SharePoint 2013: Reduce AppFabric Calls to Active Directory

AppFabric is a key part of any SharePoint 2013 as we all know by now. It’s used for many things indeed all over the product and AppFabric in turn uses Active Directory to make sure only authorised processes get access to the cache data.

Thus when SharePoint uses AppFabric, it opens a new TCP connection to it and AppFabric has to authenticate that connection with Active Directory; the same as when a user/browser connects to a Windows authentication protected website. Just as with the browser/IIS connection, there’s two ways of authenticating to AppFabric – NTLM or Kerberos, with NTLM being picked if Kerberos isn’t setup. Given Kerberos is a more efficient protocol at caching authorisation we want to use that over NTLM to reduce traffic to AD as it’s just better designed in that respect.

If you have Kerberos logging enabled on a web-front-end for example, something you’ll notice is these SPNs being requested and not being found:

 

 

Notice anything about the SPN? Yep, it’s the AppFabric server we’re trying to use – the client (SharePoint) is trying to connect via Kerberos and it’s not working so we have to fail-back silently to NTLM. That works of course as far as SharePoint’s concerned but we have generated more traffic than we wanted due to this security protocol fall-back.

 

Add AppFabric SPNs to Reduce Calls to Active Directory

As with HTTP, we want to use Kerberos for AppFabric authentication to reduce the extra logins to Active Directory. This is just done by adding the right SPNs to the app-fabric account in the form of:

• AppFabricCachingService/server:22233
• AppFabricCachingService/server.domain.fqdn:22233

This you do with either ADSI Edit or setspn; in my example:

• setspn -U -S AppFabricCachingService/sharepointserver01:22233@scshiva.LOCAL scshiva\svc_cache

That should take care of both SPNs but you might want to try adding the NetBIOS one too manually – Win2012 will duplicate-check the SPN first anyway so there’s no risk. Check the security log again after the change with Kerberos logging enabled to double-check it’s worked if you’re unsure. First though, restart AppFabric (and if I remember right IIS might be necessary too) and you should be good to go – AppFabric will make significantly less calls to Active Directory as it’ll use a Kerberos token instead.
If this is of particular interest I can probably expand on this subject, but that’s it for now.

 

With Regards,

சிவசங்கரன் (Shivashankaran)





Configuring a SharePoint farm in single server without domain controller.

Recently I had a requirement of configuring 25 SharePoint development servers.

The beauty of the requirement is "The servers are not joined with Domain".

As usual, I installed the SQL Server 2012 Standard edition.

When installing the prerequisites of SharePoint, The IIS throws the configuration error, had more than 2 cup of coffee, then only released I am having SharePoint 2013 RTM version and trying to install it in Windows server 2012 R2. This is not possible.

Then downloaded the SharePoint 2013 with SP1 and installed the prerequisites and SharePoint too with complete option.

Didn't expect, that I will going to be in office for another 2 hours for configuring the SharePoint. Got the below error and absolutely yes got the help from Mr.Google.

 

 

SharePoint PowerShell is really powerful tool, because it have some backend gate to configure the SharePoint illegally or they missed to check the condition from configuring from PowerShell.

 

Open the SharePoint management Shell with Elevated permission(Run As administrator).

 

Execute the command called New-SPConfigurationDatabase.

 

It will shoot out some question to you like Config Database Name, Database Server Name, Credentials (Enter the local account like below) and provide the passphrase.

 

 

Go and take some sambar vadai(south indian dish), with coffee or some other and open the system the above mentioned command executed successfully. Go to ssms and check the database server you can see SharePoint Config database and admin content database.

 

Now run the SharePoint configuration wizard and choose DO NOT DISCONNECT THE SERVER FROM FARM.

 

Catch you later on next post. Post your queries if you have anything.

 

Desinging the Search Topology in SharePoint 2013.

Earlier in SP2010 we had an option of amending the search topology in the central Administration itself. But in SP2013 you need to amend the topology through SharePoint PowerShell alone.


In My Scenario I have 2 WFE, 1 APP, 1 for Crawl and 1 for Index.

First of all we need to start the Search Service in the necessary server. So I need to start the service in the APP1, Crawl and Index server.

$hostA = Get-SPEnterpriseSearchServiceInstance -Identity "App1"
$hostB = Get-SPEnterpriseSearchServiceInstance -Identity "Crawl"
$hostC = Get-SPEnterpriseSearchServiceInstance -Identity "Index"
Start-SPEnterpriseSearchServiceInstance -Identity $hostA
Start-SPEnterpriseSearchServiceInstance -Identity $hostB
Start-SPEnterpriseSearchServiceInstance -Identity $hostC

Check the status of SSA after started

Get-SPEnterpriseSearchServiceInstance -Identity $hostA
Get-SPEnterpriseSearchServiceInstance -Identity $hostB
Get-SPEnterpriseSearchServiceInstance -Identity $hostC



Creating new topology in the existing service application which we have in the farm

$ssa = Get-SPEnterpriseSearchServiceApplication
$newTopology = New-SPEnterpriseSearchTopology -SearchApplication $ssa

Creating the necessary components in the new topology. Here I am creating the Admin Component, Analytic Component will be in APP Server

Crawl and Content Processing will be in Crawl Server.

Query processing and Index component will be in Index server. 
 
New-SPEnterpriseSearchAdminComponent -SearchTopology $newTopology -SearchServiceInstance $hostA
New-SPEnterpriseSearchCrawlComponent -SearchTopology $newTopology -SearchServiceInstance $hostB
New-SPEnterpriseSearchContentProcessingComponent -SearchTopology $newTopology -SearchServiceInstance $hostB
New-SPEnterpriseSearchAnalyticsProcessingComponent -SearchTopology $newTopology -SearchServiceInstance $hostA
New-SPEnterpriseSearchQueryProcessingComponent -SearchTopology $newTopology -SearchServiceInstance $hostC
New-SPEnterpriseSearchIndexComponent -SearchTopology $newTopology -SearchServiceInstance $hostC -IndexPartition 0

Activating the topology which we created.

Set-SPEnterpriseSearchTopology -Identity $newTopology

Get the list of topologies which are available in the search serviceapplication. In my scenario the existing one will be available and that will be deactivate after executing the above mentioned Set-SpEnterpriseSearchTopology.

Get-SPEnterpriseSearchTopology -SearchApplication $ssa

In the output of above command just make a note of inactive topology id.

Remove-SPEnterpriseSearchTopoly -Identity "InactiveToplogy ID" -SearchServiceApplication $ssa


That's it now you can check the component status in the central adminstration -> Manager Service Application -> Search Service Application.


Thanks.

சிவசங்கரன் (Shivashankaran)

SharePoint 2013 Service Pack 1 had 2 versions

                       Microsoft has re-released Service Pack 1 for SharePoint 2013. Hopefully this time with fewer bugs. I haven’t taken it for a full test drive yet, so this blog post will likely get updated in the next few days.

If you have already installed SP1 on your farm, install this new SP1 on top of it, then run the Config Wizard, like you would with any other patch. If you’re at some lower patch level, use the same steps.

Here are some links.

SharePoint Foundation – KB – Download

SharePoint Server        – KB – Download

Project Server             – KB – Download

Office Web Apps          – KB – Download

Thanks,
சிவசங்கரன் (Shivashankaran)

OWA Configuration for SharePoint 2013.

Install the OWA server set up first. Once done open the Windows power-shell with elevated permission (Run as administrator)

The below command will create new farm structure of OWA and you can use this in your application such as SharePoint, Lync and etc. Here I used the OWA with my SharePoint application.

> New-OfficeWebAppsFarm –InternalURL "http://owa" -ExternalURL "http://owa.scshiva.com" –AllowHttp -EditingEnabled

the above command will show the below as output:

FarmOU                           :
InternalURL                     : http://owa/
ExternalURL                     : http://owa.scshiva.com/
AllowHTTP                       : True
SSLOffloaded                     : False
CertificateName                 :
EditingEnabled                   : True
LogLocation                     : C:\ProgramData\Microsoft\OfficeWebApps\Data\Logs\ULS
LogRetentionInDays               : 7
LogVerbosity                     :
Proxy                           :
CacheLocation                   : C:\ProgramData\Microsoft\OfficeWebApps\Working\d
MaxMemoryCacheSizeInMB           : 75
DocumentInfoCacheSize           : 5000
CacheSizeInGB                   : 15
ClipartEnabled                   : False
TranslationEnabled               : False
MaxTranslationCharacterCount     : 125000
TranslationServiceAppId         :
TranslationServiceAddress       :
RenderingLocalCacheLocation     : C:\ProgramData\Microsoft\OfficeWebApps\Working\waccache
RecycleActiveProcessCount       : 5
AllowCEIP                       : False
ExcelRequestDurationMax         : 300
ExcelSessionTimeout             : 450
ExcelWorkbookSizeMax             : 10
ExcelPrivateBytesMax             : -1
ExcelConnectionLifetime         : 1800
ExcelExternalDataCacheLifetime   : 300
ExcelAllowExternalData           : True
ExcelWarnOnDataRefresh           : True
OpenFromUrlEnabled               : False
OpenFromUncEnabled               : True
OpenFromUrlThrottlingEnabled     : True
AllowHttpSecureStoreConnections : False
Machines                         : {OWAServer}



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

Now login to SharePoint 2013 server:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

1. Open the SharePoint Powershell with elevated permission (Run as administrator).

2. Execute the below command one by one.



> New-SPWOPIBinding -ServerName OWAServer.scshiva.com  -AllowHTTP

The above command will give multiple line as a output. Then execute the below commands one by one.


> Get-SPWOPIZone
OutPut: internal-https

If the above shows the https then need to execute the Set-SPWOPIZONE command. If the above out put is http then skip the next 2 steps.

> Set-SPWOPIZone -zone "internal-http"
> Get-SPWOPIZone
internal-http

> (Get-SPSecurityTokenServiceConfig).AllowOAuthOverHttp
OutPut: False

If the above output is "False" the run the next set of command.
> $config = (Get-SPSecurityTokenServiceConfig)
$config.AllowOAuthOverHttp = $true
$config.Update()

Run the below command to confirm the status is True.
> (Get-SPSecurityTokenServiceConfig).AllowOAuthOverHttp
OutPut: True

Post your quires in the below. :-)

Administration on HNSC URL

Earlier we discussed about HNSC Concept and How to create HNSC in SharePoint. To know that click here

In this post I am explaining how to manage(Add/Remove) the URL of HNSC.

Add URL for HNSC site.

To view the existing URL's and its zone use the below command.

Get-SPSiteURL -Identity "http://FirstSiteCollection.SharePointShiva.com"

Note the output and Use the below command to add the new URL in existing site collection

Set-SPSiteURL -Identity "http://FirstSiteCollection.SharePointShiva.com" - Url  http://addingnewurl.SharePointShiva.com -Zone "custom"

The above command will add the new url called addingnewurl.sharepointshiva.com to the existing site collection which contain the url called firstsitecollection.sharepointshiva.com

Don't forget to mention the ZONE.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Remove the URL of HNSC.

Remove-SPSiteURL -Identity http://firstsitecollection.sharepointshiva.com

Post your query in comment.

Host Name Site Collection Concept (HNSC) - SharePoint

In the post we are going to know about Host Name Site Collection concept.

What is Host Name Site Collection?
Host Name is referring a identity for the computer in general. The URL of web application in SharePoint will be "<http(or)https>://HOSTNAME:PORT" eg: http://sharepointwebserver:2204.

In this web application we can create one site collection in root level and that can access using the above mentioned URL or some other alternate access mappings url in SharePoint.

In my scenario I need to have 9 site collections in one web application and each site collection should have its unique url (No Managed Path).

Then my minds arise a question I can have 5 URL's in SharePoint but all the 5 will access the one site collection which I created in ROOT. To achieve the requirement we need to choose the HNSC concept in SharePoint. The below example and syntax shows how to create a site collection using HNSC concept.

For getting the syntax and description for options in the syntax click here

Example: New-SPSite -Url "http://FirstSiteCollection.SharePointShiva.com" -OwnerAlias SharePointShiva\SPHNSCAdmin -ContentDatabase WSS_Conent_HNSC1stSC -HostHeaderWebApplication http://sharepointwebserver:2204 -Name FirstSiteCollectionUsingHNDCConcept -Template STS#0

In the above mentioned powershell command have list of option and check the description below.

-URL : Provide the SiteCollectionURL which required this will be similar to ROOT.
-HostHeaderWebApplication : Provide the WebApplication URL in this Option so that that the site collection will create under the web application.
-Template : Mention the template code here to create the SC with the corresponding template to know more template click here

Soon I will post about how to set the another URL for the HNSC and how to remove the URL.. Stay Tuned.