Setting up MOSS 2007 in a server farm environment. (A Web Front End Server WFE and a Database Server)
Security account requirements
To install MOSS 2007 in a server farm environment, at-least 2 accounts are required.
(Only one account required when WFE and Database are on a Single computer. This installation has got a slightly different procedure. Dont follow this instruction for a Single Server Configuration.)
One as Domain User with Admin power in both the WFE and DB Server. This user should be manually added in to the SQL Server Users from the Management Studio. This should be able to login to SQL Server with Windows authentication should have DB Creator and Security Admin rights on SQL Server. This will be used for Installing MOSS and will be acted as SERVICE ACCOUNT for all the related services of MOSS.
Do not use the main domain\administrator account. This causes a problem if ever you wish to install Project Server 2007 on the same machine.
Account 1 (We call it as MOSSADMIN)
A user account that you can use to install Office SharePoint Server 2007 and run the SharePoint Products and Technologies Configuration Wizard. This account must be:
- A domain user account.
- A member of the Administrators group on each of your front-end servers.
- A member of the SQL Server Logins, which grants login access to your SQL Server instance.
- A member of the SQL Server Database Creator server role, which grants permission to create and alter databases.
- A member of the SQL Server Security Administrators server role, which grants permission to manage server logins.
Account 2 (We Call this as MOSSUSER)
A unique domain user account that you can specify as the Office SharePoint Server 2007 service account. This user account is used to access your SharePoint configuration database. It also acts as the application pool identity for the SharePoint Central Administration application pool and it is the account under which the Windows SharePoint Services Timer service runs.
The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server Logins (We don’t need to manually add this in to SQL Server, Just provide when MOSS Technologies Configuration wizard asks), the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. It is recommended that you follow the principle of least privilege and do not make this user account a member of any particular security group on your front-end servers or your back-end servers.
SQL Server Installation.
This has to be a different server.
(Preferably, SQL Server 2005 should be installed with Local System account (Local Administrator of that machine). If you install it with Domain Admin User, SQL Server uses Kerberos Security. I don’t prefer this as MOSS Configuration Wizard’s default installation would be on NTLM, not Kerberos. So, I just login as Local System Admin for installation rather than going with domain Admin.)
Select Database Engine and Analysis Services in the Wizard, No need of selecting the other features like integration Services. Click Advanced, Select Client Component Tools (This is for getting the Management Studio). Service pack 3 is a must for SQL Server for MOSS. Open up Management Studio and add the Service account in to the Users, assign permissions as DB Creator and Security Admin rights on SQL Server.
Log off from DB Server if you are logged in as LOCAL ADMIN and Login as MOSSADMIN and Connect to Database Engine through SQL Server Management Studio with Windows Authentication. Give DB Creator and Security Admin roles to this user .
Make sure that Collation settings is of Latin1_General_CI_AS_KS_WS
Enable the remote connection to the SQL Server through Serface Area Configuration wizard. Click Surface Area Configuration for Services and Connections. Select Remote Connections
Read out these carefully to prepare a new DB Server for MOSS
http://technet.microsoft.com/en-us/library/cc263187.aspx
Configure surface area settings in SQL Server 2005
1. Click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration.
2. In the SQL Server Surface Area Configuration dialog box, click Surface Area Configuration for Services and Connections.
3. In the tree, open your instance of SQL Server, open Database Engine, and then click Remote Connections.
4. Click Local and Remote Connections, click Using both TCP/IP and named pipes, and then click OK
How do i know the Version of SharePoint installed on my server?
To check this on a moss installed server, go to Central Administration(CA) > Operations > Servers in the farm. You can see the version of the MOSS there.
Also, To know the Edition of MOSS(Standard/Enterprise) you installed
Go to the Central administration -> Operations-> Enable Enterprise features. This will show you whether it is standard or enterprise. If it is enterprise edition, Button would be disabled.
Name
Version
MOSS 2007/WSS 3.0 Service Pack 1 (Contains the below)
12.0.0.6219
MOSS 2007/WSS 3.0 October 2007 Public Update
12.0.0.6039
MOSS 2007/WSS 3.0 August 2007 Hotfix
12.0.0.6036
MOSS 2007/WSS 3.0 RTM
12.0.0.4518
Framework 2.0 and 3.0 on the front end server (Where MOSS is going to be installed)
IIS on the Front end server with the rights
As the front end server runs with Windows Server 2008 Operating system(OS), Installing and configuring will not be as easy as on a 2003 OS.
For installing IIS refer http://learn.iis.net/page.aspx/29/install-iis-7-on-windows-server-2008-or-windows-server-2008-r2/
IIS 7 will get installed with .Net Framework 2.0. We need Framework 3.0 also to be installed on Moss WFE. Go to IIS Manager, Application Pools and see the version of Framework version in the right pane.
IIS Isolation mode settings (IF IIS 6.0)
1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. In the IIS Manager tree, click the plus sign ( ) next to the server name, and then right-click the Web Sites folder and select Properties.
3. In the Web Sites Properties dialog box, click the Service tab.
4. In the Isolation mode section, clear the Run WWW service in IIS 5.0 isolation mode check box, and then click OK.
IF IIS 7.0, This is to be as CLASSIC MODE (There is no Isolation mode in IIS 7, Instead it is Pipeline Mode)
1. Select Application Pools in IIS Manager in the left pane in IIS 7.0, In the middle pane, MODE will be displayed as INTEGRATED/CLASSIC. ASP.Net should be in CLASSIC Mode and Default Application Pool on INTEGRATED MODE
Enable ASP.NET 2.0 in IIS 6.0
You must enable ASP.NET 2.0 on all Office SharePoint Server 2007 servers.
Enable ASP.NET 2.0
1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. In the IIS Manager tree, click the plus sign (+) next to the server name, and then click the Web Service Extensions folder.
3. In the details pane, click ASP.NET v2.0.50727, and then click Allow.
Enabling ASP.Net 2.0 is not required for IIS 7.0 I Guess. By default it does this configuration during installation.
Login as MOSSADMIN User in the WFE server and click on the MOSS Setup exe file. This is the account will be used to Run MOSS and Run SharePoint Technologies Configuration Wizard. Service Account (MOSSUSER) will be given only when SharePoint Technologies Configuration Wizard asks for creating Sharepoint_config database.
Set up will ask for running the Sharepoint Technologies Configuration Wizard once the installation of Sharepoint is over. Provide the database server name and Service account credentials (MOSSUSER) here, Configuration Wizard creates the connection to the database server and create Configuration database (Sharepoint_Config) and other Configuration DBs like SSP, Search etc.
This process takes some time to complete the configuration.
The SharePoint Central Administration Web page opens.
Don’t refer this linked article for installing in a Web Farm, because this is specifically instructed for an installation where WFE and DB Server on the same machine. Follow it if you are setting up both WFE and DB on a single server. It is a good written document.
Preparing Web Front End & Application servers.
DB Server Preperation
Do an IIS Reset and browse Central Administration(CA).
Notes
If you are prompted for your user name and password, you might need to add the SharePoint Central Administration site to the list of trusted sites and configure user authentication settings in Internet Explorer. Instructions for configuring these settings are provided in the next set of steps. If you see a proxy server error message, you might need to configure your proxy server settings so that local addresses bypass the proxy server. Instructions for configuring this setting are provided later in this section.
Add the SharePoint Central Administration site to the list of trusted sites
1. In Internet Explorer, on the Tools menu, click Internet Options.
2. On the Security tab, in the Select a Web content zone to specify its security settings box, click Trusted Sites, and then click Sites.
3. Clear the Require server verification (https:) for all sites in this zone check box.
4. In the Add this Web site to the zone box, type the URL for the SharePoint Central Administration site, and then click Add.
5. Select the Require server verification (https:) for all sites in this zone check box.
6. Click Close to close the Trusted Sites dialog box.
7. Click OK to close the Internet Options dialog box.
:) CA Loaded !
There would be some message in CA saying configuration is not complete.
Configure and run the Services in the server one by one as follows.
Configure 2007 Office SharePoint Server services After you have installed and configured Office SharePoint Server 2007 on all of your front-end servers, you must configure Office SharePoint Server 2007 services. The services you need to configure depends on your server topology and the server roles you deploy. Use the following guidelines to determine which services you need to configure in your server farm. Search and indexing servers You must start and configure the Office SharePoint Server Search service on at least one of your front-end servers. This service provides search and indexing services.
You can start and configure this service on any type of server, including a server that is acting as an application server and provides only Office SharePoint Server 2007 services, a server that is acting as both an application server and a Web server and provides both Office SharePoint Server 2007 services and Web services, or a server that is acting as a Web server and provides only Web services. Web servers The Web server role is implemented by IIS and the Windows SharePoint Services Web Application service.
The Windows SharePoint Services Web Application service must be running on any server that acts as a Web server and renders Web content. This service is started by default on servers that you set up using the Web Front End option during Setup. Hope this is started by default in the farm.
In addition to configuring services on your front-end servers, you must create the Shared Services Provider (SSP). The SSP makes it possible to share the Office SharePoint Server 2007 services across your server farm. You must create the SSP before you can use it in a farm environment; Office SharePoint Server 2007 does not create the SSP by default in a farm environment.
The following procedures step you through the process of configuring Office SharePoint Server 2007 services, creating a Web application for the SSP, creating the SSP, and configuring indexing settings.
Start and configure the Search service
1. On the SharePoint Central Administration home page, click the Operations tab on the top navigation bar.
2. On the Operations page, in Topology and Services, click Servers in farm.
3. On the Servers in Farm page, click the server on which you want to configure the search service.
4. Click Start next to Office SharePoint Server Search.
5. On the Office SharePoint Server Search Settings page, in the Query and Indexing section, make sure that the Use this server for indexing content and Use this server for serving search queries check boxes are selected.
6. In the Default Catalog Location section, type a path to a physical folder to store the index files, or use the default location that is specified.
7. In the Contact E-Mail Address section, specify a valid e-mail address.
8. In the Service Account section, click Configurable, and in User name and Password, type theSERVICE ACCOUNT(DOMAIN\MOSSUSER)
9. In the Web Front End And Crawling section, do one of the following: If you are configuring the search service on a server that provides Web services and renders Web content, click No dedicated Web front-end computer for crawling If you are configuring the search service on a server that is a standalone search server that does not provide Web services and render Web content, click Use a dedicated web front end computer for crawling, and then, in Select a web front end computer, click the computer you want to use for crawling.
10. Click Start.
Create the Shared Services Provider SSP
1. On the SharePoint Central Administration home page, click the Application Management tab on the top navigation bar.
2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm's shared services.
3. On the Manage this Farm's Shared Services page, click New SSP. Note: We have to have an independent Web Application for SSP. If you have not created a Web application for the SSP administration site, you need to create one before you create the SSP. If you have already created a Web application for the SSP administration site, skip to step 14.
4. On the New Shared Services Provider page, click Create a new Web application.
5. On the Create New Web Application page, in the IIS Web Site section, click Create a new IIS web site, and do not modify the default settings in this section.
6. In the Security Configuration section, under Authentication provider, select the appropriate option for your environment, and do not modify the default settings in the remainder of this section.
7. In the Load Balanced URL section, do not modify the default settings.
8. In the Application Pool section, click Create new application pool.
9. In Application pool name, enter the name of your application pool or use the default name.
10. Click Configurable, and in User name and Password, type the SERVICE ACCOUNT(DOMAIN\MOSSUSER)
11. In the Database Name and Authentication section, verify the database information and make sure that Windows Authentication (recommended)is selected.
12. In the Search Server section, do not modify the default settings.
13. Click OK. Upon successful creation of the Web application, the New Shared Services Provider page appears.
14. In the SSP Name section, in Web Application, select the Web application that you created for the SSP, and do not modify any of the default settings in this section.
15. In the My Site Location section, do not modify any of the default settings.
16. In the SSP Service Credentials section, in User name and Password, type the SERVICE ACCOUNT(DOMAIN\MOSSUSER)
17. In the SSP Database section, you can either accept the default settings (recommended), or specify your own settings for the database server, the database name, or the SQL authentication credentials.
18. In the Search Database section, you can either accept the default settings (recommended), or specify your own settings for the search database server, the database name, or the SQL Server authentication credentials.
19. In the Index Server section, in Index Server, click the server on which you configured the Search service. Note: If there is no index server listed in the Index Server section, then no server in your farm has been assigned the index server role. To assign the index server role to a server in your farm, follow the instructions in the "Configure the Search service" section earlier in this topic.
20. In the SSL for Web Services section, click No.
21. Click OK. Upon successful creation of the SSP, the Success page appears.
22. On the Success page, click OK to return to the Manage this Farm's Core Services page.
Configure indexing settings
1. On the SharePoint Central Administration home page, click the Application Management tab on the navigation bar.
2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm's shared services.
3. On the Manage this Farm's Shared Services page, click SharedServices1.
4. On the Shared Services Administration page, in Search, click Search Settings.
5. On the Configure Search Settings page, in the Crawl Settings section, click Default content access account.
6. In the Default content access account section, in Account, Password, and Confirm Password, type the SERVICE ACCOUNT(DOMAIN\MOSSUSER)
7. Click OK.
8. In the Crawl Settings section, click Content sources.
9. On the Manage Content Sources page, click Local Office SharePoint Server sites.
10. On the Edit Content Source page, in the Crawl Schedules section, under Full Crawl, click Create schedule.
11. In the Manage Schedules dialog box, configure schedule settings for full crawls of your content, and then click OK.
12. In the Crawl Schedules section, under Incremental Crawl, click Create schedule.
13. In the Manage Schedules dialog box, configure schedule settings for incremental crawls of your content, and then click OK.
14. In the Start Full Crawl section, select the Start full crawl of this content source check box, and then click OK. Create and configure a site After you configure services in your server farm, you can create a Web application and a site collection. You should create the Web application on the first server on which you installed Office SharePoint Server 2007 (in other words, the same server that is running the SharePoint Central Administration service).
Create a Web application for your SharePoint site On the SharePoint Central Administration home page, click the Application Management tab on the top navigation bar.
1. In the SharePoint Web Application Management section, click Create or extend Web application.
2. On the Create or Extend Web Application page, click Create a new Web Application.
3. On the Create New Web Application page, in the IIS Web Site section, click Create a new IIS web site, and change the port setting to port 80. This will allow you to access your site by typinghttp://ServerName. If you use a nonstandard port number you will have to include the port number in the URL to access your site (for example, http://ServerName:port).
4. In the Security Configuration section, under Authentication provider, select the appropriate option for your environment, and do not modify any other settings in this section. Note: By default, the authentication provider is set to NTLM.
6. In the Load Balanced URL section, do not modify the default settings.
7. In the Application Pool section, select Create new application pool, and use the default settings for the application pool name.
8. Click Configurable, and in User name and Password, type the SERVICE ACCOUNT(DOMAIN\MOSSUSER)
9. In the Database Name and Authentication section, verify the database information and ensure Windows Authentication (recommended)is selected.
10. In the Search Server section, do not modify the default settings.
11. Click OK.
12. On the Application Created page, which appears after successful creation of the Web application, click Create a new Windows SharePoint Services site collection.
Create the site collection for your Web application