Using the SharePoint 2010 Wizards  95 Setup(*).log”/> <! <PIDKEY Value=”Enter Product Key Here” /> > <Setting Id=”SERVERROLE” Value=”SINGLESERVER”/> <Setting Id=”USINGUIINSTALLMODE” Value=”1”/> <Setting Id=”SETUPTYPE” Value=”CLEAN_INSTALL”/> <Setting Id=”SETUP_REBOOT” Value=”Never”/> </Configuration> This is the confi guration fi le that SharePoint uses for defaults when you run the normal GUI setup by running setup.exe. Let’s look at a couple of quick changes you can make. Look at the line that reads: <! <PIDKEY Value=”Enter Product Key Here” /> > If you remove the <! from the beginning, and the > from the end, you can add your product key and get a line like this: <PIDKEY Value=”11111-22222-33333-44444-55555” /> This might be a good idea if you are putting the fi les on a fi le share to be reused often. I also recommend changing SERVERROLE to APPLICATION in the next line so that the default is no longer Stand-Alone: <Setting Id=”SERVERROLE” Value=”APPLICATION”/> Those are little novelty tricks to save you some typing and clicking. The real power comes from customizing c:\install\files\setupsilent\config.xml. Modify this fi le with your desired SEVERROLE and PIDKEY and then pass a reference to the fi le. Now the install magic just happens. Use a line like the following at the command prompt: C:\install\setup.exe /config c:\install\files\setupsilent\config.xml If all of your settings are acceptable, the install will just run for you. It may take a couple of attempts to get everything right, but once you do you are on the road to a scripted install. One gotcha to watch out for is that the config.xml fi le is case sensitive. While there is no SharePoint 2010 reference available yet, the settings are very close to, if not exactly the same as, those used with SharePoint 2007. You can fi nd that reference at http://technet .microsoft.com/en-us/library/cc261668.aspx . USING THE SHAREPOINT 2010 WIZARDS SharePoint 2010 provides two wizards to help you get a new SharePoint farm up and running: the SharePoint Products and Technologies Confi guration Wizard (Confi g Wizard) and the Initial Farm Confi guration Wizard (Central Administration Wizard). The Confi g Wizard is used to create 96  CHAPTER 4 iNstalliNg aNd coNfigUriNg sharePoiNt 2010 a new SharePoint farm or add your server to an existing farm. The Central Admin Wizard is used to help you provision service applications. Configuration Wizard After the install finishes you are brought to the configuration wizard (which could be called the grey wizard—more on that later). This tool is responsible for helping you create or join a SharePoint farm and then configuring all of the necessary databases and files for that farm to work. Connecting to a Server Farm A SharePoint server farm is one or many SharePoint servers that share the same configuration data- base, as explained in Chapter 2. The first important decision you need to make when running the configuration wizard is whether you want to “Connect to an existing server farm” or “Create a new server farm.” More simply put, do you want to attach to an existing configuration database or create a new configuration database? If you choose to connect to an existing server farm, you are prompted to enter the SQL Server that hosts the database, after which you click Retrieve Database Names, and then you select the configura- tion database, as shown in Figure 4-5. After that you will need to enter the farm passphrase (covered a little later in this chapter) to join the farm. You will also have the opportunity to specify this server as the host for SharePoint Central Administration if you wish. FIGURE 45 With this information, the wizard can then run. It will configure the files and registry on your server with the proper settings and permissions, and add your server to the SharePoint farm and register it Using the SharePoint 2010 Wizards  97 with the appropriate databases. By default, this server will also host the web application role, so all web applications, except for Central Administration, will be created and available on this server. WHAT ABOUT DUPLICATE DATABASE NAMES? You shouldn’t encounter any database name confl icts. If you are using the same SQL Server to host multiple SharePoint farms, then you should have multiple instances of SQL Server confi gured. Avoid having two SharePoint farms using the same SQL instance; managing those databases can quickly become a nightmare, and security is very touchy. Creating a New Farm If you choose to create a new farm, the options are slightly different but similar. You will be taken to a screen to specify the Database Server and Name. It is recommended to use the default database name of SharePoint_Confi g. You will also need to enter the username and password for your server farm account. Establishing the Farm Account It is very important to assign the correct settings for the server farm account. This account needs to be part of the domain, but it only needs to be a regular user and not a domain admin. As part of the confi guration wizard, SharePoint will elevate this account’s access as necessary. It will be given the SQL Roles of dbcreator and securityadmin. The account will also be added to the following local security groups: IIS_IUSRS  Performance Log Users  Performance Monitor Users  WSS_ADMIN_WPG  WSS_RESTRICTED_WPG  WSS_WPG  The account is also given the following Local Security Policy - User Rights Assignments: Adjust memory quotas for a process  Logon as a service  Replace a process level token  The account will be used for the following Windows Services: Windows SharePoint Services Timer V4  Windows SharePoint Services User Code Host V4  98  CHAPTER 4 iNstalliNg aNd coNfigUriNg sharePoiNt 2010 Finally, the account is used for the application pool for SharePoint Central Administration, the Topology Web Service, and the Security Token Service. With all of that it is very clear that this account should be considered carefully. The Farm Passphrase In the next dialog of the Config Wizard, SharePoint prompts for the farm passphrase. The passphrase is used to secure farm communications and will have to be provided by any additional servers join- ing the farm. You should choose a reasonably strong passphrase and document it in a safe place. Recovering a lost passphrase is very difficult if not impossible. Changing the passphrase is possible after the farm is online using the Windows PowerShell cmdlet Set-SPPassPhrase. Central Administration Settings In the next screen, the Central Administration settings enable you to configure a port number and authentication method for your Central Admin web application. It is recommended that you use a port number that is easy to remember for remote administration. For authentication methods, the default is NTLM, which should be used unless you need the Central Administration web application to use Kerberos authentication; typically this is not nec- essary. Each web application has its own authentication settings, so using NTLM for Central Administration does not preclude you from using Kerberos on a different SharePoint web application. Advanced Settings—SharePoint Foundation Only The last screen of the Config Wizard enables you to confirm the settings you have chosen before committing to them. If you are doing anything other than a SharePoint Foundation install, you will see an Advanced Settings button that is grayed out. If you are doing a SharePoint Foundation install, this button is enabled. If you click the button, you are taken to the Enable Active Directory Account Creation Mode screen shown in Figure 4-6. Active Directory Account Creation Mode (ADACM) is an interesting but mostly unused feature of SharePoint. It allows your SharePoint farm to be set up to automatically create Active Directory users when you add them to SharePoint. These new accounts are created in the organizational unit (OU) specified on the screen. You can even have SharePoint e-mail a notification to users when their account is created, along with the password. This is a truly automated scenario that works very well in hosted environments. Of course, there is a down side. You cannot use existing Active Directory accounts to access SharePoint, only accounts created through this mode. So if you are deploying SharePoint in ADACM, you cannot use your existing AD account to access SharePoint. Users hate having one username and password; can you imagine telling them they need a second username and password to access SharePoint? Now you can see why this mode is not used very often. And remember, it is only available in Foundation, not Server. Using the SharePoint 2010 Wizards  99 FIGURE 46 Other Uses for the Configuration Wizard After configuration, it is typical to forget about this powerful tool, but that would be a mistake. While its main focus in life is running after setup.exe to get things squared away, it comes into play through- out the life of the server. It can be used to change the server that hosts the Central Administration site, commit patches and upgrades to the farm, and cleanly remove a server from the farm before being decommissioned. Error Handling for the Configuration Wizard If the Config Wizard encounters any errors it will fail and give you the basics of the error along with a link to the log file. In the log file, which is located in 14\logs, you will be able to trace through the full details of the error. The most common error seen at this point is related to connecting to the SQL Server, due to either network issues or security settings on the SQL Server. Central Administration Wizard SharePoint thought having the grey wizard was so cool that for 2010 it now has added a white wizard. After running the grey wizard (also known as the SharePoint Products and Technologies Configuration Wizard), Central Administration opens up the white wizard (also known as the Initial Farm Configuration Wizard). On the first page of this white wizard, you can either have SharePoint automatically provision service applications for you using default settings or choose to configure everything manually. Service applications are covered in great detail in Chapter 7. 100  CHAPTER 4 iNstalliNg aNd coNfigUriNg sharePoiNt 2010 WHAT DO THE WHITE WIZARD AND GREY WIZARD HAVE TO DO WITH ANYTHING? In the grand scheme of things… nothing. SharePoint 2010 is packed full of wizards with very similar names that do similar tasks. So in order for the authors to keep track of them they have taken to referring to them by color. The SharePoint 2010 Products and Technologies Wizard, which is also called the confi guration wizard by some, uses grey as the primary color for all of the screens while the Initial Farm Confi guration Wizard is run on pages that have white as the primary color. So the names grey wizard and white wizard were born. Also, if you are fan of the Lord of the Rings books or movies you may also recall a very similar naming situation. At the end of the day what you call the wizards are not important; keeping track of which one does what is. If you choose to have SharePoint help you confi gure your farm, you are taken to a screen where you can select an existing managed account or have the wizard create one for you, and then select which of the service applications you wish to have the wizard confi gure for you. The wizard will also create a web application at http://servername and will prompt you for what template to use for the site collection. The account you are logged in with will be made the site col- lection administrator. If you are like most users, you probably won’t use this site collection so you can safely click Skip. Managed Accounts New to SharePoint 2010 is the concept of managed accounts. With a managed account, you register a domain account with SharePoint, which stores the account and its password for reuse. Then, any time you specify an account in SharePoint—whether it is for application pools, database connections, or services—you have to select one of your managed accounts. The major upside of this is that now you have one interface for managing password changes for all of your managed accounts, unlike previous versions where password changes were a complete nightmare. Also, if you choose, you can have SharePoint handle the management of this account’s password altogether. For example; if you have a domain policy that passwords must be changed every 60 days, either you can confi gure SharePoint to notify you by e-mail so you can come into SharePoint and change the password manually or you can set SharePoint to automatically change the password in Active Directory. That way, you don’t need to remember who knows the service account passwords because only the SharePoint farm does. If you need to manually change the password for any reason, you can change it from within SharePoint using PowerShell. Working with managed accounts is covered in greater detail in Chapter 6. Error Handling for the Central Administration Wizard The Central Administration wizard also has some built-in error handling. If an individual service application fails, Central Administration will provide you with an error message listing the service app that failed, details of the failure, and a correlation ID along with a Next button. It will continue . http://technet .microsoft.com/en-us/library/cc2 6166 8.aspx . USING THE SHAREPOINT 2010 WIZARDS SharePoint 2010 provides two wizards to help you get a new SharePoint farm up and running: the SharePoint Products and Technologies. following Windows Services: Windows SharePoint Services Timer V4  Windows SharePoint Services User Code Host V4  98  CHAPTER 4 iNstalliNg aNd coNfigUriNg sharePoiNt 2010 Finally, the account is. iNstalliNg aNd coNfigUriNg sharePoiNt 2010 WHAT DO THE WHITE WIZARD AND GREY WIZARD HAVE TO DO WITH ANYTHING? In the grand scheme of things… nothing. SharePoint 2010 is packed full of wizards