MOSS MVP

I've moved my blog to http://blog.falchionconsulting.com!. Please update your links. This blog is no longer in use--you can find all posts and comments at my new blog; I will no longer be posting to this site and comments have been disabled.

Saturday, March 8, 2008

Sample Install Script

I've mentioned a few times on my blog that I was going to post a sample install script which can be used to set up and configure a basic MOSS install (will also work with WSS but you'll need to pull a lot out) and now I've finally got around to actually doing it. I've created a zip file which contains two files that you can download. The first file, variables.bat, simply contains the core configuration settings that you'll want to change as you build each of your environments. The second file, install.bat, is the main install file which calls the psconfig tool and numerous stsadm commands (there's also a snapshot (WSP) of my custom extensions which the install.bat file will install immediately after psconfig does what it needs to do). You can use whatever accounts you want but I tend to follow a least priveledges model. The following list details the specific accounts typically needed as well as the actual configurations that must be manually made for each account (if applicable). Note that the sample script and the information below assumes that you are using Kerberos.

  1. SqlSvrSvc: SQL Server Service Account
    1. Machine SQL Server is running on must be trusted for delegation for Kerberos
    2. Needs an SPN for “MSSQLSvc/%DBSERVER%” (host and FQDN)
  2. SpAdmin: SharePoint Administrator
    1. Member of the local admin group on each server in which setup is run
    2. SQL Server logon requiring the following roles
      1. securityadmin
      2. dbcreator
      3. db_owner for each database that stsadm may need to interact with
      4. Should NOT be a member of the local admin group on the SQL Server servers
  3. SpFarm: SharePoint Server Farm Account
    1. Must be trusted for delegation for Kerberos
    2. Needs an SPN for “HTTP/%WEBSERVER%” (host and FQDN)
    3. Must be added to WSS_WPG group on WFE
  4. SspAppPool: SharePoint SSP Application Pool Account
    1. Must be trusted for delegation for Kerberos
    2. Needs an SPN for “HTTP/sspadmin” (host and FQDN)
    3. Must be added to WSS_WPG group on WFE
  5. SspSvc: SharePoint SSP Service Account
  6. SspSearch: SharePoint Server Search Service Account
  7. SspContent: SharePoint Default Content Access Account
  8. SspUserProfileSvc: SharePoint SSP Profile Import Default Access Account
    1. Must have read access to the directory service (AD)
    2. If “Enable Server Side Incremental” is selected for an Active Directory connection and the environment is Windows 2000 Server, the account must have the Replicate Changes permission in Active Directory (this permission is not required for Windows Server 2003 AD environments)
    3. Must be given the “Manage User Profiles” personalization services permission (this is a done within SharePoint)
    4. Must be given “View” permissions on entities used in BDC import connections (this is done within SharePoint)
  9. SspExcelSvc: SharePoint Excel Services Unattended Service Account
  10. SpHelpSearch: SharePoint Services Help Search Service Account
  11. SpContentSearch: SharePoint Services Search Content Access Account
  12. SpPortalAppPool: SharePoint Portal Application Pool Identity
    1. Must be trusted for delegation for Kerberos
    2. Needs an SPN for “HTTP/portal” (host and FQDN)
    3. Must be added to WSS_WPG group on WFE
  13. SpMySitesAppPool: SharePoint MySites Application Pool Identity
    1. Must be trusted for delegation for Kerberos
    2. Needs an SPN for “HTTP/mysites” (host and FQDN)
    3. Must be added to WSS_WPG group on WFE
  14. SpAdminitrators: SharePoint Administrators Security Group
    1. The spadmin account would be in this group along with any users who need full admin rights
The first thing you'll want to do if you download the sample script is to modify the variables.bat file, shown below:
rem SET PATH=C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN;%PATH%

rem ******* SERVERS *********
SET DOMAIN=spdev
SET SERVER_MAIL="sharepoint1.spdev.com"
SET SERVER_INDEX=sharepoint1
SET SERVER_DB=spsql1

rem ******* DATABASES ********
SET DB_CONFIG_NAME="SharePoint_ConfigDB"
SET DB_CENTRALADMINCONTENT_NAME="SharePoint_CentralAdminContent"
SET DB_SEARCHHELP_NAME="SharePoint_Search_HelpData"
SET DB_SSPCONFIG_NAME="SharePoint_SSP_ConfigDB"
SET DB_MYSITES_NAME="SharePoint_MySites"
SET DB_SSPCONTENT_NAME="SharePoint_SSP_Content"
SET DB_SEARCHCONTENT_NAME="SharePoint_SSP_SearchContent1"
SET DB_PORTALCONTENT_NAME="SharePoint_PortalContent1"
SET DB_TEAMSCONTENT_NAME="SharePoint_TeamsContent1"

rem ******* FILE PATHS ********
SET PATH_HELPSEARCH_INDEXES="e:\MOSS\Indexes\HelpData"
SET PATH_SSP_INDEXES="e:\MOSS\Indexes\Office Server\Applications"
SET PATH_SSPVDIR="e:\MOSS\Webs\SSPAdmin"
SET PATH_MYSITESVDIR="e:\MOSS\Webs\MySites"
SET PATH_USAGELOGS="e:\MOSS\Usage"
SET PATH_PORTALVDIR="e:\MOSS\Webs\Portal"
SET PATH_TEAMSVDIR="e:\MOSS\Webs\Teams"
SET PATH_LOGS="e:\MOSS\Logs"

rem ******* ACCOUNTS ********
SET ACCT_SPFARM="%DOMAIN%\spfarm"
SET ACCT_SPFARM_PWD="pa$$w0rd"

SET ACCT_SPADMIN="%DOMAIN%\spadmin"
SET ACCT_SPADMIN_EMAIL="no-reply@spdev.com"
SET ACCT_SPADMIN_NAME="SharePoint Administrator"
SET ACCT_SPADMIN_GROUPNAME="%DOMAIN%\spadministrators"

rem *** SharePoint Server Search Service Account 
SET ACCT_SSPSEARCH="%DOMAIN%\sspsearch"
SET ACCT_SSPSEARCH_PWD="pa$$w0rd"

rem *** SharePoint Services Help Search Service Account 
SET ACCT_SEARCH_HELP="%DOMAIN%\sphelpsearch"
SET ACCT_SEARCH_HELP_PWD="pa$$w0rd"

rem *** content access account for windows sharepoint services help search
set ACCT_CONTENT_HELP="%DOMAIN%\spcontentsearch"
set ACCT_CONTENT_HELP_PWD="pa$$w0rd"

rem *** Default content access account for office search
SET ACCT_SSPCONTENT="%DOMAIN%\sspcontent"
SET ACCT_SSPCONTENT_PWD="pa$$w0rd"

rem *** SharePoint SSP Application Pool Account
SET ACCT_SSPAPPPOOL="%DOMAIN%\sspapppool"
SET ACCT_SSPAPPPOOL_PWD="pa$$w0rd"

rem *** My sites application pool account
SET ACCT_MYSITESAPPPOOL="%DOMAIN%\spmysitesapppool"
SET ACCT_MYSITESAPPPOOL_PWD="pa$$w0rd"
SET ACCT_MYSITESUSERS_GROUP="%DOMAIN%\SPMySiteUsers"

rem *** SharePoint SSP Service Account
SET ACCT_SSPSVC="%DOMAIN%\sspsvc"
SET ACCT_SSPSVC_PWD="pa$$w0rd"

rem *** User profile import account
SET ACCT_SSPUSERPROFILESVC="%DOMAIN%\sspuserprofilesvc"
SET ACCT_SSPUSERPROFILESVC_PWD="pa$$w0rd"

rem *** Portal application pool account
SET ACCT_SPPORTALAPPPOOL="%DOMAIN%\spportalapppool"
SET ACCT_SPPORTALAPPPOOL_PWD="pa$$w0rd"

rem *** Teams sites application pool account
SET ACCT_SPTEAMSAPPPOOL="%DOMAIN%\spteamsapppool"
SET ACCT_SPTEAMSAPPPOOL_PWD="pa$$w0rd"

rem *** Excel Services unattended access account
set ACCT_EXCEL_USER="%DOMAIN%\sspexcelsvc"
set ACCT_EXCEL_PWD="pa$$w0rd"

SET ACCT_PORTAL_SECONDARYSITEOWNER="%DOMAIN%\siteowner1"
SET ACCT_PORTAL_SECONDARYSITEOWNER_EMAIL="siteowner1@spdev.com"
SET ACCT_PORTAL_SECONDARYSITEOWNER_NAME="Site Owner1"


SET ACCT_TEAMS_SECONDARYSITEOWNER="%DOMAIN%\siteowner1"
SET ACCT_TEAMS_SECONDARYSITEOWNER_EMAIL="siteowner1@spdev.com"
SET ACCT_TEAMS_SECONDARYSITEOWNER_NAME="Site Owner1"


rem ******** WEB APPLICATIONS **********
SET CENTRALADMIN_PORT=1234

SET WEB_SSP_URL="http://sspadmin/"
SET WEB_SSP_IISDESC="SharePoint Shared Services Admin (80)"
SET WEB_SSP_APPIDNAME="SharePoint_SSP_AppPool"
SET WEB_SSP_NAME="SSP1"

SET WEB_MYSITES_URL="http://mysites/"
SET WEB_MYSITES_IISDESC="SharePoint My Sites (80)"
SET WEB_MYSITES_APPIDNAME="SharePoint_MySites_AppPool"

SET WEB_PORTAL_URL=http://portal/
SET WEB_PORTAL_SITEDIR_URL="%WEB_PORTAL_URL%SiteDirectory"
SET WEB_PORTAL_NAME="Portal"
SET WEB_PORTAL_DESC=""
SET WEB_PORTAL_IISDESC="SharePoint Portal (80)"
SET WEB_PORTAL_APPIDNAME="SharePoint_Portal_AppPool"

SET WEB_TEAMS_URL=http://teams/
SET WEB_TEAMS_SITEDIR_URL="%WEB_PORTAL_URL%SiteDirectory"
SET WEB_TEAMS_NAME="Teams"
SET WEB_TEAMS_DESC=""
SET WEB_TEAMS_IISDESC="SharePoint Teams (80)"
SET WEB_TEAMS_APPIDNAME="SharePoint_Collaboration_AppPool"

The variables.bat file details all the servers, accounts, web addresses and names, database names, etc. For the sample I'm assuming a single server (named "SharePoint1") which is acting as the database server, WFE and index/query server (typical of a single user development environment). Examine each line carefully and make sure that you set the variables to meet your needs. For this sample I'm assuming that four web applications will be created: Central Admin, Shared Services Provider Admin, My Sites, and a single Portal. The "Portal" web application is the one that will be almost definitely changed by everyone - if you need to add more web applications just follow the pattern for the "Portal" web application. The install.bat file executes all the commands necessary to build out the MOSS configuration. The install.bat file can be seen below:

echo off

echo %DATE% %TIME%: Starting script

call variables.bat

goto startpoint
:startpoint
rem *** NOTE: The order of the following psconfig statements is critical - do not re-order.
ECHO %DATE% %TIME%:  Building configuration database
psconfig -cmd configdb -create -server %SERVER_DB% -database %DB_CONFIG_NAME% -user %ACCT_SPFARM% -password %ACCT_SPFARM_PWD% -admincontentdatabase %DB_CENTRALADMINCONTENT_NAME% 
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Installing help content
psconfig -cmd helpcollections -installall 
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Securing resources
psconfig -cmd secureresources 
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Installing services
psconfig -cmd services -install 
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Installing features
psconfig -cmd installfeatures 
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Creating central admin site
psconfig -cmd adminvs -provision -port %CENTRALADMIN_PORT% -windowsauthprovider enablekerberos 
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Adding application content to central admin site
psconfig -cmd applicationcontent -install
if not errorlevel 0 goto errhnd

pause

ECHO %DATE% %TIME%: Installing custom stsadm extensions
stsadm -o addsolution -filename "Lapointe.SharePoint.STSADM.Commands.wsp"
stsadm -o deploysolution -local -allowgacdeployment -name "Lapointe.SharePoint.STSADM.Commands.wsp"
stsadm -o execadmsvcjobs

REM ====================================
REM ======= BEGIN SERVICES CONFIG ======
REM ====================================

echo %DATE% %TIME%: BEGINNING SERVICES CONFIGURATIONS...
echo

ECHO %DATE% %TIME%: Enabling sharepoint services help search service
stsadm -o spsearch -action start -farmserviceaccount %ACCT_SEARCH_HELP% -farmservicepassword %ACCT_SEARCH_HELP_PWD% -farmperformancelevel maximum -farmcontentaccessaccount %ACCT_CONTENT_HELP% -farmcontentaccesspassword %ACCT_CONTENT_HELP_PWD% -indexlocation %PATH_HELPSEARCH_INDEXES% -databaseserver %SERVER_DB% -databasename %DB_SEARCHHELP_NAME%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Enabling the office sharepoint search service
stsadm -o osearch -action start -role Index -farmcontactemail %ACCT_SPADMIN_EMAIL% -farmperformancelevel maximum -farmserviceaccount %ACCT_SSPSEARCH% -farmservicepassword %ACCT_SSPSEARCH_PWD% -defaultindexlocation %PATH_SSP_INDEXES%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Starting excel calculation services
stsadm -o provisionservice -action start -servicetype "Microsoft.Office.Excel.Server.ExcelServerSharedWebService, Microsoft.Office.Excel.Server, Version = 12.0.0.0, Culture = neutral, PublicKeyToken = 71e9bce111e9429c"
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Starting Document Conversions Load Balancer Service
stsadm -o provisionservice -action start -servicetype "Microsoft.Office.Server.Conversions.LoadBalancerService, Microsoft.Office.Server.Conversions, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" -servicename DCLoadBalancer
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Starting Document Conversions Launcher Service 
stsadm -o provisionservice -action start -servicetype "Microsoft.Office.Server.Conversions.LauncherService, Microsoft.Office.Server.Conversions, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" -servicename DCLauncher
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Resetting IIS
iisreset /noforce
if not errorlevel 0 goto errhnd


ECHO %DATE% %TIME%: Adding %ACCT_SPADMIN% to Farm Administrators group
stsadm -o adduser -url "http://localhost:%CENTRALADMIN_PORT%" -userlogin %ACCT_SPADMIN% -group "Farm Administrators" -username %ACCT_SPADMIN_NAME% -useremail %ACCT_SPADMIN_EMAIL%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Adding %ACCT_SPADMIN_GROUPNAME% to Farm Administrators group
stsadm -o gl-adduser2 -url "http://localhost:%CENTRALADMIN_PORT%" -userlogin %ACCT_SPADMIN_GROUPNAME% -group "Farm Administrators" -username %ACCT_SPADMIN_NAME%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Setting outbound email settings
stsadm -o email -outsmtpserver %SERVER_MAIL% -fromaddress %ACCT_SPADMIN_EMAIL% -replytoaddress %ACCT_SPADMIN_EMAIL% -codepage 65001
if not errorlevel 0 goto errhnd


echo
echo %DATE% %TIME%: FINISHED SERVICES CONFIGURATIONS
echo TODO: Set Load Balancer Server and Port
pause

REM ====================================
REM ======= END SERVICES CONFIG ========
REM ====================================

echo
echo


REM ====================================
REM ========= BEGIN SSP ================
REM ====================================
echo %DATE% %TIME%: BEGINNING SSP SETTINGS
echo

ECHO %DATE% %TIME%: Creating the My Sites web application
stsadm -o gl-createwebapp -url %WEB_MYSITES_URL% -directory %PATH_MYSITESVDIR% -sethostheader -ownerlogin %ACCT_SPADMIN% -owneremail %ACCT_SPADMIN_EMAIL% -description %WEB_MYSITES_IISDESC% -apidname %WEB_MYSITES_APPIDNAME% -apidtype configurableid -apidlogin %ACCT_MYSITESAPPPOOL% -apidpwd %ACCT_MYSITESAPPPOOL_PWD% -databasename %DB_MYSITES_NAME% -donotcreatesite -timezone 12
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Creating SSP Admin site.
stsadm -o gl-createwebapp -url %WEB_SSP_URL% -directory %PATH_SSPVDIR% -sethostheader -ownerlogin %ACCT_SPADMIN% -owneremail %ACCT_SPADMIN_EMAIL% -description %WEB_SSP_IISDESC% -apidname %WEB_SSP_APPIDNAME% -apidtype configurableid -apidlogin %ACCT_SSPAPPPOOL% -apidpwd %ACCT_SSPAPPPOOL_PWD% -databasename %DB_SSPCONFIG_NAME% -donotcreatesite -timezone 12
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Creating the Shared Service Provider
stsadm -o createssp -title %WEB_SSP_NAME% -url %WEB_SSP_URL% -mysiteurl %WEB_MYSITES_URL% -ssplogin %ACCT_SSPSVC% -indexserver %SERVER_INDEX% -indexlocation %PATH_SSP_INDEXES% -ssppassword %ACCT_SSPSVC_PWD% -sspdatabaseserver %SERVER_DB% -sspdatabasename %DB_SSPCONTENT_NAME% -searchdatabaseserver %SERVER_DB% -searchdatabasename %DB_SEARCHCONTENT_NAME% -ssl no
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Resetting IIS
iisreset /noforce
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Setting the new SSP as the default SSP
stsadm -o setdefaultssp -title %WEB_SSP_NAME%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Giving %ACCT_SPADMIN_GROUPNAME% all permissions to SSP
stsadm -o gl-setsspacl -sspname %WEB_SSP_NAME% -rights All -user %ACCT_SPADMIN_GROUPNAME%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Giving %ACCT_SSPUSERPROFILESVC% profile management permissions
stsadm -o gl-setsspacl -sspname %WEB_SSP_NAME% -rights ManageUserProfiles -user %ACCT_SSPUSERPROFILESVC%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Giving %ACCT_SSPSEARCH% profile management permissions
stsadm -o gl-setsspacl -sspname %WEB_SSP_NAME% -rights ManageUserProfiles -user %ACCT_SSPSEARCH%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Setting usage analysis settings
mkdir %PATH_USAGELOGS%
stsadm -o gl-setusageanalysis -enablelogging true -enableusageprocessing true -logfilelocation %PATH_USAGELOGS% -numberoflogfiles 30 -processingstarttime "10:00PM" -processingendtime "1:00AM" -sspname %WEB_SSP_NAME% -enableadvancedprocessing true -enablequerylogging true
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Enabling kerberos on the SSP
stsadm -o setsharedwebserviceauthn -negotiate
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Setting delegation for excel services (to enable Kerberos)
stsadm -o set-ecssecurity -ssp %WEB_SSP_NAME% -accessmodel delegation 
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Updating excel services unattended service account
stsadm -o set-ecsexternaldata -ssp %SSP% -unattendedserviceaccountname %ACCT_EXCEL_USER% -unattendedserviceaccountpassword %ACCT_EXCEL_PWD%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Updating default content access account
stsadm -o gl-updatedefaultcontentaccessaccount -username %ACCT_SSPCONTENT% -password %ACCT_SSPCONTENT_PWD%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Setting user profile default access account
stsadm -o gl-setuserprofiledefaultaccessaccount -username %ACCT_SSPUSERPROFILESVC% -password %ACCT_SSPUSERPROFILESVC_PWD% -sspname %WEB_SSP_NAME%
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Running pending jobs
stsadm -o execadmsvcjobs
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Setting user profile full import schedule
stsadm -o gl-setuserprofileimportschedule -sspname %WEB_SSP_NAME% -type full -occurrence weekly -hour 3 -dayofweek Saturday -enabled true -runjob
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Setting user profile incremental import schedule
stsadm -o gl-setuserprofileimportschedule -sspname %WEB_SSP_NAME% -type incremental -occurrence daily -hour 22 -enabled true
if not errorlevel 0 goto errhnd

ECHO %DATE% %TIME%: Executing pending timer jobs
stsadm.exe -o execadmsvcjobs 
if not errorlevel 0 goto errhnd

echo
echo %DATE% %TIME%: FINISHED SSP SETTINGS

REM ====================================
REM =========== END SSP ================
REM ====================================

echo
echo

REM ====================================
REM =========== BEGIN PORTAL =============
REM ====================================
:portal
echo %DATE% %TIME%: BEGINNING PORTAL CORE SETTINGS
echo
call portal.bat
echo
echo %DATE% %TIME%: FINISHED PORTAL CORE SETTINGS
pause

REM ====================================
REM ============ END PORTAL ==============
REM ====================================



echo
echo


REM ====================================
REM =========== BEGIN TEAMS =============
REM ====================================
:teams
echo %DATE% %TIME%: BEGINNING TEAMS CORE SETTINGS
echo
call teams.bat
echo
echo %DATE% %TIME%: FINISHED TEAMS CORE SETTINGS
pause
goto end
REM ====================================
REM ============ END TEAMS ==============
REM ====================================


echo
echo

REM ====================================
REM ======= BEGIN MY SITES =============
REM ====================================
:mysites
echo %DATE% %TIME%: BEGINNING MY SITES SETTINGS
echo
call mysites.bat
echo
echo %DATE% %TIME%: FINISHED MY SITES SETTINGS
pause
REM ====================================
REM ========= END MY SITES =============
REM ====================================

echo
echo

ECHO ******************* Run Connect.bat on each WFE **************************
pause

ECHO %DATE% %TIME%: Setting log file path
mkdir %PATH_LOGS%
stsadm -o gl-tracelog -logdirectory %PATH_LOGS%
if not errorlevel 0 goto errhnd

echo
echo

ECHO %DATE% %TIME%: TODO 1 - Configure searching (http://sspadmin/ssp/admin/_layouts/listcontentsources.aspx)

goto end

:errhnd

echo An error occured - terminating script.

:end
If you look at the file you'll see that the first thing it does is "goto startpoint" and that "startpoint" marker is right below the goto statement. I put that there so that if the file should fail for any reason I can simply move the startpoint marker to the next command I want to have run and then re-execute the script (I often find that the "setuserprofiledefaultaccessaccount" command will fail on the first run if I haven't loaded the SSP in the browser before it runs - moving the startpoint to right before this command I can re-run the batch file and it will continue right on). The next thing the script does is call psconfig. There's tons of help/guidance on how to script psconfig so I won't bother hear - just make sure you review the settings and make any necessary changes to suit your environment. Once psconfig completes you now have a farm created with a working Central Admin site. The script then goes on to enable services and build out the SSP, MySites, and Portal web applications making various configurations to each. Again, there's lots of resources on how to use the various commands that this sample script uses (including my own blog) so I won't go through all the steps that it does. Just make sure that you review every line of this script and make sure you understand what it is doing (this is meant to get you started and various assumptions are made with the configuration so that I can demonstrate what can be done so make sure you look at every settings and adjust/remove as needed). One final note - I've never been a fan of batch files or command line "programming" (despite the subject of this blog) and I am certainly no expert at creating batch files - there's probably considerably better ways to do some of what I've done in my samples. If you have any suggestions as to how this can be done better I'm all ears :)

34 comments:

Anonymous said...

Gary

This code is awesome. It will definitely make my job easier as I can have the user modify the variables file and then kick off the install.bat. The only other thing I might do is create a gui for the variables to be entered. If I do I will send the files to you for you to add if you want.

-Robert

K&M Reports said...

Awesome stuff Gary thanks!

Any chance you have restore extenstion in the works that will take all of the parameters on the -directory "new" option.

Gary Lapointe said...

I'm not sure I'm following what you are looking for...

K&M Reports said...

Sorry for the ambigous question:
What I meant was:
If running a RESTORE operation via STSADM.....There are prompts during the operation; I have tried to suppress the prompting by using the process class and pass the args with no luck.

Here is the command I am using.

Just wondering the best way to get this to run and be able to pass parameters so there is no prompting.


stsadm -o restore -directory \\hostname\temp -restoremethod new -newdatabaseserver 191.111.111.111

Thanks,
Dennis White

Gary Lapointe said...

I see - I haven't tried this but have you tried using the "<" operator?

stsadm -o restore -directory \\hostname\temp -restoremethod new -newdatabaseserver 191.111.111.111 < y

K&M Reports said...

Thanks for the response.

It seems to hang when I use the "<" operator.

I suspect it would accept all of the defaults but I am looking to change url and database server.

For whatever reason even when you specify "new database server" from the RESTORE operation, it prompts for the DB server during the operation.

I am using many of your extensions thanks for sharing..It's greatly appreciated.

Thanks,
Dennis

Simon Phillips said...

Gary

Really gj!!

Just going through the script, found that when your setting the scheduled jobs for the profile import in the script you using -occurance parameter where as in the updated wsp you've changed this to -occurrence

Gary Lapointe said...

Thanks for pointing that out - I need to start using a spell checker :) I'll try to get the script updated this week some time.

Dimitris said...

Hi Gary,

very nice article.

I want to run the script with a domain account Domain\MossSetupAccount. So, i add the account to the local Administrators group of the MOSS server, create a new sql login with the appropriate server roles (db_owner and security_admin).

Whenever i run the psconfig command line tool loged in as the Domain\MossSetupAccount, i get the message that i don't have the appropriate permissions to run the Moss Configuration and that i need Administrator priveleges. However, no such problem exists when i login as the buit-in Domain\Administrator.

Any ideas?

thanks a lot,
Dimitris

Gary Lapointe said...

Dimitris - did you give your setup account db_creator rights on the SQL box?

Remko said...

Great script and instructions. However after setting up the accounts, I have SpFarm and SPAdmin account with the same SPN. This gives KDC 11 errors in eventlog.
I probely misunderstood something, can someone tell me where??

Thanks
Remko

Gary Lapointe said...

Remko - you need to remove the SPN for the SpAdmin account - I just noticed that i had a typo stating that you needed this but that's not the case as you can't have multiple SPNs for the same service using different accounts.

Remko said...

Today I removed the SPN from the SpAdmin Account. However after that nobody is able to access the sharepoint site anymore!?
When I restore the SPN to SpAdmin the sharepoint is accessible as it used to be.
Can you explain why the site is not accessible when I remove the SPN for SpAdmin?

Thanks for your help

Gary Lapointe said...

Remko - most likely your spadmin account is being used as an app pool account. If that's the case then you need that SPN or you need to change accounts. I always recommend that your spadmin account is used only for setups and installs and that you use the spfarm account as your central admin app pool account and timer service account and then use another account for your other web application app pool accounts.

jrabbit said...

Do you know if its possible to set the Default Content Access Account for the office search service from stsadm, using one of your extensions or otherwise?

This is the setting on the "Search Settings" page of an SSP in central admin.

Gary Lapointe said...

I haven't created a command to set that yet - not sure if anyone else has (haven't looked). I've plans to create one eventually, just hasn't come up yet.

jrabbit said...

I did some decompiling, and the business end of the code for future reference, if you do ever implement this as a command, is:

using Microsoft.Office.Server;
using Microsoft.Office.Server.Search;
using Microsoft.Office.Server.Search.Administration;

Content content = new Content(SearchContext.GetContext(ServerContext.GetContext(sspname)));
content.SetDefaultGatheringAccount(user, CreateSecureString(password));

Anonymous said...

Gary
Great job with the extensions but
the following command does not seem to work when I try to use non default ports

stsadm -o gl-createwebapp -url %WEB_SSP_URL%:8089 -directory %PATH_SSPVDIR% -sethostheader -ownerlogin %ACCT_SPADMIN% -owneremail %ACCT_SPADMIN_EMAIL% -description %WEB_SSP_IISDESC% -apidname %WEB_SSP_APPIDNAME% -apidtype configurableid -apidlogin %ACCT_SSPAPPPOOL% -apidpwd %ACCT_SSPAPPPOOL_PWD% -databasename %DB_SSPCONFIG_NAME% -donotcreatesite -timezone 12

Im trying to create a SSP on port 8088 but when using your command it ends up as port 80.
Everything goes fine while executing the command but it is created as port 80 in IIS.
Is it possible to fix this?

Gary Lapointe said...

Are you using the -port parameter?

wolfgang said...

Are you creating all the accounts manually or do you have any script? Aslo do you have a swcript for SPN?
wolf

Gary Lapointe said...

It depends on the environment but for my own stuff I use a script to create the accounts and I almost always use a script for the SPNs (at client sites I usually hand that script off to an IT admin with domain admin rights).

Christoph said...

Great post, thanks. Just tried creating an install script, but failed using stsadm -o createssp. It seems Microsoft changed behaviour and possible settings with Service Pack 2:

Before:


stsadm -o createssp
-title #SSP name#
-url #Web application url#
-mysiteurl #MySite Web application url#
-ssplogin #username#
-indexserver #index server#
-indexlocation #index file path#
[-ssppassword #password#]
[-sspdatabaseserver #SSP database server#]
[-sspdatabasename #SSP database name#]
[-sspsqlauthlogin #SQL username#]
[-sspsqlauthpassword #SQL password#]
[-searchdatabaseserver #search database server#]
[-searchdatabasename #search database name#]
[-searchsqlauthlogin #SQL username#]
[-searchsqlauthpassword #SQL password#]
[-ssl #yes|no#]



After:

stsadm -o createssp
-title #SSP name#
-url #Web application url#
-ssplogin #username#
[-ssppassword #password#]
[-sspdatabaseserver #SSP database server#]
[-sspdatabasename #SSP database name#]
[-sspsqlauthlogin #SQL username#]
[-sspsqlauthpassword #SQL password#]
[-ssl #yes|no#]


I think thats a big problem for a lot people running installs by scripts.

Christoph

Gary Lapointe said...

That's strange because I have SP2 and I'm not seeing those differences. Are you running a post SP2 CU?

JBrink said...

Gary, love the script. How would I go about installing SSP Admin and Mysites like the GUI does by default? The script seems to install them, but they are inaccessable.

Gary Lapointe said...

Are you using kerberos? The script defaults to kerberos so you'll need to make sure you have all the requirements configured - if not then change the script parameters to use ntlm.

Warren Roscoe said...

Hi Gary, Great scripts ... i'm almost finished using them to set up my 64-bit env ready for SP2010 ... One question though ... In Portal.bat the line:

stsadm -o gl-setsitegeneralsettings -url %WEB_PORTAL_URL%sitedirectory -title "Site Directory"

throws an error. I think it should read:

stsadm -o gl-setsitegeneralsettings -url %WEB_PORTAL_URL% -title "Site Directory"

Paste error possibly ???
cheers
Warren

Gary Lapointe said...

No, it's correct as is - just depends on whether you have a site directory or not (if you're not using a template that has one or you're not creating one in the script then this line will error).

stuartwhiteford said...

Hi Gary,

Excellent script! Just though I'd point out a couple of issues that arose with me in case anyone else finds them useful.

All the service accounts were newly created and the script failed on the first task (creating the config db). Once I had logged in to the WFE server with that account, the script ran fine, until the Profile Import line (which you mentioned occasionally fails). At that point I opened the SSP Admin site in the browser and reseumed the script. After that it ran through to then end.

One thing that's bothering me is the "Server Farm Configuration Not Complete" message that still appears in Central Admin. I've had this problem with other scripted installs in the past and never found a way to get rid of it.

Anyone got any ideas?

Stuart.

Gary Lapointe said...

Not sure why you had to log on with the account - I've never had to do that before. As for the farm config not complete - make sure you have excel services started and both an index and query role for search.

stuartwhiteford said...

Thanks Gary, managed to get rid of the message.

Central Administration > Application Management > Search Service, the Query and Index Servers section reported that it was not running on any server on the farm. I clicked the "Office SharePoint Server Search Indexing and Query" link, entered the password, saved and the message went away.

Any reason why this didn't get set up as part of the script?

Thanks,
Stuart.

Voicu Seiche said...

Hi,

I've tried to run this configuration script, but for the command that configures the admin database there is one parameter missing (for SharePoint 2010). This parameter is "-passphrase ####".

Otherwise is a very nice script.

Regards,
Voicu Seiche

Gary Lapointe said...

Don't use this for SP2010 - use the powershell script that I provide.

pramod said...

Hi Gary,

Thanks for the scripts, But do you have powershell scripts to install on multiple server farm and define roles and server names in seperate CSV or XML file? any help would be much appreciated.

Thanks
Pramod

Gary Lapointe said...

Pramod - I don't have anything like what you are looking for that will work with 2007, only 2010.