Translate

Thursday 28 February 2013

SharePoint 2013 Cross Farm Service configuration steps




Farm1 needs to consume the Managed Metadata(or any service) service which is hosted in Farm 2. Following steps will provide the details (Assuming that both the servers are in the same domain.

Note

Farm 1 is called the Consuming farm and Farm 2 will be called as the publishing farm in the below section.

Following Steps are required


  1. consuming farm
    1. root certificate
    2. security token service (STS) certificate
  2. Publishing Farm
    1. root certificate






$rootCert = (Get-SPCertificateAuthority).RootCertificate

$rootCert.Export("Cert") | Set-Content <C:\ConsumingFarmRoot.cer> -Encoding byte




$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate

$stsCert.Export("Cert") | Set-Content <C:\ConsumingFarmSTS.cer> -Encoding byte




Either use Central admin or PowerShell to achieve the same

Once generated add the certificates to the farm via Manage Trust as highlighted in the below screen shot or use powershell for the same as listed below in section2

 


section2

Publishing Farm

Add-PsSnapin Microsoft.SharePoint.PowerShell



$trustCert = Get-PfxCertificate 'D:\certif.cer'



New-SPTrustedRootAuthority Farm1Server -Certificate $trustCert



Publishing Farm STS certificate addition

$stsCert = Get-PfxCertificate 'D:\ConsumingFarmSTSFinal.cer'



New-SPTrustedServiceTokenIssuer Farm1STS -Certificate $stsCert



Consumer Farm

Add-PsSnapin Microsoft.SharePoint.PowerShell



$trustCert = Get-PfxCertificate 'D:\certif.cer'



New-SPTrustedRootAuthority Farm1Server -Certificate $trustCert





Establish a relationship between the publishing farm and the consuming farm by giving the consuming farm permission to the Application Discovery and Load Balancing Service Application on the publishing farm.

Find the consumer farm id  by using the following powershell command

Get-SPFarm | Select Id



Add the same FarmId(GUID)  to the publishing farms Application discovery and load balancing service as shown in the below screen shot.

Similarly we can add the farmId to the Managed Metadata service or any other service

Please note that in the case of User Profile service application, we need to give the consuming farm's web application pool identity instead of the consuming farm ID.






On the publishing farm, publish the service application



*Below steps are optional

To set permission to the Application Discovery and Load Balancing Service Application for a consuming farm by using Windows PowerShell



Get the farm id from the consumer farm and execute the same in the Publishing farm

$security=Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity

$claimprovider=(Get-SPClaimProvider System).ClaimProvider

$principal=New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimprovider -ClaimValue <consumingfarmid>

Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"

Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security



Reference Links



No comments:

Post a Comment