Feedback and Enhancement request

Jul 14, 2011 at 8:56 PM
Edited Jul 14, 2011 at 9:14 PM

First of all, I wanted to thank you for creating such a great script. I have been using it and wanted to provide some feedback, bring some of the issues and questions to your attention.  My recent deployment consisted of two SharePoint servers, both setup identically as Web/Application servers to host three web applications including the central admin web application, query and crawl service roles. Service Application included Search, User Profile, State, Metadata, and Usage and Health Data Collection service. Since there is no "how to" document for these scripts, I had to learn it on my own and coming back to this site for additional support. I really enjoyed working with your script however I wanted provide the following feedback based on my expreience which I hope will help with further improving the script: 

Questions:

  • How to best use the XML Input file to setup an Application and Web server? What elements should be set to true or commented out for web and application server? What about when configuring two App servers with same set of services, including crawl and query roles?
  • What is <WebApplication type= element in the Web Applications tag? What is its use?
  • Since new cumulative updates are available, are the workarounds such as for loopbackcheck, creating profiles for service accounts provided in the function script still needed?
  • What is the SearchUrl="http://localhost/search" attribute in the XML input file? Also ManagedPath relativeUrl="help" explicit="true"?
  • What is ShareName="SearchShare attribute in the EnterpriseSearchService element in the XML input file?
  • What features and services are installed by the ConfigureFarm function? Are these the same services and features that are installed by the Config Wizard?
  • Does the script makes any changes outside of what you would normally configure using the config wizard?

 Enhancement request:

  • Provide True/False provision switch for Web Applications when running the script on additional server. Once these web apps are created on the first server, I don't think there is any need to specify them for additional servers. When server joins a farm, config wizard creates them automatically.
  • Provide a function to Enable managed account password to reset for a given period.
  • Bind single-name URLs such as http://team to IIS Host Header Binding for Intranet scenarios.
  • Provide option for Kerberos Authentication.
  • Provide True/False provision option for creating site connection to portal site.
  • True/False switch for Search Administration Component. This component can only be deployed only on one server. Running the script on additional App server causes this component to move to new server and causes unexpected behavior. As a workaround, I turned the EnterpriseSearchService provision switch to False for additional App server.
  • Configuring disk based Blob Cache
  • Adding AD groups to SharePoint groups
  • Setting Alternate Access Mappings (AAM)

Issues:

  • Crawl service doesn't work. When you start crawl, it endlessly runs, and nothing gets crawled and I get the "Query server not responding " error in the Search Service Administration dashboard.
  • Following alerts appear in Health Analyzer after the deployment:
    • "Accounts used by application pools or service identities are in the local machine Administrators group. Using highly-privileged accounts as application pool or as service identities poses a security risk to the farm, and could allow malicious code to execute. The following services are currently running as accounts in the machine Administrators group:" The account this alert refers to is the web application pool service account.
    • "Trial period for this product is about to expire" alert in Health Analyzer" This alert appears after second server is joined to the farm.
  • I understand as a workaround, User Profile Service is created using Farm account which make the farm account DBOwner for each of the Sync, Profile, and Social databases. This causes backup to fail which ran under the install account. I had to manually make the install account DBOwner of these databases to resolve this issue.
Jul 25, 2011 at 5:29 PM

I'll let Brian answer authoratatively but here's my take on your questions:

  • How to best use the XML Input file to setup an Application and Web server? What elements should be set to true or commented out for web and application server? What about when configuring two App servers with same set of services, including crawl and query roles?
    • Even though 2.5 allows a single XML to be used, I've still created separate XML files for each server. For Web Apps, I'll comment out (use HTML commenting) the section for subsequent WFEs. For anything with true/false, I just set it to false unless I want to start the service on multiple servers. I agree, it would be nice to have Web App & Site Collections have a "true" or "false" as well.
  • What is <WebApplication type= element in the Web Applications tag? What is its use?
    • My guess is that this is simply used by the script to distinguish between MySites and the other site. So I've used it to create "Team Sites" Web App and site collection, even though it says "Portal." I just use the STS#0 template instead of the portal one.
  • Since new cumulative updates are available, are the workarounds such as for loopbackcheck, creating profiles for service accounts provided in the function script still needed?
    • Each workaround has to be validated separately. I'm in the process of doing that so I don't know. But, loopbackcheck is a "feature" not a bug and its not specific to SharePoint. It'll never be "fixed" so that one is needed for sure.
  • What is the SearchUrl="http://localhost/search" attribute in the XML input file? Also ManagedPath relativeUrl="help" explicit="true"?
    • Need to validate this but the SearchUrl should be the URL for the search center. Not sure about the other one.
  • What is ShareName="SearchShare attribute in the EnterpriseSearchService element in the XML input file?
    • This will actually create a shared folder on the server with the name specified. Its used for holding a copy of the index. If you go to Computer Management, Shared Folders, you'll see it there.
  • What features and services are installed by the ConfigureFarm function? Are these the same services and features that are installed by the Config Wizard?
    • Not the same, the Config Wizards (after install) creates Web Apps and provisions services - it does some of what this script does. The ConfigFarm function does a lot of what is done when you first install SharePoint and setup a Central Admin site/join a farm. Here's the reference: http://technet.microsoft.com/en-us/library/cc262839.aspx#section6
  • Does the script makes any changes outside of what you would normally configure using the config wizard?
    • Yes, lots. It goes beyond the config wizard and implements several best practices that most people don't think about or would take a long time to do. My favorite examples are: a) using stsadm or powershell to set up the object cache accounts; most people don't think of this until they see the event log errors and b) renaming the Performance Point DB; you can't do this the "normal" way. You have to perform a backup and restore, rather than rename, to get rid of the GUID. The script automates this and much much more.

The script won't troubleshoot errors (like unable to connect to database server) or configure things outside of SharePoint (like firewalls). So, you still need to prepare and know what you're doing. For example, you still need to configure the main "config.xml" that comes with SharePoint. But it DOES provide consistency to your installs and implements a bunch of best practices.

Issues

  • I haven't had problems with the Crawl service, could be something with your environment.
  • The "Using highly-privileged accounts..." rule is flawed in my opinion. I have to make the Farm account a local admin because, Forefront needs those permissions and UPS (also flawed) needs it to restart after a backup.
  • Trial period error: I haven't seen this before. It could be the key you are using is not correct.

Enjoy!