Install of SharePoint Foundation 2013 SP1 for use with FIM / MIM
Introduction:
This document is intended to be used as an operational build document for the installation of SharePoint Foundation 2013 SP1 for use with Forefront Identity Manager 2010 R2 or Microsoft Identity Management 2016 MIM Service and Portal Server installations.
Using this Guide:
You may perform search on the variables listed below and replace with your respective data values to create a detailed build guide customized for your environment.
Document Variables:
Description |
Search and Replace Variable |
Common name of the domain (ex. Contoso) |
[DOMAIN] |
Common name of the first MIM Service and Portal Server (ex. Portal01) |
[MIM SERVER 1] |
Common name of the second MIM Service and Portal Server (ex. Portal02) |
[MIM SERVER 2] |
Common name of the MIM Installation Service Account (ex. MIMInstall) |
[INSTALL ACCOUNT] |
Common name of the MIM Service Account (ex. MIMService) |
[MIM SERVICE ACCOUNT] |
Common name of the MIM SharePoint Application Pool Service Account (ex. MIMSAP) |
[MIM SAP ACCOUNT] |
Preparing for Installation
SharePoint Foundation 2013 SP1 Installation Media:
The download for SharePoint Foundation 2013 SP1 is located at the following link:
https://www.microsoft.com/en-us/download/details.aspx?id=42039
Temporarily Disable Windows Updates:
To successfully install SharePoint Foundation 2013, some updates must be removed prior to installation. Windows Updates are temporarily disabled during the installation procedure to prevent these updates from being downloaded and reinstalled.
Launch Server Manager
Select Local Server
Adjacent to Windows Update select the link to access the Windows Update settings page.
Select Change Settings
Select Never Check for updates (not recommended)
Select OK
Close the Windows Update window
Exit Server Manager
Temporarily Disable IE Enhanced Security Configuration for Administrators:
The SharePoint Foundation 2013 SP1 Prerequisite installer requires access to multiple sites to download prerequisite installers. Temporarily disabling IE Enhanced Security for Administrators will allow access to these sites to complete the installations.
Launch Server Manager
Select Local Server
Adjacent to IE Enhanced Security Configuration select the link to access the configuration settings page.
Under Administrators, select Off
Select Ok
Restart the server
Uninstall .Net Framework 4.6 and higher
SharePoint Foundation 2013 SP1 requires .Net version 4.5 and requires the removal of later version 4.6 and higher to install properly. Please refer to the blog post below for .Net removal instructions and updates.
Install SharePoint Foundation 2013 SP1 Prerequisites:
Connect to the server using the [INSTALL ACCOUNT] service account
Right click SharePoint.exe and select run as Administrator
If asked to allow program to make changes to this computer, select Yes.
Under Install, select Install software prerequisites.
On the Welcome to the Microsoft SharePoint 2013 Products Preparation Tool pane , select Next
To continue installation, Review and Accept the terms of the license agreement.
select Next to proceed with prerequisite installations.
If prompted that your system needs to restart to continue, select Finish
Please Note multiple server restarts can occur during installation.
Reconnect to the server using the [INSTALL ACCOUNT] service account
If asked to allow program to make changes to this computer, select Yes.
If prompted that your system needs to restart to continue, select Finish
Repeat this section as many times as necessary to complete the installation of Prerequisites.
Once installation of prerequisites completes, select Finish.
Select Start, Update and Restart if available, otherwise Restart.
Repeat this section as many times as necessary to complete the installation of all updates.
Once installation of prerequisites completes, select Finish.
Install SharePoint Foundation 2013 SP1
Login as the [INSTALL ACCOUNT] account
Right click SharePoint.exe and run as Administrator
Select Yes to allow the installer to make change to the server.
The SharePoint Foundation 2013 splash screen will appear.
Under Install, select Install SharePoint Foundation
If you are prompted with a setup error and informed that the product requires .Net Framework 4.5 refer to the section above entitled Uninstall the following KBs. .Net Framework 4.6 and higher must be removed and the machine restarted for the installation to succeed.
On the Read the Microsoft Software License Terms screen, review the terms and accept as appropriate.
Select Continue
On the Server Type panel, select Stand-alone option, then Install Now
The Installation Progress bar will be displayed.
On the Run Configuration Wizard pane, select Run the SharePoint Products Configuration Wizard now
Option
Select Close.
On the Welcome to SharePoint Products page, select Next.
When notified that services may need to be restarted, select Yes
The Configuring SharePoint Product page will be displayed.
Once notified Configuration Successful, select Finish.
The SharePoint 2013 Foundation Home Page will be displayed.
Close the browser,
Exit SharePoint Foundation 2013 installer.
Restart the server.
Prepare SharePoint Foundation 2013 SP1 for use with FIM / MIM:
Configure SharePoint Farm Admins
Select the Windows Start button, type SharePoint 2013 Central Administration
If prompted, select Yes to allow program to make changes to computer.
Select Security, Manage the farm administrators group
Add the following accounts as members of the Farm Administrators group:
[INSTALL ACCOUNT] (This should be present.)
[MIM SERVICE ACCOUNT]
Remove the SharePoint-80 Configuration
In SharePoint, Central Administration select Application Management,
Under Web Applications, select Manage Web Applications,
Select SharePoint-80,
Select Delete from menu bar.
When prompted select Yes to delete content databases and delete IIS web sites.
Select Delete, and Ok to continue.
Note: This may take several minutes to complete at which time the open window will close and return you back to the SharePoint Central Admin Console.
Close the SharePoint Central Admin Console.
Ensure Deletion of the default SharePoint Application Pool
Start, Internet Information Services Manager
On left expand the server, and select Application Pools
If present, delete the SharePoint-80 Application pool.
Close Internet Information Services Manager
Running the MIM SharePoint Foundation 2013 Configuration Script Notes:
The PowerShell script included below was obtained from the original Connector Space blog post by Anthony Marsiglia located at: https://blogs.msdn.microsoft.com/connector_space/2014/09/23/sharepoint-foundations-2013-configuration-script/
The script provided in this document is updated to include remarks on how to manually perform some of the script’s actions, thereby simplifying code review. Additionally, search and replace document variables used throughout this document are incorporated into the script to customize the installation script for your environment.
During script processing PowerShell will display the following Warning message which can be ignored:
WARNING: The Windows Classic authentication method is deprecated in this release and the default behavior of this cmdlet, which creates Windows Classic based web application, is obsolete. It is recommended to use Claims authentication methods. You can create a web application that uses Claims authentication method by specifying the AuthenticationProvider parameter set in this cmdlet. Refer to the https://go.microsoft.com/fwlink/?LinkId=234549 site for more information. Please note that the default behavior of this cmdlet is expected to change in the future release to create a Claims authentication based web application instead of a Windows Classic based web application.
When copying and pasting the script to Notepad, be sure to verify that all " quotes copy correctly. Additionally, ensure the line containing "STS#0" (open quote, letters STS, pound, zero, close quote) is properly typed and does not contain special characters.
You should not experience PowerShell errors (Errors appear in red text) during execution of this script. If you do experience errors, review the error message and resolve accordingly. Rerunning the script may cause other errors to occur due to partial completion during the first run.
Finally, be patient, the script may take several minutes to complete its processing and at times may appear as if it is not running.
Create and Execute the SharePoint Foundation 2013 Configuration Script:
Create and Execute SharePoint Foundation 2013 Configuration Script
Launch Notepad
Copy the below script into Notepad
Save the file entitled SPConfig.ps1 and saveon [MIM SERVER 1].
Copy the script from [MIM SERVER 1] to [MIM SERVER 2] .
Start PowerShell as Administrator.
Run thescript on the [DOMAIN] domain Servers [MIM SERVER 1] and [MIM SERVER 2] .
Enter the FIMSPFPoolAccount password when prompted.
####################################################################################
## BEGIN SCRIPT
##This first line only needs to be run if you’re not running the Sharepoint 2013 Management Console.
Add-PSSnapin Microsoft.SharePoint.PowerShell -EA SilentlyContinue
function Prompt-ForInput
{
Param($message)
$success = "n"
while($success -ne "" -and $success.ToLower() -ne "y")
{
$val = Read-Host $message
$success = Read-Host "You entered: $val. Is this correct? Enter y or n"
}
return $val
}
## This next block of code sets your variables the script will need to build your Sharepoint Site
## Below you will need to know the following information
## NetBIOS Domain name
## The account that will be used run the actual website
## An account that will be used as a Farm Administrator
## ------------------------------------------------------------------------------------------------------------
## SCRIPT VARIABLES
## ------------------------------------------------------------------------------------------------------------
## $Domain = $(Get-ADDomain).NetBIOSName
$Domain='[DOMAIN]'
## $svcFIMPool = Prompt-ForInput "Enter the FIM Service Pool Service
$svcFIMPool = '[MIM SAP ACCOUNT]'
## $FarmAdminUser = Prompt-ForInput "Enter the Primary Site Collection Administrator Account"
$FarmAdminUser = '[INSTALL ACCOUNT]'
## $SecFarmAdmin = Prompt-ForInput "Enter the Secondary Site Administrator Account"
$SecFarmAdmin = '[MIM SERVICE ACCOUNT]'
#$Site = "https://" + $(Prompt-ForInput "Enter the site url")
$Site = 'https://FIMPortal'
## ------------------------------------------------------------------------------------------------------------
## SET THE CREDENTIALS FOR THE SHAREPOINT SITE
## ------------------------------------------------------------------------------------------------------------
## MANUAL METHOD:
## The steps to manually configure this setting in the SharePoint Central Admin Console follow
## Start SharePoint Central Admin
## Under Security section select Configure Service Accounts
## Select the Register new managed account link
## Enter User Name and Password
## select OK
## POWERSHELL SCRIPT:
## A pop up will appear for you to type in the Password of the account that was set as the variable of $svcFIMPool
## You may need to correct the username in the following format DOMAIN\ACCOUNT NAME
## Enter the Password in the window
New-SPManagedAccount -Credential (Get-Credential -Message "FIMSPFPoolAccount" -UserName "$Domain\$svcFIMPool")
## ------------------------------------------------------------------------------------------------------------
## CREATE THE SHAREPOINT APPLICATION POOL
## ------------------------------------------------------------------------------------------------------------
## MANUAL METHOD:
## The steps to manually configure this setting in the SharePoint Central Admin Console follow
## Start SharePoint Central Admin
## Under Application Management Select Manage Service Applications
## From the Menu Bar select New
## Select App Management Service
##
## POWERSHELL SCRIPT:
New-SPServiceApplicationPool -Name FIMSPFPool -Account $svcFIMPool
##This next block of code This creates a Web application that uses classic mode windows authentication
New-SPWebApplication -Name "FIM" -Url $site -Port 80 -SecureSocketsLayer:$false -ApplicationPool "FIMSPFPool" -ApplicationPoolAccount (Get-SPManagedAccount $($svcFIMPool)) -AuthenticationMethod "Kerberos" -DatabaseName "FIM_SPF_Content"
##This block of code creates the creates the SP Site
New-SPSite -Name "FIM" -Url $Site -CompatibilityLevel 14 -Template "STS#0" -OwnerAlias $FarmAdminUser
##This next block of code sets Secondary Site Administrator
Set-SPSite –Identity $Site –SecondaryOwnerAlias "$Domain\$SecFarmAdmin"
##This block of code disables server side view state which is required for FIM
$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$contentService.ViewStateOnServer = $false
$contentService.Update()
##This last block of code disables self-service upgrade to 2013 Experience mode
#2013 Experience mode is not supported by FIM
$SPSite = SPSite("https://FIMPortal")
$SPSite.AllowSelfServiceUpgrade = $false
## END OF SCRIPT
####################################################################################
Set the SharePoint Administration Service to Automatic and start the service
Start, Services.msc
Right Click the SharePoint Administration service, select Properties
Set Startup type to Automatic
Select Start
Select OK
Remove SharePoint Search Service Application and Proxy
Select the Windows Start button, type SharePoint 2013 Central Administration
If prompted, select Yes to allow program to make changes to computer.
Select Application Management
Under Service Applications, select Manage service applications
Highlight Search Service Application Proxy,
Select Delete button.
On the Delete Service Application Connection page
Select Delete Data associated with the Service Application connections
Select Ok
When notified Service Application connection has been deleted, select Ok
Highlight Search Service Application,
Select Delete button.
On the Delete Service Application page
Select Delete Data associated with the Service Applications
Select Ok
When notified Service Application has been deleted, select Ok
Close the SharePoint Central Administration Window
Enable Windows Updates:
To successfully install SharePoint Foundation 2013 SP1, Windows Update was disabled prior to the installation. Windows Updates should be enabled after the installation procedure is completed to ensure proper patching of the system. Application patches are not enabled, opting to manually install application updates after proper testing.
Launch Server Manager
Select Local Server
Adjacent to Windows Update select the link to access the Windows Update settings page.
Select Change Settings
Select Install Updates automatically (recommended)
Under Microsoft Update
Do Not select Give Me Updates for other Microsoft products when I update Windows
Select OK
Close the Windows Update window
Exit Server Manager
Enable IE Enhanced Security Configuration for Administrators:
The SharePoint Foundation 2013 SP1 Prerequisite installer required access to multiple sites to download prerequisite installers. We temporarily disabled IE Enhanced Security for Administrators to allow access to these sites. Now that the installation is complete, this can be turned back on.
Launch Server Manager
Select Local Server
Adjacent to IE Enhanced Security Configuration select the link to access the configuration settings page.
Under Administrators, select On
Select Ok
Restart the server