Roux Visser’s SharePoint Blog

29/01/2009

The SharePoint Central Administrator Configurations

Filed under: SharePoint Configuration, SharePoint Guides, SharePoint 2007 — Roux Visser @ 08:57 pm

Once SharePoint has been installed it is time to configure the services and settings for your SharePoint farm, the following post will outline Microsoft Best Practices for doing so.

 Notes

  • If you are prompted for your user name and password, you might need to add the SharePoint Central Administration site to the list of trusted sites and configure user authentication settings in Internet Explorer. Instructions for configuring these settings are provided in the next set of steps.
  • If you see a proxy server error message, you might need to configure your proxy server settings so that local addresses bypass the proxy server. Instructions for configuring this setting are provided later in this section.

Add the SharePoint Central Administration site to the list of trusted sites

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. On the Security tab, in the Select a Web content zone to specify its security settings box, click Trusted Sites, and then click Sites.
  3. Clear the Require server verification (https:) for all sites in this zone check box.
  4. In the Add this Web site to the zone box, type the URL for the SharePoint Central Administration site, and then click Add.
  5. Select the Require server verification (https:) for all sites in this zone check box.
  6. Click Close to close the Trusted Sites dialog box.
  7. Click OK to close the Internet Options dialog box.

Configure user authentication settings for trusted sites

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. On the Security tab, in the Select a Web content zone to specify its security settings box, click Trusted sites, and then click Custom Level.
  3. In the Settings list box, under User Authentication, click Automatic logon with current username and password.
  4. Click OK twice.

Note: If you do not want to add the SharePoint Central Administration site to the list of trusted sites, but you do not want to be prompted for your user name and password every time you access the SharePoint Central Administration site, you can instead add the SharePoint Central Administration site to the Local intranet zone. If you do this, you must enable the Automatic logon only in Intranet zone user authentication setting instead of the Automatic logon with current username and password user authentication setting. 

Configure 2007 Office SharePoint Server services

After you have installed and configured Office SharePoint Server 2007 on all of your front-end servers, you must configure Office SharePoint Server 2007 services. The services you need to configure depends on your server topology and the server roles you deploy. Use the following guidelines to determine which services you need to configure in your server farm.

  • Search and indexing servers You must start and configure the Office SharePoint Server Search service on at least one of your front-end servers. This service provides search and indexing services. You can start and configure this service on any type of server, including a server that is acting as an application server and provides only Office SharePoint Server 2007 services, a server that is acting as both an application server and a Web server and provides both Office SharePoint Server 2007 services and Web services, or a server that is acting as a Web server and provides only Web services.
  • Web servers The Web server role is implemented by IIS and the Windows SharePoint Services Web Application service. The Windows SharePoint Services Web Application service must be running on any server that acts as a Web server and renders Web content. This service is started by default on servers that you set up using the Web Front End option during Setup. If you set up a server using the Complete option during Setup, and you want that server to act as a Web server and render Web content, then you must start the Windows SharePoint Services Web Application service on that server.



In addition to configuring services on your front-end servers, you must create the Shared Services Provider (SSP). The SSP makes it possible to share the Office SharePoint Server 2007 services across your server farm. You must create the SSP before you can use it in a farm environment; Office SharePoint Server 2007 does not create the SSP by default in a farm environment.

The following procedures step you through the process of configuring Office SharePoint Server 2007 services, creating a Web application for the SSP, creating the SSP, and configuring indexing settings.

 Start and configure the Search service

  1. On the SharePoint Central Administration home page, click the Operations tab on the top navigation bar.
  2. On the Operations page, in Topology and Services, click Servers in farm.
  3. On the Servers in Farm page, click the server on which you want to configure the search service.
  4. Click Start next to Office SharePoint Server Search.
  5. On the Office SharePoint Server Search Settings page, in the Query and Indexing section, make sure that the Use this server for indexing content and Use this server for serving search queries check boxes are selected.
  6. In the Default Catalog Location section, type a path to a physical folder to store the index files, or use the default location that is specified.
  7. In the Contact E-Mail Address section, specify a valid e-mail address.
  8. In the Service Account section, click Configurable, and in User name and Password, type the user name and password for the user account under which you want the Search service to run. The user account must be a member of the Administrators group on the computer that is running the Search service. If you want to use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers, see the Known Issues/Readme for Office SharePoint Server 2007 Beta 2. The user name must be in the format DOMAIN\username.
  9. In the Web Front End And Crawling section, do one of the following:
  • If you are configuring the search service on a server that provides Web services and renders Web content, click No dedicated Web front-end computer for crawling
  • If you are configuring the search service on a server that is a standalone search server that does not provide Web services and render Web content, click Use a dedicated web front end computer for crawling, and then, in Select a web front end computer, click the computer you want to use for crawling.
  1. Click Start.

Start the Windows SharePoint Services Web Application service

You must start the Windows SharePoint Services Web Application service on every computer that you want to act as a Web server and was set up using the Complete option during Setup. This service is started by default on servers that were set up using the Web Front End option. To enhance security, you can leave this service turned off on application servers that do not provide Web content to client computers. Also, you do not need to turn this service on to use SharePoint Central Administration on a server.

  1. On the SharePoint Central Administration home page, click the Operations tab on the top navigation bar.
  2. On the Operations page, in Topology and Services, click Servers in farm.
  3. On the Servers in Farm page, click the server on which you want to start the Windows SharePoint Services Web Application service.
  4. Click Start next to Window SharePoint Services Web Application.

Create the Shared Services Provider

  1. On the SharePoint Central Administration home page, click the Application Management tab on the top navigation bar.
  2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.
  3. On the Manage this Farm’s Shared Services page, click New SSP.

Important: If you have not created a Web application for the SSP administration site, you need to create one before you create the SSP. If you have already created a Web application for the SSP administration site, skip to step 14.

On the New Shared Services Provider page, click Create a new Web application.

  • On the Create New Web Application page, in the IIS Web Site section, click Create a new IIS web site, and do not modify the default settings in this section.
  • In the Security Configuration section, under Authentication provider, select the appropriate option for your environment, and do not modify the default settings in the remainder of this section.
  • In the Load Balanced URL section, do not modify the default settings.
  • In the Application Pool section, click Create new application pool.
  • In Application pool name, enter the name of your application pool or use the default name.
  • Click Configurable, and in User name and Password, type the user name and password for the user account under which you want the application pool to run. The user account does not have to be a member of any particular security group. It is recommended that you use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user name must be in the format DOMAIN\username.
  • In the Database Name and Authentication section, verify the database information and make sure that Windows Authentication (recommended)is selected.
  • In the Search Server section, do not modify the default settings.

Click OK. Upon successful creation of the Web application, the New Shared Services Provider page appears.
NOTE: If the SharedServices Provider created successfully but can not be displayed in your web browser then follow these steps to correct this issue:

This issue happens when creating all your sites in the same web application which means they use the same port, these sites are:

  • Shared Service Provider Administration Site (Recommended to be called ‘SSPAdmin’)
  • My Site Host (Recommended to be called ‘MySite’)
  • The Main Intranet (or ‘Portal’) Site (Recommended to be called ‘Intranet’)

It is much simpler if all of these sites are on port 80 in IIS; this means that you do not have to remember to enter the ports all of the time. However having all three sites on port 80 means that each needs their own Host Header (required by IIS to differentiate between sites on the same port). The simplest way to do this is to create new ‘Host (A)’ records in DNS for each of your three sites. These should point to the IP address of your server; to do this follows these steps:

  • Open the DNS Management tool from Administration Tools on your domain controller
  • Navigate to your DNS zone
  • Create new ‘Host (A)’ record
  • Enter the Host header (i.e. ‘SSPAdmin’, ‘MySite’ or ‘Intranet’) for the site and the IP address of your server
  • Click ‘Add Host’ and repeat for each of the three sites

Now the DNS entries are configured, we can continue.

  • In the SSP Name section, in Web Application, select the Web application that you created for the SSP, and do not modify any of the default settings in this section.
  • In the My Site Location section, do not modify any of the default settings.
  • In the SSP Service Credentials section, in User name and Password, type the user name and password for the user account under which you want the SSP to run. The user account does not have to be a member of any particular security group. It is recommended that you use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user name must be in the format DOMAIN\username.
  • In the SSP Database section, you can either accept the default settings (recommended), or specify your own settings for the database server, the database name, or the SQL authentication credentials.
  • In the Search Database section, you can either accept the default settings (recommended), or specify your own settings for the search database server, the database name, or the SQL Server authentication credentials.
  • In the Index Server section, in Index Server, click the server on which you configured the Search service.


    Note: If there is no index server listed in the Index Server section, then no server in your farm has been assigned the index server role. To assign the index server role to a server in your farm, follow the instructions in the “Configure the Search service” section earlier in this topic.

  1. In the SSL for Web Services section, click No.
  • Click OK. Upon successful creation of the SSP, the Success page appears.
  • On the Success page, click OK to return to the Manage this Farm’s Core Services page.

Configure indexing settings

  1. On the SharePoint Central Administration home page, click the Application Management tab on the navigation bar.
  2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.
  3. On the Manage this Farm’s Shared Services page, click SharedServices1.
  4. On the Shared Services Administration page, in Search, click Search Settings.
  5. On the Configure Search Settings page, in the Crawl Settings section, click Default content access account.
  6. In the Default content access account section, in Account, Password, and Confirm Password, type the user name and password for the user account that you want to use to crawl content on your sites. This account must be a domain user account. It is recommended that you use the principle of least privilege and select a unique user account that cannot modify content and does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user account that you specify will be added to the Web application Full Read policy for your farm. The user name must be in the format DOMAIN\username.
  7. Click OK.
  8. In the Crawl Settings section, click Content sources.
  9. On the Manage Content Sources page, click Local Office SharePoint Server sites.
  10. On the Edit Content Source page, in the Crawl Schedules section, under Full Crawl, click Create schedule.
  11. In the Manage Schedules dialog box, configure schedule settings for full crawls of your content, and then click OK.
  12. In the Crawl Schedules section, under Incremental Crawl, click Create schedule.
  13. In the Manage Schedules dialog box, configure schedule settings for incremental crawls of your content, and then click OK.
  14. In the Start Full Crawl section, select the Start full crawl of this content source check box, and then click OK.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

You must be logged in to post a comment.

Powered by WordPress