File Server Capacity Tool

I recently used Microsft FSCT to load test a new Dell MD3220i iSCSI array. It took a bit of poking around to get going and I wanted to share my experience.

The Downloads!


FSCT consists of three components:

  • The Server being tested (FSCT-Server)
  • The Clients used for testing (FSCT-Client)
  • The Controller that manages the client\server interaction (FSCT-Controller)

A FSCT setup requires two networks: the ‘data’ network, and the ‘control’ network. The clients and server must have a minimum of 2 nic’s, one for the data network and one for the control network. The controller requires only 1 nic which must be on the control network. The two networks must reside in different subnets.

I used for the control network, and for the data network. Make sure that all devices on the same network can ping each other. I also enabled jumbo frames, flow control, and QoS priority on my nics and switch.


DNS\Host Files

FSCT relies on DNS lookups. Using the hosts file on each system is the easiest way to satisfy this requirement. All client\server\controller systems in the test bed should have the control network IP’s and names of all the other systems in their respective local hosts file.

Installing FSCT

To install FSCT, simply extract the contents of the downloaded package into a folder on each system. There is no official installation procedure.

Preparing the Server

FSCT formats any volumes used for load testing during its ‘prepare’ stage. Make sure you have a clean volume ready to go with no needed data. In order to properly prepare the server, you must provide the following information.

  • Volumes to use during testing (drive letters only, no mount points).
  • Maximum number of remote ‘users’ that will be used for testing.
  • A password you would like to assign to the ‘users’ that will be created on the server. In order to properly download results, it should also be the local admin password on the client, server, and controller.
  • The computer names of all clients connecting (must be in hosts file with control network IP).

An example of the server preparation command is as follows:

fsct prepare server /users 5000 /password a1234567! /clients fsct-client-01 /volumes "E: F: G: H: I: J: K: L:" /workload homeFolders

Preparing the Client

To prepare the client you must provide the following information.

  • A password for the users on the server. This must match the password in the step ‘preparing the server’.
  • The server’s data network IP  (for /SERVER_IP)
  • The server’s computer name (must be in hosts file with control network IP)
  • The maximum number of users you wish to make available to this client for testing.

An example of the client preparation command is as follows:

fsct prepare client /server fsct-server /password a1234567! /users 2500 /server_ip /workload homeFolders

Preparing the Controller

This is easy; simply run the following command.

fsct prepare controller

Running FSCT

The client command is straight-forward. The server command includes the ability to run multiple times with a different number of users per run. To start a single run, set min_users and max_users to the same number with a step of 1. To start a succession of runs, set a higher max_users and increase the step value as needed. The step value indicates how many users to add between runs. For example, if min_users is 1 and max users is 100 with a step of 1, FSCT will run 100 times. In the same example with a step of 50, FSCT will run twice. Duration is in seconds; 10-15 minutes is the recommended run time per Microsoft’s FSCT Users Guide.

  1. On the client, run the following command:
    fsct run client /controller fsct-controller /server fsct-server /password a1234567!
  2. On the controller, run the following command:
    fsct run controller /server fsct-server /password a1234567! /volumes "E: F: G: H: I: J: K: L:" /clients fsct-client-01 /min_users 1250 /max_users 1250 /step 1 /duration 900 /workload homeFolders

Returning the Output

On the controller, run the following command to gather the results. An output directory will be created at the path given.

fsct cleanup controller /backup C:\workingtemp\fsctbackup01

The output of the FSCT_data file should look similar to this:

*** Results
Users  Overload  Throughput  Errors  Errors [%]  Duration [ms]
1250       125%          52      44          0%        1055923

*** Test's information
FSCT version: 1.0
Workload: homeFolders
Time: 2011/11/02 17:46

*** Performance Counters
1 - \Processor(_Total)\% Processor Time
2 - \PhysicalDisk(_Total)\Disk Write Bytes/sec
3 - \PhysicalDisk(_Total)\Disk Read Bytes/sec
4 - \Memory\Available Mbytes
5 - \Processor(_Total)\% Privileged Time
6 - \Processor(_Total)\% User Time
7 - \System\Context Switches/sec
8 - \System\System Calls/sec
9 - \PhysicalDisk(_Total)\Avg. Disk Queue Length
10 - \TCPv4\Segments Retransmitted/sec
11 - \PhysicalDisk(_Total)\Avg. Disk Bytes/Read
12 - \PhysicalDisk(_Total)\Avg. Disk Bytes/Write
13 - \PhysicalDisk(_Total)\Disk Reads/sec
14 - \PhysicalDisk(_Total)\Disk Writes/sec
15 - \PhysicalDisk(_Total)\Avg. Disk sec/Read
16 - \PhysicalDisk(_Total)\Avg. Disk sec/Write

*** Server resources
Users    CPU     DiskWrite      DiskRead        Memory       avg( 5)       avg( 6)       avg( 7)       avg( 8)       avg( 9)       avg(10)       avg(11)       avg(12)       avg(13)       avg(14)       avg(15)       avg(16)
 1250  35.0%     9938461.0    12517901.0         955.2          34.7           0.3        7152.0        2176.9           5.4         588.7       35680.3      295838.1         376.5          72.3           0.0           0.0

*** Client Resources (1250 users)
Name            CPU     DiskWrite      DiskRead        Memory       avg( 5)       avg( 6)       avg( 7)       avg( 8)       avg( 9)       avg(10)       avg(11)       avg(12)       avg(13)       avg(14)       avg(15)       avg(16)
fsct-client-01   0.0%           0.0           0.0           0.0           0.0           0.0           0.0           0.0           0.0           0.0           0.0           0.0           0.0           0.0           0.0           0.0

*** Label descriptions
Overload   - server's overload in percent. For example if the return value is 900% it means
             that to support the given number of users the server capacity must be increased
             by 900% (so if there was 1 machine, 9 more are needed).

Errors [%] - number of errors / number of executed scenarios * 100%.

             The value can be greater than 100% because multiple errors can occur during
             a single scenario execution.

Cleaning Up

To ‘clean up’ the client and sever, run the following commands.

fsct cleanup server /users 5000 /clients fsct-client-01 /volumes "H: I: J: K:"
fsct cleanup client /users 2500

Getting Consistent Results

At first, my outputs varied widely. After researching the issue and re-reading TFM, I found this gem in the FAQ: “To achieve repeatable results, you must reformat the data volumes, recreate the file set, restart all of the computers (server, controller, and clients), and run a single iteration per run…You can run multiple iterations to investigate the maximum number for a configuration, but you should redo the testing as indicated to get a repeatable and reportable result “. This honestly makes sense because of the amount of caching involved in a file system.

Here’s a script to help out with prepping the server between runs. This is a destructive script in that it formats volumes without asking and will need modified for your environment. For it to work, the your volumes must be labeled “FSCT”.
First, create a text file named “format-override.txt” with the following contents.


Next, create a file named “prep-server.cmd” with the following contents:

fsct cleanup server /users 1250 /clients fsct-client-01 /volumes "E: F: G: H: I: J: K: L:"
type format-override.txt | format E: /q /X /V:"fsct"
type format-override.txt | format F: /q /X /V:"fsct"
type format-override.txt | format G: /q /X /V:"fsct"
type format-override.txt | format H: /q /X /V:"fsct"
type format-override.txt | format I: /q /X /V:"fsct"
type format-override.txt | format J: /q /X /V:"fsct"
type format-override.txt | format K: /q /X /V:"fsct"
type format-override.txt | format L: /q /X /V:"fsct"
fsct prepare server /users 1250 /password a1234567! /clients fsct-client-01 /volumes "E: F: G: H: I: J: K: L:" /workload homeFolders
shutdown /r /t 00 /f /c "prepping for fsct" /d P:0:0

Good luck and happy performance hunting!


Optimized SQL Server 2008 R2 Express Installation

There’s a couple things which can be done to optimize SQL Server 2008 R2 Express during installation. This post makes the assumption that you have a dedicated windows server 2008 R2 domain member server in the English (1033) localization.

First, create 2 extra volumes on your server:

  • D Drive, GPT, 14GB, “SQL Data”
  • E Drive, GPT, 5GB, “SQL Logs”

Getting all the pieces

Download the following items

  1. SQL Server 2008 R2 Express x64 with Management Tools
  2. Check for and download the latest Cumulative Update here: SQL Server Release Blog. As of 12/1/2010, it’s CU4. You can also check SQL Version Database.
    1. When you visit the KB page for CU4, you want to download the file named “SQLServer2008R2_RTM_CU4_2345451_10_50_1746_x64”.
    2. Make sure you extract the hotfix right away, since it’s locked the time-limited password sent to your email address.
  3. 7Zip or another good zip program.


  1. Create C:\workingtemp, and copy the SQL Express and CU download files there.
  2. Unzip each of the 2 files to their own folders.
  3. If you’re using CU4, the folder structure should look like this:

Slipstreaming the Cumulative Update


Now that you have everything extracted and ready, let’s slipstream the CU.

  • Create a new folder
    C:\workingtemp\SQL2008CU4 (unless you’re on a different CU).
  • Copy the contents of C:\workingtemp\SQLEXPRWT_x64_ENU into C:\workingtemp\SQL2008CU4.
  • Next, create another new folder
  • Copy the contents of C:\workingtemp\SQLServer2008R2-KB2345451-x64 into C:\workingtemp\SQL2008CU4\CU. You don’t need to copy all of the localization files if you don’t want to. In my case, the only localization folder I needed was ‘1033_enu_lp’.

Once this is done, your directory structure should look like this:

  • C:\workingtemp
    • \SQL2008CU4
      • setup.exe
      • supporting files and folders
      • \CU
        • setup.exe
        • supporting files and folders

Now, we need to overwrite a couple of the root setup files with ones from the CU.

  • All of the files, but not the folders, and not the one file called “Microsoft.SQL.Chainer.PackageData.dll” in C:\workingtemp\SQL2008R2CU4\CU\x64, should be copied to C:\workingtemp\SQL2008R2Cu4\x64. Here’s a robocopy command which will do this for you.
    • robocopy C:\workingtemp\SQL2008R2CU4\CU\x64 C:\workingtemp\SQL2008R2CU4\x64 /XF Microsoft.SQL.Chainer.PackageData.dll
  • NOTE: The article listed as a reference says to overwrite setup.exe in the root setup directory with the setup.exe in the CU directory. I intentionally left this step out because replacing the file causes my setup installation to crash–not sure what’s wrong there, but I’ve found that setup should still slipstream and install correctly with the original setup.exe file in place.

Creating the Configuration File


One more thing before installing SQL–we need to create the configuration file. Open a text editor, and copy\paste the following code block, then save it as C:\workingtemp\SQL2008R2CU4\configurationFile.ini. Make sure to change the SQLSYSADMINACCOUNTS parameter.

;SQLSERVER2008 Configuration File
;UIMODE="Normal" -- not supported when using quietsimple="true"
INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server"
INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server"


Now, Install SQL.


  1. Install the .Net framework.
    1. Open powershell as administrator and run the following command:
      Import-Module ServerManager; Add-WindowsFeature net-framework-core
    2. Go to control panel -> Windows Updates, install Microsoft Update, and “check for updates”. Then, install them all and reboot. This should update you to .NET 4.
  2. In powershell:
    1. cd C:\workingtemp\SQL2008R2CU4
    2. setup.exe /CONFIGURATIONFILE="C:\workingtemp\SQL2008R2CU4\configurationFile.ini"
    3. wait forever, and setup should finish!


To make sure CU4 actually installed, we can run a file version discovery.

  1. Run setup.exe with no flags, then in the GUI click “Tools” then “Installed SQL Server features discovery report”.
  2. The report should output results similar to the image below. If you installed CU4 correctly, the version number will show  “10.50.1746.0”
  3. Compare the version number listed with the table at this website: SQL Server Version Database .
  4. Login to the freshly installed SQL Server through “SQL Server Management Studio”. Everything should work!

To-Do \ Wishlist

  • Document installing a slipstreamed SQL Server 2008 R1 with both a CU and an SP.
  • Document enabling Named Pipes and TCP\IP
  • Document capturing a SQL Server Express configuration file.
  • Document backing up and restoring a SQL Server with DPM
  • SQL Server Express and Sysprep (and a vmware template)
  • Using WaspTime Professional with a SQL Server Express installation.
  • Dumping regular SQL backups to disk (for crude backup systems that are crash-consistent only).

Installing a Standalone Sharepoint Foundation 2010 Server

These are my notes from last week’s project, installing a SharePoint Foundation 2010 server. I wanted the following features:

  • SSL
  • Kerberos SSO Auth
  • Full-Text and PDF Searching
  • Simple single-server install

This walk-through makes the following assumptions:

  • You are running Windows Server 2008 R2.
  • You have an Active Directory Certificate Authority (for SSL).
  • Your server has a DNS entry (for SSL).

Here’s how it goes!

Install SQL

First, follow the SQL Sever Express 2008 R2 installation instructions in this post: Optimized SQL Server 2008 R2 Express Installation .

Download SharePoint

Next, download SharePoint Foundation and Search Server Express.

Prepare Your System

First, configure a disk volume to store your search indexes. Make it at least 5GB and use GPT. Your should now have the following disks:

  • C – System Volume, >20GB
  • D – SQL Data, >15GB
  • E – SQL Logs, >5GB
  • F – Search Indexes, >5GB

Install the SharePoint Prerequisites

  • Run “SharePointFoundation.exe”. On the setup window, choose “Install Software Prerequisites”.
  • It’s really a granny install (next, next, next). There aren’t any real decisions to make.

Install SharePoint Foundation 2010


To save time, I’m only going to create screenshots for steps requiring decisions.

  1. On the setup window, click “Install SharePoint Foundation”
  2. Accept the license agreement.
  3. When presented with the option, choose “Server Farm”
  4. On “Server Type”, choose “Complete”, but don’t move on; we’re not done here!
  5. Click the “Data Location’ Tab, and change the path to F:\SharePointSearch .
  6. Click “Install Now”
  7. When the installation is finished, check the box labeled “Run Sharepoint Configuration Wizard Now”, and press “OK”.
  8. On the screen “Welcome to SharePoint Products”, click “Next”.
  9. A dialog box should pop up warning you that certain services will be restarted. Click “Yes”.
  10. On the screen, “Connect to a Server Farm”, choose “Create a new server farm” and hit “Next”.
  11. On the screen, “Specify Configuration Database Settings”, set ‘Database Server’ to a dot (.), then add your user credentials in the proper boxes.
  12. On the screen “Specify Farm Security Settings”, enter a passphrase.
  13. On the screen “Configure SharePoint Central Administration Web Application”, leave the default settings (do not configure port number, and choose “NTLM”. Click Next.
  14. On the screen, “Completing the SharePoint Projects Configuration Wizard”, there are no decisions to make. Just click, “Next”.
  15. Victory!

Install Search Server Express

Next, install search server by running, “SearchServerExpress.exe”.

  1. Much like the SharePoint install, at the setup screen choose “Install Software Prerequisites”, and proceed through the prerequisites install. It’s easy and there are no options.
  2. Next, choose “Install Search Server Express”.
  3. Accept the license agreement and click “Continue”.
  4. On the screen, “Choose a file location”, change the bottom path to F:\SearchServerIndex then click “Install Now”.
  5. On the success screen, choose to run the configuration wizard.
  6. On the “Welcome to SharePoint Products” screen, click “Next.”
  7. Click “Yes” to the dialog box warning that some services will be restarted.
  8. Click “Next” on the screen, “Completing the SharePoint Products Configuration Wizard”. This will upgrade your SharePoint Foundation installation to use Search Server Express.
  9. If you accidentally closed the SharePoint Configuration wizard, you can run it from the start menu. There should be a new folder in the start menu named “Microsoft SharePoint 2010 Products”. The program you want is “SharePoint 2010 Products Configuration Wizard”.
  10. On the “Configuration Successful” screen, click “Finish”. Victory!

Initial Configuration Wizard

The initial configuration wizard will set up any extra services you want to run on your farm.

The process:

  1. If necessary, start IIS manager, then right click on the SharePoint Central Administration site, choose “Manage Web Site”, then “Browse”.
  2. Choose Configuration Wizards, then “Farm Configuration”.
  3. Run the Wizard
  4. Click “Use existing managed account”, then select your username, then select which services you need, then click ‘next’.
  5. When asked about creating a site, click Skip. If we create a site here it will be permanently named ‘SharePoint – 80’. We will just end up deleting it later when configuring SSL.
  6. Once the configuration is complete, click “Finish”.

Request a Domain Certificate

Now, let’s create a root site and encrypt it. First you need a certificate.

  1. Open IIS Manager -> Server Certificates
  2. Right-Click, “Create Domain Certificate”.
  3. “Common Name” must be the FQDN of the sharepoint server. Nothing else matters.
  4. Select your Certificate Authority, and enter a local ‘Friendly’ name for the cert.

Configure the Web Application


The default SharePoint web application is named, “SharePoint – 80”. This is confusing since SSL runs on port 443. Unfortunately, the only way to rename the web application is to delete and recreate it.

  1. Open SharePoint Central Administration.
  2. Click, “Manage web applications”.
  3. Click on ‘SharePoint – 80’ to select it, then click “Delete”.
  4. For  ‘Delete content databases’ choose Yes.
    For ‘Delete IIS web sites’ choose Yes.
    Then, hit “Delete”, and hit ‘Yes’ when the warning box pops up.
  5. Click ‘New’ to create our new web application and site.
  6. Use the following options, then click OK.
    Authentication: Classic Mode Authentication
    IIS Web Site: Create a New IIS web site
    Site name: Sharepoint – 443
    Port: 443
    NTLM, No, Yes
    url: https://<servername&gt;:443
    All the other options should keep their defaults.
  7. Click OK at the success screen.

Add the SSL Certificate

  1. Open IIS Manager, Right-click “SharePoint – 443”, Click “Edit Bindings”.
  2. Click the https binding to select it, and click ‘Edit’.
  3. Select a certificate from the drop-down menu, and click OK.
  4. Click ‘Close’ to finish.

Create the Site Collection

  1. Open SharePoint Central Administration.
  2. Click “Create site collections”.
  3. Add a title and optionally a description, then type your username in the “Primary Site Collection Administrator” box, then click “OK”.

Configure the Alternate Access Mappings

Now, we need to configure the alternate access mappings.

  1. Open SharePoint Central Admin and click, “Application Management”.
  2. Next, click “Configure alternate access mappings”.
  3. Change the drop down box labeled, “Alternate Access Mapping Collection” to “Sharepoint – 443”, then click “Edit Public URLs”.
  4. Change the mappings:
    Default – https://<FQDN&gt;
    Intranet – https://<servername&gt;
    Custom – https://localhost
  5. Now, open a browser and navigate to https://localhost. Your site should load.

It’s important that you test creating a sub site, and accessing the sub-site’s settings page. Any problems with your access mappings will reveal themselves through this process.

  1. On your site, click “Site Actions” -> “New Site”
  2. Add a title and URL, then click “Create”.
  3. On the new site, click “Site Actions” -> “Site Settings”
  4. You should see the site settings page for your test sub-site. If you get a “File not found” error, redo the alternate access mappings.

Configuring SSL for the Central Administration Site


The Process:

  1. First, edit the sharepoint central admin site bindings, and add an https binding. Open IIS Manager, then Right-Click the site “Sharepoint Central Admin”, then click “Edit Bindings”.
  2. Add a https binding, and hit OK.
    Type: https
    IP Address: All Unassigned
    Port: <add 1 to the port http is currently on>
    SSL Certificate: The domain certificate you made a few steps ago.
  3. Keep the http:80 binding for now!
  4. Hit Close on the “site bindings” window.
  5. Open a command prompt window, and run the following
    1. cd “C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN”
    2. stsadm -o setadminport -ssl -port <https binding port number>
  6. Try opening the sharepoint central admin port by going to https://localhost:<https binding port number>. It should work. If it doesn’t, start over from the beginning of this heading.
  7. Remove the http binding.
  8. Then, configure the alternate access mappings for the central admin site
    Default – https://<servername&gt;.domain.tld:<https binding port number>
    Intranet – httpps://<servername>:<https binding port number>

Securing SharePoint – Redirecting HTTP traffic to HTTPS

This is easy.

  1. Open IIS manager.
  2. Click “Default Web Site” to select it, then double click “HTTP Redirect”.
  3. Click the checkbox, “Redirect requests to this destination”.
  4. Type in “https://<FQDN>&#8221; (example:
  5. Check the box “Redirect all requests to exact destination”
  6. Click “Apply”
  7. Now, right click “Default Web Site”, choose “Manage Web Site”, then click “Start”.
  8. To make this start working, you my need to open a command prompt and run “iisreset.exe /noforce”.

Securing SharePoint – Creating Accounts


Now that we’re rollin’, you need to create some AD accounts. Figuring out exactly what you need is difficult at best—I wish someone would just post a quick table illustrating some form of standardized sharepoint service account naming conventions! The MS column are usernames in which previous Microsoft documentation has suggested. The Community column is, as far as I can tell, the actual standard naming practice as of today. I recommend using the community names.

Role Username (MS) Username (Community)
SQL Service mosssqlsvc sp_sql
Farm Admin Account mossfarmadmin sp_farm
Foundation Search Service wsssearch sp_foundsearch
Foundation Search Content Access wsscrawl sp_foundsearchCA
Server Search Service mossearch sp_search
Server Search Content Access mosscrawl sp_searchaccess
App Pool for Portal (root) portalpool sp_apppool
App Pool for My Site mysitepool sp_mysite
Sharepoint 2010 Timer Service mossfarmadmin sp_farm
Sharepoint Foundation Sandboxed Code Service sp_sandbox
Web Analytics Data Processing Service sp_webdata

And, wouldn’t it be great if there were a powershell script to create those accounts for you? Copy and paste this into notepad, and save it as “Create-SPAccounts.ps1”. Now, open powershell, and execute the command, “Set-ExecutionPolicy Unrestricted”. That allows you to run scripts. Then, run the script you just saved.

# John Puskar, 2010
# gmail\johnpuskar

$hshUsers = @{}
#$hshUsers.add("test101010","SharePoint Foundation auto account test!")
$hshUsers.add("sp_sql","SharePoint SQL Service")
$hshUsers.add("sp_farm","SharePoint Farm Admin")
$hshUsers.add("sp_foundsearch","SharePoint Foundation Search")
$hshUsers.add("sp_foundsearchCA","SharePoint Foundation Search Content Access")
$hshUsers.add("sp_search","Search Server Service")
$hshUsers.add("sp_searchAccess","Search Server Content Access")
$hshUsers.add("sp_appPool","Sharepoint Foundation Default Application Pool")
$hshUsers.add("sp_rootSite","Sharepoint Foundation Root Site Application Pool")
$hshUsers.add("sp_Sandbox","SharePoint Foundation Sandboxed Code")
$hshUsers.add("sp_WebData","SharePoint Foundation Web Analytics Data Processing")

$password = $null
$password = "yUWAtuweKega5AcrAc43e6u&u"

$domainRoot = $null
$domainRoot = ([adsi]'').distinguishedName

$strOUDN = $null
$strOUDN = "CN=Users," + $DomainRoot

$objOU = [adsi]("LDAP://" + $strOUDN)
$usernames = $null
$usernames = $hshUsers.Keys
$usernames | % {
$sAMAccountName = $null
$sAMAccountName = $_
$description = $null
$description = $hshUsers.Get_Item($sAMAccountName)
$objUser = $null
$objUser = $objOU.Create("user","cn=$sAMAccountName")

You might notice that the same password is used for all the accounts: “yUWAtuweKega5AcrAc43e6u&u” This is ok, because SharePoint Foundation 2010 will auto-change passwords for you.

Next, login to the SharePoint Central Admin site (IIS Manager -> Sharepoint Central Admin -> Right-Click, All Tasks, Browse.

Click “Security”, then “Configure Service Accounts”.

Make your roles\accounts look like the following table, and enable password auto-change on all of them.

Role Username
Farm Account sp_farm
Windows Service – Claims to Windows Token Service Local System
Windows Service – Microsoft SharePoint Foundation Sandboxed Code Service sp_sandbox
Windows Service – SharePoint Foundation Search sp_foundsearch
Windows Service – SharePoint Server Search sp_search
Windows Service – Web Analytics Data Processing Service sp_webdata
Web Application Pool – SharePoint – 443 sp_rootsite
Service Application Pool – SecurityTokenServiceApplicationPool sp_apppool
Service Application Pool -SharePoint Web Services Default sp_apppool
Service Application Pool – SharePoint Web Services System sp_apppool

Configuring Kerberos


Ahh Kerberos. Not nearly as bad as anyone makes it out to be. I’m sure it’s actually much worse and I’m just missing something… (if so, LET ME KNOW!).

First, you need to set the SPN’s. Before you set an SPN, always make sure it doesn’t already exist, or you will get duplicates that break everything (so they say). Our purpose for SPN’s is user-centric. The following command will list SPN’s on a user:

  • setpspn -L <username>

So, run it on the users before you add any new SPNs to that user. Skip adding any SPN’s already exist. To add an SPN:

  • setspn -A <spn> <username>

You need to set the following SPN’s. They are case sensitive. It’s supposed to be HTTP even if you’re using SSL. DO NOT USE HTTP://  OR HTTPS:// HERE, we’re not making URL’s!

SPN User
HTTP/<servername>.domain.tld sp_rootsite
HTTP/<servername> sp_rootsite
HTTP/<servername>.domain.tld sp_apppool
HTTP/<servername> sp_apppool
HTTP/<servername>.domain.tld:<adminport> sp_farm
HTTP/<servername>:<adminport> sp_farm

So, for example:

  • setspn -A HTTP/  sp_rootsite
  • setspn -A HTTP/sharepoint  sp_rootsite

Get it? Now that your SPN’s are set, configure IIS to use Kerberos.

  • IIS Manager -> Authentication
    • Windows Authentication: Enabled
    • Advanced Settings: Kernel Mode and Extended Protection (EAP): Off
    • Providers: Negotiate: Kerberos (Add, move to top).
  • Open a command prompt and run “iisreset /noforce”
  • If using sharepoint by FQDN (e.g. http->s redirection), make sure the FQDN is listed in “Intranet Sites” in IE \ Internet Options. This is a killer, and I’ll explain later how to do so with a GPO.

Now, configure SharePoint to use Kerberos as it’s authentication provider.

  • login to the SharePoint Central Admin site.
  • click “Manage Web Applications”
  • click “SharePoint – 443”
  • click “Authentication Providers”
  • click “default”
  • Scroll half-way down and make sure “Integrated Windows Authentication” is checked, then click the “negotiate (Kerberos)” button.
  • Scroll down and hit “save”.
  • login to another computer with your domain account, add the FQDN to the “Intranet Sites” list in IE, then hit up your root site. Did it work? Congrats! Kerberos is working. Now, go make the same change for your “SharePoint Central Administration v4” site.

Configuring SharePoint Indexing


First, lets configure crawling. Go back to SharePoint Central Administration.

  1. Click “General Application Settings”.
  2. Click “Farm Search Administration”.
  3. Click “Search Service Application”.
  4. Click “Content Sources”.
  5. Click the drop-down arrow for your site’s content source, and click “Edit”.
  6. Make sure your start address is https://<FQDN&gt;, create a full and incremental crawl schedule, and hit “OK”.
  7. Click the drop-down arrow for your site’s content source, and click “Start Full Crawl”.
  8. If you get SSL warning errors because you’re using a self-signed certificate, you’ll have to click “Farm Search Administration”, then under “Ignore SSL warnings” click “No”, and change it to “Yes”. Make sure to undo this once you have your certificate in order!
  9. Once your crawl is complete, click “Crawl Log”
  10. You should see successes and no warnings or errors.

Configuring PDF Search



The process

Troubleshooting and References

See my wiki page

To Do \ Wish-List:

  • Document configuring search
  • Document configuring PDF search
  • Document GPO for adding sharepoint to Intranet Sites in IE
  • Install Sharepoint Foundation CU’s
  • Understand Report Services with SharePoint and what it can do
  • Understand how to integrate Visio, Project, OneNote, and Outlook with SharePoint effectively.
  • Understand what PowerPivot is, what what it can do