Install of SharePoint Foundation 2013 SP1 for use with FIM / MIM

Introduction:

This document is intended to be used as an operational build document for the installation of SharePoint Foundation 2013 SP1 for use with Forefront Identity Manager 2010 R2 or Microsoft Identity Management 2016 MIM Service and Portal Server installations.

Using this Guide:

You may perform search on the variables listed below and replace with your respective data values to create a detailed build guide customized for your environment.

Document Variables:

Description

Search and Replace Variable

Common name of the domain (ex. Contoso)

[DOMAIN]

Common name of the first MIM Service and Portal Server (ex. Portal01)

[MIM SERVER 1]

Common name of the second MIM Service and Portal Server (ex. Portal02)

[MIM SERVER 2]

Common name of the MIM Installation Service Account (ex. MIMInstall)

[INSTALL ACCOUNT]

Common name of the MIM Service Account (ex. MIMService)

[MIM SERVICE ACCOUNT]

Common name of the MIM SharePoint Application Pool Service Account (ex. MIMSAP)

[MIM SAP ACCOUNT]

Preparing for Installation

SharePoint Foundation 2013 SP1 Installation Media:

The download for SharePoint Foundation 2013 SP1 is located at the following link:

https://www.microsoft.com/en-us/download/details.aspx?id=42039

Temporarily Disable Windows Updates:

To successfully install SharePoint Foundation 2013, some updates must be removed prior to installation. Windows Updates are temporarily disabled during the installation procedure to prevent these updates from being downloaded and reinstalled.

Launch Server Manager

Select Local Server

Adjacent to Windows Update select the link to access the Windows Update settings page.

Select Change Settings

Select Never Check for updates (not recommended)

Select OK

Close the Windows Update window

Exit Server Manager

Temporarily Disable IE Enhanced Security Configuration for Administrators:

The SharePoint Foundation 2013 SP1 Prerequisite installer requires access to multiple sites to download prerequisite installers. Temporarily disabling IE Enhanced Security for Administrators will allow access to these sites to complete the installations.

Launch Server Manager

Select Local Server

Adjacent to IE Enhanced Security Configuration select the link to access the configuration settings page.

Under Administrators, select Off

Select Ok

Restart the server

Uninstall .Net Framework 4.6 and higher

SharePoint Foundation 2013 SP1 requires .Net version 4.5 and requires the removal of later version 4.6 and higher to install properly. Please refer to the blog post below for .Net removal instructions and updates.

https://blogs.msdn.microsoft.com/connector_space/2018/05/31/windows-server-2012-r2-uninstalling-net-framework-4-6-4-6-1-4-6-2-4-7-4-71/

Install SharePoint Foundation 2013 SP1 Prerequisites:

Connect to the server using the [INSTALL ACCOUNT] service account

Right click SharePoint.exe and select run as Administrator

If asked to allow program to make changes to this computer, select Yes.

Under Install, select Install software prerequisites.

On the Welcome to the Microsoft SharePoint 2013 Products Preparation Tool pane , select Next

To continue installation, Review and Accept the terms of the license agreement.

select Next to proceed with prerequisite installations.

If prompted that your system needs to restart to continue, select Finish

Please Note multiple server restarts can occur during installation.

Reconnect to the server using the [INSTALL ACCOUNT] service account

If asked to allow program to make changes to this computer, select Yes.

If prompted that your system needs to restart to continue, select Finish

Repeat this section as many times as necessary to complete the installation of Prerequisites.

Once installation of prerequisites completes, select Finish.

Select Start, Update and Restart if available, otherwise Restart.

Repeat this section as many times as necessary to complete the installation of all updates.

Once installation of prerequisites completes, select Finish.

Install SharePoint Foundation 2013 SP1

Login as the [INSTALL ACCOUNT] account

Right click SharePoint.exe and run as Administrator

Select Yes to allow the installer to make change to the server.

The SharePoint Foundation 2013 splash screen will appear.

Under Install, select Install SharePoint Foundation

If you are prompted with a setup error and informed that the product requires .Net Framework 4.5 refer to the section above entitled Uninstall the following KBs. .Net Framework 4.6 and higher must be removed and the machine restarted for the installation to succeed.

On the Read the Microsoft Software License Terms screen, review the terms and accept as appropriate.

Select Continue

On the Server Type panel, select Stand-alone option, then Install Now

The Installation Progress bar will be displayed.

On the Run Configuration Wizard pane, select Run the SharePoint Products Configuration Wizard now

Option

Select Close.

On the Welcome to SharePoint Products page, select Next.

When notified that services may need to be restarted, select Yes

The Configuring SharePoint Product page will be displayed.

Once notified Configuration Successful, select Finish.

The SharePoint 2013 Foundation Home Page will be displayed.

Close the browser,

Exit SharePoint Foundation 2013 installer.

Restart the server.

Prepare SharePoint Foundation 2013 SP1 for use with FIM / MIM:

Configure SharePoint Farm Admins

Select the Windows Start button, type SharePoint 2013 Central Administration

If prompted, select Yes to allow program to make changes to computer.

Select Security, Manage the farm administrators group

Add the following accounts as members of the Farm Administrators group:

[INSTALL ACCOUNT] (This should be present.)

[MIM SERVICE ACCOUNT]

Remove the SharePoint-80 Configuration

In SharePoint, Central Administration select Application Management,

Under Web Applications, select Manage Web Applications,

Select SharePoint-80,

Select Delete from menu bar.

When prompted select Yes to delete content databases and delete IIS web sites.

Select Delete, and Ok to continue.

Note: This may take several minutes to complete at which time the open window will close and return you back to the SharePoint Central Admin Console.

Close the SharePoint Central Admin Console.

Ensure Deletion of the default SharePoint Application Pool

Start, Internet Information Services Manager

On left expand the server, and select Application Pools

If present, delete the SharePoint-80 Application pool.

Close Internet Information Services Manager

Running the MIM SharePoint Foundation 2013 Configuration Script Notes:

The PowerShell script included below was obtained from the original Connector Space blog post by Anthony Marsiglia located at: https://blogs.msdn.microsoft.com/connector_space/2014/09/23/sharepoint-foundations-2013-configuration-script/

The script provided in this document is updated to include remarks on how to manually perform some of the script’s actions, thereby simplifying code review. Additionally, search and replace document variables used throughout this document are incorporated into the script to customize the installation script for your environment.

During script processing PowerShell will display the following Warning message which can be ignored:

WARNING: The Windows Classic authentication method is deprecated in this release and the default behavior of this cmdlet, which creates Windows Classic based web application, is obsolete. It is recommended to use Claims authentication methods. You can create a web application that uses Claims authentication method by specifying the AuthenticationProvider parameter set in this cmdlet. Refer to the https://go.microsoft.com/fwlink/?LinkId=234549 site for more information. Please note that the default behavior of this cmdlet is expected to change in the future release to create a Claims authentication based web application instead of a Windows Classic based web application.

When copying and pasting the script to Notepad, be sure to verify that all " quotes copy correctly. Additionally, ensure the line containing "STS#0" (open quote, letters STS, pound, zero, close quote) is properly typed and does not contain special characters.

You should not experience PowerShell errors (Errors appear in red text) during execution of this script. If you do experience errors, review the error message and resolve accordingly. Rerunning the script may cause other errors to occur due to partial completion during the first run.

Finally, be patient, the script may take several minutes to complete its processing and at times may appear as if it is not running.

Create and Execute the SharePoint Foundation 2013 Configuration Script:

Create and Execute SharePoint Foundation 2013 Configuration Script

Launch Notepad

Copy the below script into Notepad

Save the file entitled SPConfig.ps1 and saveon [MIM SERVER 1].

Copy the script from [MIM SERVER 1] to [MIM SERVER 2] .

Start PowerShell as Administrator.

Run thescript on the [DOMAIN] domain Servers [MIM SERVER 1] and [MIM SERVER 2] .

Enter the FIMSPFPoolAccount password when prompted.

####################################################################################

## BEGIN SCRIPT

##This first line only needs to be run if you’re not running the Sharepoint 2013 Management Console.

Add-PSSnapin Microsoft.SharePoint.PowerShell -EA SilentlyContinue

function Prompt-ForInput

{

Param($message)

$success = "n"

while($success -ne "" -and $success.ToLower() -ne "y")

{

$val = Read-Host $message

$success = Read-Host "You entered: $val. Is this correct? Enter y or n"

}

return $val

}

## This next block of code sets your variables the script will need to build your Sharepoint Site

## Below you will need to know the following information

## NetBIOS Domain name

## The account that will be used run the actual website

## An account that will be used as a Farm Administrator

## ------------------------------------------------------------------------------------------------------------

## SCRIPT VARIABLES

## ------------------------------------------------------------------------------------------------------------

## $Domain = $(Get-ADDomain).NetBIOSName

$Domain='[DOMAIN]'

## $svcFIMPool = Prompt-ForInput "Enter the FIM Service Pool Service

$svcFIMPool = '[MIM SAP ACCOUNT]'

## $FarmAdminUser = Prompt-ForInput "Enter the Primary Site Collection Administrator Account"

$FarmAdminUser = '[INSTALL ACCOUNT]'

## $SecFarmAdmin = Prompt-ForInput "Enter the Secondary Site Administrator Account"

$SecFarmAdmin = '[MIM SERVICE ACCOUNT]'

#$Site = "https://" + $(Prompt-ForInput "Enter the site url")

$Site = 'https://FIMPortal'

## ------------------------------------------------------------------------------------------------------------

## SET THE CREDENTIALS FOR THE SHAREPOINT SITE

## ------------------------------------------------------------------------------------------------------------

## MANUAL METHOD:

## The steps to manually configure this setting in the SharePoint Central Admin Console follow

## Start SharePoint Central Admin

## Under Security section select Configure Service Accounts

## Select the Register new managed account link

## Enter User Name and Password

## select OK

## POWERSHELL SCRIPT:

## A pop up will appear for you to type in the Password of the account that was set as the variable of $svcFIMPool

## You may need to correct the username in the following format DOMAIN\ACCOUNT NAME

## Enter the Password in the window

New-SPManagedAccount -Credential (Get-Credential -Message "FIMSPFPoolAccount" -UserName "$Domain\$svcFIMPool")

## ------------------------------------------------------------------------------------------------------------

## CREATE THE SHAREPOINT APPLICATION POOL

## ------------------------------------------------------------------------------------------------------------

## MANUAL METHOD:

## The steps to manually configure this setting in the SharePoint Central Admin Console follow

## Start SharePoint Central Admin

## Under Application Management Select Manage Service Applications

## From the Menu Bar select New

## Select App Management Service

##

## POWERSHELL SCRIPT:

New-SPServiceApplicationPool -Name FIMSPFPool -Account $svcFIMPool

##This next block of code This creates a Web application that uses classic mode windows authentication

New-SPWebApplication -Name "FIM" -Url $site -Port 80 -SecureSocketsLayer:$false -ApplicationPool "FIMSPFPool" -ApplicationPoolAccount (Get-SPManagedAccount $($svcFIMPool)) -AuthenticationMethod "Kerberos" -DatabaseName "FIM_SPF_Content"

##This block of code creates the creates the SP Site

New-SPSite -Name "FIM" -Url $Site -CompatibilityLevel 14 -Template "STS#0" -OwnerAlias $FarmAdminUser

##This next block of code sets Secondary Site Administrator

Set-SPSite –Identity $Site –SecondaryOwnerAlias "$Domain\$SecFarmAdmin"

##This block of code disables server side view state which is required for FIM

$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService

$contentService.ViewStateOnServer = $false

$contentService.Update()

##This last block of code disables self-service upgrade to 2013 Experience mode

#2013 Experience mode is not supported by FIM

$SPSite = SPSite("https://FIMPortal")

$SPSite.AllowSelfServiceUpgrade = $false

## END OF SCRIPT

####################################################################################

Set the SharePoint Administration Service to Automatic and start the service

Start, Services.msc

Right Click the SharePoint Administration service, select Properties

Set Startup type to Automatic

Select Start

Select OK

Remove SharePoint Search Service Application and Proxy

Select the Windows Start button, type SharePoint 2013 Central Administration

If prompted, select Yes to allow program to make changes to computer.

Select Application Management

Under Service Applications, select Manage service applications

Highlight Search Service Application Proxy,

Select Delete button.

On the Delete Service Application Connection page

Select Delete Data associated with the Service Application connections

Select Ok

When notified Service Application connection has been deleted, select Ok

Highlight Search Service Application,

Select Delete button.

On the Delete Service Application page

Select Delete Data associated with the Service Applications

Select Ok

When notified Service Application has been deleted, select Ok

Close the SharePoint Central Administration Window

Enable Windows Updates:

To successfully install SharePoint Foundation 2013 SP1, Windows Update was disabled prior to the installation. Windows Updates should be enabled after the installation procedure is completed to ensure proper patching of the system.  Application patches are not enabled,  opting to manually install application updates after proper testing.

Launch Server Manager

Select Local Server

Adjacent to Windows Update select the link to access the Windows Update settings page.

Select Change Settings

Select Install Updates automatically (recommended)

Under Microsoft Update

Do Not select Give Me Updates for other Microsoft products when I update Windows

Select OK

Close the Windows Update window

Exit Server Manager

Enable IE Enhanced Security Configuration for Administrators:

The SharePoint Foundation 2013 SP1 Prerequisite installer required access to multiple sites to download prerequisite installers. We temporarily disabled IE Enhanced Security for Administrators to allow access to these sites.  Now that the installation is complete, this can be turned back on. 

Launch Server Manager

Select Local Server

Adjacent to IE Enhanced Security Configuration select the link to access the configuration settings page.

Under Administrators, select On

Select Ok

Restart the server