Tuesday, May 25, 2010

My first SP2010 installation, critical issues

This week I have installed my first SharePoint 2010 server and it has been great fun and very interesting! It is a test environment so it's a small server farm setup. After having a connection issue with the SQL server (everything is closed and denied) it was a fast and easy installation. Well that was the smallest part...

Fired up Central Administration, and went through it step by step. Trying to memorize where to find everything =) When you have worked for years in MOSS then it is a bit messy... When most settings were ready, the red ribbon turned up and warned about the farm having "Critical issues". Clicked on the messages and there were some errors:



1) The server farm account should not be used for other services
Ah yes, of course, an old classic. Open "Manage service accounts" and change the account to the one you use for your services in general. Not the farm admin account or an account who is a member of the local admin group.

2) Accounts used by application pools or service identities are in the local machine Administrators group. ¨
Click on "Manage service accounts" and change all services that uses your farm account to a specific service account instead. That account should be a least privilege account. Like before..

3) The unattended service account application id is not specified or has an invalid value.
This means that you must generate a new key and configure the Secure Store Service.

4) Missing server side dependencies
Did not really understand WHAT was wrong... so what do you do? Google of course! And yes, I was not alone... Found this guy's blog with a solution that I found was hilarious! I thought he had forgotten to write down a step in this solution, but no - follow these steps and the error message is gone! =)
Click General Application Settings
Under Search, click Farm-Wide Search Administration
Under Search Service Application click Search Service Application
Run iisreset -noforce (don't forget to run cmd as Administrator or else you get Access denied)
Thanks to http://sharepointinsight.wordpress.com/

5) Verify that the Activity Feed Timer Job is enabled.
Well, just DO IT! Inside the timer job definitions, enable it.

6) Built in accounts are used as application pools or service identities
Again, change to correct account!

7) Validate the MySite host and individual MySites are on a dedicated web application and separate URL domain.
After a web application for MySite was setup, and some managed paths entered, this message disappeared.

11 comments:

Anonymous said...

Not to complain, but some actual steps to resolve each issue would be great...

Lise said...

Hi!
Well, non taken =)
The solutions are written beneath the error messages.
But I can explain some more, if you tell me which error you need solution for.
/Lise

Anonymous said...

Hi Lise please can you kindly give more clearity on steps 6 and 7.

thanks.

Also i cannot search for people any clues wat may be wrong?

Miss Huang said...

Weird, I a had most of the issues also, and I too cannot search for people.
Thanks for posting your answers, they helped me get rid of a few of the issues. Phew!

Lise said...

Glad to hear that miss Huang!
Take care,
/Lise

timebomb said...

This is helpful, but only to some extent. As mentioned, some of your explanations are only half...explained.

For instance, on point #1. I changed the Farm Account to a non-admin local account from NetworkService, and now I cannot get to Central Administration with the following error: "Cannot connect to the configuration database."

"change the account to the one you use for your services in general. Not the farm admin account or an account who is a member of the local admin group." Isn't that what I did?...

FYI, running the Sharepoint Products Configuration Wizard fixed the cannot connect issue.

We all appreciate the help you are offering, but can you expand these a little more?

Anonymous said...

This behaviour occurs when Sharepoint is not installed with low privileged accounts.

check http://technet.microsoft.com/en-us/library/ee662513.aspx for the used accounts.

when setup correctly, no errors will be given after install. :)

Lise said...

Hi "Anonymous"

Yes true, and if you read through issue no 2 again, I think I am explaining just that...
But thanks anyway,
/Lise

SharePoint Consulting said...

Sharepoint 2010 can save your business money by putting intranet, extranet, and internet sites all on a one platform. It also means people can save time by doing their jobs more quickly - they will have faster access to the information they need.

Bart said...

Just wanted to thank Lise for taking the time to chronicle her experiences and share observed solutions, and urge readers to be a little more courteous.

I landed here after experiencing the same "cannot connect to configuration database" error that Timebomb reported, which I encountered by taking the same steps he did to resolve the problems detailed in the original posting.

Point is, I found the solution I needed because Lise posted her solutions for the main issues I'm facing, and Timebomb elaborated on those we both encountered in the process. Lise's effort was no less helpful on account of the info I needed coming from a reader as a result of her efforts. It's all about the teamwork.

Add to what helpful people contribute, without criticizing, and everyone benefits!

records management said...

Just wanted to thank you for sharing answers to these critical situations. I too had faced many of these situations and was looking for their solutions. You have explained so well how to handle each of them easily.