Documentation Submission: Post-install steps

Jun 28, 2011 at 4:23 AM
Edited Aug 15, 2011 at 4:11 AM
After installing you may need to do the following:
  1. Stop the FIM service from failing overnight use the fix HERE
  2. Getting this warning:
    Installation in the global assembly cache failed: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\policy\Policy.11.0.Microsoft.SharePoint.Security.dll
    No solution currently
  3. Give the Farm Account dbo access to the PerformancePoint DB
  4. Start various services on server:
    1. Start the SharePoint Foundation Search service on server (specify accounts and DB)
    2. Start the Microsoft ShaerPoint Foundation Subscription Settings Service
    3. Start the Application Registry Service
    4. Start the Document Conversions Load Balancer Service
    5. Start the Document Conversions Launcher Service (point at Load Balancer)
    6. Start the Claims to Windows Token Service
  5. DON'T set cache account on Central Admin even if you get an error/warning in the event logs. Setting this for the CA will break your ability to edit UPS Profiles in CA and may inhibit scripts from working against the UPS.
  6. Some times you get some entries in the Heath area (Review problems and solutions). Usually you can just tell it to re-analyze and it comes up OK.
  7. Set SessionState to TRUE (if desired) in web.config for each Web App (don't forget new ones you create later!)
  8. Before going to the User Profile Service Application, give the NETWORK SERVICE read access to the following:
    1. C:\Program Files\Microsoft Office Servers\14.0\Service
    2. C:\Program Files\Microsoft Office Servers\14.0\SQL
    3. C:\Program Files\Microsoft Office Servers\14.0\Tools
  9. Configure Synchronization Connection | Create New Connection:
    1. Connection Name:
    2. Type: Active Directory
    3. Forest name:
    4. Account name:
    5. Password/Confirm password:
    6. Populate Containers
    7. Select OUs
    8. Click OK.
    9. You may get the following two errors:
      1. MIISRCW: System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
         at MIISRCW.IMMSServer.Ping()
         at Microsoft.ResourceManagement.SyncConfig.VerifyServerInterface()

      2. The Forefront Identity Manager Service cannot connect to the SQL Database Server.

        The SQL Server could not be contacted. The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the SQL Server connection information could be configured incorrectly.

        Verify that the SQL Server is reachable from the Forefront Identity Manager Service computer. Ensure that SQL Server is running, that the network connection is active, and that the firewall is configured properly. Last, verify the connection information has been configured properly. This configuration is stored in the Windows Registry.

      3. Not sure yet if they are actually a problem.

    10. Edit Connection Filters:

      1. We use: OR otherTelephone is not present

      2. OR userAccountControl Bit on equals 2 (account is disabled)

    11. Click OK

    12. Start Full Profile Sync

    13. Wait about 20 minutes, depending on AD size and filters.

  10. Run a crawl on the "Local SharePoint sites"


And that's as far as I've gotten. Not sure if some of these aren't already part ofthe install scripts.

Anyone else got any ideas/suggestions?


[Updated to change status of setting cache account on CA]
[Updated to include setting of SessionState]

Aug 7, 2011 at 3:02 PM

Hi, sorry for slow response. I can tell you that at least some of these have been resolved/implemented in subsequent AutoSPInstaller releases, and also SP1/June CU for SharePoint itself.


Dec 2, 2011 at 8:32 PM

Just wanted to add my comments based on my recent experience.

1. The FIM failing may be fixed, I haven't come across this error in any recent installs.

2. Similarly, the Policy.11.0.Microsoft.SharePoint.Security.dll in GAC doesn't appear. In any case, its not specific to AutoSPInstaller.

3. The PerformancePoint database now has correct permission, the script gives the Farm account db_owner.

4. Of those services, the Claims to Windows Token Service now gets started if you specified it in the XML. The others don't get started but are probably not needed anyway (in most installs).

5. The script doesn't set the cache accounts on the Central Admin Web App, but good to have that warning out there anyway.

6. No change to health analyzer rules, a lot of them don't make sense but its no different than if you'd use the GUI to install SharePoint.

7. The SessionState = true does not get applied via AutoSPInstaller or the GUI. Not sure if this is a good idea anyway unless you need it.

8. NETWORK SERVICE does get read access to the folders listed via the WSS_WPG group.

9. Sync Connections have to be configured afterwards. I don't think this should be automated anyway.

10. Crawl still has to be started manually, which is probably a good idea :)

Good notes Craig, will incorporate these into an upcoming blog post.