Building Your SharePoint 2013 development machine on Windows Server 2012 – Part 7 – Configuring Hosting Apps

UPDATE: SharePoint 2016 development machine

I am doing a collection of blog posts, you can access the other parts of this post below.

In this blog I will talk about setting up your environment for Hosting Apps. The best blog I have found out there is by Mirjam (SharePointChick). The first attempt I did at setting up an App Host I used Mirjam blog to help me.

There are 3 choices here. Create a New Domain, a Subdomain or create a new wildcard so all requests for http://*.cannonfodder.local will be forwarded to our SharePoint machine. The last option is mentioned in Critical Path Training SharePoint 2013 Virtual Machine Setup on Windows Server 2008 R2, and is a perfectly valid option for single development machine. As you only have one machine, all requests can go to it. This step by step guide I’m doing also is a single machine, however I don’t know if in the future if I will create another machine in my domain, maybe an exchange server, even an Office Web App server. Also by creating a separate domain helps prevent cross-site scripting between apps and SharePoint sites. Therefore my instructions are following Mirjam’s blog, and creating a new Domain.

Configuring Hosting Apps

First we need to configure DNS.

  1. From the Start Menu, type DNS, and open the application.
  2. In the Left Hand panel, right click Forward Lookup Zones and select New Zone… Click Next
  3. Keep the Primary zone selected and Store the zone in Active Directory ticked. Click Next >
  4. Leave the option To all DNS servers running on domain controllers in this domain: cannonfodder.local. Click Next >
  5. Here you enter the domain name, type Click Next >.
  6. Leave the top option selected and click Next >
  7. Click Finish. You will see your new domain showing in the Forward Lookup Zones in DNS.
  8. Now right click on and select New Host (A or AAAA)…
  9. Type * for Name
  10. Set the IP address as the IP Address of the server. In my case

    As Mirjam states in her blog, if you are using more than one server in a Network Load Balance environment, point the DNS record of the primary cluster address for the NLB environment.

    Now if you open a command window and type in nslookup it will resolve to your server.

    While we are here, we should also create the Hosts for two sites we will be creating later.

    1. Still with DNS Manager in the left panel, right click cannonfodder.local within the Forward Lookup Zones and right click to create a New
      host (A or AAAA)…
    2. Type Dev in the Name, and set the IP address to the IP address of the server. In my case Click Add Host.
    3. Repeat steps 1 and 2, but type Intranet in the name, and set the IP Addess to
    4. Within the Command prompt, type ipconfig /flushdns.
    5. While you are in the Command prompt, we should also set up the Kerberos for the sites. Type the following
      setspn –S HTTP/cannonfodder.local cannonfodder\SP_Content
      setspn –S HTTP/dev.cannonfodder.local cannonfodder\SP_Content
      setspn –S HTTP/intranet.cannonfodder.local cannonfodder\SP_Content

Configuring SharePoint Server 2013 for Host-Named Site Collection and create Initial Site Collections.

Here we are going to create Host Named Site Collection (HNSC) for testing and hosting our apps. Microsoft recommends this, and more can be found out directly from the technet article: . The only way you can create HNSC is via powershell. So this is what we are going to do, after we have removed the original Web Application created when SharePoint Wizard was run. It is also using the wrong service account of SP_Services. We also need to register SP_Content as a manage account.

Register SP_Content

  1. From the Start menu, type Central Administration and open the link.
  2. Select Security > Configure managed Accounts.
  3. Click Register Managed Account
  4. Type UserName as cannonfodder\SP_Content and the password as Pa55w0rd. Then click OK.

Create a new Web Application

  1. Select Application Management > Mange Web Applications.
  2. Select the Web Application SharePoint – 80 the URL of this is http://cannonfodderser/
  3. On the Ribbon, click Delete. A dialog will appear, say Yes to both Delete content databases and Delete IIS web sites. Then click Delete. Click OK to the warning.
  4. In the ribbon click on New.
  5. In the Create New Web Application dialog leave Create a new IIS web site selected and type the name as SharePoint HNSC Host, leave the port as 80.
  6. For simplicity in finding the Web Applications, I put the path on a different drive. D:\VirtualDirectory\HNSC
  7. Under Claims Authentication Types set the Intergrated Windows Authentication to Negotiate (Kerberos)
  8. Under Application Pool, select Create new application pool, and set the name as SPContent App Pool, select Configurable radio button and select Cann0nf0dder\SP_Content.
  9. Under Database Name and Authentication set the Database Name to SP_DEV_HNSC.
  10. Scroll down to the bottom and click OK.
  11. When SharePoint asks you create a Site Collection, just click OK, as we are going to create the Site Collection by Powershell.

Creating the Site Collections.

Here we are going to create a TeamSite called Intranet.cannonfodder.local and a Developer Site called dev.cannonfodder.local. Please note you can only create, debug and test apps using a developer site. You could type the Powershell into notepad, save the file as a PS1 and run it from the SharePoint 2013 Management Shell, instead of typing each row directly into the SharePoint 2013 Management Shell.

  1. From the Start Menu, type SharePoint 2013 Management Shell, and open the application.
  2. Type

    $hnsc = Get-SPWebApplication | Where-Object {$_.DisplayName –eq "SharePoint HNSC Host"}
    New-SPSite –Name "Root HNSC Site Collection" –Url http://cannonfodder.local –HostHeaderWebApplication $hnsc –OwnerAlias "Cannonfodder\Administrator"
    New-SPSite –Name "Cannonfodder Development" –Url http://dev.cannonfodder.local –HostHeaderWebApplication $hnsc –Template "DEV#0" –OwnerAlias "Cannonfodder\Administrator"
    New-SPSite –Name "Cannonfodder Intranet" –Url http://intranet.cannonfodder.local –HostHeaderWebApplication $hnsc –Template "STS#0" –OwnerAlias "Cannonfodder\Administrator"

Update Internet Explorer to Bypass the URL to log in automatically.

  1. On the Start Menu, type Internet Explorer and open the application. (To avoid opening the Windows Server 2012 App version of Internet Explorer, right click on the icon and select Pin to task bar, then on the desktop you can click the link)
  2. Click the Cog icon in the top right corner of the screen, and select Internet Options.
  3. On the Security tab, select Local Intranet and click the Sites button.
  4. Untick Automatically dectect intranet network.
  5. Click the button Advanced and add the following entries to the exception list.
    1. http://*.cannonfodder.local
    2. http://*
    3. http://cannonfodderser
  6. Click Close, Click OK.
  7. Now click on Trusted sites, click sites and remove http://cannonfodderser from Trusted sites. (Need to do this because we enabled Kerberos on Central Administration, when Automatically Dectect intranet network was untick, I discovered the http://cannonfodderser was added to trusted sites, and unfortunately when the URL is in trusted sites, Kerberos ingrated authentication does not work.

Configuring SharePoint 2013 for Hosting Apps.

I would recommend to copy the following powershell script and run it as a ps1 file.

  1. From the Start Menu, type SharePoint 2013 Management Shell.
  2. Run the Script.

    $appHostDomain = ""
    $adminService = Get-Service -Name spadminv4
    if ($adminService.Status -ne "Running")
    Start-Service $adminService
    $timerService = Get-Service -Name sptimerv4
    if ($timerService.Status -ne "Running")
    Start-Service $timerService
    Set-SPAppDomain $appHostDomain
    $appMgmtSvcInstance = Get-SPServiceInstance | Where-Object { $_.GetType().Name -eq "AppManagementServiceInstance" }
    if ($appMgmtSvcInstance.Status -ne "Online")
    Start-SPServiceInstance -Identity $appMgmtSvcInstance
    $appSubSettingSvcInstance = Get-SPServiceInstance | Where-Object { $_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"}
    if ($appSubSettingSvcInstance.Status -ne "Online")
    Start-SPServiceInstance -Identity $appSubSettingSvcInstance
    $appPoolSvcApps = Get-SPServiceApplicationPool -Identity "SharePoint Web Services Default"
    $appSubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSvcApps –Name "Settings Service Application" –DatabaseName SP_SettingsServiceDB
    $proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appSubSvc
    $appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolSvcApps -Name "App Management Service Application" -DatabaseName SP_AppServiceDB
    $proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc
    Set-SPAppSiteSubscriptionName -Name "app" -Confirm:$false
  3. To verify the script configured SharePoint 2013 correctly Open Central Administration.
    1. Under Application Management click Manage Service Applications.
    2. You should have two new service applications created.
      1. App Management Service Application
      2. Settings Service Application
    3. Now navigate to System Settings by clicking the link on the left menu.
    4. Under Servers click the link Manage Services on Server.
    5. Check that the following services have started:
      1. App management service
      2. Microsoft SharePoint Foundation Subscription Settings Service.
    6. On the left hand menu, click on Apps
    7. Under App Management, click the link Configure App URLs
    8. Verify that:
      1. App Domain:
      2. App Prefix: app

Your SharePoint server is now setup for apps. We will verify this in the next step.

Checking that Apps are now set up for your farm

  1. Open up your intranet site. http://intranet.cannonfodder.local
  2. At the top right of the screen Site Settings
    from SharePoint 2010 has been moved from the left back to the right (like SharePoint 2007) but now is a cog icon.
  3. Click the Cog Icon and select Add an App.
  4. On the App page, click SharePoint Store.
  5. First time you hit the page, you will get the error message that you need to select a language. In the top right select English (United States)
  6. If you have connected up correctly you will now see Apps that you can download from the SharePoint Store.
  7. Pick a free one to install. I’m picking myFAQ. Click on the Icon of the app.
  8. You now have the option to ADD IT. Click Add It.
  9. You will need to sign in with a Microsoft Account.
  10. Click Continue. To confirm you wish to add the App. Take note of the URL here, you are no longer in your SharePoint site.
  11. After you have click OK, your new app will start downloading, and you will be back in your site. The page will inform you that you have this app for everyone in your organization. Click Return to Site.
  12. A prompt will appear, asking if you trust the application. Click Trust It.
  13. After a moment you will be returned to your Site Contents. You will also note that your app that you downloaded is currently being added to your site.

    Once completed the adding text will disappear.
  14. Click on the App. It will load. Take note of the url. It is being called from the domain you created earlier Congratulations you have got Apps working in your Development SharePoint 2013 machine.

6 thoughts on “Building Your SharePoint 2013 development machine on Windows Server 2012 – Part 7 – Configuring Hosting Apps

  1. Hello Cannonfodder,
    I have successfully made it to the point of running the scripts in powershell. I am receiving the following “Access denied” error:
    PS C:\Users\Administrator> New-SPSite -Name “Root HNSC Site Collection” -Url h
    p://mydomain.local -HostHeaderWebApplication $hnsc -OwnerAlias “mydomain\administrator”
    New-SPSite : 0x80070005Access
    At line:1 char:1
    + New-SPSite -Name “Root HNSC Site Collection” -Url http://mydomain.local
    -HostHeade …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (Microsoft.Share…SPCmdletNewSite:
    SPCmdletNewSite) [New-SPSite], UnauthorizedAccessException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSite

    Thanks for any input.

    • Hi Matt,
      Do you get a value for $hnsc? The first line of that code is

      $hnsc = Get-SPWebApplication | Where-Object {$_.DisplayName -eq "SharePoint HNSC Host"}

      If you don’t please ensure you have created a new Web Application in the previous steps 4 – 11.

      If it has, can you create a Site collection using the GUI?

  2. Hello Cannonfodder,
    Thanks for the reply.
    I have only reached the stage of creating the initial site so in terms of where I’m at in your posts, I would be at the beginning of Part 7.
    Yes I do still have the site, the error is event 5214, “Insufficient SQL database permission for user cannonfodder\SP_Services SID: (sid listed here) Impersonation Level: None in database SharePoint_Config on SQL Server instance SQL2012. The Execute permission was denied on the object ‘proc_putObjectTVP’, database SharePoint_Config, schema ‘dbo'”
    This is followed in the log by other sharePoint errors, commonly 5586, unknown SQL exception, A connection was successfully established with the server but then an error occurred during the pre-login handshake.
    Not sure if these errors are related…
    Thanks again for your time.

    • Hi Peter,
      I’ve opened up my machine tonight and I don’t seem to have any 5214 errors. However if you are the start of the Part 7 blog, if it isn’t preventing you from continuing, I’d recommend getting to the start of part 8 and see if you are still getting the messages.

      The error message is definitely an issue with SQL database permissions, so below is the Login user Mapping on my server for SP_Services. I haven’t configured any of these, these have automatically be configured by SharePoint at some point in my blog. I recommend you look at the below as reference and change at own risk.

      If you are check in SQL. In SQL2012 -> Security -> Logins Right Click CANNONFODDER\SP_Services.
      On the Login Properties page, under User Mappings I have the following mapped.
      Database Role Membership
      Bdc_Service_DB_ Public, SPDataAccess
      ManagedMetdataService db_Owner, Public
      PerformancePoint Service Application public, SPDataAccess
      Search_Service_Application_AnalyticsR public, SPSearchDBAdmin
      Search_Service_Application_CrawlStore public, SPSearchDBAdmin
      Search_Service_Application_DB_ public, SPSearchDBAdmin
      Search_Service_Application_LinksStore public, SPSearchDBAdmin
      Secure_Store_Service_DB_ public, SPDataAccess
      SharePoint_AdminContent_ public, WSS_Content_Application_Pools
      SharePoint_Config public, WSS_Content_Application_Pools
      SP_AppServiceDB public, SPDataAccess
      SP_SettingsServiceDB public, SubscriptionSettingsService_Application_Pool
      StateService_ public, WSS_Content_Application_Pools
      TranslationService_ public, SPDataAccess
      User Profile Service Application_Profile public, SPDataAccess
      User Profile Service Application_Social public, SPDataAccess
      User Profile Service Application_SyncDB_ public, db_Owner
      WordAutomationServices_ public, SPDataAccess
      WSS_Logging public

      Also looking at the stored procedure proc_putObjectTVP properties, the Permissions for SPDataAccess role had Permission Execute, Grantor dbo, Grant ticked.
      I hope this helps you diagnose your problem. I also Googled ‘Event 5214 Insufficient SQL database permission for user’ and lots of people have different fixes. I can’t advise which one to follow because they all depend on different things, and only you can check that with your server. If I’ve helped, or you find the solution, please come back and comment what you did, so I know and other can try if they encounter the same problem as you.

  3. Hello Cannonfodder,
    An extremely informative set of posts, I have followed your directions closely with more success than I ever would have had on my own, so thanks very much.
    However I don’t see anywhere that you set the SPN for the SP_Services account, after the basic install and configuration of sharepoint, I get a string of errors in the event log on reboot all relating to insufficient permissions for SP_Services account.
    Appreciate your thoughts – again great blog…

    • Hey Peter,
      Thank you for your comment. You shouldn’t need to create an SPN for SP_Services account. It’s only BI services that would require delegation, and best practice is to use Kerberos constrained, which means you generate the SPN then delegate.
      In part 7 under the heading “Configuring SharePoint Server 2013 for Host-Named Site Collection and create Initial Site Collections” I do mention that I had to delete the original Web Application that was created when the SharePoint Wizard was run. Do you still have that site? Perhaps you could post a bit of the error message to help me further. I will try and load up the virtual machine that I created this blog from tonight, and check my event logs to see if I’m having same issues.

Comments are closed.