to install using Central Administration.

I click on New \ Search Service Application in Manage Service Applications.

image

The Create New Search Service Application screen appears. I update the Service Application name and validate that the contoso\sp_crawl user account is selected.

image

I scroll down and select Create new application pool and enter the Application pool name as seen below.

image

I select Configurable for the security account and select contoso\sp_crawl. I then click on use existing application pool and select the Search App Pool.

image

I select Configurable for the security account for the application pool and select contoso\sp_crawl.

image

I click OK to continue. The Create New Search Service Application screen appears.

image

Upon completion, a message appears stating “created successfully.

image

I validate a few items to ensure the actions completed successfully.

I open the Microsoft SQL Server Management Studio application on server2012sql and expand the Object Explorer to see the Databases.

I see four Search databases created. Sadly, they do not have the nice, clean names like I would be able to create if the PowerShell scripts worked.

image

I open Central Administration on the server2012sp server and click on Application Management. I then click on Manage Service Applications. I can see the Search Administration Web Service for Search SA and the Search SA service applications.

image

I open Central Administration on the server2012sp server and click on General Application Settings. I then click on Farm Search Administration.

clip_image094

I can see that the Search Service App service application is created.

image

I click on Search Service App to review the Administrative status. I see that it is not able to connect.

image

I scroll down and review the Search Application Topology and the list of databases. These match what I saw listed on the SQL Server.

image

I click on Central Administration \ Manage services on server.

image

I scroll down to see that all of the Search services are started.

image

Next I want configure crawling. I click on Content Sources on the left navigation.

clip_image103

The Search SA: Manage Content Sources screen appears.

image

I click on Local SharePoint sites and click on Edit in the drop down list.

image

The Edit Content Source screen appears. I enter http://server2012sp in the Type start addresses below field.

clip_image109

I click Create Schedule under Incremental Crawl.

clip_image110

I configure the schedule in the Manage Schedules screen as seen below. I click OK to continue.

clip_image112

I click Create Schedule under Full Crawl. I configure the schedule in the Manage Schedules screen as seen below. I click OK to continue.

clip_image114

The Crawl Schedules appear as seen below. I click OK to close the Edit Content Source screen.

clip_image116

I click on Local SharePoint sites and Start Full Crawl on the drop down list.

image

A Message from webpage appears. I click OK to accept and continue.

clip_image119

The crawling starts.

clip_image120

I refresh the screen by clicking on Refresh and see that the crawling process is still crawling. I can also see when the next full crawl is scheduled to run. I also have options to stop or pause all crawls.

clip_image122

I refresh the screen by clicking on Refresh and see that the crawling process is completing.

clip_image124

I refresh the screen by clicking on Refresh and see that the crawling process is idle.

clip_image126

I click on Crawl Log on the left side navigation and I can see the last crawl log entry. Note that there is a 1 under Successes. I conclude that my first full crawl was completed successfully.

image

Creating New Web Application with PowerShell Script

I am going to run a PowerShell script to create a new web application. The script came from the following site: http://blogs.msdn.com/b/rcormier/archive/2012/09/01/how-to-create-sharepoint-web-applications-with-powershell.aspx.

The accounts (contoso\sp_webapp, contoso\sp_superreader, and contoso\sp_superuser) that I use for the web application must be registered as managed accounts in SharePoint Server 2013 so that they are available when I create the application. I used the procedure defined at this site (http://technet.microsoft.com/en-us/library/gg502597.aspx) to register each of these accounts as a managed account.

I see the Managed Accounts screen displayed as below when completed.

clip_image130

Run the SharePoint 2013 Management Shell as administrator.

Copy and paste the following text into a Notepad file on the server2012sp server. I modified the Script Variables for my SharePoint configuration.

Or you can download a Word document containing the script and store it in a ps1 file. CreateWebApplication

   1:  $ver = $host | select version if ($ver.Version.Major -gt 1) {$Host.Runspace.ThreadOptions = "ReuseThread"} 
   2:  Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
   3:  Import-Module WebAdministration -ErrorAction SilentlyContinue
   4:  ##
   5:  #This Script Creates SharePoint Web Applications
   6:  ##
   7:  ##
   8:  #Load Script Variables
   9:  ##
  10:  Write-Progress -Activity "Creating Web Application" -Status "Creating Script Variables"
  11:  #This is the Web Application URL
  12:  $WebApplicationURL = "http://server2012sp"
  13:  #This is the Display Name for the SharePoint Web Application
  14:  $WebApplicationName = "Contoso Web Application"
  15:  #This is the Content Database for the Web Application
  16:  $ContentDatabase = "Contoso_ContentDB"
  17:  #This is the Display Name for the Application Pool
  18:  $ApplicationPoolDisplayName = "Contoso App Pool"
  19:  #This is identity of the Application Pool which will be used (Domain\User)
  20:  $ApplicationPoolIdentity = "contoso\sp_webapp"
  21:  #This is the password of the Application Pool account which will be used
  22:  $ApplicationPoolPassword = "pass@word1"
  23:  #This is the Account which will be used for the Portal Super Reader Account
  24:  $PortalSuperReader = "contoso\sp_superreader"
  25:  #This is the Account which will be used for the Portal Super User Account
  26:  $PortalSuperUser = "contoso\sp_superuser"
  27:  ##
  28:  #Begin Script
  29:  ##
  30:  $AppPoolStatus = $False
  31:  Write-Progress -Activity "Creating Web Application" -Status "Checking if Web Application Already Exists"
  32:  if(get-spwebapplication $WebApplicationURL -ErrorAction SilentlyContinue)
  33:  {
  34:  #If a web application with the specifid URL already exists, exit
  35:  Write-Progress -Activity "Aborting Web Application Creation" -Status "Web Application with URL $WebApplication Already Exists"
  36:  Write-Host "Aborting: Web Application $WebApplicationURL Already Exists" -ForegroundColor Red
  37:  sleep 5
  38:  }
  39:  else
  40:  {
  41:  Write-Progress -Activity "Creating Web Application" -Status "Checking if Application Pool Already Exists"
  42:  #Check to see if the specified application pool alrady exists. If it exists, use the existing app pool
  43:  if($AppPool = Get-SPServiceApplicationPool $ApplicationPoolDisplayName -ErrorAction SilentlyContinue)
  44:  {
  45:  Write-Progress -Activity "Creating Web Application" -Status "Re-Using Existing SharePoint Application Pool"
  46:  Set-Variable -Name AppPoolStatus -Value "IsSharePoint" -scope "script"
  47:  }
  48:  else
  49:  {
  50:  if((Test-Path IIS:\AppPools\$ApplicationPoolDisplayName).tostring() -eq "True")
  51:  {
  52:  Write-Progress -Activity "Creating Web Application" -Status "Application Pool with name $ApplicationPoolDisplayName exists and is not used by SharePoint"
  53:  Set-Variable -Name AppPoolStatus -Value "IsNotSharePoint" -scope "script"
  54:  }
  55:  }
  56:  if($AppPoolStatus -eq "IsNotSharePoint")
  57:  {
  58:  Write-Host "Aborting: Application Pool $ApplicationPoolDisplayName already exists on the server and is not a SharePoint Application Pool" -ForegroundColor Red
  59:  Write-Progress -Activity "Creating Web Application" -Status "Aborting: SharePoint Cannot use the specified Application Pool"
  60:  }
  61:  elseif($AppPoolStatus -eq "IsSharePoint")
  62:  {
  63:  #Check to see if the URL starts with HTTP or HTTPS. This can be used to determine the appropriate host header to assign
  64:  if($WebApplicationURL.StartsWith("http://"))
  65:  {
  66:  $HostHeader = $WebApplicationURL.Substring(7)
  67:  $HTTPPort = "80"
  68:  }
  69:  elseif($WebApplicationURL.StartsWith("https://"))
  70:  {
  71:  $HostHeader = $WebApplicationURL.Substring(8)
  72:  $HTTPPort = "443"
  73:  }
  74:  Write-Progress -Activity "Creating Web Application" -Status "Application Pool $ApplicationPoolDisplayName Already Exists, Using Existing Application Pool"
  75:  #Grab the existing application pool, assign it to the AppPool variable
  76:  Set-Variable -Name AppPool -Value (Get-SPServiceApplicationPool $ApplicationPoolDisplayName) -scope "script"
  77:  Write-Progress -Activity "Creating Web Application" -Status "Creating Web Application $WebapplicationURL"
  78:  #Create a new web application using the existing parameters, assign it to the WebApp variable such that object cache user accounts can be configured
  79:  $WebApp = New-SPWebApplication -ApplicationPool $ApplicationPoolDisplayName -Name $WebApplicationName -url $WebApplicationURL -port $HTTPPort -DatabaseName $ContentDatabase -HostHeader $hostHeader
  80:  Write-Progress -Activity "Creating Web Application" -Status "Configuring Object Cache Accounts"
  81:  #Assign Object Cache Accounts
  82:  $WebApp.Properties["portalsuperuseraccount"] = $PortalSuperUser
  83:  $WebApp.Properties["portalsuperreaderaccount"] = $PortalSuperReader
  84:  Write-Progress -Activity "Creating Web Application" -Status "Creating Object Cache User Policies for Web Application"
  85:  #Create a New Policy for the Super User
  86:  $SuperUserPolicy = $WebApp.Policies.Add($PortalSuperUser, "Portal Super User Account")
  87:  #Assign Full Control To the Super User
  88:  $SuperUserPolicy.PolicyRoleBindings.Add($WebApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl))
  89:  #Create a New Policy for the Super Reader
  90:  $SuperReaderPolicy = $WebApp.Policies.Add($PortalSuperReader, "Portal Super Reader Account")
  91:  #Assign Full Read to the Super Reader
  92:  $SuperReaderPolicy.PolicyRoleBindings.Add($WebApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullRead))
  93:  Write-Progress -Activity "Creating Web Application" -Status "Updating Web Application Properties"
  94:  #Commit changes to the web application
  95:  $WebApp.update()
  96:  }
  97:  else
  98:  {
  99:  Write-Progress -Activity "Creating Web Application" -Status "Creating Application Pool"
 100:  #Since we have to create a new application pool, check to see if the account specified is already a managed account
 101:  if(get-spmanagedaccount $ApplicationPoolIdentity)
 102:  {
 103:  #If the specified account is already a managed account, use that account when creating a new application pool
 104:  Set-Variable -Name AppPoolManagedAccount -Value (Get-SPManagedAccount $ApplicationPoolIdentity | select username) -scope "Script"
 105:  Set-Variable -Name AppPool -Value (New-SPServiceApplicationPool -Name $ApplicationPoolDisplayName -Account $ApplicationPoolIdentity) -scope "Script"
 106:  }
 107:  else
 108:  {
 109:  #If the specified account is not already a managd account create a managed account using the credentials provided
 110:  $AppPoolCredentials = New-Object System.Management.Automation.PSCredential $ApplicationPoolIdentity, (ConvertTo-SecureString $ApplicationPoolPassword -AsPlainText -Force)
 111:  Set-Variable -Name AppPoolManagedAccount -Value (New-SPManagedAccount -Credential $AppPoolCredentials) -scope "Script"
 112:  #Create an application pool using the new managed account
 113:  Set-Variable -Name AppPool -Value (New-SPServiceApplicationPool -Name $ApplicationPoolDisplayName -Account (get-spmanagedaccount $ApplicationPoolIdentity)) -scope "Script"
 114:  }
 115:  #Check to see if the URL starts with HTTP or HTTPS. This can be used to determine the appropriate host header to assign
 116:  if($WebApplicationURL.StartsWith("http://"))
 117:  {
 118:  $HostHeader = $WebApplicationURL.Substring(7)
 119:  $HTTPPort = "80"
 120:  }
 121:  elseif($WebApplicationURL.StartsWith("https://"))
 122:  {
 123:  $HostHeader = $WebApplicationURL.Substring(8)
 124:  $HTTPPort = "443"
 125:  }
 126:  Write-Progress -Activity "Creating Web Application" -Status "Creating Web Application $WebapplicationURL"
 127:  #Create a new web application using the existing parameters, assign it to the WebApp variable such that object cache user accounts can be configured
 128:  $WebApp = New-SPWebApplication -ApplicationPool $AppPool.Name -ApplicationPoolAccount $AppPoolManagedAccount.Username -Name $WebApplicationName -url $WebApplicationURL -port $HTTPPort -DatabaseName $ContentDatabase -HostHeader $hostHeader
 129:  Write-Progress -Activity "Creating Web Application" -Status "Configuring Object Cache Accounts"
 130:  #Assign Object Cache Accounts
 131:  $WebApp.Properties["portalsuperuseraccount"] = $PortalSuperUser
 132:  $WebApp.Properties["portalsuperreaderaccount"] = $PortalSuperReader
 133:  Write-Progress -Activity "Creating Web Application" -Status "Creating Object Cache User Policies for Web Application"
 134:  #Create a New Policy for the Super User
 135:  $SuperUserPolicy = $WebApp.Policies.Add($PortalSuperUser, "Portal Super User Account")
 136:  #Assign Full Control To the Super User
 137:  $SuperUserPolicy.PolicyRoleBindings.Add($WebApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl))
 138:  #Create a New Policy for the Super Reader
 139:  $SuperReaderPolicy = $WebApp.Policies.Add($PortalSuperReader, "Portal Super Reader Account")
 140:  #ASsign Full Read to the Super Reader
 141:  $SuperReaderPolicy.PolicyRoleBindings.Add($WebApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullRead))
 142:  Write-Progress -Activity "Creating Web Application" -Status "Updating Web Application Properties"
 143:  #Commit changes to the web application
 144:  $WebApp.update()
 145:  }
 146:  }

I save the file with the filename CreateWebApplication.ps1.

I right-clicked on the Windows PowerShell icon on the taskbar and clicked on Run ISE as Administrator.

clip_image131

The Administrator: Windows PowerShell ISE window opens. I click on File \ Open

clip_image133

I click on the CreateWebApplication.ps1 file and click Open. The script opens in the workspace.

clip_image135

I click on the Run Script icon.

clip_image137

The script ran with a single warning displayed.

clip_image139

I validate that the web application was created by opening the Central Administration web page and clicking on Manage web applications in the Web Applications section. You should see the new web application listed by name.

clip_image141

I select the Contoso Web Application and click on User Policy. The Policy for Web Application screen is displayed. I review the displayed accounts and permissions. I click OK to close the screen.

clip_image142

I will validate that the database for the web application was created by opening the Central Administration web page and clicking on Manage content databases in the Databases section. You should see the new database listed by name.

clip_image144

I also check that the database is created in SQL Server Management Studio on my SQL Server.

image

Conclusion

There is more that I can do; but I am going to end here. I set out and accomplished what I wanted to do. All three servers are operational. I have a new SharePoint 2013 environment that is a much better match for what I would see in a production environment. I could always squeeze in another server if I need an App Server or independent Search Server. I will do my best to keep track of any issues that come up and blog about them.

I will make corrections in these blog entries as needed. I already made a few corrections that pertained to problems with some PowerShell scripts that I ran.

There are certainly several blogs that have details on SharePoint 2013 installations. I hope that the details that I included help anyone interested.

As a reminder, I am separating the details into four blog posts:

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4

Installing and Configuring the Windows Domain Controller: Part 2 of 4

Installing and Configuring SQL Server 2012: Part 3 of 4

Installing and Configuring SharePoint 2013: Part 4 of 4

Installing and Configuring SQL Server 2012: Part 3 of 4

This bog entry provides the details on installing and configuring SQL Server 2012 Standard on a Windows 2012 server. I have installed SQL Server many times over the years. This time I separated the installation onto two virtual disk drives.

This is a copy of the blog post that I originally posted here:

Installing and Configuring SQL Server 2012: Part 3 of 4

As a reminder, I am separating the details into four blog posts:

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4
Installing and Configuring the Windows Domain Controller: Part 2 of 4
Installing and Configuring SQL Server 2012: Part 3 of 4

Installing and Configuring SharePoint 2013: Part 4 of 4

I setup another VMWare virtual machine for SQL Server 2012. I plan to configure it as below.

SQL Server

  • Windows Server 2012
  • SQL Server 2012 Standard SP1
  • Memory: 8GB RAM
  • CPU: 4
  • Drive: 1x80GB, 1x40GB
  • IP Address: 192.168.67.12
  • Domain: contoso.com
  • Name: server2012sql
  • Target Drive: 2 (OS and SQL Server install)
  • Target Drive: 1 (Database install)

Note the following in the Virtual Machine Settings. I set up one processor with four cores.

clip_image002

Add a Second Hard Disk

I set up a second Hard Disk by clicking on Add… at the bottom of the Virtual Machine Settings screen. The Add Hardware Wizard screen appears. I select Hard Disk and click Next.

clip_image003

I click Create a new virtual disk in the Select a Disk screen and click Next.

clip_image004

I leave the settings in the Select a Disk Type screen as is and click Next.

clip_image005

I change the Maximum disk size to 40.0 in the Specify Disk Capacity screen and click Next to continue.

clip_image006

I specify the location and filename for the virtual disk file in the Specify Disk File screen. I click Finish to continue.

clip_image007

I click OK to close the Virtual Machine Settings screen. I want to restart the server to apply the changes. I click on Local Server.

clip_image008

I click on Tasks and select Shut Down Local Server.

clip_image009

I select Restart on the What do you want the computer to do? drop down list. I change the option to Hardware: Installation (Planned), add a comment, and click OK to continue.

clip_image010

The server restarts. I logon with the local Admin account. I click on Tools \ Computer Management to finish adding the second disk.

clip_image011

The Computer Management screen appears. I click on Storage \ Disk Management.

clip_image013

I right-click on Disk 1 and select Online.

clip_image014

The status of the drive changes to “Not Initialized”.

clip_image015

I right-click again and select Initialize Disk.

clip_image016

The Initialize Disk screen appears. I leave the settings as is and click OK to continue.

clip_image017

The status of the drive changes to Online.

clip_image018

I right-click on the drive and select New Simple Volume.

clip_image019

The New Simple Volume Wizard screen appears. I click Next to continue.

clip_image020

I leave the settings in the Specify Volume Size screen as is and click Next to continue.

clip_image021

I leave the settings in the Assign Drive Letter or Path as is and click Next to continue.

clip_image022

I change the Volume Label in the Format Partition screen and click Next to continue.

image

I click Finish in the Completing the New Simple Volume Wizard screen.

clip_image023

The second hard disk appears in the list.

clip_image025

I close the Computer Management screen.

Change the Server Name and the IP Address

I want to change the server name and IP address. I click on Local Server.

clip_image026

I click on the displayed computer name and the System Properties appears.

clip_image027

I click on Change and the Computer Name / Domain Changes dialog box is displayed. I update the computer name as displayed below. I click OK to continue. I will update the domain later.

Computer name: server2012sql

clip_image028

I click OK when asked to restart the computer.

clip_image029

I click on Close to close the Systems Properties screen.

clip_image030

I click on Restart Now.

clip_image031

The computer immediately restarts. I confirm that the computer name has changed.

clip_image032

I click on the Ethernet setting to change the IP address.

clip_image033

The Network Connections screen is displayed.

clip_image034

I double-click on the Ethernet icon and the Ethernet Status window is displayed.

clip_image035

I click on Properties and the Ethernet Properties dialog box is displayed.

clip_image036

I click on Internet Protocol Version 4 and Properties. I select Use the following IP address and enter the IP address displayed below. Note that I added the Domain Controller server as the preferred DNS server address and I added the IP address of my home router as the alternate DNS server. I click OK to accept the changes and continue.

clip_image037

I click Close to close the Ethernet Properties dialog box.

I click Close to close the Ethernet Status dialog box.

I close the Network Connections window and I am returned to the Local Server dashboard. I can see that my change is applied.

clip_image038

I click on WORKGROUP in the Properties display.

clip_image039

The System Properties screen is displayed again.

clip_image040

I click on Change… and the Computer Name / Domain Changes screen is displayed. I select Domain and enter contoso.com. I click OK to continue.

clip_image041

The Windows Security screen appears. I enter the Administrator account on the domain controller and click OK to continue.

clip_image042

A Welcome screen appears. I click OK to close the screen.

clip_image043

I click OK to restart the computer.

clip_image044

The System Properties screen shows the updated Domain. I click Close to close the System Properties screen.

clip_image045

I can see that the Local Server properties is also updated.

clip_image046

I click Restart Now on the Restart screen to restart the server.

clip_image047

The server restarts immediately. I logon with the local Admin account. I check the Local Server Properties.

clip_image048

I want to add SQL_Admin as a Local Administrator on the SQL Server. I click on Tools \ Computer Management.

The Computer Management screen opens and I select Local Users and Groups. I expand and select Groups.

clip_image050

I double-click on Administrators and the Administrators Properties screen appears.

clip_image051

I click on Add… and add Contoso\SQL_Admin to the Enter the object names to select box.

clip_image052

I click Check Names and the Windows Security screen appears. I enter the credentials for Administrator and click OK.

clip_image053

The name is validated. I click OK to continue.

clip_image054

The SQL_Admin account appears as a member of the Administrators group.

clip_image055

I click OK to close the Administrators Properties screen. I close the Computer Management screen.

Windows Firewall

I need to configure Windows Firewall to open a port for SQL Server.

I click on Domain: On beside Windows Firewall in Server Manager \ Local Server.

clip_image056

The Windows Firewall screen opens.

clip_image058

I click on Advanced Settings

clip_image059

The Windows Firewall with Advanced Security screen opens.

clip_image061

I click on Inbound Rules

clip_image062

I click on New Rule … under Actions on the right menu

clip_image063

The New Inbound Rule Wizard screen appears.

clip_image065

I select Port and click Next.

clip_image066

I keep TCP selected and enter 1433 as the local port. I click Next to continue.

clip_image067

I keep Allow the connection selected and click Next to continue.

clip_image068

I keep all of the settings on the screen and click Next to continue.

clip_image069

I enter values for Name and Description and click Finish.

clip_image070

The Inbound Rule is saved. I will create additional Inbound Rules:

Port

Description

TCP 2383

Microsoft SQL Server 2012 Analysis Services with Default instance

TCP 2382

SQL Server Browser service

TCP xxxx

SQL Server 2011 Analysis Services (if used)

TCP 80

SQL Server 2012 Reporting Services (SSRS)

TCP 135

SQL Server 2012 Integration Services (SSIS)

I close the Windows Firewall with Advanced Security screen.

I close the Windows Firewall screen.

Install SQL Server 2012

I click on VM \ Settings on the VMWare toolbar.

clip_image071

The Virtual Machine Settings screen appears.

clip_image072

I click on Add… and the Add Hardware Wizard screen appears. I click on CD\DVD Drive and click Next.

clip_image073

I select Use ISO image and click Next.

clip_image074

I browse to the ISO image (en_sql_server_2012_standard_edition_with_sp1_x64_dvd_1228198.iso) that I have for SQL Server 2012 Standard. I click Finish to continue.

clip_image075

I click OK to close the Virtual Machine Settings screen. A message appears in the top right corner of the screen. I ignore it for now (because I want to switch user accounts).

clip_image076

I click CTRL-ALT-DEL in the VMWare toolbar. I click Switch user in the screen.

clip_image077

I click Other user.

clip_image078

I enter the credentials for SQL_Admin and click the arrow.

clip_image079

I click the Libraries folder on the task bar at the bottom of the screen.

clip_image080

The Drive Tools screen appears. I select the F: drive that I just mapped to the SQL Server ISO file.

clip_image082

I double-click the setup file. The User Account Control screen appears and I click Yes to continue.

clip_image083

The installation process begins.

clip_image084

The SQL Server Installation Center screen appears.

clip_image086

I click on Installation and New SQL Server stand-alone installation ….

clip_image088

The Setup Support Rules screen opens. It shows that all rules passed. I click OK to continue.

clip_image090

The Product Key screen is displayed, I enter a product key, and I click Next to continue.

clip_image092

The License Terms screen is displayed. I click on I accept the license terms and click Next to continue.

clip_image094

I see two recommended product updates on the Product Updates screen. I click Next to continue.

clip_image096

The installation process continues.

clip_image097

A message box appeared during the installation. I clicked OK to close it and continue.

clip_image098

Another message briefly appeared and then closed.

clip_image099

The Setup Support Rules screen lists warnings. There is one warning about Windows Firewall; but I already made the required changes. I click Next to continue.

clip_image101

The Setup Role screen appears. I leave the settings as is (because I want to customize and configure). I click Next to continue.

clip_image103

The Feature Selection screen appears. I select the following Microsoft SQL Server 2012 features for a fast SQL Server setup :

  • Database Engine Services
  • Client Tools Connectivity
  • Client Tools Backwards Compability
  • Management Tools – Basic

I change the directories to point to my second drive (E). I click Next to continue.

clip_image105

The Installation Rules screen appears. I click on Show Details to see the details. I click Next to continue.

clip_image107

Note: I did have a problem reported with installing Microsoft .NET Framework 3.5 one time. I did not get the problem again when I added my home router as the second DNS server in the IP address configuration. So I think the solution is to have an Internet connection available to the Windows 2012 Server.

The Instance Configuration screen opens. I change the Instance root directory to point to the second drive (E). I click Next to continue.

clip_image109

The Disk Space Requirements screen displays the disk summary. I know that I have plenty of disk space (for now). I click Next to continue.

clip_image111

The Server Configuration screen opens. I change the settings by changing two of the account names and include the passwords. I display the Locations and Select User screens below.

clip_image112

clip_image113

I click Next in the Server Configuration screen to continue.

clip_image115

The Database Engine Configuration screen opens. I add Contoso\SQL_Admin as a SQL Server Administrator.

clip_image116

I select Mixed Mode and enter the password for the SQL Server system administrator. I click Next in the Database Engine Configuration screen to continue.

clip_image118

The Error Reporting screen opens. I click Next to continue.

clip_image120

The Installation Configuration Rules screen opens. I click Show Details to see the details. I click Next to continue.

clip_image122

The Ready to Install screen opens. I click Install to continue.

clip_image124

The Installation Progress screen opens and the installation process begins.

clip_image125

As a side note, my Lenovo ThinkPad looks like it is working for a change.

clip_image126

The Complete screen appears. The status of every feature is Succeeded. I click Close and the screen closes.

clip_image128

I close the SQL Server Installation Center screen.

I click on the Windows Start button on the keyboard. I can see new icons for SQL Server programs. I click on the [ESC] key on the keyboard.

clip_image130

Max Degree of Parallelism Setting

I need to change the setting for max degree of parallelism. I click on the SQL Server Management icon.

clip_image131

SQL Server Management Studio starts up. The Connect to Server screen is displayed. I click Connect.

clip_image132

The Object Explorer pane shows the SQL Server listed.

clip_image133

I right click on the SQL Server SERVER2012SQL and select Properties.

clip_image134

The Server Properties screen appears.

clip_image136

In the Select a page section, I click Advanced. I scroll to the bottom and change the Max Degree of Parallelism value from 0 to 1. I click OK to continue. I keep the Microsoft SQL Server Management Studio screen open for the next step.

clip_image138

SQL Permissions for sp_install

I need to set the following roles on the SQL Server for sp_install:

  • DB_Creator
  • Security_Admin
  • Public

In the Object Explorer, I expand Security and Logins.

clip_image139

I right-click on Logins and select New Login.

clip_image140

The Login – New screen appears. I enter the account (CONTOSO\sp_install) that I will use for the SharePoint installation into the Login name field.

clip_image141

clip_image143

I click on Server Roles and select dbcreator and securityadmin. I keep public selected. I click OK to continue. The screen closes.

clip_image145

SQL Permissions for sp_farm

I need to set the following roles on the SQL Server for sp_farm:

  • DB_Creator
  • Security_Admin
  • Public

In the Object Explorer, I expand Security and Logins.

clip_image139[1]

I right-click on Logins and select New Login.

clip_image140[1]

The Login – New screen appears. I enter the account (CONTOSO\sp_farm) that I will use for the SharePoint farm administrator into the Login name field.

clip_image147

I click on Server Roles and select dbcreator and securityadmin. I keep public selected. I click OK to continue. The screen closes.

clip_image145[1]

I close the Microsoft SQL Server Management Studio screen.

This concludes the installation and configuration of SQL 2012 Server.

As a reminder, I am separating the details into four blog posts:

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4

Installing and Configuring the Windows Domain Controller: Part 2 of 4

Installing and Configuring SQL Server 2012: Part 3 of 4

Installing and Configuring SharePoint 2013: Part 4 of 4

 

Installing and Configuring the Windows Domain Controller: Part 2 of 4

Installing a Windows Domain Controller is a relatively easy task. I also provide a list of service accounts to create for the new environment.

This is a copy of the blog post that I originally posted here:

Installing and Configuring the Windows Domain Controller: Part 2 of 4

 

As a reminder, I am separating the details into four blog posts:

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4
Installing and Configuring the Windows Domain Controller: Part 2 of 4
Installing and Configuring SQL Server 2012: Part 3 of 4

Installing and Configuring SharePoint 2013: Part 4 of 4

 

I downloaded Windows Server 2012 (64-bit) from MSDN. I plan to perform the following tasks

  • Install operating system
  • Add Active Directory Domain Services (ADDS)
  • Add DNS
  • Add domain groups and users

I create a custom Virtual Machine in VMWare Workstation. I click on Create a New Virtual Machine.

clip_image001

I click Next to continue.

clip_image002

The New Virtual Machine Wizard screen is displayed. I click Next to continue.

clip_image003

I select the Installer disc image file (iso) and select the Windows Server 2012 iso file. I click Next to continue.

clip_image004

I enter the Windows product key, select Server 2012 Standard, enter Admin in the Full Name field and a password: pass@word1. I click Next to continue.

clip_image005

I enter the Virtual machine name and Location. I click Next to continue.

clip_image006

I keep the Processor Configuration settings as is and click Next.

clip_image007

I change the memory setting to 1024 and click Next.

image

I select Use host-only networking and click Next.

clip_image008

I keep the Controller Type settings as is and click Next.

clip_image009

The Select a Disk screen appears. I want to Create a new virtual disk and click Next.

clip_image010

I keep SCSI selected and click Next.

clip_image011

I change the Maximum disk size to 32.0 and keep the Split virtual disk into multiple files setting. I click Next.

clip_image012

I update the Disk File setting and click Next.

clip_image013

I click Customize Hardware on the Ready to Create Virtual Machine and remove the Floppy and Printer devices.

clip_image015

I click on the Network Adapter and change the Network Connection setting to Custom and select VMnet8 (NAT) in the drop down list. I click Close to continue.

clip_image016

I click Finish in the Ready to Create Virtual Machine window.

clip_image017

I close the Removable Devices window by clicking OK.

clip_image018

Installation continues until the operating system is installed. The server reboots and the Server Manager \ Dashboard is displayed.

clip_image020

clip_image022

Change the Server Name and the IP Address

I want to change the server name and IP address. I click on Local Server.

clip_image023

I click on the displayed computer name and the System Properties screen appears.

clip_image024

I click on Change and the Computer Name / Domain Changes dialog box is displayed. I update the computer name as displayed below. I click OK to continue. I will update the domain later.

Computer name: server2012dc

clip_image025

I click OK when asked to restart the computer.

clip_image026

I click on Close to close the Systems Properties.

clip_image027

I click on Restart Now.

clip_image028

The computer immediately restarts. I confirm that the computer name has changed.

clip_image029

I click on the Ethernet setting to change the IP address.

clip_image030

The Network Connections screen is displayed.

clip_image031

I double-click on the Ethernet icon and the Ethernet Status window is displayed.

clip_image032

I click on Properties and the Ethernet Properties dialog box is displayed.

clip_image033

I click on Internet Protocol Version 4 and Properties. I select Use the following IP address and enter the IP address displayed below. I click OK to accept the changes and continue.

clip_image034

I click Close to close the Ethernet Properties dialog box.

I click Close to close the Ethernet Status dialog box.

I close the Network Connections window and I am returned to the Local Server dashboard.

I click on Tasks \ Refresh to update the dashboard.

image

I can see that my change is applied.

clip_image035

Active Directory Domain Services

I want to add AD DS now. I click on the Dashboard link on the left.

clip_image036

I click on “2 Add roles and features”

clip_image037

The Add Roles and Features Wizard opens. I just set the static IP address. I click Next to continue.

clip_image039

I keep the Role-based … selection and click Next

clip_image041

I make no changes to the next screen and click Next

clip_image043

I click on Active Directory Domain Services in the Add Roles and Features Wizard.

clip_image045

A new screen appears immediately. I click Add Features to continue.

clip_image046

I click Next on the Add Roles and Features Wizard to continue. The Select Features screen has Group Policy Management pre-selected. I click Next to continue.

clip_image048

The Active Directory Domain Services screen displays notes. I click Next to continue.

clip_image050

The Confirm installation sections screen appears.

clip_image052

I click on the Restart checkbox and a confirmation dialog box appears. I click Yes to continue.

clip_image053

I click Install on the Confirm Installation selections screen. The Feature installation shows the progress.

clip_image054

I click Close after seeing that installation succeeded.

clip_image055

An AD DS box appears on the Dashboard

clip_image057

Promote Server to Domain Controller

I want to promote the server to a domain controller next. I click on the flag with the warning triangle. A Post-deployment Configuration list appears.

clip_image058

I click on Promote this server to a domain controller. The Active Directory Domain Services Configuration Wizard appears.

clip_image060

I change the deployment operation to Add a new forest and enter contoso.com as the root domain name. I click Next to continue.

clip_image061

I enter a DSRM password in the next screen. I leave the rest of the settings as is and click Next to continue.

clip_image063

A warning is displayed on the DNS Options page.

clip_image065

A DNS Options warning box also appears. I click OK to continue.

clip_image066

I click Next on the DNS Options screen to continue. The Additional Options screen verifies the NetBIOS domain name. I click Next to continue.

clip_image068

I do not change the path settings in the Path screen. I click Next to continue.

clip_image070

I review the options on the Review Options screen. I click Next to continue.

clip_image070[1]

The Review Options screen is displayed. I do not have plans of running the scripts with PowerShell. I click Next to continue.

clip_image072

The Prerequisites Check runs. Unfortunately, one or more prerequisites fails.

clip_image074

I need to set a strong password for the local Administrator account. I click on Tools \ Computer Management.

clip_image075

The Computer Management windows opens. I click on Local Users and Groups.

clip_image077

I double-click on Users and the list of user accounts is displayed.

clip_image079

I right-click on Administrator and select Set Password….

clip_image080

The Set Password for Administrator dialog box is displayed. I click Proceed to continue.

clip_image081

I enter the password in both password fields in the next screen. I click OK to continue.

clip_image082

I receive a confirmation that the password is set. I click OK to close the confirmation window.

clip_image083

I close the Computer Management window and return to the AD DS Configuration Wizard. I click Rerun prerequisites check.

clip_image084

The prerequisites check passed successfully this time.

clip_image086

I click Install to continue. The process starts …

clip_image087

Installation continues with status updates displayed.

clip_image088

The server automatically restarts.

clip_image090

The server restarts. I logon with the local Admin account. The Dashboard shows the new AD DS and DNS roles.

clip_image092

I can also see the new components available under the Tools menu.

clip_image093

Service Accounts

I will install the service accounts as listed on http://www.toddklindt.com/SP2013ServiceAccounts. I also plan to install some additional service accounts as listed on http://www.absolute-sharepoint.com/2013/01/sharepoint-2013-service-accounts-best.html. I really like the details provided in both blog entries. I changed the table format to follow what was in Todd’s blog.

The Account permissions and security settings in SharePoint 2013 document (link) provides a detailed list of all of the permissions and security settings automatically added to accounts during the various installation processes.

Service Accounts Needed for a Base Install of SharePoint 2013

Account name

Role

Domain rights

Local SharePoint Server rights needed

SQL rights needed

sp_install

Used to install SharePoint binaries.

Domain User

Local administrator on all SharePoint servers (but not on SQL Server)

public, dbcreator, and securityadmin SQL roles. Need to be SysAdmin on SQL when installing the Workflow Manager

sp_farm

Farm account. Used for Windows Timer Service, Central Admin and User Profile service

Domain User

Local administrator on all SharePoint servers (but not on SQL Server)

public, dbcreator, and securityadmin SQL roles. Need to be SysAdmin on SQL when installing the Workflow Manager

sp_webapp

App pool id for content web apps

Domain User

None

None

sp_serviceapps

Service app pool id

Domain User

None

None

sp_userprofile

Account used by the User Profile services to access Active Directory

Must have Replicating Change permissions to AD. Must be given in BOTH ADUC and ADSIEDIT. If domain is Windows 2003 or early, must also be a member of the “Pre-Windows 2000” built-in group.

None

None

sp_superuser

Cache account

Domain User

Web application Policy Full Control

Web application super account setting

None

sp_superreader

Cache account

Domain User

Web application Policy Full read

Web application super reader account setting

None

sp_MySitePool

Used for the My Sites Web Application

Domain User

This account must not be a member of the Farm Administrators group.

None

Accounts Required for SQL Server
The security benefit here is that the account running the Agent and Database Engine services is not a local administrator anymore.
Name Role Domain rights Local SharePoint Server rights needed SQL rights needed
SQL_Admin SQL Admin on the SQL Server. Used to Install the SQL Server. Domain User None Local Administrator on the SQL Server
SQL_Services It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT. Domain User None Will be given necessary permissions when SQL Server is installed by a local administrator on the SQL box
Accounts Required for Search

Instead of letting The sp_content account runs both the Windows Service and have FULL-READ rights on all the web applications, the SP_Search will now run the Windows Service and the SP_Crawl account has the FULL-READ rights for crawling.

Name

Role

Domain rights

Local SharePoint Server rights needed

SQL rights needed

SP_Crawl

The Default Content Access Account for the Search Service Application

Domain User

None

None

SP_Search

Service Account to run the SharePoint Search “Windows Service”

Domain User

None

None

Accounts Required for Optional Components
Account name

Role

Domain rights

Local SharePoint Server rights needed

SQL rights needed

sql_ssas

Account that we run the SQL Server Analysis Service services as

Domain User

None

db_datareader on databases

sp_excel

Excel services unattended account.

Domain User

None

None

sp_pps

PerformancePoint Unattended account

Domain User

None

None

sp_accsvc

Access Services. Used to create all Access databases in SQL and the service account running the service app pool for the Access Service Application

Domain User

None

db_owner, public, and securityadmin

sp_workflow

The RunAs account for the Workflow Manager service

Domain User

None

None

I create all accounts in the Active Directory Users and Computers screen in the same manner. I have “Users” pre-selected.

clip_image095

I right-click in the right pane and select New \ User. I enter the details as seen in the screen below.

clip_image096

I click on Next to continue.

clip_image097

I click on Next to continue.

clip_image098

I click on Finish to continue. The New Object screen closes. I can then double-click on the new user object and edit all of the properties. For example, I can add a description.

clip_image099

I click OK to close the window. The end result looks like below.

clip_image101

I close the Active Directory Users and Computers screen.

I click on the Windows Start button on the keyboard. I can see new icons for Active Directory and DNS programs. I click on the [ESC] key on the keyboard.

clip_image103

This ends my work on the domain controller. I will leave the virtual machine up and running.

As a reminder, I am separating the details into four blog posts:

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4

Installing and Configuring the Windows Domain Controller: Part 2 of 4

Installing and Configuring SQL Server 2012: Part 3 of 4

Installing and Configuring SharePoint 2013: Part 4 of 4

 

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4

I did an install of SharePoint 2013 on a single virtual machine last summer (2012). It works; but it has some shortcomings. A single virtual machine is not an ideal representation of a real SharePoint 2013 server environment. A three server environment provides a more realistic environment. I saw how I could create the three server environment on a more powerful laptop in a presentation at the SharePoint Technical Conference in San Francisco in March, 2013.

I also felt that I should configure the firewalls, services, and service accounts with best practices in mind. I had not done so the last time.

I still wanted to use VM Workstation to run all of the virtual machines. I don’t see a lot of demos and blogs that show how to do this. So I wanted to document the details related to VMWare as much as possible.

I also try to record every step I complete with screenshots. This makes for a long blog entry. So I split the details up into multiple blog entries. On the other hand, I am not showing every problem that I encountered. Some are just simple typos or I tried something that did not work. I just fix these and move on. Basically, I am showing what worked and sometimes I note where I encountered a significant problem and my solution. I’m also posting all images in original size.

This is a copy of the blog post that I originally posted here:

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4

I am separating the details into four blog posts:

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4

Installing and Configuring the Windows Domain Controller: Part 2 of 4

Installing and Configuring SQL Server 2012: Part 3 of 4

Installing and Configuring SharePoint 2013: Part 4 of 4

 

Hardware and Software

I am installing the environment on a Lenovo ThinkPad W530 laptop (Machine Type 2447 / Model CN4). The laptop has the following hardware specifications:

CPU Intel® Core™ i7-3820QM (3.70 GHz, 8MB L3, 1333MHz FSB)
Memory 32GB RAM (2 x Crucial CT3291640 16GB kit (8GBx2), 204-pin SODIMM)
Drive 1 256GB SDD
Drive 2 512GB SDD (replaced internal CD/DVD)
Optical Drive External CD/DVD (if needed)
SDHD Card 32GB Memory Card (if needed)
Graphics NVIDIA Quadro K1000M / Intel HD Graphics 4000 – 2 GB
Display 15.6”

This laptop is by far the most powerful computer that I have ever used. It never seems to slow down for anything. I was running another virtual machine with Windows 7 most of the time while installing and configuring the three Windows 2012 servers.

I use a second monitor from AOC (model e1649fwu) that plugs into a USB port. It has a 15.6” display and I take it with when I travel. It’s like having twice the workspace! It made writing these details and taking screenshots much easier.

I have plenty of drive space on external drives if needed. I use Acronis True Image Home 2012 for daily backups.

I have the following software installed on the laptop:

  • Windows 7 Professional SP1 (64-bit)
  • Microsoft Office 2013
  • Microsoft Project 2013
  • Microsoft Visio 2013
  • Neat v5.1 SP4
  • SnagIt 9 Editor
  • VMWare Workstation 9.0.1
  • MagicISO Virtual CD/DVD Manager
  • EditPad Lite
  • AVG 2013 Anti-Virus Free

Resources

I used several resources to assist me with this installation. As already mentioned, I did a standalone installation of SharePoint 2013 on Windows Server 2008 last summer (2012). This effort will take more planning and preparation to get it right.

Title URL
Installing and Configuring SharePoint 2013 without screwing it up (too badly) http://www.slideshare.net/SPTechConSanFrancisco/how-to-install-sharepoint-2013-without-messing-it-up-by-todd-klindt-and-shane-young-stechcon
A simple install of SQL Server 2012 for SharePoint Server 2013 or 2010 http://msmvps.com/blogs/shane/archive/2012/09/17/a-simple-install-of-sql-server-2012-for-sharepoint-server-2013-or-2010.aspx
Step-by-Step Guide for Setting Up Windows Server 2012 Domain Controller http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-windows-server-2012-domain-controller.aspx
Installation SharePoint 2013 Step by Step http://social.technet.microsoft.com/wiki/contents/articles/14209.installation-sharepoint-2013-step-by-step.aspx
Service Account Suggestions for SharePoint 2013 http://www.toddklindt.com/SP2013ServiceAccounts
SharePoint 2013 Service Accounts Best Practices Explained http://www.absolute-sharepoint.com/2013/01/sharepoint-2013-service-accounts-best.html
Account permissions and security settings in SharePoint 2013 http://technet.microsoft.com/en-us/library/cc678863.aspx

My Configuration Plan

I need to keep more files on Drive 2 as it has more disk space available. This is a bit of a balancing act to spread the load. It would be nice if both of my drives were 512GB SDDs (or larger).

Domain Controller
  • Windows Server 2012
  • Memory: 1GB RAM
  • CPU: 1
  • Drive: 1x32GB
  • IP Address: 192.168.67.11
  • Domain: contoso.com
  • Name: server2012dc
  • Target Drive: 1
SQL Server
  • Windows Server 2012
  • SQL Server 2012 Standard SP1
  • Memory: 8GB RAM
  • CPU: 4
  • Drive: 1x80GB, 1x40GB
  • IP Address: 192.168.67.12
  • Domain: contoso.com
  • Name: server2012sql
  • Target Drive: 2 (OS and SQL Server install)
  • Target Drive: 1 (Database install)
SharePoint 2013 Server
  • Windows Server 2012
  • SharePoint Server 2013
  • Memory: 8GB RAM
  • CPU: 4
  • Drive: 1x80GB
  • IP Address: 192.168.67.13
  • Domain: contoso.com
  • Name: server2012sp
  • Target Drive: 2

Installing on VMWare Workstation

I am using the default VMnet8 network within VMWare.

clip_image001

I will keep the NAT settings as is. Note that the Gateway IP address is 192.168.67.2.

clip_image002

I will keep the Auto detect available DNS Servers setting.

clip_image003

I will keep the DHCP settings as is. I plan to use static IP addresses for the servers.

clip_image004

This blog entry is the shortest of the four entries.

Installing and Configuring a Three-Server SharePoint 2013 Environment: Part 1 of 4

Installing and Configuring the Windows Domain Controller: Part 2 of 4

Installing and Configuring SQL Server 2012: Part 3 of 4

Installing and Configuring SharePoint 2013: Part 4 of 4