Logo
programming4us
programming4us
programming4us
programming4us
 Home
programming4us
 XP
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Windows Phone
 
Windows Server

Sharepoint 2013 : Service Application Administration (part 4) - Setting Up the Farm Trust, Publishing a Service Application

6/4/2014 1:33:49 AM

Setting Up the Farm Trust

Follow these steps to set up the farm trust:

1. On the publishing server, create a folder at c:\PubCerts.
2. From the publishing server, open the SharePoint 2013 Management Shell. To get the certificate, type the following line and press Enter: 
$rootCert = (Get-SPCertificateAuthority).RootCertificate
3. To export the certificate, type the following line and press Enter: 
$rootCert.Export("Cert") | Set-Content C:\PubCerts\PublishingRoot.cer
-Encoding byte
4. Copy the c:\PubCerts folder from the publishing server to the consuming server.
5. On the consuming server, create a folder at c:\ConsumerCerts.
6. From the publishing server, open the SharePoint 2013 Management Shell.
7. To get the certificate, type the following line and press Enter: 
$rootCert = (Get-SPCertificateAuthority).RootCertificate
8. To export the certificate, type the following line and press Enter: 
$rootCert.Export("Cert") | Set-Content C:\ConsumerCerts\ConsumingRoot.cer
-Encoding byte
9. To get the STS certificate, type the following line and press Enter: 
$stsCert =
(Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
10. To export the STS certificate, type the following line and press Enter: 
$stsCert.Export("Cert") | Set-Content "C:\ConsumerCerts\ConsumingSTS.cer"
 -Encoding byte
11. Copy the c:\ConsumerCerts folder to the publishing server.
12. Still on the consuming server, to load the publishing server’s certificate, type the following line and press Enter: 
$trustCert = Get-PfxCertificate "C:\PubCerts\PublishingRoot.cer"
13. To set up the trust using the certificate, type the following line and press Enter: 
New-SPTrustedRootAuthority PublishingFarm -Certificate $trustCert
14. Return to the Management Shell on the publishing server.
15. To load the consuming server’s certificate, type the following line and press Enter: 
$trustCert = Get-PfxCertificate "c:\ConsumerCerts\ConsumingRoot.cer"
16. To set up the trust using the certificate, type the following line and press Enter: 
New-SPTrustedRootAuthority Collaboration -Certificate $trustCert
NOTE If you have multiple farms you want to trust, make sure in steps 13 and 16 that you use unique names for each farm for PublishingFarm and Collaboration. Those names are used to identify the actual trust so you cannot reuse them when setting up other farms to trust this farm. If you are only setting up one trust you can just ignore this.
17. To load the consuming server’s STS certificate, type the following line and press Enter: 
$stsCert = Get-PfxCertificate "c:\ConsumerCerts\ConsumingSTS.cer"
18. To add the STS certificate to the trust, type the following line and press Enter: 
New-SPTrustedServiceTokenIssuer Collaboration -Certificate $stsCert
19. Return to the Management Shell on the consuming server.
20. Type the following line and press Enter: 
Get-SPFarm | Select Id
21. Record that GUID for use later.
22. Return to the Management Shell on the publishing server.
23. To get the security object for the Application Discovery and Load Balancer service application, type the following line and press Enter: 
$security = Get-SPTopologyServiceApplication | 
Get-SPServiceApplicationSecurity
24. To get the farm’s claim provider object, type the following line and press Enter: 
$claimProvider = (Get-SPClaimProvider System).ClaimProvider
25. To set up the new claim principal for the consuming farm, type the following line and press Enter: 
$principal = New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com
/sharepoint/2009/08/claims/farmid"
 -ClaimProvider $claimProvider
 -ClaimValue <Type the ID from Step 21, don't include the <>>
26. To give that principal permission in your publishing farm to the Application Discovery and Load Balancer service application, type the following line and press Enter: 
Grant-SPObjectSecurity -Identity $security -Principal $principal
-Rights "Full Control"
27. To set the access just given, type the following line and press Enter: 
Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity
-ObjectSecurity $security

That completes the process of establishing a trust between the two farms so that the publishing server can serve up service applications to the consuming farm. If you want to look at the trusts or possibly remove one, you can do that through the GUI by navigating to Central Administration ⇒ Security ⇒ Manage trust.

Publishing a Service Application

For this task, you could dive back into PowerShell or you could use the GUI in Central Administration. Let’s be “efficient” (i.e., lazy) and use the GUI. For this example, you will publish a Managed Metadata service application:

1. On the publishing server, open Central Administration.
2. Navigate to Application Management ⇒ Manage service applications.
3. Click to the right of the service application you want to make available.
4. In the Ribbon, click Publish.
5. On the Publish Service Application page, check the box for “Publish this Service Application to other farms.”
6. For the Publish URL, copy all of the string that begins with “urn:” and ends with “.svc.” For example, it will be similar to the following: 
urn:schemas-microsoft-com:sharepoint:service:ac40e8f87daa43d9bec93f9fa99360c7
#authority=urn:uuid:de389296913c4f00b7970f50ea298fd4&authority=
https://server:32844/Topology/topology.svc
7. Scroll down the page and click OK.
8. Click to the right of the service application.
9. From the Ribbon, click Permissions.
10. Enter the farm ID of the consuming farm (refer to step 21 in the previous section, “Setting Up the Farm Trust”). Click Add.
11. Highlight the remote farm: <Your Farm ID>.
12. For permissions, check the box to assign the permissions you wish to give to the remote farm. The permissions available will vary according to the service application being published.
13. Open Central Administration on the consuming farm and navigate to Application Management ⇒ Manage service applications.
14. From the Ribbon, click Connect.
15. Enter the URL for the service application you want to access from step 6 in this section. Click OK.
16. Click the service application name so that it is highlighted in yellow.
17. You can specify whether this service application should be included in the default service application group. When you are done, click OK.
18. Either accept the default connection name or enter your own. When you are finished, click OK.
19. At the Success screen, click OK.

You can now work with the service application just as if it were part of your farm. The first time you work through this process, take your time; it is easy to make a small mistake that results in hours of troubleshooting.
Other -----------------
- Windows Server 2012 : Managing networking using Windows PowerShell (part 2) - Examples of network-administration tasks
- Windows Server 2012 : Managing networking using Windows PowerShell (part 1) - Identifying networking cmdlets
- Sharepoint 2013 : Managing Site Security - Create Permission Levels for a Site
- Sharepoint 2013 : Managing Site Security - Edit a SharePoint Group’s Settings
- Sharepoint 2013 : Managing Site Security - Create a SharePoint Group for a Site
- Sharepoint 2013 : Assign Users’ Permissions on a Site
- Sharepoint 2013 : Get to a Site’s Permission Management Page (part 2) - Check What Permissions a User or a Group Has on a Site
- Sharepoint 2013 : Get to a Site’s Permission Management Page (part 1)
- Microsoft Exchange Server 2013 : Creating new mailboxes (part 4) - Automating mailbox settings,Ready-to-go custom attributes
- Microsoft Exchange Server 2013 : Creating new mailboxes (part 3) - Default folders, Manipulating mailbox settings
 
 
Top 10 video Game
-   Minecraft Mods - MAD PACK #10 'NETHER DOOM!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
-   Minecraft Mods - MAD PACK #9 'KING SLIME!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
-   Minecraft Mods - MAD PACK #2 'LAVA LOBBERS!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
-   Minecraft Mods - MAD PACK #3 'OBSIDIAN LONGSWORD!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
-   Total War: Warhammer [PC] Demigryph Trailer
-   Minecraft | MINIONS MOVIE MOD! (Despicable Me, Minions Movie)
-   Minecraft | Crazy Craft 3.0 - Ep 3! "TITANS ATTACK"
-   Minecraft | Crazy Craft 3.0 - Ep 2! "THIEVING FROM THE CRAZIES"
-   Minecraft | MORPH HIDE AND SEEK - Minions Despicable Me Mod
-   Minecraft | Dream Craft - Star Wars Modded Survival Ep 92 "IS JOE DEAD?!"
-   Minecraft | Dream Craft - Star Wars Modded Survival Ep 93 "JEDI STRIKE BACK"
-   Minecraft | Dream Craft - Star Wars Modded Survival Ep 94 "TATOOINE PLANET DESTRUCTION"
-   Minecraft | Dream Craft - Star Wars Modded Survival Ep 95 "TATOOINE CAPTIVES"
-   Hitman [PS4/XOne/PC] Alpha Gameplay Trailer
-   Satellite Reign [PC] Release Date Trailer
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
programming4us programming4us
PS4 game trailer XBox One game trailer
WiiU game trailer 3ds game trailer
Trailer game
 
programming4us
 Natural Miscarriage
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Game Trailer