Building SharePoint 2016 development environment – Part 12 – Configuring Hosting Apps and HNSC


A few years ago I wrote “Build your SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

Before I create the App Management Service, I’m going to create a separate Domain for the Apps. By creating a separate domain, it helps you write apps that won’t allow cross-site scripting between apps and SharePoint site.

Configuring Hosting Apps

First we need to configure DNS

  1. Go to you Domain Controller and from the Start Menu type DNS, and open the application.
  2. In the Left Hand panel, right click Forward Lookup Zones and select New Zone… Click Next
  3. Keep the Primary zone selected and Store the zone in Active Directory ticked.
    Click Next
  4. Leave the option To all DNS servers running on domain controllers in this domain: cfcode2016.com. Click Next
  5. Here you enter the domain name, type cfapps.com. Click Next
  6. Leave the top option selected and click Next
  7. Click Finish. You will see your new domain showing in the Forward Lookup Zones in DNS.
  8. Now right click on cfapps.com and select New Alias (CNAME) …
  9. Type * for Name
  10. Set the FQDN of the server that hosts the SharePoint sites, CFSP2016.cfcode2016.com in my case. Click OK.

    If you are using more than one server, you should be pointing to the DNS record of the web server in here. This is either the DNS A record for the web server, or the DNS record of the primary cluster address for NLB environments.

    Now if you open a command window and type in nslookup something.cfapps.com it will resolve to your SharePoint server.

Configuring SharePoint 2016 for Hosting Apps

I would recommend to copy the following powershell script and running it as a ps1 file (CreateAppService.ps1 from my one drive). Change the Change any of the variables to match your environments.

  1. On the SharePoint box, logged in as SP_Setup, from the Start Menu, type SharePoint 2016 Management Shell.
  2. Run the Script
  3. To verify the script configured SharePoint 2016 correctly open Central Administration
    1. Under Application Management click Manage Service Application.
    2. You should now have two new service application created
      1. App Management Service Application
      2. Subscription Settings Service Application
    3. Now Navigate to System Settings by clicking the link on the left menu
    4. Under Servers
      click the link Manage Services on Server.
    5. Check that the following services have started
      1. App Management Service
      2. Microsoft SharePoint Foundation Subscription Setting Service
    6. On the left hand menu, click on Apps
    7. Under App Management, click the link Configure App URLs
    8. Verify that:
      1. App Domain: cfapps.com
      2. App Prefix: app

Configuring SharePoint Server 2013 for Host-Named Site Collection and create Initial Site Collections.

Here we are going to create Host Named Site Collection (HNSC) for testing and hosting our apps. Microsoft recommends this because the Office 365 environment uses host-named site collections, new features are optimized for these site collections and they are expected to be more reliable. More can be found out directly from the technet article: http://technet.microsoft.com/en-us/library/cc424952.aspx . The only sites within your environment you should use Path Based Site Collections (PBSC) are Search Center and MySites. HNSC aren’t really needed for Search Center. The only way you can create HNSC is via powershell. So this is what we are going to do.

Register SP_Content

  1. Open SharePoint Central Administration
  2. Select Security > Configure managed Accounts.
  3. Click Register Managed Account
  4. Type Username as cfcode2016\SP_Content and the password as Pa55w0rd. Then click OK.

Create a new Web Application

Open up a PowerShell window and put the following: (change the port number if you wish) (CreateHNSC.ps1)

Configuring the Alternative Access Mapping

  • From the Start Menu
    open SharePoint 2016 Central Administration, this ensures it runs as Administrator.
  • Click Application Management, then under Web applications,
    click Configure alternative mappings.
  • On the right hand side of the screen, Change the Alternate Access Mapping Collection to point to SharePoint HNSC Web Application.
  • Click the internal URL for https://cfsp2016:11111 so that you can edit it. Change the URL protocol, host to https://hnsc.cfcode2016.com
  • Click OK.
  • Back on the Alternate Access Mapping Screen, click Add Internal URLs and add a new Internal URL for each of the following listed below. Screenshot below

Add certificates to IIS

  • In Start type IIS and open IIS Manager
  • Navigate to SharePoint HNSC Web Application and then on the right hand panel, click Bindings…
  • On the Bindings dialog, click Add…
  • In the Add Site Binding page, select https from the Type dropdown, leave the IP address as All Unassigned, the Port should say 443. Enter the Host name as hnsc.cfcode2016.com,
    and tick Require Server Name Indication then select your certificate you created earlier. Click OK
  • Add the binding for host names dev.cfcode2016.com and intranet.cfcode2016.com, ensure the Type is https, you have ticked Require Server Name Indication and you have selected your certificate.

Creating the Top level Site

Because the top-level site is an HNSC is not going to be used by anyone in the site. Therefore, this PowerShell script will create a blank site. (CreateHNSC.ps1)

  1. In PowerShell run the following script:

Site Collections

Here we are going to create a TeamSite called Intranet.cfcode2016.com and a developer site called dev.cfcode2016.com. Please note you can only create, debug and test apps using a developer site. You could type the PowerShell into notepad, save the file as PS1 and run it from SharePoint 2016 Management Shell, instead of typing each row directly. We are first going to create 2 databases, one for each Site collection. This is good practice for backups and restore purposes.

  1. From the Start Menu, type SharePoint 2016 Management Shell, and open the application. (CreateHNSC.ps1)
  2. Type

To verify that the host-name site collections are created:

  1. Open up SharePoint 2016 Central Administration
  2. Under Application Management click View all Site Collections
  3. Ensure the Web Application is pointing to the HNSC web and you should see the two site collections plus the root site.
  4. By clicking on the different site collections, you will also see that the Database Name is assigned correctly to the correct database as set up in our PowerShell script.
  5. You can also navigate in a browser to https://dev.cfcode2016.com or https://intranet.cfcode2016.com. Notice that the SSL certificate is valid.

Configuring SSL for Apps

As our App domain is on a different domain to our SharePoint domain, we should create a different SSL certificate for it.

  • Ensure you are on the SharePoint box with a Domain Admin Account. (cfcode2016\Administrator)
  • We have already configured the Certificate Authority earlier on the Domain Controller. Here we are going to request the certificate using Internet Information Services on the SharePoint Server. From the Start Menu, type IIS and open Internet Information Services (IIS) Manager
  • Once IIS opens, click on the Server Name. (CFSP2016) You will be prompted with a dialog asking to get started with Microsoft Web Platform, click do not show this message and then click No.
  • From the IIS section, double click Server Certificates

  • From the right hand side of the screen, click Create Domain Certificate

  • Complete the form for the Domain Certificate as follows (Change to match your environment if not following exactly along)
    • Common Name : *.cfapps.com
    • Organisation: CF Code
    • Organizational Unit: Computers
    • City/Locality: London
    • State/Province: London
    • Country/Region: GB


  • Click Next
  • On the Online Certification Authority enter the common name you gave your Authority Name\Server Name. (For example mine is MY-CA\CFAD.cfcode2016.com), You can also use the select button if you have configured everything correctly. You can put anything in the friendly name box, ensure it is different from your other certificate friendly name, and easy identifiable as the Apps certificate. Click Finish.

  • You should now see the certificate in the Server certificates window.

  • If there were other servers in your farm, you would need to export the .pfx file so that it can be imported into the other servers.

Configure SharePoint for Apps

We need to configure our SharePoint and IIS to use a different certificate for Apps, and also our Web Application needs to know to use our App Domain.

  1. Sign back into the SharePoint machine as SP_Setup.
  2. Run as administrator, SharePoint 2016 Management Shell
  3. Run the following PowerShell Script

  4. Next we need run the following command:
  5. In Start type IIS and open IIS Manager
  • Navigate to SharePoint HNSC Web Application and then on the right hand panel, click Bindings…
  • On the Bindings dialog, select the one without the Host Name on Port 11111 and click Edit
  • Change the Port to 443, and select the SSL Certificate as your App Certificate.
  • Click OK.


Add Apps to your Intranet Zone.

To prevent getting prompted for your login, configure the intranet zone in IE.

  • Open up Internet explorer
  • Click on the cog symbol, and select Intranet Options
  • Select the Security tab, and then click on Local Intranet. Then click on the Sites button.
  • On the Local intranet dialog, click the Advanced button.
  • Type *.cfapps.com and click Add. (You might need to untick Require server verification (https) for all sites in this zone )
  • Then click Close, OK, and OK

Checking that Apps are new set up for your farm

  1. Open up your intranet site https://intranet.cfcode2016.com
  2. At the top right of the screen click the cog icon.
  3. From the drop down, click Add an app
  4. On the App page, in the quick launch menu area, click on SharePoint Store
  5. If you have connected up correctly you will now see Apps that you can download from the SharePoint store.
  6. Pick a free one to install. I’m selecting Bright Banner. (Have no idea if it’s any good, so not endorsing, just using for testing purposes)
  7. Click Add it.
  8. Confirm that you wish to add the app. Click Continue
  9. A page will state that you have just go this app for everyone in your organization. Click Return to Site
  10. A prompt will appear, asking if you trust the application. Click Trust It.
  11. After a moment you will be returned to your Site Contents. You will also note that your app that you downloaded is currently being added to your site. Once complete the adding text will disappear.

  12. Click on the App. It will load. Take note of the URL. It is being called from the domain you created earlier cfapps.com. Congratulations you have got Apps working!

So glad I finally got Apps certificates to work. Took me a couple of attempts. Thank you to Anupam Shrivastava and his blog post http://akforsharepoint.blogspot.co.uk/2015/05/sharepoint-hosted-apps-in-aam-or-host.html for helping finally cracking it.

I recommend shutting down and taking checkpoints again.

Advertisements

Building SharePoint 2016 development environment – Part 10 – Configuring Central Administration for SSL


A few years ago I wrote “Build You SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

At this point Central Administration is still running on non-secure HTTP. Let’s make central admin accessible from a vanity URL over SSL.

  • Ensure you are on the SharePoint box with a Domain Admin Account. (cfcode2016\Administrator)
  • We have already configured the Certificate Authority earlier on the Domain Controller. Here we are going to request the certificate using Internet Information Services on the SharePoint Server. From the Start Menu, type IIS and open Internet Information Services (IIS) Manager
  • Once IIS opens, click on the Server Name. (CFSP2016) You will be prompted with a dialog asking to get started with Microsoft Web Platform, click do not show this message and then click No.
  • From the IIS section, double click Server Certificates

  • From the right hand side of the screen, click Create Domain Certificate

  • Complete the form for the Domain Certificate as follows (Change to match your environment if not following exactly along)
    • Common Name : *.cfcode2016.com
    • Organisation: CFCode
    • Organizational Unit: Computers
    • City/Locality: London
    • State/Province: London
    • Country/Region: GB


  • Click Next
  • On the Online Certification Authority enter the common name you gave your Authority Name\Server Name. (For example mine is MY-CA\CFAD.cfcode2016.com), You can also use the select button if you have configured everything correctly. You can put anything in the friendly name box. Click Finish.

  • You should now see the certificate in the Server certificates window.

  • If there were other servers in your farm, you would need to export the .pfx file so that it can be imported into the other servers.

Set Central Admin to Run on SSL with Vanity URL

  • Log into your domain controller. In Start type DNS and open the DNS Manager.
  • In the left hand pane, expand Forward Lookup Zones and click on cfcode2016.com
  • Right click on cfcode2016.com and select New Host (A or AAAA)…
  • Put in the name you wish to call your Central Administration as an Alias. For example CAdmin, put the IP address point to the SharePoint Server. 192.168.137.200. Click Add Host

  • Log back into the SharePoint server as the SP_Setup account. In Start type IIS and open IIS Manager
  • Navigate to SharePoint Central Administration v4 and then on the right hand panel, click Bindings…
  • On the Bindings dialog, click Add…
  • In the Add Site Binding page, select https from the Type dropdown, leave the IP address as All Unassigned, the Port should say 443. Enter the Host name as cadmin.cfcode2016.com (or whatever your alias is), tick Require Server Name Indication,
    then select your certificate you created earlier. Click OK
  • From the Start Menu
    open SharePoint 2016 Central Administration, this ensures it runs as Administrator.
  • Click Application Management, then under Web applications,
    click Configure alternative mappings.
  • Take note of the internal URL shown in the default zone for central admin. Click the internal URL for http://cfsp2016:2016 so that you can edit it. Change the URL protocol, host and port to https://cadmin.cfcode2016.com
  • Click OK.
  • Back on the Alternate Access Mapping Screen, click Add Internal URLs and add a new Internal URL for each of the following listed below. Screenshot below

  • Open the SharePoint Management Shell
    run as administrator. Type the following and run. Press A when prompted.

    Set-SPCentralAdministration -SecureSocketsLayer -Port 443
    

Add Central Administration to your Intranet Zone.

To prevent getting prompted for your login, configure the intranet zone in IE.

  • Open up Internet explorer
  • Click on the cog symbol, and select Intranet Options
  • Select the Security tab, and then click on Local Intranet. Then click on the Sites button.
  • On the Local intranet dialog, click the Advanced button.
  • Add your Central Administration to the Local Intranet Zone. (e.g., https://cadmin.cfcode2016.com)
  • Close Central Administration and then re-open it from the Start Menu SharePoint 2016 Central Administration.
  • Say Yes to any warnings if the site already exists in Trusted sites zone.
  • While here also add *.cfcode2016.com and https://cfsp2016:2016.
  • Tick Require server verification (https:) for all sites in this zone.
  • Then click Close, OK, and OK

Now if you go to Start Menu and open SharePoint 2016 Central Administration, it will open using the https://cadmin.cfcode2016.com URL and the certificate will be valid.

Next step will be getting the bulk of SharePoint working. This will be creating sites, getting services up and running, and ensure you can do SharePoint app development. Recommend shutting down and taking checkpoints again. (Don’t worry when you are happy with your build, you can go back and delete all the checkpoints.)

Building SharePoint 2016 development environment – Part 9 – Installing SharePoint 2016


A few years ago I wrote “Build your SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

Giving SP_Setup Account administrative privilege on your SQL/SharePoint Virtual Machine

Before we can start installing SharePoint 2016, we want to install it using a Setup account. In Part 6 we created the SP_Setup account, now we need to add this to the administrators group of the local machine.

  1. On the start menu, type Edit local users and groups and select the application

In the left hand pane, click Groups. Then double click Administrators group to open it up.

  1. Click on Add… and enter SP_Setup. Click on OK, and then OK again to close the Administrators property box.
  2. Sign out of the SQL/SharePoint Virtual Machine as Adminstrator, and sign back in as SP_Setup

Insert SharePoint Server 2016 disk

  1. From the Hyper V Manager on your host machine, right click and select Settings…
  2. Under the DVD Drive, change the image file from SQL 2016 to SharePoint 2016. Click OK.

Install SharePoint 2016 prerequisites.

  1. Go back within the Virtual Machine, and double click the D drive, or run splash.hta
  2. Click the Install Software Prerequisites link.
  3. In the Microsoft SharePoint 2016 Products Preparation Tool dialog, click Next
  4. Accept the License Terms. Click Next.
  5. The prerequisites for SharePoint 2016 will be installed and set up. When it has completed, will be asked to reboot. Click Finish
  6. After a reboot and logged back in as SP_Setup, the installer continued. The prerequisites finally completed. Click Finish

Installing SharePoint 2016

  1. Double click the D drive, or run splash.hta
  2. Click Install SharePoint Server
  3. When prompted Enter your Product key. Click Continue.
  4. Tick I accept the terms of this agreement. Click Continue.
  5. Accept the default file location (Unless you have a reason not to). Click Install Now.
  6. When it has finished. Run the configuration wizard by clicking Close.
  7. On the Welcome to SharePoint Products click Next >
  8. Accept the dialog warning that services may have to be started or reset during configuration. Click Yes.
  9. On Connect to a server farm, select Create a new server farm. Click Next >
  10. On the Specify Configuration Database settings
    1. Database Server: SQL2016
    2. Database Name: SharePoint_Config
    3. UserName: cfcode2016\SP_Farm
    4. Password: Pa55w0rd
      Click Next >
  11. On Specify Farm Security Settings put the Passphrase as Pa55w0rd. Click Next >
  12. On Specify Server Role as this is a development environment, select Single Server Farm. Then click Next >
  13. On Configure SharePoint Central Administration Web Application tick Specify port number. Type in the number 2016. Select NTLM for security settings. Click Next >.
  14. On the final page Completing the SharePoint Products Configuration Wizard it will display a summary of what you have selected. Click Next >
  15. When the installer has finished, you will be presented with Configuration Successful. Click Finish. Internet explorer will open Central Administration allowing you to complete the installation. Click Cancel to Configure your SharePoint Farm. There is no need to run the wizard and better doing each service separately as you need it.

Next post will show you how to configure Central Administration for SSL. Again, now is a good place to shut down machines take checkpoints before continuing.

Building SharePoint 2016 development environment – Part 8 – Installing SQL 2016 ready for SharePoint 2016.


A few years ago I wrote “Build your SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

Setting up directories for SQL.

We are going to set up following directories on the d: drive.

  • Bring up Explorer by click on Windows Key + E
  • Double click on the D drive.
  • Create the following directories.
    • D:\SQL
    • D:\SQL\Data
    • D:\SQL\Logs
    • D:\SQL\Temp\Data
    • D:\SQL\Temp\Logs
    • D:\SQL\Backup

Installing SQL Server 2016 Standard Edition 64 bit

From the part 5 of these blogs we have already inserted the ISO file into the virtual machine. By opening Explorer inside the virtual machine, you should see DVD Drive with the SQL disk inserted.

  • Double click on the DVD drive, or run Setup.exe
  • The SQL Server Installation Center will open up. On the left hand side, click Installation.
  • Click on New SQL Server stand-alone installation or add features to an existing installation
  • The product key should already be entered, click Next, accept the License Terms. Click Next.
  • Tick Use Microsoft Update to check for updates (Recommended). Click Next.
  • Setup install rules will identify any problems that might occur when installing SQL Server Setup support files. They should all passes. (Ignore warnings) Click Next.
  • On the Feature Selection Page. Select Database Engine Services, Full-Text and Semantic Extractions for Search. Click Next.
  • On the Installation Rules page click Next.
  • On the Instance Configuration page click Next.
  • On the Server Configuration page, change the SQL Server Agent Start Up Type to Automatic. Also change the SQL Server Database Engine to use your SP_SQL account, and enter the password. Pa55w0rd
  • Click Next
  • On the Database Engine Configuration page, select Mixed Mode and enter the password and confirm password as Pa55w0rd. And Click Add Current User.
  • On the Data Directories tab, change the location of the directories.
    • Data Root Directory – d:\SQL
    • User Database Directory – d:\SQL\Data
    • User Database Log Directory – d:\SQL\Logs
    • Backup Direcotory – d:\SQL\BackUp
  • On the TempDB tab
    • Data Directories – d:\SQL\Temp\Data
    • Log Directory – d:\Sql\Temp\Logs
  • On the FILESTREAM tab, tick Enable FileStream for Transact-SQL access and Enable FILESTREAM for file I/O access. Click Next.
  • On the Ready to Install page, click Install
  • After installation your SQL Server 2016 is installed. You may be asked to reboot.

Installing SQL Server Management Tools

It seems that SQL 2016 have now separated out the SQL Server and SQL Server Management Tools. So this is an additional step to carry out.

  1. Back on the SQL Server Installation Center (run setup.exe from DVD drive if not showing), click on Install SQL Server Management Tools
  2. This takes you off to a website address https://msdn.microsoft.com/en-us/library/mt238290.aspx to download the SQL Server Management Studio (SSMS) seperately.
  3. Click the download link, and run it. (Or Save and run it afterwards) Over 800MB in size.
  4. Click Install.
  5. Once installed, you will get a success message. Close this screen.

Configuring SQL Server 2016

  1. From the start screen type SQL Server Configuration Manager and select the application.
  2. Click to expand SQL Server Network Configuration (not the 32 bit), and choose Protocols for MSSSQLServer, and ensure TCP/IP and Named Pipes are enabled. To enable them right click them and select Enable. Click OK at the warning.
  3. Close the SQL Server Configuration Manager.

Apply the DisableLoopbackCheck Registry Fix

  1. Click the Windows PowerShell icon in the Taskbar.
  2. Run the following PowerShell commands, pressing [Enter] after each one:

Giving SP_Setup account access

Note: If you continue without doing the DisableLoopback Check registry you will get an error message saying “Login Failed. The login is from an untrusted domain and connot be used with Windows authentication”

  1. From the start screen type SQL Server 2016 Management Studio and open the application.
  2. Change the server name to SQL2016 (we set a host name in an earlier post)
    and logon as Windows authentication.
  3. Expand Security from the object explorer and right click Logins and select New Login…
  4. Next to the Login Name click Search
  5. Ensure the Location is set for Entire Directory, and then type SP_Setup and click Check Names.
  6. Click OK.
  7. On the left hand panel, select the Server Roles page, and tick dbcreator, securityadmin and sysadmin. Then click OK.

Now we can think about Installing SharePoint 2016.

Now is another good time to shut down both Domain Controller, and the SharePoint machine and take a checkpoint/snapshot before continuing.

Building SharePoint 2016 development environment – Part 7 – Adding AD accounts.


A few years ago I wrote “Build your SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

Creating the Accounts required

Please note that the following setup is just for a simple development environment. You should read the Microsoft SharePoint Server 2016 Prepare for Installation section.

First we need to create 9 different accounts.

SP_Farm – SharePoint Farm account

SP_Setup – SharePoint Setup Account

SP_Content – SharePoint Content account for the Content Databases

SP_Services – SharePoint account for the Shared Services within SharePoint

SP_SQL – The account to run SQL with.

SP_Search – The account used for SharePoint Search Crawler

SP_UserProfile – The account used for User Profile service

SP_SuperUser – SharePoint publishing infrastructure super user account

SP_SuperReader -SharePoint publishing infrastructure super reader account

  1. Log into the Domain Controller.
  2. In the Start Menu, type Active Directory Users and Computers. Select the application.
  3. Expand the tree in the left hand pane to see the Managed Service Accounts OU. Select the Managed Service Accounts OU.
  4. Right click on Managed Service Accounts and select New > User. Create a new user called SP_Farm. Set the Full Name and Log on name to SP_Farm. Click Next.
  5. In the password dialog screen, enter the following and click Next.
    1. Password and Confirm Password: Pa55w0rd
    2. Untick User must change password at next logon.
    3. Leave User cannot change password as unticked.
    4. Tick Password never expires
    5. Leave Account is disabled as unticked
    6. Click Next. Then Finish

Repeat the steps 1-4 for the remaining accounts (SP_Setup,
SP_Content, SP_Services, SP_SQL, SP_Search, SP_UserProfile, SP_SuperUser, SP_SuperReader, and SP_Unattended)

You could add any users here, but when creating their accounts, add them to User OU not the Managed Service Accounts

Setting up Host names (SQL2016, Intranet, Dev, HNSC, my)

  1. On your Domain controller, in the start menu, type DNS. Open the application to the DNS Manager
  2. Expand the forward lookup zones contained in the left panel.
  3. Right click on the zone cfcode2016.com and click on a New Host
    (A or AAAA)
  4. Type in the name of the record. In this case we are going to name our SQL Server SQL2016. Set the IP address as the IP address where we are installing SQL. This was configured in our previous post as 192.168.137.200. Click on Add Host.
  5. You will then get a verification dialog, and after click OK. You will see the record has been created in the right pane of the DNS manager.
  6. To Check that this is all working, open a command prompt, and type
    ipconfig -flushdns
    Then type
    ping SQL2016


    Note: If it’s unable to ping, you might have the firewall switched on for domains on your VM’s. You can turn this off. (Remember this is development machine only)

    Repeat the above steps 1-6 for Dev and Intranet, HNSC and my

Building SharePoint 2016 development environment – Part 6 – Creating SQL & SharePoint Machine.


A few years ago I wrote “Build your SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

Creating your SQL & SharePoint Machine

  1. Follow my old blog on Creating your hyper V windows Server 2012 machine from a differencing disk. Give about 16GB (16,384Mb) of memory to the machine, and only add the Internal Network connection.
  2. When you start up your new Virtual Machine based on the base disk, you will be required to enter a valid Key Code for Windows Server 2012 R2 Standard Edition. Let the sysprep process complete, answer any installation questions required and then log in.
  3. You now have Virtual Machine that we are going to use for our SQL and SharePoint.
  4. Enhanced mode of Hyper V will work after you have logged in once, and then reboot. (Believe tools install themselves in the background).

Set Static IP address

  • In the start menu, type View Network Connections and under Settings you should see a link.
  • Right click your network internal adapter and click Properties.
  • In the properties windows, select Internet Protocol Version 4 (TCP/IPv4) and then click the Properties button.
  • Update the properties form to have the following information:
    • IP Address: 192.168.137.200
    • Subnet Mask: 255.255.255.0
    • Default gateway: 192.168.137.1
    • Preferred DNS Server: 192.168.137.100

Change the name of the Machine.

  1. From the Server Manager screen. Click on Local Server.
  2. Where it says Computer Name, click the link.
  3. This will open the System Properties dialog box.
  4. Click on the Change button.
  5. Enter the name of the server. I have called mine ‘CFSP2016’
  6. Click OK.
  7. Click OK and reboot when asked.

Add the SharePoint machine to the Domain.

  1. From the Server Manager screen. Click on Local Server.
  2. Where it says Workgroup, click the link.
  3. This will open the System Properties dialog box.
  4. Click on the Change button.
  5. Click on the Domain radio button. Type in the name of your domain you gave your machine in the previous blog post. (Part 4- Installing Active Directory)
  6. Enter the name of the server. I have called mine ‘CFSP2016’
  7. Click OK.
  8. Click OK and reboot when asked.

Important from now on: When you sign in, ensure you sign in as domain\administrator not computerName\Administrator, defaults to computerName\Administrator.
To ensure that when you type administrator into the SharePoint server to run as domain admin, it doesn’t automatically think that you mean built in administrator, we are going to rename the administrator built in account.

  1. From the Start menu, type User, and select Edit local users and groups
  2. In the left hand pane, select Users.
  3. On the right hand pane, right click Administrator and select Rename
  4. Change the name to something other than Administrator. I’ve renamed mine to Admin.
  5. If you log out, and try to log in as COMPUTERNAME\Administrator it will state the password is incorrect. Change this to COMPUTERNAME\Admin then try your password. You should be able to log in.

Adding a DVD drive for ISO in Virtual Machine.

Before I can install SQL or SharePoint I need a way to install my ISO files onto my Virtual Machine. These steps will show you how to add a DVD player to your virtual machine that will allow you to read ISO files.

  1. Open up Hyper-V Manager, right click your Virtual machine that you are using for SQL & SharePoint and click settings.
  2. Within the settings window, under Hardware select SCSI controller. Then select DVD Drive, and click Add.
  3. Then ready for the next step, select Image File: and find your SQL Server 2016 Standard Edition ISO file.

Building SharePoint 2016 development environment – Part 5 – Creating Certificate Authority.


A few years ago I wrote “Build your SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

Installing Certificate Authority

To allow our SharePoint sites to use SSL, these certificates come from a trusted certificate authority. This is what we are going to create

  • On your domain controller, open up Server Manager
  • On the right, click Manage > Add Roles and Features
  • Click Next
  • On Select installation type ensure that Role-based or feature based installation is selected. Click Next
  • On Select destination server screen, keep default choice of your domain controller, and click Next.
  • Select Active Directory Certificate Services and click Add Features when dialog pops up. Click Next.
  • On Select features click Next.
  • On Active Directory Certificate Services screen, it informs you how you cannot change the name or domain settings of this computer. Click Next.
  • On Select role services, select the following
    • Certification Authority
    • Certificate Enrollment Policy Web Service
    • Certificate Enrollment Web Service

    Click Add Features when prompted.

  • On Web Server Role (IIS) click Next.
  • On the Select role services click Next
  • Tick the Restart the destination server automatically if required, say yes to the dialog prompt. Then click Install.
  • Once the installation completes, you need to configure the Certification Services, click the link Configure Active Directory Certificate Services on the destination server
  • On the Credentials screen, ensure you are using domain admin account. Click Next
  • On Role Services tick Certification Authority, then click Next
  • On Setup Type, leave the default of Enterprise CA, click Next
  • Since this is the first CA in the domain, on CA Type leave the default of Root CA. Click Next
  • On Private Key leave it as Create a new private key and click Next
  • On Cryptography for CA select SHA256. Click Next
  • On CA Name, for development environment, I recommend to rename it to something simple like MY-CA or you can leave as is (You’ll need to remember this much later). Click Next.
  • On Validity Period, you can change the number of years if you wish. I would imagine in 5 years SharePoint 2016 will be old hat, and be using SharePoint 2020. Click Next.
  • Accept the default locations of the CA Database. Click Next.
  • On the final screen, Confirmation, click Configure. You will be presented with a succeeded screen. Click Close. You will be prompted with a Do you want to configure additional role services? Dialog. Click Yes.
  • After clicking yes, you will be presented back with the Credentials screen. Click Next
  • On the Role Services screen, now select both Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service. Click Next.
  • On the CA for CES screen, leave as is and click Next. This will allow your target CA to issue web certificates to SharePoint and other web servers. Click Next.
  • The Authentication Type for CES keep as the default Windows integrated authentication click Next.
  • On Service Account for CES switch the radio button to use Use the built-in application pool identity. Click Next
  • The Authentication Type for CEP leave as Windows integrated authentication. Click Next.
  • On the Server Certificate screen, select your existing self-signed certificate. Click Next
  • On the last screen, click Configure.
  • Finally, you are presented with success messages. Click Close.

Your Certificate Authority is now complete and read to give our certs to your SharePoint farm. This will be configured later after we have at least installed SharePoint.

Setting up a Global Policy for Certificate Enrollment.

Here we are going to change a global policy for all machines added to the domain. This is so Auto enrollment of certificate policies is allowed.

  1. Open up the Group Policy Management console, by typing gpmc.msc in a run window.
  2. Expand the Forest down to our domain.
  3. Right click the domain and select Create a GPO in this domain, and Link it here…
  4. In the New GPO dialog, give it the name of Cert Enrollment Policy, and click OK.
  5. In the left pane of Group Policy Management expand your domain and at the top you should see Cert Enrollment Policy, right click it and select edit.
  6. Navigate down to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies and double click Certificate Services Client – Auto Enrollment
  7. In the dialog, set the Configuration Model to Enabled. Click OK.

We have reached the end of this blog post. It again could be a good idea, to shut the machine down and create a new checkpoint.