1 Introduction
This document explains the detailed steps to configure
environment for on premise deployment of SharePoint 2013 apps.
2 Configuration steps for On
Premise Apps Deployment
Once the SP2013 environment is successfully installed on
your machine, follow the below steps to configure the environment for on premise
deployment of apps.
Note: Please contact Sysadmin to configure the below steps
You must configure
a new name in Domain Name Services (DNS) to host the apps. To help improve
security, the domain name should not be a sub domain of the domain that hosts
the SharePoint sites. For example, if the SharePoint sites are at Contoso.com,
consider ContosoApps.com instead of App.Contoso.com as the domain name
2.1.1 To create a forward
lookup zone for the app domain name
1. Verify
that the user account that performs this procedure is a local administrator on
the domain controller.
2. Click Start,
point to Administrative Tools, and then click DNS.
3. In
DNS Manager, right-click Forward Lookup Zones, and then click New
Zone….
4. In
the New Zone Wizard, click Next.
5. In
the Zone Type page, accept the default of Primary zone,
and then click Next.
6. In
the Active Directory Zone Replication Scope page, select the
appropriate replication method for your environment (the default is To
all DNS servers in this domain), and then click Next.
7. In
the Zone Name page, in the Zone name box type
the name for your new app domain name (for example, ContosoApps.com), and then
click Next.
The New Zone Wizard shows the new
domain name for apps.
8. On
the Dynamic Update page, select the appropriate type of
dynamic updates for your environment (the default is Do not allow
dynamic updates), and then clickNext.
9. On
the Completing the New Zone Wizard page, review the settings,
and then click Finish.
For more
information about how to create a forward lookup zone, see Add a Forward
Lookup Zone.
You have now
created a forward lookup zone (and a domain name) to use for apps in your
environment.
2.1.2 To create a wildcard Alias (CNAME) record for the new
domain name
1. Verify
that the user account that performs this procedure is a local administrator on
the domain controller.
2. In
DNS Manager, under Forward Lookup Zones, right-click the new app domain name,
and then click New Alias (CNAME).
3. In
the New Resource Record dialog box, in the Alias name (uses parent
domain if left blank) box, type *.
The Fully qualified domain name
(FQDN) box displays *. followed by the domain name that you created for apps.
For example, *.ContosoApps.com or *.Contoso-Apps.com.
4. Next
to the Fully qualified domain name (FQDN) for target host box,
type the FQDN of the server that hosts the SharePoint sites.
For example, SharePoint.Contoso.com.
Or:
1. Next
to the Fully qualified domain name (FQDN) for target host box,
click Browse and navigate to the Forward Lookup Zone for the
domain that hosts the SharePoint sites.
For example, Contoso.com.
2. And
then navigate to the record that points to the server that hosts the SharePoint
site.
For example, SharePoint.
New Resource Record dialog box
shows the wildcard alias for the app domain and the FQDN of the server that
hosts the SharePoint sites.
5. Click OK.
For more
information about how to create a wildcard alias record in DNS Manager,
see Add an Alias
(CNAME) Resource Record to a Zone.
You can verify
the new domain name and alias by pinging them.
2.1.3 To
verify the new domain name
1. Verify
that the user account that is performing this procedure is a local
administrator on the domain controller.
2. Click Start,
and then click Command Prompt.
3. At
the command prompt, type ping followed by a subdomain of the
domain that you created, and then press ENTER.
For example, ping
Apps-12345678ABCDEF.contosoapps.com
If the ping command returns the
correct IP address, then your wildcard for the domain name was configured
successfully.
If you are
using Secure Sockets Layer (SSL) for the SharePoint sites in your environment,
or if you use any apps that use data external to the SharePoint sites, you
should use SSL for your apps. To use SSL, you create an SSL certificate for
your app domain (for example, ContosoApps.com).
The domain
should be added in the form of a wildcard (for example, *.ContosoApps.com). You
need a wildcard certificate instead of individual certificates because each
installed app has its own subdomain.
You need 2 service applications in place and running as
follows:
·
App Management Service Application
·
Subscription Settings service application
2.3.1 App Management Service
Application
Create App Management Service Application using Central
Admin interface. Below are the steps:
1.
In SharePoint 2013 Central Administration, on
the Application Management page, click Manage service
applications.
2.
On the ribbon, click New, and then
click App Management Service.
3.
In the New App Management Service
Application page, in the Service Application Name box,
type the name for the service application.
4.
In the Database section, in the Database
Server box, type the instance of SQL Server where you want to store
the database, or use the default server.
5.
In the Database Name box, type
a database name, or use the default name.
6.
The database name must be unique.
7.
Under Database authentication, select the
authentication that you want to use by doing one of the following:
8.
If you want to use Windows authentication, leave
this option selected. We recommend this option because Windows authentication
automatically encrypts the password when it connects to SQL Server.
9.
If you want to use SQL authentication,
click SQL authentication. In the Account box, type
the name of the account that you want the service application to use to
authenticate to the SQL Server database, and then type the password in
the Password box.
10. In
the Failover Database Server section, if you want to use a failover database
server, specify the server name.
11. In
the Application Pool section, do one of the following:
12. Click Use
existing application pool, and then select the application pool that you
want to use from the drop-down list.
13. Click Create
a new application pool, type the name of the new application pool, and then
under Select a security account for this application pool do
one of the following:
14. Click Predefined to
use a predefined security account, and then select the security account from
the drop-down list.
15. Click Configurable to
specify a new security account to be used for an existing application pool. You
can create a new account by clicking the Register new managed account link.
16. In
the Create App Management Service Application Proxy section, leave the Create
App Management Service Application Proxy and add it to the default proxy group check
box selected.
17. Click OK.
18. The
following illustration shows the App Management service application and proxy
that were created.
19. Manage
Service Applications page showing the App Management service application and
proxy.
20.
21. Now
you must start the service on the server.
2.3.2 Subscription Settings
service application
Create Subscription settings Service Application by running
below power shell script.
Open SharePoint 2010 Management shell (Run as administrator) and paste the below script to create
Subscription Settings service application.
$account = Get-SPManagedAccount "<Farm
admin AccountName>"
$appPoolSubSvc = New-SPServiceApplicationPool
-Name SettingsServiceAppPool -Account $account
$appSubSvc =
New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSubSvc
–Name SettingsServiceApp –DatabaseName SettingsServiceDB
$proxySubSvc =
New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication
$appSubSvc
2.3.3 Start the services
Once both the above service applications are created, we
need to start the App Management Service
and Microsoft Sharepoint Foundation
Subscription Settings Service.
Follow the below steps:
- In
SharePoint 2013 Central Administration, click System Settings.
- On
the System Settings page, under Servers, click Manage
services on server.
- On
the Services on Server page, next to App Management Service,
click Start.
- On
the Services on Server page, next to Microsoft SharePoint
Foundation Subscription Settings Service, click Start.
- Verify
that the App Management and Microsoft SharePoint Foundation Subscription
Settings services are running. The following illustration shows
the Services on Server page where you can verify that the App
Management and Subscription Settings services are running.
Services on Server
showing the App Management and Subscription Settings services running.
2.4.1 Issues in using System
Account to deploy apps
There is a change in SharePoint 2013 RTM that System Account are no longer supported
to deploy or purchase any app from the market. It was supported in RT but it’s
now prohibited because of security reason.
Hence when we are logged in our SharePoint 2013 Dev
machine/VM as System Account and try to deploy any app we get below error.
2.4.2 Workaround / Solution
·
Create a new account in your domain let say OCSINFOTECH/SPApp_Admin
(Take Sysadmin help in creating new
account in domain)
·
·
This account should be local admin. Add this
account to local administrators group on your SP 2013 Dev machine/Vm.
[Start ->
Administrative Tools -> Computer Management -> Local Users and Groups
-> Users -> Administrators-> Add the newly created user here in
administrators group ]
·
This account should also be farm admin [ Farm administrator can be added from central admin ->
site settings -> People -> Farm Administrator -> Add
OCSINFOTECH/SPApp_Admin ]
·
Now, open your SQL Management Studio and ensure
this Username is added as a DBOWNER to the following databases:
ü
SharePoint_Config
ü
SharePoint_AdminContent_[guid]
ü
SharePoint Site Content DB
·
Now login to your VM/ SharePoint Dev machine
as OCSINFOTECH/SPApp_Admin
You
are good to go for depl
No comments:
Post a Comment