This project has moved and is read-only. For the latest updates, please go here.

multi server install - working example! (hardware load balancing)

Jul 17, 2011 at 9:34 AM
Edited Sep 8, 2011 at 5:26 AM

2 wfe

1 app - all service apps, query and crawl.

1 sql

best practices for tuning the scripts?

Sep 7, 2011 at 6:16 PM
Edited Sep 22, 2011 at 2:56 AM


Hope these notes and example config file may help those faced with a mountain of information wondering where to begin or how to proceed.

For simplicity this method utilizes single AutoSPInstallerInput.xml for both web front-ends and the application server.

Use "Topologies for SharePoint Server 2010" document to determine what servers should have what roles - *
In this example web front-end servers: WEBFRONTEND1, WEBFRONTEND1 are only web servers; APPSERVER1 has all the service and search apps. 
* This is also the recommended setup in the aforementioned document.

Load balancing notes:

  • Hardware load balancer. WEBFRONTEND1, WEBFRONTEND2 are in a pool configured "intranet".
  • SharePoint - configure Alternative Access Mappings by adding the following entries:
    • Custom - http://intranet
    • Custom - http://intranet:8080
  • IIS (perform on the server) - Site Bindings:
    • Portal Home - Host Name - intranet Port - 80
    • MySite Host - Host Name - intranet  Port - 8080

Citrix's Netscaler SharePoint templates -

F5 BIG-IP - Microsoft SharePoint 2010 (BIG-IP v11) -

SQL Alias is created before running the script (script can also do that). May use cliconfg.exe (start - run) on both web front-ends and the app servers. TCP/IP. Server alias: sharepointsql.

Order of operations (can be arbitrary), run script on one server at a time:

  1. Run the script by launching "AutoSPInstallerLaunch.bat" on WEBFRONTEND1, rerun *
  2. Run the script on APPSERVER1, rerun *
  3. Run the script on WEBFRONTEND2, rerun *
    * (it is ok to run the script over several times if at first it doesn't finish all the steps, it will pick up from where it left off)

When scripts successfully complete (after 2,3 times per server?) run SharePoint configuration wizard on every server, excluding SQL.
SharePoint bits are not deployed on the SQL server in this example environment.

AutoSPInstallerInput.xml has to be modified.

Review: config-OWA.xml (web apps key) and answerfile-ForeFront.xml 

AutoSPInstallerInput.xml example:

<?xml version="1.0" ?>
<!-- AutoSPInstaller Sample Configuration File
		General Instructions:
		1. If you use the characters ' " < > & in your configuration (e.g. in passwords) you should encode them as follows:

				'	&apos;
				"	&quot;
				<	&lt;
				>	&gt;
				&	&amp;
				For example <Password>Fd"je&f</Password> should be written <Password>Fd&quot;je&amp;f</Password>
		2. Configuration IS case sensitive.
		3. Use a validator like to check the syntax of your file.
		4. Any element that has a Provision="" attribute controls whether a particular component, site, or service is installed
			 on a particular server. It can be set to either true to provision on every server on which the script is run,
			 false to never provision, or to a list of computer names to provision the service only on the listed machines.
			 This allows you to configure an entire multi-server farm with different servers fulfilling different roles
			 using a single configuration file.
			 e.g. <ExcelServices Provision="Server1 Server2"> would provision excel services only on Server1 and Server2. -->
<Configuration Environment="Dev" Version="2.5.3">
  <!-- The Environment attribute above appears at the top of the installation transcript. It does not affect the installation -->
  <!-- The Install section controls what modifications are made to the Windows OS prior to installation and how the SharePoint installation is run -->
    <!-- ConfigFile is the name of the file containing the unattended install settings for SharePoint's setup.exe
				 You must put your product key in this file -->
    <!-- If true, the SharePoint prerequisite installer will install from the \SharePoint\PrerequisiteInstallerFiles folder.
				 If false, the prerequisites will be downloaded during install. In order to use true you must obviously download all the prerequisites in advance.
			 You can use a script like to quickly accomplish this -->
      <!-- Disables network loopback checks. This prevents the OS blocking access to your server under names other than its actual host name,
					 which SharePoint needs to do for WebDAV requests. -->
      <!-- Disables windows services that are running by default on Windows 2008 that are not used by SharePoint to conserve resources -->
      <!-- Switch off IE Enhanced Security configuration, so that your sites and Central Admin render properly in a browser on the server -->
      <!-- Switch off checking whether the code-signing certificates used to sign the SharePoint code have been revoked. This slows down the
					 start up time for SharePoint, particularly if the server cannot connect to the Internet to perform the revocation check. -->
  <!-- The Farm section contains basic farm-wide settings -->
    <!--Enter the passphase that will be used to join additional servers to the farm. This farm passphrase will also be used for the Secure Store service app-->
    <!-- The "Farm" account that will be used to run Central Administration and the timer service. If AddToLocalAdminsDuringSetup is true, it will be
				 added to the server's local administrators group for the duration of the execution of the script. This is required for some steps, such as
				 configuring the User Profile Synchronization service. If for some reason you need to leave the Farm account in the Administrators group after setup, set LeaveInLocalAdmins to true -->
    <Account AddToLocalAdminsDuringSetup="true" LeaveInLocalAdmins="false">
    <!-- Which server(s) to provision CentralAdmin on. Specify "true" or a list of servers -->
    <CentralAdmin Provision="WEBFRONTEND1 WEBFRONTEND2">
      <!-- If you are creating an alias, <DBServer> is actually the value of the SQL alias; otherwise it's the NetBIOS name of the SQL server or instance. 
								 If you leave <DBServer> blank or specify localhost, script will assume the local server for SQL databases -->
      <!-- The script can create a SQL alias for you. Enter the DBInstance, and if you leave <DBPort> blank, script will assume default port value of 1433 -->
      <DBAlias Create="false"
               DBPort="" />
      <!-- The DBPrefix is prepended to all database names. e.g. If you set this to TEST, your config DB will be TEST_ConfigDB.
					 If you set the prefix to localhost, script will prepend each database with the name of the server on which the script is run. 
					 Leave this blank for no prefix.
					 NOTE: If you are installing a multi-server farm, it is recommended that you do not use localhost as services provisioned on different servers
							 will have different prefixes.
      <!-- The name of the farm configuration database -->
    <!-- The Services section configures the core service instances & components that are part of SharePoint Foundation -->
      <SandboxedCodeService Start="true" />
      <ClaimsToWindowsTokenService Start="true" />
      <SearchQueryAndSiteSettingsService Start="true" />
      <SMTP Install="false" />
      <OutgoingEmail Configure="true">
    <!-- The ManagedAccounts section configures all accounts that will be added to SharePoint as managed accounts. -->
      <!-- The CommonName values should remain unchanged; you can add additional managed accounts, but script expects certain static values for these 4 managed accounts.
					 If you are creating additional web applications, use a new account for each web application with a new common name, unless you are creating a large number
					 of web applications, in which case the additional memory consumption this requires outweighs the security benefits. -->
      <ManagedAccount CommonName="spservice">
      <ManagedAccount CommonName="portalapppool">
      <ManagedAccount CommonName="mysiteapppool">
      <ManagedAccount CommonName="searchservice">
    <!-- The object cache accounts are user accounts that are given FullControl and FullRead privileges on WebApplications so items can be cached by ASP.Net to improve performance.
						 These accounts should not have any special Active Directory privileges other than Domain User membership -->
  <!-- The WebApplications section configures the applications and sites that will be created. You can add additional <WebApplication> child tags to create extra web applications.
				 The AddURLsToHOSTS flag will add all Alternate Access Mappings to the local server's HOSTS file and is useful if you are (for example):
				 creating web apps whose URLs are not defined in DNS yet, a test farm, or if you are creating a DR farm, etc. -->
  <WebApplications AddURLsToHOSTS="false">
    <!-- Web application attributes are as follows:
			"Portal" is the primary site. Exactly one WebApplication should have this type. It is setup as a trusted file location 
			for Excel services, and as the portal site connection for other site collections. The script also uses it internally
			when it requires the URL of an arbitrary site.
			"MySiteHost" is the host web application for mysites.
			Any additional web applications that you create should have a type of your own choice such as "Other"
		name: Name of the web application
		applicationPool: Application pool name
		applicationPoolAccount: DOMAIN\USERNAME of the account under which the application pool runs. This should be a managed account.
		url: URL of the root site collection in the application pool. Do not include the port number, but do set http/https correctly.
		port: Port on which the web application runs.
		databaseName: Name of the first content database.
		useClaims: false = disable claims based authentication. true = enable claims based authentication.
		useBasicAuthentication: false = only accept Kerberos/NTLM claims. true = also accept Basic authentication claims. Has no effect if useClaims is false.
		useOnlineWebPartCatalog: false = disable use of the online webpart gallery on the web application. true (default) enable it. -->
    <WebApplication type="Portal"
                    name="Portal Home"
        <ManagedPath relativeUrl="help" explicit="true" />
        <!-- You can specify multiple site collections within a web application.
				siteUrl: URL of the site collection. Include the port if it is non default for the protocol (80/443). Do not include default ports as this will make the script fail.
				owner: Site collection owner account.
				name: Name/title of the site collection.
				description: Description of the site collection.
				SearchUrl: URL of the search site. This may be in another web application / site collection.
				CustomTemplate: Set to true if a custom template is to be used.
				Template: Name of the template to use.
				LCID: Locale ID of the language pack to use for the site collection.
				Locale: Actual locale of the site for regional settings. e.g. for UK English you use the US English LCID of 1033 but the locale en-gb.
								If omitted, the default locale of the LCID is used.
				Time24: If true, times are displayed using a 24 hour clock. If false, AM/PM is used. If omitted, the default for the LCID is applied. -->
        <SiteCollection siteUrl="http://WEBFRONTEND1"
                        name="Portal Home"
                        description="Portal Home Site"
    <WebApplication type="MySiteHost"
                    name="MySite Host"
        <SiteCollection siteUrl="http://WEBFRONTEND1:8080"
                        name="My Site Host"
                        description="My Site Host"
        <ManagedPath relativeUrl="personal" explicit="false"/>
        <ManagedPath relativeUrl="sites" delete="true" />
  <!-- The ServiceApps section configures service applications included in the standard SharePoint licence.
		Common Attributes:
		Provision: Whether/which servers to provision the service application on
		Name: Name of the application
		ProxyName: name of the application proxy -->
    <ManagedMetadataServiceApp Provision="APPSERVER1"
                               Name="Managed Metadata Service"
                               ProxyName="Managed Metadata Service">
    <!-- EnableNetBIOSDomainName should be set to true if the host portion of your DNS Domain name is different than your NetBIOS domain name.
			 StartProfileSync should be set to true to configure the User Profile Synchronization Service. NOTE: If this is set to TRUE in a multi-server
			 farm, you must run this script first on the machine that will run the profile synchronization service. If you are running SP2010 SP1, you can 
						 specify the SyncConnectionAccount credentials and the script will attempt to create a default Sync connection using the new Add-SPProfileSyncConnection cmdlet -->
    <UserProfileServiceApp Provision="APPSERVER1"
                           Name="User Profile Service Application"
                           ProxyName="User Profile Service Application"
                           SyncConnectionAccountPassword="spservicepass" >
    <EnterpriseSearchService Provision="APPSERVER1"
                             InternetIdentity="Mozilla/4.0 (compatible; MSIE 4.01; Windows NT; MS Search 6.0 Robot)"
                             IndexLocation="D:\Program Files\Microsoft Office Servers\14.0\Data\Office Server\Applications"
        <EnterpriseSearchServiceApplication Name="Search Service Application"
          <ApplicationPool Name="SharePoint Enterprise Search Application Pool" Account="domain\spapppool" Password="apppoolpass" />
            <Server Name="APPSERVER1" />
            <Server Name="APPSERVER1" />
            <Server Name="APPSERVER1" />
            <Server Name="APPSERVER1" />
            <ApplicationPool Name="SharePoint Enterprise Search Application Pool" Account="domain\spapppool" />
          <Proxy Name="Search Service Application" Partitioned="false">
            <ProxyGroup Name="Default" />
    <StateService Provision="APPSERVER1"
                  Name="State Service"
                  ProxyName="State Service">
    <WebAnalyticsService Provision="APPSERVER1"
                         Name="Web Analytics Service Application">
    <SPUsageService Provision="APPSERVER1"
                    Name="Usage and Health Data Collection">
    <SecureStoreService Provision="APPSERVER1"
                        Name="Secure Store Service"
                        ProxyName="Secure Store Service">
    <BusinessDataConnectivity Provision="APPSERVER1"
                              Name="Business Data Connectivity Service"
                              ProxyName="Business Data Connectivity Service">
    <WordAutomationService Provision="APPSERVER1"
                           Name="Word Automation Services"
                           ProxyName="Word Automation Services">
  <!-- The EnterpriseSeviceApps section configures services only available with an Enterprise licence.
		 Common Attributes:
		 UnattendedIDUser: DOMAIN\UserName of the unattended user account. This does not have to be SharePoint managed account, and the same account can be re-used for all services.
		 UnattendedIDPassword: Password of the unattended user account.	-->
    <ExcelServices Provision="APPSERVER1"
                   Name="Excel Services Application"
    <VisioService Provision="APPSERVER1"
                  Name="Visio Graphics Service"
                  ProxyName="Visio Graphics Service"
    <AccessService Provision="APPSERVER1"
                   Name="Access Services"
                   ProxyName="Access Services">
    <!-- If you choose to provision Performance Point Services, the user running the script must be in the sysadmin role of the SQL server whilst the script runs. This can be revoked afterwards. -->
    <PerformancePointService Provision="APPSERVER1"
                  Name="PerformancePoint Service"
                  ProxyName="PerformancePoint Service"
  <!-- The OfficeWebApps section controls the installation of Office Web Apps. Setting Install="true" requires the office web apps installation files to be present -->
  <OfficeWebApps Install="true"
    <ExcelService Provision="APPSERVER1"
                  Name="Excel Calculation Services"
                  ProxyName="Excel Calculation Services">
    <WordViewingService Provision="APPSERVER1"
                        Name="Word Viewing Service"
                        ProxyName="Word Viewing Service">
    <PowerPointService Provision="APPSERVER1"
                       Name="PowerPoint Service Application"
                       ProxyName="PowerPoint Service Application">
  <!-- Install the Adobe PDF iFilter and configure the search indexer to use it. This also adds the proper icon for .pdf files in SharePoint. -->
  <AdobePDFIndexingAndIcon Configure="true"/>
  <!-- Install ForeFront Protection for SharePoint 2010.
			 Configuration and licensing of ForeFront is performed by running its administration program from the Start Menu after installation. -->
  <ForeFront Install="false"
             ConfigFile="answerfile-ForeFront.xml" />
Dec 17, 2011 at 4:12 AM

Sorry for the late reply but thanks for the example/submission!


Jan 24, 2012 at 10:21 PM

Thank you very much for posting this. I was trying to figure out how to get it to work with one app and 2 wfe servers and your configuration file helped greatly and save me a ton of work!! Thank you thank you thank you.

Feb 8, 2012 at 1:41 PM

Hi Guys,


well done, your work saved my day... but i have a short recommendation: Please switch query function to web front end, because all queries will be handled there and all crawl-work will be done by app-server(s), that will also meet microsoft RAP-recommendations.

But thats only a very small detail, no rocket sience ;-)

Cheers, Ingo

Feb 8, 2012 at 4:21 PM
Edited Feb 8, 2012 at 4:23 PM
ingoz wrote:

Hi Guys,


well done, your work saved my day... but i have a short recommendation: Please switch query function to web front end, because all queries will be handled there and all crawl-work will be done by app-server(s), that will also meet microsoft RAP-recommendations.

But thats only a very small detail, no rocket sience ;-)

Cheers, Ingo

Howdy ingoz, really appreciate the feedback!

Farm referenced in my howto post went through Microsoft RAP on Septemeber 2011, found "No Issues" (green) for Search both Health and Risk, as well as overall "No Issues" for Operational Excellence. Also, please note that "medium farm" architecture breaks out query role to the application server.

Comprehensive search configurations are tailored, work in progress, and topology follows organizational patterns of usage.
Two factors that were given special consideration when designing referenced environement:

  • Follow Microsoft's guidance and best practices
  • 2nd phase of the project entails FAST search...

Hope this is helpful. Let's keep this conversation going, so that we can all sleep well.

Apr 2, 2012 at 10:14 AM


I have a question regarding this setup. The URL's provided for the users on the portal and the mysite will be http://webfrontend01 and http://webfrontend01:8080 . I want to have an adress for my intranett like http://sharepoint and http://mysite. How do I achieve this without having to use the port spesification? I have added a dns host name, but have problems finding out how to be able to use http://mysite and not http://mysite:8080 . The latter is currently the only thing that is working. Anyone who can point me in the right direction?

Apr 2, 2012 at 2:00 PM

Hi Bambino,

actually it should work if you configure the webapplilcations like this:

<WebApplication type="Portal"
                    name="Portal Home"
        <ManagedPath relativeUrl="help" explicit="true" />
        <SiteCollection siteUrl=""
                        name="Portal Home"
                        description="Portal Home Site"
    <WebApplication type="MySiteHost"
                    name="MySite Host"
        <SiteCollection siteUrl=""
                        name="My Site Host"
                        description="My Site Host"
        <ManagedPath relativeUrl="personal" explicit="false"/>
        <ManagedPath relativeUrl="sites" delete="true" />

I've just tried it this way and it works. Which version of AutoSpInstaller are you working with?

If your DNS is somehow not working, specify

<WebApplications AddURLsToHOSTS="true">

so the script will create a local hosts entry to verfify SharePoint it actually works on the server and you can then check your DNS Setup.


Apr 2, 2012 at 3:41 PM
Edited Apr 2, 2012 at 6:51 PM

This sounds nice, but how is SharePoint internally figuring out which port to run on? Internally there has to be different ports? I am a developer, not a techie, so DNS and IIS is not my strong side ;) By the way, I am using version 2.5.7

And by the way, how will this setup be combined with Kerberos?

Apr 3, 2012 at 9:10 AM

you define the port:

<WebApplication type="MySiteHost"
                    name="MySite Host"

what else would you want to configure? Within IIS the binding will work based on the combination of URL and Port. SharePoint will create the Webapplication listening on Port 80 but only when the requested URL is so based on a host header. Using this you can have multiple Webapplications on the same system and same IP all running on Port 80 devided by URL.

What exactly do you mean with how will this work with Kerberos? (btw. I'm currently working on a 6 Server deployment using hardware LB and Kerberos, will see if I can publish my findings afterwards)


Apr 3, 2012 at 2:36 PM

Hi larbre,

Thanks for your input. We have now been able to setup this sucessfully by using your example. We also have Kerberos working by following the steps in the official Microsoft Kerberos for SharePoint 2010 guide: This is a pretty long document, but covers the whole lot.

Apr 9, 2012 at 4:30 PM

Well done!

It made me very happy to see someone had written scripting around the exact server configuration I'm using!  I'm new to PowerShell, but learning a LOT through this process. Your post has been very helpful to me. 

I was curious if you'd run across a particular situation I'm dealing with currently.  While trying to get the XML input file populated (based on your example), my boss hands me an MSDN disk that combines the installation files for SharePoint 2010 with SP1 included! Oof!  Now what do I do?  :^)

While I would like to make use of the all-in-one disk, it would appear there are some structural differences from the original. This wouldn't normally be a problem, except that AutoSPInstaller was written based on files/locations specific to the original installtion files.  Most notable is the OfficeWebApps portion of the install.  As an example, AutoSPInstaller is looking for a file called "". The original installtion files probably include this file.  Unfortunately, the new installation files (with SP1) include a file called wacwfe.MSI.  Interestingly enough, once I found the CAB file and copied to the correct location, AutoSPInstaller contintued to run normally.  There are other issues, of course, but this was the simplest one to explain.

I guess my question is, how difficult would it be to modify AutoSPInstaller to accomodate the differences in installation disks?  Am I borrowing trouble by attempting this, or is this something you guys have already looked into?

Thanks again for a great resource!





Apr 11, 2012 at 7:05 PM
Edited Apr 11, 2012 at 7:07 PM


Thanks for the wonderful post, am following your post to setup my QA environment (1WFE, 1APP, SQL DB Cluster).  I want Web Applications and Search to be on WFE and all other services and CA to be on APP server. I see all the services are provisioned in APP server, but I dont see Web Applications ( Portal and Mysite ) provisioned.


  1. <CentralAdmin Provision="QAAPP01">
  2.   <WebApplications AddURLsToHOSTS="false"> , can I include Provision  ="QAWFE01" here...?
  3.    <UserProfileServiceApp Provision="QAAPP01">

 Also please suggest the ideal server (WFE or APP or split) to have Enterprise search service, Crawl and Query servers.

Thanks in Advance.


Apr 12, 2012 at 9:46 AM

Hi Ramii,

as far as I can see inside the scripts the webapp function does not take the provision flag into account. Actually I'm just right now working on the very same issue, where I want webapps to be available only on WFE. So I modified the code to use the provions flag. Unfortunately this doe not work for now. Somehow web apps are deployed on the App Server as well. I'll keep you posted.


Apr 12, 2012 at 12:50 PM

Guys, web apps are actually provisioned to farms, not servers. However to control which servers actually host content web applications, you'd use the SharePoint Foundation Web Application Service (via Central Admin). The web apps (really, the IIS sites) will be removed from the servers on which this service instance is stopped. While I do have a function in the script that stops this service, it currently isn't implemented so you'd need to stop that service yourself on your App servers afterwards.


Apr 12, 2012 at 6:25 PM
Edited Apr 12, 2012 at 7:01 PM

Thanks Stefan and Brian for your quick replies.

Brian, if I understood right, web apps are provisioned at farm level on all servers intially, but we have a function in the script (not being implemented) that can stop SP Foundation web App Service on APP Server. Can you tell me which function in the script, can you please share it.

or without script, i can simply turn off web apps service on app server, should that be fine...?


Apr 13, 2012 at 4:56 AM

Web Apps are entities (Objects) that are farm-wide. Once you provision them, you provision them on the Farm. The farm itself is a logical entity.

You can use this to know the GUID of the Service Instance of "Microsoft SharePoint Foundation Web Application"

Get-SPServiceInstance | where-object {$_.typename -like "*foundation web*"} | select typename, server, Status, ID | ft -au

Note the GUID for the service on the Server you want to stop, then you can stop it via:

Stop-SPServiceInstance -identity <GUID>

I typically stop it from the Central Administration. "Manage Services on Server".


Apr 13, 2012 at 5:15 PM

Thanks Joseph,

farm wide provision is it like...multiple instances of web apps one on each server on the farm and we later remove instances where we dont need...?