Configure SharePoint with Kerberos and SSL for use with Team Foundation Server (TFS)

This article gives the step by step instructions to configure SharePoint with Kerberos and SSL for use with Team Foundation Server (TFS).
It involves the following steps, explained further in detail.

1. Configure SharePoint Foundation 2010 on SharePoint Server.

2. Configure Kerberos for SharePoint 2010.

3. Set SPNs.

4. Create a Web application on the SharePoint central administration site.

5. Configure SSL for SharePoint 2010 Foundation.

6. Configure SharePoint extensions on SharePoint Server.

7. Download and Install SharePoint Foundation 2010 on Web Front End 1 and Web Front End 2.

8. Add the SharePoint information In TFS Admin console.

9. Configure SharePoint Server 2010 for Dashboard Compatibility with TFS 2010.

10. Configure Secure Store Service.

11. Configuring TFS

1. Configure SharePoint Foundation 2010 on SharePoint Server

Step: 1

Download SharePoint Foundation 2010 : https://www.microsoft.com/en-us/download/details.aspx?id=24983 . Install it.

Step: 2

Start the configuration wizard in SharePoint

SharePoint Server 2010 Application file, system will show the above screen, under Install > click Install Software prerequisites.

clip_image001

Click Next.

clip_image002

Step : 3

Once all the pre requisites are installed, choose the "Install SharePoint Server" option from the menu.

clip_image001[1]

Step : 4

Choose the "Server Farm" option in the SharePoint server. Give the name of the SQL Server in the next step.

Enter the name of SharePoint Configuration (Default: SharePoint_Config)

clip_image003

System will start the Installation progress.

  • clip_image004
  • clip_image005

Step: 5

Run your Configuration wizard and click next. Click on Yes to start IIS and SharePoint Timer service.

clip_image006

Step:6

System will launch the Share Point Central Administration Page

clip_image007

NOTE:

**Create a Service account for Share Point. Add this account as the Local administrator in the Share Point server.

Let this account have sysadmn credentials on the SQL server where the SharePoint databases will be stored.

2. How to configure Kerberos for SharePoint 2010

Step : 1

Open the DNS management in the Administrative Tools on a DNS server and Click on the Forward Lookup Zone.

clip_image008

Step : 2

Right click on the zone (domain name) and click on new host (A or AAAA).

clip_image009

Step : 3

Type the name of the Share Point server and the IP Address

clip_image010

Click OK. Make sure the host has been created.

clip_image011

Step : 4

Ping the Share Point server. You can see that Name resolution has been done.

clip_image012

3. How to set SPN?

Open command prompt as administrator and run the below commands:

setspn -S HTTP/mywebappurl domain\serviceaccount (hit enter)

Now we also have to add an SPN for the FQDN, type:

setspn -S HTTP/mywebappurl.domain.com domain\serviceaccount (hit enter)

Listing the SPN’s now should list all the SPNs:

setspn -L domain\serviceaccount (hit enter)

Note: HTTP can be upper or lowercase, does not matter.

Eg:

Setspn -S http/v-mar016259vm2.Dom356886.com DOM356886\SPAdmin

Setspn -S http/v-mar016259vm2 DOM356886\SPADmin

Setspn -l DOM356886\SPADmin

clip_image013

Run the command klist purge : It helps to delete all the old Kerberos tickets stored in the cache.

4. Create a Web application on the Share Point central administration site:

Step 1:

Go to Central Administration > Manage Web application

clip_image014

Step 2 :

Create a new Web application.

Select Kerberos as Authentication Provider for the Web application and create the Web application

clip_image015

Step 3 :

Open Internet Information Service (IIS). Click on the Web application you just created. Go to Authentication.

Click on windows Authentication > Advanced Settings > Enable kernel mode authentication > OK.

clip_image016

5. How to configure SSL for Share Point 2010 Foundation

Step : 1

Create a Self-Signed Certificate for Share Point from IIS.

Go to IIS > Server Certificates > Create a self-signed certificate and click Ok.

clip_image017

Step : 2

Once the certificate has been created. Export the certificate.

Step : 3

Open MMC and add this certificate to the Trusted Root Certificate Authorities and the SharePoint Node

clip_image018

Step : 4

Go to IIS > Click on the Web application > Bindings > Add > Select type as https > Select the SSL Certificate >OK

clip_image019

Step : 5

Go to Share Point Central Administration > System Settings > manage Alternate access Mapping

Select the Web application which you created and Click on Edit Public URL.

Edit the url and make it such that it shows : https://<ServerName.Domainname.com> and make it as default.

Eg:

clip_image020

6. Configure Share Point extensions on Share Point Server.

Download and install SharePoint Extensions for Team foundation server on the SharePoint server.

Configure the SharePoint extensions.

Click on Grant Access. Enter the URL for Team Foundation Server. Share Point Select the Web Application. Click Ok.

The Web application will be added in the extensions for SharePoint products

Eg:

clip_image021

7. Download and Install Share Point Foundation 2010 on Web Front End 1 and Web Front End 2.

Step : 1

Start the “SharePoint 2010 Products Configuration Wizard” from the "Microsoft SharePoint 2010 Products" menu option under "All Programs"

Press “Next”

clip_image022

Click Yes.

clip_image023

Step : 2

While configuring the SharePoint, select the option : Connect to an existing Farm. Follow the instructions.

clip_image024

Type the database Server name and retrieve the database name of SharePoint.

clip_image025

Enter the Passphrase which you had given while configuring the farm in the SharePoint server

clip_image026

Click Next

clip_image027

Wait for the configuration to complete

clip_image028

Click Finish once it's done.

clip_image029

Open IIS.

Follow the same steps while adding SSL to the web application in IIS. (Make sure you have the exported certificate, you don't have to create a new one). (From Step 3 and 4 from How to configure SSL for Share Point 2010 Foundation )

Install Extension for SharePoint on Team Foundation server on both the web front ends and open the TFS Admin console. Click refresh.

The extensions should be added here.

clip_image030

8. Add the Share Point information In TFS Admin console

Go to the TFS Server. Open Admin Console.

Step : 1

Go to Share Point. Add the Central Admin URL and the Web application URL.

clip_image031

Step : 2

Click on Application Tier > SharePoint (Default Collection) > Configure > Add the path for site collection.

clip_image032

SharePoint is thus configured with Kerberos and SSL. (Tada!)

9. Configuring SharePoint Server 2010 for Dashboard Compatibility with TFS 2010

Step : 1

Go to the central administration home page, and click on “Manage service applications” under Application Management

clip_image033

Step : 2

Click on Excel Services application > Trusted File Locations.

By default, SharePoint creates a trusted file location of “https://” when you first configure Excel Services, which makes any path under the root a trusted location; you can change this if you wish, but make sure that the path maps to a location under which you want to place your TFS team project SharePoint portals, and that Trust Children is set to true. Click on the address of the trusted file location that will be used for TFS to edit it.

clip_image034

clip_image035

Step : 3

Click on the default Address. Change the address as per your settings.

clip_image036

Scroll down on the form and find the Warn on Refresh option, and uncheck the checkbox. If you leave this option checked, users visiting the TFS dashboards on SharePoint will constantly be asked whether they want to refresh the Excel web parts. Click OK.

clip_image037

10. Configure Secure Store Service

Configuring Secure Store Service is optional, but recommended if you don’t want to manually give credentials in SQL Reporting Services to everyone who is accessing the portal and/or your SharePoint server is on a separate machine from your Team Foundation Server, and you need to solve the double-hop authentication issue.

Step : 1

Go to the central administration home page, click on “Manage service applications” under Application Management, and then click on Secure Store Service.

clip_image038

On the resulting page, SharePoint will tell you that you need to generate a key if you haven’t done so already:

clip_image039

Step : 2

Click on Generate New Key on the ribbon if this is the case. Once you’ve got a key, click New on the ribbon to create a new Secure Store Target Application for TFS. Fill out the appropriate fields, and take a note of the value you specify for the Target Application ID, as you’ll need this later (I used tfs in the example below). Select Group for the Target Application Type:

clip_image040

Step : 3

Enter the Windows User Name and Password

clip_image041

Step : 4

Add the Administrator groups and Users

clip_image042

Step : 5

11. Configuring TFS ( Add enterprise Application Definition in all the web front ends and the Sharepoint server).

Now onto configuring TFS. If you haven’t already installed/configured TFS, do so now, following the instructions in the install guide to enable TFS integration with SharePoint. Once you have installed/configured TFS, open up your TFS admin console on the machine where SharePoint is installed. Select the “Extensions for SharePoint Products” node and select the mapping to TFS and click Modify. In the Enterprise Application Definition field, enter in the value that you specified earlier for the Target Application ID when configuring Secure Store Service (I used tfs above and below).

clip_image043

Still with us? Great! You have successfully configured SharePoint (With Kerberos Authentication) to be integrated with TFS.

Cheers!

Content created by – Aparna Chinya Ramachandra
Content reviewed by – Romit Gulati