Setting up Load Balanced Office Web Apps 2013 Multi Server Farm with SSL (HTTPS)

On December 27, 2015December 27, 2015 By Manoj V KarunarathneIn Contribution for SharePoint Community, E-Books, Office Web Apps 2013, Office Web Apps for SharePoint 2013, Office WebApps, OfficeWebApps, SharePoint, Windows NLB, Windows Server 2012, Windows Server 2012 R2Leave a comment

It is hard to find a proper documentation on internet for this topic and that is where i thought of posting this article as i expirienced Office Web Apps 2013 Deployment in Production.

If you are not a browser fan, You can download PDF version of my Article from Microsoft Technet Gallery – https://gallery.technet.microsoft.com/Setting-up-Multi-Server-23e1f2ca

Contents

1. Introduction

2. Server Environment

3. Requirements and Recommendations

4. Deployment

1. Introduction

Microsoft Office Web Apps 2013 is now a fully Isolated Far which supports multiple and various Integrations such as SharePoint, Lync, Skype for Business and other Third Party Applications. basically, your single Web Apps Farm will serve OWA Capabilities for Multiple applications so that is simple for you to manage and Integrate.

This Step by Step Guide will show you how to Setup an Office Web Apps 2013 Farm with High Availability and Security. The Naming and Certificates used in this scenario will be samples for demonstration purpose. You need to use meaningful names and obtain a valid SSL certificate for your scenario and environment.

This Guide will cover the following requirements.

Multi-Server Farm: Setup Office Web Apps with Microsoft NLB for High availability and Load balancing
Setup Office Web Apps Farm with Better Security using SSL for HTTPS. It is highly recommended to use HTTPS for Production Office Web Apps Deployments as HTTP meant only for developmental and testing environments only.

Before You begin with the Installation and Configurations, it is recommended to go through below references which may provide you all the basic information and knowledge about Microsoft’s Office Web Apps Server Product.

Configure Office Web Apps for SharePoint 2013 – https://technet.microsoft.com/en-us/library/ff431687.aspx
Deploy Office Web Apps Server 2013 – https://technet.microsoft.com/en-us/library/jj219455.aspx
Planning Office Web Apps Server – https://technet.microsoft.com/en-us/library/jj219435.aspx

2. Server Environment

This Demo Setup will be using:

Two office Web Apps 2013 Servers with Windows NLB Enabled and Configured
SharePoint Server Farm with two WFE Servers and Single APP Server for Intranet Site Hosting with Host Header Site Collection (This SharePoint Farm is multitenant Environment where a Single Web Application shall contain multiple Host named Site Collections with unique URL)
Two Database Servers holds Always on Instance for SharePoint Environment.
Active Directory | DNS Server with Active Directory Certificate Service Enabled and Started
Two SQL Server Nodes with Always-on Instance hosts SharePoint Platform

Specifications of these servers are for Demonstration purpose only. Production Environments are highly recommended to meet Microsoft’s sizing requirements in order to get optimum performance and reliability.

3. Requirements and Recommendations

This guide uses windows NLB for demonstration purpose. In Production Environments, try to use a Hardware Load balancer which brings following capabilities if you are planning for more than one server for OWA.

Layer 7 routing
Enabling client affinity or front-end affinity
Enabling SSL offloading

Production Environments are always having firewalls in between different zones. Depends on the zone you are going to place OWA Servers; you need to open following ports in order to make OWA function properly.

Port 443 for HTTPS traffic
Port 80 for HTTP traffic
Port 809 for private traffic between the servers that run Office Web Apps Server (if you’re setting up a multi-server farm)

Topology Planning (Source: https://technet.microsoft.com/en-us/library/jj219435.aspx )

Plan for Server Level Redundancy. If You are using Virtual Machines to Host OWA, segregate them to separate Host Servers instead of Placing all in a one box (e.g. – OWA1 Hosted in Hardware Box A, OWA2 Hosted in Hardware Box B) so that if Hardware box A goes down in case, Yet the Box 2 Serves requests as OWA2 still runs there.
Stick to one data center. Servers in an Office Web Apps Server farm must be in the same data center. Don’t distribute them geographically. Generally, you need only one farm, unless you have security needs that require an isolated network that has its own Office Web Apps Server farm.
The closer the hosts, the better. The Office Web Apps Server farm doesn’t have to be in the same data center as the hosts it serves, but for heavy editing usage, we recommend you put the Office Web Apps Server farm as close to the hosts as possible. This is less important for organizations that use Office Web Apps primarily for viewing Office files.
Plan your connections. Connect all servers in the Office Web Apps Server farm only to one another. To connect them to a broader network, do so through a reverse proxy load balancer firewall.
Configure the firewall for HTTP or HTTPS requests. Make sure the firewall allows servers running Office Web Apps Server to initiate HTTP or HTTPS requests to hosts.
Plan for incoming and outgoing communications. In an Internet-facing deployment, route all outgoing communications through a NAT device. In a multi-server farm, handle all incoming communications with a load balancer.
Make sure all servers in the Office Web Apps Server farm are joined to a domain and are part of the same organizational unit (OU). Use the FarmOU parameter in the New-OfficeWebAppsFarm cmdlet to prevent other servers that are not in this OU from joining the farm.
Use Hypertext Transfer Protocol Secure (HTTPS) for all incoming requests.
If you have IPsec deployed in the network, use it to encrypt traffic among the servers.
Plan for Office features that use the Internet. If features such as clip art and translation services are needed, and the servers in the farm can’t initiate requests to the Internet, you’ll need to configure a proxy server for the Office Web Apps Server farm. This will allow HTTP requests to external sites.

Software Requirements for Office Web Apps

Office Web Apps Server/s Must Be Independent from other Applications and Services Such as SharePoint, Exchange, Lync, Skype4B. Do not try to deploy Office Web Apps on a sever which runs any of the above Applications and that is not supported.
Don’t Install Any Services or Applications depend on IIS 80, 443 or 809 Ports because OWA frequently removes web applications on these ports in order to bring up the OWA Web Applications.
Do Not Install any office Client applications on OWA Servers as it is not recommended to be. If any office Applications are installed on a server you are about to install OWA, you have to fully uninstall them prior to the OWA installation.
Do Not Install OWA on a Domain Controller or any Domain Server runs Critical Services such as DNS or AD DS.
Download the Office Web Apps 2013 with SP1 which is the latest version you can download. Also look for the recent Cumulative Updates prior r to go live in production scenarios.

4. Deployment

It is Assuming that you already have a SharePoint farm Prepared with an Accessible Site Collection. This guide will not go through the SharePoint Server Deployment but only the Integration of Office Web Apps for SharePoint in order to allow your end users to open/edit their Office Documents within the Browser.

Steps:

Installing Prerequisites in OWA servers for Office Web apps
reating DNS Host Records
Configuring Windows NLB for Load balancing and High Availability
Configuring SSL Certificates using Active Directory Certificate Services
Installing Office Web Apps
Configuring Office Web Apps Farm
Joining Member Servers to the Office Web Apps Farm
Integrating with SharePoint Farm
Testing Functionality

4.1. Installing Office Web Apps Prerequisites

You must have a Domain User account (Such as SharePoint Farm Account) created in order to Install Office Web Apps.

After Creating your Virtual Machine, Login to the same and Prepare it with necessary Network and Domain Configurations such as defining IP addresses and joining it to the respective domain.

Then Login in to the server using local administrative credentials and add the User Account created for Office Web Apps in to the Local Administrators Group.

Run the following Scripts in Windows PowerShell in order to prepare your OWA servers with Prerequisites. You can define the SXS path to source files if your server doesn’t have the internet connectivity by simply passing the -Source Parameter (e.g. -Source D:\Sources\sxs)

It might prompt for restarting once finished.

For Windows Server 2008 R2

Install Following Software’s

o Windows Server 2008 R2 Service Pack 1

o .NET Framework 4.5

o Windows PowerShell 3.0

o Platform update for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB2670838)

Right Click on Windows PowerShell and Run it as Administrator. Then run the following

Import-Module ServerManager

Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support,NET-Framework,NET-Framework-Core,NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-Win-CFAC

For Windows Server 2012

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices,NET-Framework-Features,NET-Framework-Core,NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-HTTP-Activation45

For Windows Server 2012 R2

Install – NET Framework 4.5.2

Then Run the following in PowerShell

4.2. Creating DNS Host Records

Next to create the HostA Record for NLB Cluster Name (Which will be the ultimate Server Name of OWA Farm).

Direct to your DNS Server and Simply Create a Host AAA Record points to your Target NLB IP. You need a dedicated IP V4 address for this.

Open Up the DNS Manager Console in your DNS Server and Right Click on the Respective Zone and hit New Host (A or AAAA) to create a new Host record.

Provide the Name and IP It points to (which is the desired NLB Cluster IP) and hit Add Host to create.

Record is ready for you now.

4.3. Configuring Windows NLB

Then the next step is to Install Windows NLB for both OWA Servers in order to configure the Load balancing

Open up Server Manager and Click Add Roles and Features from the top. This has to be done in both OWA servers.

Just Click next on the first Screen

Leave the Default Selection here and hit Next

Default choice here too and hit Next to proceed

Select the Network Load Balancing from the Feature list and hit Next to Install the feature then restart the server if prompted.

That Installed NLB feature for us and now let’s Setup Load Balancing Cluster. Open up Windows NLB Console from the primary Machine (OWA1). Make sure both Nodes are now ready with IP, Host Names, NLB Feature.

Right Click on the top level and Create a New Cluster

Provide the Name or IP of the Primary Server which will host the Cluster (Local Server). It will automatically resolve the IP and display the interface for you. Simple hit Next to proceed.

Leave these settings as it is unless you need a specific configuration for IP and Network Interfaces

Next Step is to define the Cluster IP. At this scenario it will be 192.168.150.132

IP Address will be already selected and define the FQDN of the Cluster name here and choose Operation mode based on your network. This server only got a single Network Interface so it has to be Multicast. If you have Multiple Interfaces, you may choose Unicast Mode to make it function properly.

Hit Next to go ahead

You can edit the Port Rules to customize Ports or Protocols but not really necessary to get this function. Leaving the defaults will bring us what we need in this case.

If all went well, you can see the Cluster is created with the defined name and settings and Primary Host is added/Started with green health status.

Let’s go ahead and Add the second node here. Right Click on the Cluster Name and Add Host to Cluster

Type the Host Name or IP of your Secondary OWA Machine (OWA2 at this Case). Make sure it can communicate with the primary host and Windows Firewall Exceptions are added or Switched off so nothing will block the communication at this point.

If all good, it will resolve the IP over Name and Name over IP as below. Just Hit next to proceed.

Leave the Priority to Default (2) and State as Started

And then the Port Rules. Load Left as Equal and you can define if you need. Leave it as Default for better load Sharing.

Give it a moment

And Both nodes will come online and appear as Healthy if you have configured it properly.

To Verify the Availability of the Cluster, lets ping the Name. do it from one of the SharePoint Machine so you can identify any issues in the network.

So the NLB Cluster is All Set for us. Next is to Prepare the OWA Servers with SSL Certificates.

4.4. Configure SSL Certificates for OWA HTTPS

We are using Active Directory Certificate Service to Issue Web Server Certificates for our OWA Farm which will only be trusted and validated within the domain Network. For External Networks Such as Internet you need to purchase a Genuine SSL Certificate from a Third party vendor such as Verisign.

If you use Internal Certificates (Such as the one used in this scenario) your OWA WOPI URL will not be Valid for External Access and It Will Prompt the security Message with critical warning of content. So for Production environments, always use a valid Certificate.

Setting UP SSL

Open up Active Directory Certificate Services from your AD. At this point, our NORTHWIND AD will be the ultimate Certification Authority.

If you do not have this feature in your AD. You can Get it installed via Server manager Roles and Feature Installation Wizard.

This Server Already has it Installed so it’s just to go ahead. Expand the Server and hit Manage

Now the Certificate Templates Console will be Opened for you in Edit mode. Right Click on the Web Server Template and Direct to Properties.

Add the Computer Accounts (OWA1.Northwind.Int |OWA2.Northwind.Int) of your OWA Servers and the Service Account which will be using to setup OWA Farm for following Permissions. This will enable the Web Server Certificate Template to Enroll from these Two Servers.

Change Object types to following types.

Allow all three objects for Read and Enroll Permissions.

That’s all from the Active Directory Side. Let’s move back to the OWA Servers and Open up MMC.EXE to Obtain Certificates.

From the Console Root, Add/Remove Snap-In

Select Certificates

Expand the Certificates Root and Drill down to Personal. Right click on Personal and Request a New Certificate

New Certificate Enrolment Wizard will be prompted for you. Just Hit next to proceed

Active Directory Enrollment Policy will be selected by Default here so nothing much to do/ Hit Next here.

You will then see the Web Server Policy is highlighted with the Exclamation Mark. Click on the Message there.

That will bring you to the Certificate Properties where you will be providing all the details of this certificates. Select the Subject Name Type as “Common Name” and Alternative Name Type as “DNS”. Value for both of these field can be the same which is our OWA Farm Name. Basically this Certificate will be dedicated to the OWA Farm. It won’t validate any other purposes. Yet this may depend on your scenario and Environment.

Once Entered, Add them to the selection on the right side.

Direct to the General Tab and Provide the same Value for Friendly Name. Friendly name is the Name that you will use to recognize this Certificate at later time when you are pointing this Certificate from other Applications. Description Could be any.

Hit Apply to Complete

Then the Exclamation Message will be gone as you have successfully completed the Indexing of Information of the Certificate. Simply Check the Web Server Check box and Hit Enroll to obtain the Cert.

Give it a few seconds and If everything good, the certificate will be successfully enrolled. If you are getting an error here saying that “Server or Service Unavailable”, You might need to restart the Certificate Server Service at your AD Server.

We can now see the Certificate at the Certificate Store

Repeat the same for secondary OWA (OWA2) Server as well and then it completes our SSL Certificate Configuration Part.

4.5. Installing Office Web Apps Server 2013

Here Comes the real thing. As we have completed almost all the Prerequisites and Background Preparations for OWA Farm, we can proceed to the Installation and Farm Deployment.

Log in to the OWA Servers using the domain Account (Northwind\sp_farm_svc) you have crated. In this case it’s going to be the SharePoint Farm Account which will be used to Install OWA.

Map the Office Web Apps Server 2013 ISO (With Service pack 1) and Run it.

As Always, you have agree to the License terms and Continue to Proceed then.

The Success Message will be appeared in just Few Minutes If everything went well.

Now the Most Important Steps. Configuring the OWA farm is done through PowerShell. Best Tool for this is PowerShell ISE. From the OWA1 Right click on PowerShell Icon and Run ISE as Administrator

To Create the New OWA Farm. Run the Following Script. If you are using SSL Offloading the Parameters will be bit different.

New-OfficeWebAppsFarm -Verbose -InternalUrl https://OfficeApps.Northwind.int -CertificateName OfficeApps.Northwind.Int -ClipartEnabled -TranslationEnable -EditingEnabled

-Verbose (This Switch is to display the status)

-InternalUrl (This is the Internal Url referred from SharePoint Later)

-EditingEnabled (This will allow your users to Edit Documents in Browser itself)

-CertificateName (You can Define your SSL Cert using this Parameter. Or you can do it yourself manually via IIS Later)

-ExternalUrl (Can be Defined in addition to InternalUrl Swith if you are setting up an External Scenario)

If all went well, you will see the Result as above. And under the Machines it will show the OWA1 which is our Primary OWA Server in this farm.

Check the IIS to verify the Web Applications Creation and SSL Certificate Assignment

Open IIS manage and Check if These Two Web Applications are created

Note the Certificate Binding under the Site Bindings on the Right Panel and the Protocol is HTTPS.

4.6. Joining Secondary OWA machine to the Farm

Next step is to Join our Second Machine to the OWA Farm. Login to the OWA2 Machine using the same Domain credentials you used to Setup OWA1.

Open the PowerShell ISE as Administrator and run the Following from OWA2.

New-OfficeWebAppsMachine -MachineToJoin OWA1

-MachineToJoin (This switch is to Define your Primary OWA Server Name). basically this is the Master Machine.

That’s all from the OWA Farm Side. Next step is to Integrate OWA Farm to SharePoint but before that Let’s test our setup.

4.7. Testing the OWA farm

Simply try the Hosting Discovery URL from a Different Server (SharePoint Server Will do) https://officeapps.northwind.int/hosting/discovery

If you are Retrieving this XML Page as below with the parameters. It means you are all good to go.

Discovery URL working Means that your OWA Farm is accessible and Functioning well. so the next step is to Integrate OWA for SharePoint. Sometimes the Hosting URL may not work within the OWA Servers itself due to the loopback checking, best thing is you can check it outside the OWA Servers

The URL will not show any Warnings about the Certificate or Trust because it is valid internally within our Northind.Int Domain Environment. It will not be valid for Outside access unless it’s a valid External Certificate from a Vendor.

4.8. Integrate Office Web Apps with SharePoint 2013

SharePoint Environment is already done with a Host Named Site Collection which is also using HTTPS. This Scenario is fully setup for HTTPS in order to test the production level functionality. If you are using HTTPS for OWA Your SharePoint Site must use HTTPS too otherwise there is no point of using HTTPS on OWA.

Note: Recommended Way to Deploy OWA is Using HTTPS with a Valid SSL Certificate. HTTP is not recommended and it meant only for testing and Developmental Environments only.

In this scenario, we are using https://intranet.Northwind.Int Host header Site Collection for Integration testing. Below is the Default SharePoint Site which has some Sample documents uploaded and all good to go in SharePoint Side.

This SharePoint Farm also has two WFE Servers with NLB configured and this URL is fully load balanced with NLB.

From SharePoint Shell

New-SPWOPIBinding -Server OFFICEAPPS.NORTHWIND.INT

From PowerShell ISE

Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0

New-SPWOPIBinding -Server OFFICEAPPS.NORTHWIND.INT

-Server (This parameter to Define Your OWA Farm Name. Not the Name of any OWA Machines)

If all Went well, you will see the above result. With defined Inputs such as Zone, Server Name etc…

That’s all from the SharePoint Fram side.

Let’s test out the functionalities from SharePoint Side now.

Note: Do not use Farm Account to test OWA. You must use a Different user account to test this as SharePoint Farm account is not allowed to open Documents from browser for security reasons.

Preview of a Document in Browser in WOPI Frame

Opening a Document

Editing a Document in Brower

4.9. Glossary

Server Did Not Respond – Error when Adding WOPI Zone in SharePoint – If you already have some other WOPI Zones this could happen, Or else Due to an Invalid Certificate on OWA Server.

Hosting/discovery Doesn’t Load – Mostly this happens if you try to open it from the OWA server itself. Try from another server. Also try to add the secondary Server and then load the URL.

Issue the Certificate for the Relevant Name – IF OWA1 (OWA1) or if OfficeApps.Northwind.int: Cert has to be for the same Name if it’s a SAN Cert.

To Test the availability across the Nodes, Shutdown one of the OWA Server and Check the Functionality. If you have completed above steps properly, OWA should work with the remaining node without any issue.

p align=”justify”>I will post another article on Troubleshooting OWA 2013 ……………………………………………….

Windows NLB vs. Hardware Load Balancer (Concluded)

On May 15, 2014May 15, 2014 By Manoj V KarunarathneIn Windows NLB, Windows Servers4 Comments

Quite popular topic but couldn’t find a exact conclusion from anywhere to decide whether what should i go with what really matters on each choice.

I’m mostly in to SharePoint Stuff and whenever i propose a solution architecture, my recommended option is to have an Hardware Load-balancer for Web Server Load Balancing where the Microsoft NLB is the least. ofcource testers and developers wont to look for Hardware Load balancers since NLB really caters what they expect in that level.

For Internet/Extranet faced solutions are better to go with Hardware LB but small and medium level internal systems can still catered through Windows NLB. i also have experienced in many places that internally for small level systems NLB very very popular and don’t really know whether it’s stable. most of the time small and medium level doesn’t have a choice except going for NLB so that becomes the super hero in that arena.

What Really Varies NLB from Hardware Load balancer

Cost

Indeed Windows NLB is cheap as you have already paid for your windows Server and NLB its just a Service of it. so if you simply want to start with some medium and small level applications go ahead and test it out which is you are totally eligible for.

Hardware Load balancers are costly and ofcource you have bunch of choices to select in the market from various good vendors such as Cisco.

Features and Functionality

Lets say that you have launched a system with Windows NLB and it is now on production, after a while you will realize few more stuff becomes mandatory such as Monitoring | True-High Availability | Security | Filtering. NLB doesn’t give you true high-availability, Security or Monitoring where the Hardware LB will give you much much more. anyway just imagine what’s isolated hardware device capable of doing compared to Software Appliance so simply Hardware LB will be the greatest choice if you want to stay away from bugging and troubles at a Enterprise level Large setups.

NLB is DNS Round Robin (RR) which simply forward the client hits to defined interfaces. basically the users are sent between two systems. lets say just in case one of your server stuck and still DNS RR and NLB will keep sending request to particular server therefore NLB is just we can think like an Load balancer not a High Availability controller such as Hardware LB. quite a tough point to think on anyway.

Sample Scenario – NLB Isn’t Application or Service Aware

In a Networked Environment, Configure NLB Between Two WFEs which runs an Application on IIS to test (may be SharePoint). stop IIS on one Server and try to Access the Application from few Clients. You will simply notice some clients will get page cannot be displayed massage after hanging out for a while. this is because NLB isn’t intelligent enough to understand the application level or Services (i was a Fan of NLB earlier in small level stuff but when it comes to the next level the bitter truth is NLB doesn’t understand Web Technologies). NLB will not act if your Server’s Service or Application failed but only when Server is totally down or NIC Failed (or if you drain Dropped Manually).

Just Try to Drain Drop or Stop the Same Server from NLB Manager. you will realize that the Available Server Serving requests for all the clients nicely. meaning to the NLB only understands that Server isn’t available as there is no connectivity, not when a service or Application has a problem. clear ?

Enterprise has to Depend Further on NLB ?

It doesn’t seems to be that Microsoft doing further developments and enhancements on NLB. when looking at Windows Server 2008 R2 Releases they haven’t done any enhancements on NLB and couldn’t see much in Server 2012 too. but still this is a role embedded in both Server 2012 Editions which is readily available to enable and configure.

Conclusion

Windows NLB will cater basic Load Balancing requirements for small level environments but never to be confused with High-availability. whenever you have requirements such as High-Availability on Web Layer, Real time Filtering, Monitoring and Security the only option is Hardware Load Balancer which gives all in one.

Resources

Joel has done a great explanation as always – http://www.collabshow.com/2009/04/16/deciding-between-nlb-vs-hardware-load-balancing/

Exchange Team No longer Recommend NLB for Client Access Servers – http://www.stevieg.org/2010/11/exchange-team-no-longer-recommend-windows-nlb-for-client-access-server-load-balancing/

Feature/Role Installation Fails in Windows Server 2012 (Installation of one or more roles, role services, Features failed).

On November 10, 2013November 10, 2013 By Manoj V KarunarathneIn Windows Server 2012, Windows Server 2012 R2, Windows Servers1 Comment

Sometimes you will experience that feature installation in windows server 2012 fails commonly on .Net 3.5.

this is because this installation refers to source files which includes in Server 2012 media. by giving the path to SXS folder manually of your media on Confirmation window in Feature installation wizard resolves this as figured below.

Insert media and Click on “Specify alternate source path” and provide location of SXS folder within Server 2012 Media – E:\sources\sxs

Now the setup can find the files and the installation would be success.

Unable to Run PowerShell Scripts on Windows PowerShell–“Execution of scripts is disabled on this system” Error Occurred.

On September 6, 2013September 6, 2013 By Manoj V KarunarathneIn Poweshell, Windows ServersLeave a comment

Tried to execute a PowerShell script in one of my test server (windows server 2008 R2) and got an error saying Execution of scripts is disabled on this system.

Note : Basically this policy helps you to prevent untrusted scripts which can be affected to Production/critical environments. you may revert back to default once you done with your scripts if it is and critical server on production in order to prevent untrusted affections.

Running below line on PowerShell fixed the point and PowerShell was back to work.

Set-ExecutionPolicy Unrestricted
Type ‘Y’ and Enter to agree and proceed

Note : Run below line to revert back the policy setting to default.

Set-ExecutionPolicy Restricted

Change Product key in Windows 8/Server 2012

On August 18, 2013August 18, 2013 By Manoj V KarunarathneIn Windows 8, Windows Server 2012, Windows ServersLeave a comment

New Windows 8/Server 2012 Operating Systems doesn’t allow you to Change Product key through system properties. Only way is to change the product key is to run PowerShell CMD let.

This is how it shows at system properties. You may activate but not change the key. activating without installing a valid key wont be possible too.

So simply run PowerShell in privileged (run as admin) mode and type below lines step by step.

slmgr -upk (this uninstalls the current Product Key)

slmgr -ipk XXXX-XXXX-XXXX-XXXX (replace X’es with your Key – this installs the new Product Key) You will see below message if your key is valid with media.

Now direct to system properties and click "Activate"

That’s it and enjoy your Genuine OS..

SharePoint 2010 Compatibility with Windows Server 2012

On March 29, 2013March 29, 2013 By Manoj V KarunarathneIn SharePoint 2010, SharePoint Server, Windows Server 20127 Comments

This is a bad? news for SharePointers out there which still has a good news inside as well ;). who’s going to deploy SharePoint 2010 on Windows Server 2012? Keep a note below.

The Bad News Is – As per Microsoft SharePoint Server 2010 does not compatible with Server 2012 platform and we have to wait till the SharePoint 2010 SP 2 released which will contain the patches and updates accordingly.

And here’s The Good News -Yes We have an workaround for this.

Though MS says that we have to wait till the SP 2 released, I cannot because somebody is waiting for the solution out there and there’s no excuse for it, couldn’t revert back my Server in to 2008 R2 as well. So started dig down in to a workaround and got finally SP 2010 on Server 2012 installed and configured nicely, Tons of thanks for the web community who Shares their experiences all over the world for others (I’m community a Lover…)

So, From the point of prerequisites preparation you will get below issues.

1. Prerequisites installer gives an incompatibility pop up (still you can go ahead by saying ‘Run Program without Help’)

2. Even Though you have got all prerequisites Installed either manually or through a script, SharePoint Server Installer still says ‘Windows Server Roles or Features required by this product are not Enabled’.

3. Let’s say you have passed all above barriers somehow. Still you get some other issues after installing and provisioning the farm.

3.1 Farm Configuration Wizard Fails

3.2 Local Farm Not Accessible via PowerShell. Again the compatibility issue.( "The local farm is not accessible. Cmdlets with FeatureDependencyId are not registered")

Let’s see how we can get this done and here are the workarounds you have.

Note : None of these workarounds are officially supported by Microsoft and still the best solution for now is to have SharePoint 2010 on Windows Server 2008 R2.

If you are Installing SharePoint server 2010 on SQL Server 2012, make sure you have the media which has SharePoint 2010 SP1 included. None SharePoint SP 1 doesn’t support SQL 2012.

Workaround 01 – Automated PowerShell installer Script (This will save hours for you)

Craig Luccier has done a great job here – http://gallery.technet.microsoft.com/sharepoint/SharePoint-2010-and-dee17600. This single PowerShell monster resolves all above issues. Basically –

installs all of the Windows Server 8 beta Roles/Features necessary to run SharePoint 2010
Change the default IIS 8 App Pool .NET Framework to v2.0
Downloads and install the SharePoint 2010 Prerequisites
The SP 2010 installer doesn’t work issues

Running this script before you Install SharePoint will do everything above so nothing to be done manually. Just go ahead and install SharePoint right after this.

Workaround 02 – Get everything manually prepared your self (Time consuming but interesting !)

I didn’t go through the above PowerShell script as I needed to know each and every points basically what we fix and where. So here are steps with detailed descriptions on the manual workaround which worked for me.

1.Installing Prerequisites

Download and install these packages

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Filter Pack 2.0 (Available in PrerequisiteInstallerFilesFilterPack as well)

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 ADOMD.NET

Microsoft Sync Framework 1.0

Enable Windows features and roles via Server manager. To do this, Direct to Server manager –> Manage –> Add roles and features and Select below roles.

Go Forward and select Windows identity Foundation 3.5 for .Net framework 3.5 under features. It’s good so you don’t have to download It anymore as Serer 2012 contains the feature out of the box.

Below List of services need to be selected under IIS Role.

Go ahead and install them and that’s all from the Prerequisites side.

2. Installing SharePoint

Go and run the Setup.exe and you will get the issue no 2 I have mentioned above ‘Windows Server Roles or Features required by this product are not Enabled’. Don’t worry, one guy out there has done a great job. It’s all about just Downloading Hand.ServerManagerCmdEmul – Binaries from here and copy ServerManagerCmd file in to – C:\Windows\system32 in your SharePoint Server. Additionally from there you can get the Hand.ServerManagerCmdEmul – Sources project file as well.

Boom ! You wont see that error now. So Go ahead and get the product installed.

Once you complete the installation you will notified for product configuration wizard. Go ahead and get your farm configured. End of the wizard, again the next issue will pop up. Yes the issue number 3.1 which I have mentioned above, ‘Configuration failed’. This is because SharePoint 2010 needs .Net farmework 2.0 in IIS App Pools.

At this stage, all the app pools and sites has been created under IIS. Let’s go there and have a look. Yes they are !

But all are having .Net v4.0 and this has to be changed in to 2.0

Right click on each pool –> advanced settings –> and set the .Net version to 2.0 (ignore the .Net v4.5 and .Net v4.5 Classic) it should look like this once you done.

Now Run the Product Configuration Wizard again and it should complete successfully.

Here we go.. ! Your Central Admin loaded.

3. Fixing SharePoint Management Shell Issue

In order to make use of the powershell commands with sharePoint 2010 on Server 2010, we need to switch the powershell version back to version 2.

Note: This will not uninstall version 3, it will simply launch a new powershell instance that uses version 2.

Right click on SharePoint Management Shell –> Go to File Location –> Get the properties of the Shell Shortcut –>

replace the Existing Target value in to – C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -version 2.0 -NoExit " & ‘ C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\CONFIG\POWERSHELL\Registration\\sharepoint.ps1 ‘ "

Let’s go and try now. Yeah Now the Shell back to Rock !!

Everything on it now.. Enjoy,

Configuring a Virtual SAN Using ISNS in Windows Server 2012

On March 15, 2013 By Manoj V KarunarathneIn Windows Server 2012, Windows Servers2 Comments

Yet Another very useful and free tool from Microsoft. If you remember the earlier version of this feature, it was an downloadable application where you can install separately but now with latest version of windows server 2012 it has been bundled in as a feature under roles and features.

I was heavily using iSCSI software target for my testing purposes where I needed an Virtual SAN such as on SQL/Windows Clustering etc.. I loved this because I got the real SAN Experience without any hardware or software cost. You can read my previous article if you are a pre windows 2012 user.

Note: This Tool only for Testing purpose and not recommended to propose for production environments.

Windows 8 Doesn’t Support this Feature anymore, you cannot install iSCSI software target 3.0 nor the ISNS server. This has been detached from client Operating systems.

Alright, Here is the scenario, I have two servers where I need this to be configured with.

Server 01 (Host) – ISNS Target Server which is the Central place where holding all the Disks

Server 02 (Initiator-Client) – Initiator servers where my SQL Instance about to host

Setup steps falls in to two levels as

Server Configuration (Host Server/Target)
Client Configuration (Initiators)

So Let’s get configured this server.

Run this power shell command on Target Server – Add-WindowsFeature FS-iSCSITarget-Server (This will install the feature for you so nothing to be done through roles and features)

Just hold on few seconds

Now direct to Server manager of Target Server and in to iSCSI tab like shown below. Basically this is the interface you manage your SAN here after. Looks pretty nice huh ? !!

So the next thing is to get our virtual disks created which should include in to our Target. Two methods to get it done, Either From the above tab simply click on Tasks and say New virtual Disk and completing that steps will create your disk/s else as usual go to disk management and right click on Disks and say Create VHD as shown below so it does the same.

Then to attach the disk we got created. Server manager again and under iSCSI click on Import Virtual disk

Browse and locate your disk here and click next.

Now to assign Target. This simply means the configuring of our Target Server. Choose New Target and hit next.

Specify the Name as you desire, make it a tricky one

Yes the important part now, specifying server which are will be accessing this target server. In my case it’s my SQL Servers that I’m about to cluster. Click Add.

Select the method to identify the initiators here.

Specify the Initiators here. Either you can easily provide the IP address/s or else the IQN (which is an unique identifier of particular node that you can get from the initiator servers by just launching iSCSI initiator and then through configuration tab [Eg- iqn.1991-05.com.microsoft:db01.testlab.int] )

Authentication is optional so can be ignored.

Have a look at the summary and hit Import to proceed.

Just few seconds to import

Everything gone perfectly. Cool result UI huh !

Direct again in to Server Manager and check the result. of course you can expand your SAN by adding more disks in to pool.

Let’s configure the Initiator Servers now. Just type iSCSI on search and launch it (iSCSI initiator – readily available on windows servers). Say yes to the massage to start the service.

Provide the target address here and hit Connect (your Host Server where we configured SAN before)

So we are success here. Say done to close this.

Direct to Volumes and devices and click auto configure so whatever the available disks of SAN storage pool will be mapped in. say ok for this window.

Let’s see the real thing through disk management. Wow !! So my disks are attached automatically

So it’s ready to play with and up to you. will be back in Clustering part with another post Smile

Configure incoming Email in SharePoint 2010

On November 21, 2011 By Manoj V KarunarathneIn Windows Servers1 Comment

Hello and welcome again to another very useful feature in SharePoint.

Here we discuss on Incoming Email capability and configuring of it.

Interesting topic and we will deal with SMTP and Microsoft Exchange Server to get this done.

So what’s the purpose of incoming e-mail feature in SharePoint ?

Yes your thought is correct !, You can send e-mail to an SharePoint Document Library which can contains attachments etc..

SharePoint libraries are capable to store e-mail as’ .eml’ files, also attachments separately. This is really useful for an organization which

Looking for a centralized location for documents which are to be shared.

My Environment

Windows Server	SharePoint	Exchange	IIS	Other
2008 R2 Ent	2010 with SP 1	2010 with sp 1	6.0 ,7.0	SMTP Server

Alright then lets begin with the Prerequisites as usual.

Install IIS 6.0 with required features via Server Manager in your local SharePoint Server.

Direct to Server Manager –> Roles –> Add Roles –> Web Server IIS -select all features under IIS 6.0 management Compatibility –> Click Next –> You may have to restart to continue.

Install SMTP Server

Direct to Server Manager –> Features –> Add Features –> Select SMTP Server/Services–> Click Next and complete the wizard to get installed.

Switch to Administrative tools from the start menu and direct to Internet information services 6.0

It will appear the windows as above. Get the properties of [SMTP Virtual Server #1]

Let IP Address range as ‘All Unassigned’ and Enable Logging for the purpose of keeping logs of activities till we get the

Feature fully functional.

Then switch to ‘Access’ tab and go to ‘Authentication’. Let it be with Anonymous access. Else provide required authentication, but let it be with default

Till we get the feature fully functional.

Next is massages tab. Here are the defaults so you may change each as required.

Deliver Section. Here also I have used defaults as we can change these settings as required any time. Up to you for customize.

Let the Other three areas as default also (Outbound security, Outbound connections, Advanced)

Skipping the LDAP Section as nothing to be configured on that here in our requirement.

Lastly direct to Security tab and there also I’m leaving defaults as nothing need to be changed.

Now we are about to check on domain name association. By default it taken FQDN on the Server which you installed SMTP.

Right click on the Domain Name and get the Properties.

It shows the path of mail root which will store e-mail temporary before send to SharePoint.

Now we need to set SMTP Service to be start automatically with windows start.

Direct to services and let the service start mode as ‘Automatic’.

That’s all on configuring SMTP Server.

Here we are about to deal with exchange now.

I’m on Exchange 2010 here in my lab. Currently most of the organizations are having at least exchange server 2007 so almost similar to 2010

Configuration wizards, also I have tested and was successful same in exchange 2003 as well.

Need to create a new send connector in exchange. This used to relay email from exchange to SMTP which we configured in SharePoint Server

Then SMTP Server will forward particular mail to SharePoint library which we configured for incoming email.

Let’s begin by launching the Exchange Management Console –>Organization Configuration –> Hub Transport.

Click on Send Connectors –>Actions –>New Send Connector.

Type in a descriptive name for your Send Connector and then select Internal as the type.

Add your Server which SMTP Server installed in address space,

Type will be automatically defined so you have to provide only FQDN of the particular server

Add Smart Host – Here also provide the IP Address of the server which is SMTP Server installed.

Let the authentication as none with defaults.

Make Sure that your Hub Transport server is picked up.

Summary will appeared and click next to proceed with the new connector preparation.

You can see our newly created connector here under send connectors.

Alright, finished the dealing with exchange configuration !!

Next – The Directory Management Service

SharePoint 2010 allows you to leverage Active Directory Domain Services (AD DS) so that contacts that are created when you email enable document libraries or lists are stored in a designated Organizational Unit within your AD DS infrastructure. So why would you want to enable Directory Management Service? Purely for the fact that by storing these contacts in AD, you are allowing your users to locate email enabled libraries and lists easily from within their Outlook Address book.

Let’s begin by creating an Organizational Unit in Active Directory.

First check on IIS whether what is the account that acts as identity of SharePoint Central Administration Pool (Pool Account).

Note this as we need this in next steps..

Create a new Organizational Unit to hold the contacts which will be created by SharePoint.

Simply Direct to active Directory Users and computers –> Right click on the domain and click New –> Organizational Unit.

Provide an descriptive name and click ‘Ok’

Right click on the newly created OU and click –>Delegate Control.

This is to delegate permissions for the account which is the identity of Central Administration Pool Account for object creation inside this OU.

Add the account as I mentioned earlier. This is the pool account of our SharePoint Central admin Pool.

Select Create custom task to delegate. And click next

Choose ‘This Folder, existing objects in this folder, and creation of new objects in this folder’ as shows below

Next to Grant permissions as below.

Click Ok to complete the delegation wizard.

Enable advanced features by clicking on view at active directory console.

Direct to properties of our newly created OU, and switch to security tab. below permissions are need to get granted for the same account.

Click advanced and you will get below window. Select the same account and switch to edit mode.

Grant to ‘delete Sub Tree’ Permission as below. Click Ok for all opened tabs and you got it saved.

Lets Get in to SharePoint as we have finished dealing with AD Configurations.

Direct to System settings –> Configure Incoming Email Settings in Central administration

You will direct to below interface. Provide necessary information’s and let the other options as shown below.

OU=SharePoint Contacts(name of the newly created OU in AD), DC=mstest (Name of the DC), DC=com

Select Yes to “Enable site on this server to receive e-mail”

Select “Automatic” for Setting mode.

Select “Yes” to use the SharePoint Directory Management Service to create distributions groups and contacts.

Enter your Active Directory container details, i.e. the Organizational Unit container that we created specifically for our SharePoint 2010 contacts.

Ensure that your SMTP server details are correct, this should be the fully qualified domain name of your SMTP service that was installed on your SharePoint Server.

Lets check Drop box Properties of our SMTP Server Mail Root.

Direct to –> C:\inetpub\mailroot –> Get the Properties of Drop Folder.

IIS Security Groups should have granted for below permissions,

WSS_Admin_WPG – Full Control and

WSS_WPG – Read & Execute / List folder Contents / Read

Configuring email – Library

Click ‘Yes’ Allow this library to receive email. And type an address as you wish (This address will used to send emails to the library from out side)

Also there are several selective options that are can be customized as you need.

Save original e-mail option will save your e-mail as .eml file in the library

Click ok once you done here. And lets get in to contacts as we can see our new contact which given here will be created in Exchange and AD.

Open newly created SharePoint contacts OU in Active directory.

Alright then here is the new contact we got created via Email Library configuration.

Lets Get in to Exchange and check whether we have got our Mail Contact is created.

Open Exchange management Console –> Recipient configuration –> Mail Contacts –>

Yeah it’s too, here you can see the new Email contact.

Right Click and Get the properties of it.

Add new SMTP Address if it has only one address as External. And let that ne address contain only Contact@Domain.com (SMTP Server Name not required

As it will used only for internal communication only) click on the newly created address and Click on the Black Tick to Set it as ‘External’

Note : This Can use if you are sending mails from the outside the organization.

Click Apply and Ok.

Now Open your e-mail client and send a new mail to the address which we created.

Here we Go !!!

We have received a email to our e-mail library.

Known Points of failures.

If you haven’t received any email to the library which is already has been sent.

Go to –> C:\inetpub\mailroot\Drop folder.

Emails are should be hold there as it cannot be sent to SharePoint. Normally this occurs if SharePoint Timer Service Account doesn’t have enough

Privileges to the configuration databases.

Experienced – I got this pending queue in SMTP Drop box and what I did was, changed the privileges of Timer Service Account from the SQL Security.

First you have to check the identity which Timer Service Running On

Switch to Services –> look at the SharePoint 2010 Timer Service and it’s Service account.

It is recommended to run this service under separate account and that particular account should have proper privileges to SQL DB’s

Open SQL server and Check in Server Roles whether this Account has dbcreator role granted.

Adding to this role was solved my problem and all the email which are was in queue(as shown in above figure) immediately sent to the E-mail library

once I added this permission here !!

SharePoint 2010 Service Accounts and it’s Privileges is a massive area to talk about, so let me bring them to another article very soon.

Stay connected and see you in another post 🙂

Written by Manoj Viduranga ………………………….

Configure Adobe Ifilter for SharePoint

On October 14, 2011 By Manoj V KarunarathneIn Windows Servers1 Comment

SharePoint Server 2010, like its predecessors, includes indexing and search capabilities. But what doesn’t come out of the box is the ability to index and search for PDF documents. PDF is a format owned by Adobe, not Microsoft. If you want to be able to find Adobe PDF documents, or have the PDF icon appear when viewing PDF files in a SharePoint document library (see image below), you will need to set it up for yourself. This post describes how to configure it using adobe ifilter.

Download required files here

Adobe Ifilter for X64 Platform – http://www.adobe.com/support/downloads/detail.jsp?ftpID=4025

PDF Icon – http://www.mossgurus.com/adnan/Documents/pdf16.gif right click on the file and save it.

Below steps will install and configure PDF iFilter on SharePoint Server 2010 or Search Server Express 2010.

Install ifilter using downloaded setup

Copy PDF Icon image to – C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\IMAGES

Below entry to be added in DOCICON.XML file which can be found at – C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\XML.

Direct to your Search service application in SharePoint Central Admin. Create an New File Type and Add PDF file type on the File Types page as shown below.

Open registry by executing regedit at Run. and then

Navigate to –\\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\14.0\Search\Setup\ContentIndexCommon\Filters\Extension

Right click Extension, and Click New–> Key to create a new key for .pdf. See screen shot below:

Enter .pdf and save key.

Now add the following GUID in the default value as shown in the figure below.
{E8978DA6-047F-4E3D-9C78-CDBE46041603}

If you are configuring SharePoint Server 2010, Restart SharePoint Server Search 14 Service under Services.

Else by executing the following command on the command line also will restart the service:
-net stop osearch

-net start osearch

You may have to restart IIS as well.
Perform incremental/full crawl in SharePoint server to include PDF files as required.

PDF iFilter is successfully configured. Now you can search for the content of PDF file. As you see in screen shot below:

Note: SharePoint Server 2010 or Search Server 2010 Express provides out of the box search support for .ZIP files, so you download and have to install Microsoft Filter pack as you used to do with MOSS 2007.

Configuring Ifilter For Farm Installations

Application Servers -The iFilter installation and Regedit should be done in the Index Server(s).

For Web Servers – The XML editing and inclusion of PDF icon should be done in the WFE server(s).

Written by – Manoj Viduranga ………….