Chandima.Net Blog for SharePoint solutions
 
Subscribe via RSS RSS Feed
All about SharePoint best practice... ask me how
Home | Contact Me | Search this Blog
Categories
SharePoint 2007
SharePoint 2003
Events
General
Industry Report
Tech Stuff
Administration
User Group
Development
Planning
Deployment
Training
PerformancePoint
SharePoint 2010
Archives
February 2007 (14)
March 2007 (17)
April 2007 (10)
May 2007 (13)
June 2007 (4)
July 2007 (15)
August 2007 (10)
September 2007 (5)
October 2007 (7)
November 2007 (7)
December 2007 (3)
January 2008 (5)
February 2008 (10)
March 2008 (16)
April 2008 (7)
May 2008 (9)
June 2008 (9)
July 2008 (8)
August 2008 (5)
September 2008 (6)
October 2008 (6)
November 2008 (5)
December 2008 (2)
January 2009 (3)
February 2009 (4)
March 2009 (4)
April 2009 (1)
May 2009 (2)
June 2009 (5)
July 2009 (4)
September 2009 (3)
October 2009 (2)
November 2009 (2)
January 2010 (3)
March 2010 (3)
April 2010 (2)
May 2010 (3)
July 2010 (1)
September 2010 (1)
October 2010 (1)
November 2010 (3)
January 2011 (2)
February 2011 (3)
June 2011 (2)
July 2011 (2)
Other Blogs
SharePoint Team Blog
Joel Oleson
Gavin Barron
Chakkaradeep Chandran
William Baer
Brendon Schwartz
Bob Fox
Andrew Connell
Michael Sampson
Ian Morrish
Vincent Rothwell
Nick Swan (BDC Metaman)
Robert Stewart
Ishai Sagi
Leading Virtually
Matt Smith
IT Pro SharePoint Blog
Camilo Borges
Paul Culmsee
Jeremy Thake
Spencer Harbar
Nick Hadlee
Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway. All posts are provided "AS IS" with no warranties, and confers no rights.
Does your SQL server look like this after a SharePoint install? [ Posted on: 02-October-2007 ]

 

The below screen shot was from a SQL server where SharePoint was installed. Notice the database names. Now if this was a managed SQL server environment the DBA's or system administrators would be wondering what the heck are these databases?

SQL_DBs

You may also notice that a few of the Admin Content Databases are offline. This was taken from a server where something went wrong. I can't specifically say what it was. But the point of this post is to highlight that you can actually give these databases proper names that would make sense.

For a seasoned SharePoint administrator this is obvious that the user who installed SharePoint did not use PSCONFIG to provision the databases. In a shared database environment if you have not documented your install well it will become very difficult for someone who has no SharePoint background to figure out why these types of databases are created with a GUID.

The point is that if you have are planning to deploy SharePoint into a production environment  have a look at planning and installing SharePoint using the PSCONFIG command.

First point of reference before a production installation is:

Deployment for Microsoft Office SharePoint Server 2007 on TechNet.

For planning your Security accounts you should reference "Plan for administrative and service accounts" article on TechNet. SharePoint takes on the least privilege administration principal for the installs. Which means the installation accounts DO NOT have to be Domain administrators. For a list of least privilege administration requirements with domain user accounts, see the Office SharePoint Server security account requirements guide document on TechNet. 

For a SharePoint base install that will allow you to later provision web applications and site collections you will need the following accounts and databases. Assume that you do not have direct access to the DB server and that your databases are created by a system administrator. Unless you plan and request the databases to be created with the required permissions your installation may not end up being the best that it could. The installation assumes that you will be installing and deploying SharePoint using domain accounts.

Setup user account

This account is the account you will use to install and configure SharePoint on your web front end (assuming that your deployment is a server farm using a dedicated or shared SQL back end) For later reference I will call this account: "svcMOSSSetupAdmin"

The requirements for this account is:

That it is a Domain user account. NOT a Domain administrator.
Member of the Administrators group on each server on which Setup is run. Typically the server that you are running the SharePoint setup from. make sure you log in to the server using this account when running setup.

On the SQL server this accounts DOES NOT need administrative privileges. So if you are installing SharePoint on a database that has already being created you must ask that your system administrator or DBA should grant the following SQL Server security roles for this account.

  • securityadmin fixed server role
  • dbcreator fixed server role

Also this account must be "db_owner" of all three following databases. This is when you run STSADM command this is the account that will connect to the database where your sites are hosted.

This account is used for:

  • The SharePoint Products and Technologies Configuration Wizard
  • The PSCONFIG command-line tool
  • The STSADM command-line tool

Go to TechNet for complete references of PSCONFIG and STSADM.

Server farm account

The server farm account is used as the application pool ID for the Central Administration Web Application. This account is also used as the process account by the Windows SharePoint Services Timer service. This service acts as the heartbeat for the server farm and is responsible for running timer jobs that propagate configuration settings across your server farm. Typically when you create these accounts you set account password expiry to off. Unless you have a change management process to change this via Central Administration when your password expiration policies kick in. I will refer to this account as "svcMOSSFarmAdmin"

So the requirements for this account is that it's a Domain account. No Administration privileges required.

If the server farm is a child farm with Web applications that consume shared services from a main farm, this account must be a member of the "db_owner" database role on the configuration database of the main farm. Additional permissions are automatically granted for this account on Web servers and application servers that are joined to the server farm when you run the install process.
This account will be automatically added as a SQL Server login on the computer running SQL Server and added to the following SQL Server security roles:

  • dbcreator fixed server role
  • securityadmin fixed server role
  • db_owner fixed database role for all databases in the server farm

Now that you have sorted your accounts you'll need 3 databases to be created on your SQL server.

When you request the Databases to be created by a DBA (Assuming that you will not be creating the DB's on the SQL server yourself) make sure that you ask for the collation set to be specified as: Latin1_General_CI_AS_KS_WS

The collation settings can be read as: Case Insensitive (CI), Accent Sensitive (AS), Kana Sensitive (KS),
Width Sensitive (WS).

Once again TechNet has details of preparing your database servers. If your deployment environment has a managed SQL back end then you will need to read: Deploy using DBA-created databases (Office SharePoint Server).

Database Names. I typically use the following conventions so that I can give detailed names to the databases. [NAME] can be swapped with the actual deployment scenario. [ENVIRONMENT] refers to Dev, Stg or Prd.

  • MOSSConfiguration_[NAME]_[ENVIRONMENT]
    Contains all of the configuration information relating to the sever farm
  • MOSSCentralAdminContent_[NAME]_[ENVIRONMENT]
    Contains the content for the Central Administration site
  • MOSSSearch_[NAME]_[ENVIRONMENT]
    Contains search configuration information for the farm

Ex for a Web deployment: MOSSConfiguration_[NAME]_[ENVIORNMENT] should be MOSSConfiguration_Web_Dev
Ex for an Intranet deployment: MOSSConfiguration_[NAME]_[ENVIORNMENT] should be MOSSConfiguration_Intranet_Dev

So provided that you have planned your install and determined your deployment topology you can install and configure SharePoint as follows.

Login to the server (Web) where you will install and configure SharePoint using the "svcMOSSSetupAdmin" account. Run the SharePoint Setup.EXE file from the media.

Choose "Advanced" as the installation type. In the next screen make sure you choose "Complete". I want to point out here the main differences of the types of installs.

Complete – Installs all of the files necessary to run all services on the server (Most Recommended option).

Web Front End – This is used when you are absolutely sure that this server is only used to serve web pages. No roles can be assigned or services such as “Search” and “Excel Services” if this option is chosen (Choose only if this has been agreed as part of the deployment)

Stand-alone – Installs all components including SQL Server Express. This should ONLY be used for development servers and should not be used in a production scenario.

Also on this screen you can select the index and log locations of your search index files. The search index is located on the physical disk. So depending on the install type make sure that the location has enough disk space.

Once this is done click "Install Now". Once the install process is finished you need to make sure that you DO NOT run the "SharePoint Products and Technologies Configuration Wizard" so make sure that you uncheck the checkbox and exit the wizard.

No the next steps involve running the PSCONFIG utility to connect and configure the databases on your SQL server. Now you will have nice and easy to understand database names in your deployment.

Open a CMD prompt and set your path to:
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN (Known as the 12 hive bin directory)

Then run the following command:

Psconfig –cmd configdb –create –server [DB SERVER NAME] -database MOSSConfiguration_[NAME]_[ENVIRONMENT] –user [DOMAIN]\svcDevMOSSFarmDB –password [MOSSFarmDBPassword] -admincontentdatabase MOSSCentralAdminContent_[NAME]_[ENVIRONMENT]

Example:

Psconfig -cmd configdb -create -server WLGSQLSDEV1 -database MOSSConfiguration_Web_Dev -user lnzl_well\svcDevMOSSFarmDB -password p@ss5w0rd1 -admincontentdatabase MOSSCentralAdminContent_Web_Dev

The  command will setup the databases. Once the command finishes you need to run the “SharePoint Products and Technologies Configuration Wizard” via Program Files > Microsoft Office Server. This will finish the installation and configuration of your SharePoint install.

The wizard will show the options to "connect" or "disconnect" , select the option “Do not disconnect from this server farm” when prompted. The wizard will create the Central Administration web application.

Once the Central Administration web application has been setup you should be able to navigate to the main screens. Now you will need to start the Search function. Windows SharePoint Services Search function needs a DB for storing configuration information this is the "Search" database you created earlier. To connect and configure Search run the following command.

stsadm -o spsearch -action start -farmserviceaccount [DOMAIN]\ svcDevMOSSFarmDB -farmservicepassword [PASSWORD] -farmcontentaccessaccount [Domain]\ svcDevMOSSSearchServ -farmcontentaccesspassword [MOSSSearchServicePassword] -databaseserver [DB SERVER NAME] -databasename MOSSSearch_[NAME]_[ENVIRONMENT]

Now your databases have proper names!

before you can finish the install you will need to start the SharePoint Server Search Index and Query service needs to be started.  To start this service run the following command: (This is the Microsoft Office SharePoint Server Search Index Service)

stsadm -o osearch -action start -role IndexQuery -farmcontactemail [FARM CONTACT EMAIL] -farmserviceaccount [DOMAIN]\ svcDevMOSSFarmDB -farmservicepassword [PASSWORD]

Once this service is started your installation should be ready to apply your governance and maintenance policies. Joel has lots about Governance here: Joel Oleson's SharePoint Land (Governance)

I did a post previously on SQL Server and SharePoint which also has some information that is related to this post.

Hope this is helpful for a better installation when you next install SharePoint!

Posted by Chandima Kulathilake | 5 Comments | Bookmark with:        
Tags: Administration, Deployment, Development, SharePoint 2007

Comments and Feedback
Tuesday, 2 Oct 2007 09:15 by Alpesh Nakar
Awesome! I have been testing deploying MOSS in a completely scripted instance, from sql to moss. Sometime soon, i will be completing the series on installation on my blog. Your post will validate what i have done so far :-)
Wednesday, 3 Oct 2007 10:38 by Alex Dresko
You didn't mention anything about the svcDevMOSSSearchServ account in your post.. Now I'm stuck trying to figure out how to start spsearch!
Sunday, 7 Oct 2007 05:33 by Chandima
Hi Alex, The "svcDevMOSSSearchServ" account is the Search access account. If you refer to the TechNet guide here it's all detailed. http://go.microsoft.com/fwlink/?LinkID=92883&clcid=0x409 Regards
Friday, 16 Nov 2007 01:41 by Adam
Hi Chandima, Great post. Thanks a lot. Two things I'd like to ask you: - You wrote: "Windows SharePoint Services Search function needs a DB for storing configuration information this is the "Search" database you created earlier." When did you create the Search DB? Until this point I've got the db's: MOSSCentralAdminContent and MOSSConfiguration - second question is regarding the user accounts. It came to my mind that according to SOX policies it is not possible to use any generic user accounts Best regards, Adam
Wednesday, 21 Nov 2007 06:10 by Chandima Kulathilake
Hi Adam The three DB's for a base install is listed in the post as: MOSSConfiguration_[NAME]_[ENVIRONMENT] Contains all of the configuration information relating to the sever farm MOSSCentralAdminContent_[NAME]_[ENVIRONMENT] Contains the content for the Central Administration site MOSSSearch_[NAME]_[ENVIRONMENT] Contains search configuration information for the farm The third database is the "Search" DB. The accounts mentioned here are all "domain" accounts. Sorry as I am based in NZ I am not sure what the SOX policy guidelines require.
Your Name: (Required)
Website URL:
Your Email:
(Will not be displayed)
Feedback and Comments: (Required)
Are you a person? Please enter the charachters in the box below.
 
View the privacy policy.

 
Tags
 
Affiliations
Microsoft MVP (Microsoft Office SharePoint Server)

MCTS - WSS/MOSS Configuration

CKS - Team Member Add to Technorati Favorites

View Chandima Kulathilake's profile on LinkedIn



Kindly hosted by:
Kindly hosted by Intergen





Chandima Kulathilake's Facebook profile