Configuration Guide

CONFIGURATION GUIDE – K2 CORE 5.5.1

CORE VM WITH K2 BLACKPEARL 4.6.6, K2 SMARTFORMS 1.0.4, K2 CONNECT

FOR SAP 4.6.5, WINDOWS SERVER 2008 R2 SP1, SQL SERVER 2012 SP1,

EXCHANGE SERVER 2010 SP2, SHAREPOINT SERVER 2010 SP2, OFFICE 2010

SP2, VISUAL STUDIO 2010 SP1, DYNAMICS CRM 2011 AND AD FS 2.0

11/5/2013


© 2013 SOURCECODE TECHNOLOGY HOLDINGS, INC. 1

INTRODUCTION

This document details the configuration, installation order and overall approach to creating a Core VM

with K2 blackpearl 4.6.6, K2 smartforms 1.0.4, K2 connect for SAP 4.6.5, Windows Server 2008 R2 SP1,

SQL Server 2012 SP1, Exchange Server 2010 SP2, SharePoint Server 2010 SP2, Office 2010 SP2,

Visual Studio 2010 SP1, Dynamics CRM 2011 and AD FS 2.0 to act as a base for K2 software. The

approach used provides, above all, the most stable configuration while ensuring enterprise features and

configuration scalability through appropriate service delineation, best practice and standard methodology.

SCOPE

This document is intended to provide configuration details, component installation ordering and general

approach for preparing the base virtual machine.

The intent is not to outline infrastructure best practices or methodology and it is assumed that the reader

and any implementers of the information contained herein are already familiar with the software used.

It is further assumed that both readers and implementers of this document already possess enterprise

level network infrastructure experience in order to plan, install, configure, manage and troubleshoot the

software used on this virtual machine.

While every effort and precaution has been taken to ensure the quality and veracity of the information

provided, this document reflects information available as of November 6, 2013. Please ensure that you

verify the information contained herein for its relevance and accuracy before taking action.

This document shall not be used for any other purpose than to configure a base virtual machine for K2

software to be used in a demonstration or evaluation context. This document is not an installation guide

for K2 software or any other software that is employed in a production environment of any size.

TARGET AUDIENCE

This document targets infrastructure engineers and architects with relevant qualifications, expertise and

relevant experience. A very large number of Microsoft Windows components, Microsoft server software,

Microsoft application software and Microsoft component software is installed and configured. While the

all-in-one configuration is not a new approach, it does introduce complexity where multiple enterprise-

class pieces of software are combined on a single server as a self-contained environment.

K2 software depends on enterprise features and capability provided by a wide variety of underlying

software and as such, depends on this software base and infrastructure to be correctly installed and

configured in order for K2 software to function.

Please ensure that testing and verification are performed at the completion of each installation phase.

SOFTWARE LICENSING WARNING

Please bear in mind that unless stated otherwise, the software listed herein are not free and require

appropriate licensing.



SOFTWARE REQUIRED

The virtual machine was built using 64-bit versions of K2 and all software prerequisites except for Office

2010 which is using the recommended 32-bit version.

Note that the pre-requisites are based on the K2 4.6 product release requirements. Refer to the K2

Compatibility Matrix (follow the What’s Supported links on https://help.k2.com) to determine if other

versions / platforms will be supported by the K2 product release you will install.

SOFTWARE VERSIONS

All software, patches, updates and service packs are the latest available as of November 6, 2013.

VIRTUALIZATION TECHNOLOGY

The virtualization technology in use is VMware VMDX file format. A virtual machine built in one

virtualization technology may not be compatible or even functional with another technology.

VIRTUAL MACHINE

The following software shall be installed on the virtual machine.

K2 Software

K2 blackpearl 4.6.6 (4.12060.1540.0)

K2 smartforms 1.0.4 (4.12165.1595.0)

K2 connect for SAP 4.6.5 (4.10060.750.0)

K2 Package and Deployment 1.0 (4.13210.1.0)

Microsoft Software

Operating System

Microsoft Windows Server 2008 R2 Enterprise SP1

Servers

Microsoft SQL Server 2012 SP1

Microsoft Exchange Server 2010 Enterprise SP2

Microsoft SharePoint Server 2010 Enterprise SP2 + August 2013 CU

Microsoft Dynamics CRM 2011 Enterprise + Update Rollup 14

Applications

Microsoft Visual Studio 2010 Professional SP1

Microsoft Office 2010 Professional Plus SP2

Microsoft SharePoint Designer 2010 SP2

Microsoft Office Visio Premium 2010 SP2

Microsoft Office Lync 2010 SP2

Components

Microsoft Visual Studio 2010 Web Deployment Projects

https://help.k2.com/



Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 4.0

Microsoft Internet Explorer 10

Microsoft Silverlight 5

All relevant and available patches, updates and service packs as of November 6, 2013

Other Software

Browsers

Google Chrome 29

Apple Safari 5

Mozilla Firefox 24

Adobe Acrobat Reader 11

Browser Add-ins

Adobe Flash Player 11

Mozilla Firebug

Tools

GoToMeeting

SharePoint Manager 2010

ULS Viewer

PowerShell Community Extensions

Fiddler 2

Agent Ransack

Notepad++

Clean Projects

7-Zip

Space Sniffer



VIRTUAL MACHINE CONFIGURATION

The virtual machine shall be configured as follows:

CONFIGURATION DETAIL

Available RAM

8 Gigabytes (Minimum)

12 Gigabytes (Recommended)

16 Gigabytes (Best)

Virtual Hard Disk

99 Gigabytes (Fixed Recommended)*

99 Gigabytes (Dynamic Recommended)*

* Most virtualization technologies provide for dynamically expanding

virtual hard disks which do not require that the full amount of

space be allocated initially. Your target environment may require

Fixed vs. Dynamic.

Network

Internet Access: Many options exist for allowing a virtual machine to

access the Internet, the solution selected depends on your

requirements and no direction shall be provided herein.

Internet access should be provided during the build phase of the

virtual machine to streamline access to downloadable

components.

Network: For reasons of stability and predictability, a Microsoft

Loopback Adapter is manually installed and configured as the

primary network provider for the virtual machine at the operating

system level.

Sound, Floppy, Printer Disabled – can be enabled as needed.



INSTALLATION AND CONFIGURATION INSTRUCTIONS

The virtual machine is to be installed and configured in the following order:

MICROSOFT WINDOWS SERVER 2008 R2 ENTERPRISE

1. VM Version

1.1. Create/Set the Environment Variable VMVersion=5.5.1

2. General Configuration

2.1. Computer Name: dlx

2.2. Primary DNS Suffix: denallix.com

2.3. IESC: Disabled for Administrators and Users

2.4. Floppy Controller: Disable

3. Microsoft Loopback Adapter

3.1. Manually Add Hardware: Network Adapters > Microsoft > Microsoft Loopback Adapter

3.1.1. Name: Loopback Network (DO NOT MODIFY)

3.1.2. IP Address: 192.168.52.1

3.1.3. IP Address: 192.168.52.2

3.1.4. Subnet Mask: 255.255.255.0

3.1.5. Preferred DNS: 127.0.0.1

3.1.6. DNS suffix: denallix.com

3.1.7. http://www.subnetonline.com/pages/subnet-calculators/ipv4-to-ipv6-converter.php

3.1.8. IPv6 Address: fe80:0:0:0:0:0:c0a8:3401

3.1.9. Subnet prefix length: 64

3.1.10. Preferred DNS server: ::1

4. NET Framework 3.5.1 (Feature)

4.1. Default Installation (Add Required Role Services)

5. Windows PowerShell Integrated Scripting Environment (ISE) (Feature)

5.1. Default installation and required services

5.2. Change the Execution Policy to Unrestricted: Set-ExecutionPolicy Unrestricted

5.3. Install the PSCX module

xcopy "C:\Resources\Tools\Pscx-2.0.0.1\Pscx"

"C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSCX" /s

5.4. Enable PowerShell Remoting

5.4.1. Run: "C:\Resources\Configuration\Enable PowerShell Remoting.ps1"

5.4.2. Grant Full Control to Domain Users

6. External Internet Connection (Optional)

6.1. Name: External Network

6.2. Advanced Settings

6.2.1. Ensure that Loopback is first in binding order

6.2.2. Ensure “Microsoft Windows Network” is first in the order

6.3. Run C:\Resources\Configuration\Setup Interface Metrics.ps1

6.4. Run C:\Resources\Configuration\Enable IPv6.ps1

7. Telnet Client (Feature)

http://www.subnetonline.com/pages/subnet-calculators/ipv4-to-ipv6-converter.php




8. Desktop Experience (Feature)


8.2. Configure Clear Type (defaults)

8.3. Enable Themes service

8.4. Personalize > Aero Theme > Windows7

9. Windows Server Backup Features (Feature)

9.1. Windows Server Backup

10. Wireless LAN Service (Feature)

10.1. Wireless LAN Service

11. Web Server (IIS) (Role)


11.2. Add Role Services:

11.2.1. Security

11.2.1.1. Basic Authentication

11.2.1.2. Digest Authentication

11.2.1.3. Windows Authentication

11.2.2. Performance

11.2.2.1. Static Compression

11.2.2.2. Dynamic Compression

12. Microsoft Update / Windows Update

12.1. Microsoft Update: Install

12.2. Important Updates: Select “Check for updates but let me choose whether to download and

install them”

12.3. Recommended: Select “Give me recommended updates the same way I receive important

updates”

12.4. Who can install: Select “Allow all users to install updates on this computer”

12.5. Get updates for other Microsoft products. Select “Find out more”

12.5.1. Configure IE – (see User Profile)

12.5.2. Use recommended settings

12.6. Windows Update: Select “Install new Windows Update software, if required”

12.7. Install all Updates and Service Packs

13. Active Directory Domain Services (Role)


13.1.1. Forest Name: denallix.com

13.1.2. Forest Functional Level: Windows 2008 R2

13.1.3. Static IP warning: Select: “Yes” to continue without static IP

13.1.4. DNS Delegation warning: Select: “Yes” to create DNS delegation

13.1.5. Restore Mode Password: K2pass!

13.1.6. DNS Zone warning: OK

14. Domain Name System (DNS) (Role)




14.1.1. Forward Lookup Zone: denallix.com (Primary)

14.1.2. Allow Dynamic Updates (both zones): Allow both non-secure and secure dynamic updates

14.2. IPv4 Reverse Lookup Zone: 52.168.192.in-addr.arpa (Primary)

14.2.1. Pointer (PTR) Record: 192.168.52.1 > dlx.denallix.com

14.2.2. Allow Dynamic Updates (both zones): Allow both non-secure and secure dynamic updates

14.3. Update pointer records

14.3.1. Host (A) Record: k2.denallix.com > 192.168.52.1

14.3.2. Host (A) Record: mail.denallix.com > 192.168.52.1

14.3.3. Host (A) Record: portal.denallix.com > 192.168.52.1

14.3.4. Host (A) Record: mysite.denallix.com > 192.168.52.1

14.3.5. Host (A) Record: claims.denallix.com > 192.168.52.1

14.3.6. Host (A) Record: crm.denallix.com > 192.168.52.1

14.3.7. Host (A) Record: adfs.denallix.com > 192.168.52.1

14.3.8. Host (A) Record: autodiscover.denallix.com > 192.168.52.1

14.3.9. Host (A) Record: k2learning.denallix.com > 192.168.52.1

14.3.10. Mail Exchanger (MX) Record: denallix.com > dlx.denallix.com

15. Remote Desktop

15.1. Allowed Connections: Select "Allow connections from computers running any version of

Remote Desktop (less secure)"

15.2. Allowed Users: Domain Users

16. Create Active Directory Organizational Units and Users

16.1. Download and extract the Resources package

16.2. Run C:\Resources\Configuration\Users\Import Objects.cmd

17. Administrator’s Info

17.1. In “Active Directory Users and Computers”

17.2. Manually set the Administrator’s

17.2.1. First name: Denallix

17.2.2. Last name: Administrator

17.2.3. Display Name: Administrator

17.2.4. E-mail address: “[email protected]”

17.2.5. UPN: [email protected]

17.2.6. Account options: check Password never expires

17.2.7. Manager: Jonathan King

18. AutoAdminLogon

18.1. Run C:\Resources\Configuration\Enable AutoAdminLogin.ps1

19. Message Queuing (Feature)

19.1. Configure Permissions: As the computer DLX is a domain controller and will also run MSMQ, grant

the “NETWORK SERVICE” account the “Create MSMQ Configuration Objects” permission to the DLX

computer object in Active Directory Domain Services

19.1.1. Active Directory Users and Computer

19.1.1.1. View > Advanced Features

19.1.1.2. Domain Controllers > DLX > Properties > Security > Advanced > Add > Network Service

19.2. Feature Options:

19.2.1. Message Queuing Services

mailto:[email protected]



19.2.1.1. Message Queuing Server

19.2.1.2. Directory Service Integration, “Yes, I’ve set the required permissions”

20. Application Server (Role)

20.1. Role Services:

20.1.1. Windows Process Activation Service Support

20.1.1.1. Message Queuing Activation

20.1.2. Distributed Transactions

20.1.2.1. Incoming Remote Transactions

20.1.2.2. Outgoing Remote Transactions

21. File Services (Role)


21.1.1. File Server

21.1.2. Windows Server 2003 File Services

21.1.2.1. Indexing Service (Required for CRM 2011)

21.1.2.2. C: drive: Uncheck “Allow files on this drive to have contents indexed in addition to file

properties”

22. Active Directory Certificate Services (Role)

22.1. NOTE: Remove and reinstall this Role before any rearm to reset the clock on certs


22.2.1. Certification Authority

22.2.2. Certification Authority Web Enrollment

22.3. Setup Type: Enterprise

22.4. CA Type: Root CA

22.5. Private Key: New

22.6. CSP: RSA#Microsoft Software Key Storage Provider

22.7. Signing Algorithm: SHA-1

22.8. Key character length: 2048

22.9. Common name: denallix-DLX-CA

22.10. Distinguished name suffix: DC=denallix,DC=com

22.11. Validity period: 5 years

23. Disable Loopback Adapter

23.1. Run "C:\Resources\Configuration\Disable Loopback Adapter.ps1" PowerShell

23.1.1. INFO: http://support.microsoft.com/kb/896861

24. Enable WebDAV

24.1. Add denallix.com servers to Authorized Server list to prevent login prompt when saving from Office

clients to SharePoint

24.2. Run "C:\Resources\Configuration\Set WebClient AuthForwardServerList.ps1"

25. Open XML

25.1. Download and install:

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=5124

26. Disable Windows Error Reporting

26.1. Control Panel > System and Security > Action Center > Change Actin Center settings

http://support.microsoft.com/kb/896861

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=5124



26.1.1. Problem reporting settings > Change report settings for all users

26.1.2. Select: Never check for solutions

27. LSI SAS Drivers

27.1. Download and install the latest LSISAS1068E drivers:

http://www.lsi.com/support/products/Pages/LSISAS1068E.aspx

27.2. Device Manager > Storage controllers > LSI Adapter > Update Driver

27.2.1. C:\Resources\Configuration\Storage\LSImpt_sas_Windows7_P20

27.2.2. Driver Date: 12/7/2010

27.2.3. Driver Version: 1.34.2.0

28. Intel Rapid Storage Drivers

28.1. Download and extract the latest Intel Rapid Storage drivers:

http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2101&DwnldID=20215&lang=eng&iid=d

c_rss

28.2. Run C:\Resources\Configuration\Storage\MergeIDE.reg to update IDE registry settings

28.2.1. See: http://support.microsoft.com/default.aspx?scid=kb;en-us;314082

28.3. Run C:\Resources\Configuration\Storage\InstallIRST.bat to update PNP drivers

28.3.1. See: http://www.davidorlo.com/articles/virtual-machine/installing-drivers-in-hyper-v-server

29. Microsoft Update


30. .NET 4.5 Framework

30.1. Download and install .NET 4.5: http://www.microsoft.com/en-us/download/details.aspx?id=30653

30.2. Add denallix.com to IE compatibility settings for all users

30.2.1. Run: "C:\Resources\Configuration\Users\Setup IE Compatibility View.ps1"

NON-MICROSOFT SOFTWARE

1. Adobe Flash Player

1.1. Navigate to http://www.adobe.com to download and install

1.2. Never notify me when updates are available

1.3. Start, Accept License, Check for and Install Updates

1.4. Installed version: 11.8.800.174

2. Adobe Acrobat Reader

2.1. Navigate to http://www.adobe.com to download and install

2.2. Start, Accept License, Check for and Install Updates

2.3. Edit > Preferences > Updater

2.3.1. Do not download or install updates automatically

2.4. Services > Adobe Acrobat Update Service > Disable

2.5. Installed version: 11.0.4

3. Mozilla Firefox and Firebug

3.1. Navigate to http://www.mozilla.org/en-US/firefox/new/ to download and install

3.2. Start, Accept License, Check for and Install Updates (navigate to About)

3.3. Installed version: 24.0

3.4. Leave IE default

http://www.lsi.com/support/products/Pages/LSISAS1068E.aspx

http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2101&DwnldID=20215&lang=eng&iid=dc_rss

http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2101&DwnldID=20215&lang=eng&iid=dc_rss

http://support.microsoft.com/default.aspx?scid=kb;en-us;314082

http://www.davidorlo.com/articles/virtual-machine/installing-drivers-in-hyper-v-server

http://www.microsoft.com/en-us/download/details.aspx?id=30653

http://www.adobe.com/

http://www.adobe.com/

http://www.mozilla.org/en-US/firefox/new/



3.5. Navigate to https://addons.mozilla.org/en-US/firefox/addon/firebug/ to download and install Firebug

4. Google Chrome and Firebug Lite

4.1. Navigate to http://chrome.google.com to download and install

4.2. Start, Accept License, Check for and Install Updates (navigate to About)

4.3. Installed version: 29.0.154.66

4.4. Leave IE default

4.5. Navigate to https://getfirebug.com/releases/lite/chrome/ to download and install Firebug Lite

5. Miscellaneous Tools

5.1. Notepad++

5.1.1. Download and install http://notepad-plus-plus.org/

5.1.2. Installed version: v6.4.5

5.2. 7-Zip

5.2.1. Download and install http://www.7-zip.org/

5.2.2. Installed version: 9.20

5.3. Agent Ransack

5.3.1. Download and install http://www.mythicsoft.com/page.aspx?type=agentransack&page=home

5.3.2. C drive > Properties

5.3.2.1. Allow files on the drive to have contents indexed in addition to file properties: Uncheck

5.3.3. Installed version: Release Build 762

5.4. Fiddler

5.4.1. Download and install .NET 4 version http://fiddler2.com/get-fiddler

5.4.2. Fiddler 2 shortcut > Properties

5.4.2.1. Target: “C:\Program Files (x86)\Fiddler2\Fiddler.exe” /port:9999

5.4.2.2. Start and trust HTTPS traffic

5.4.3. Installed version: v4.4.5.3

GROUP POLICY SETTINGS

1. Group Policy Management > Default Domain Policy

1.1. Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies >

Password Policy

1.1.1 Enforce password history: 0 passwords remembered

1.1.2 Maximum password age: 0 days

1.1.3 Minimum password age: 0 days

1.2. User Configuration > Policies > Administrative Templates

1.2.1 Add C:\Resources\Configuration\ADM\office14.adm

1.2.2 Add C:\Resources\Configuration\ADM\outlk14.adm

1.2.3 Add C:\Resources\Configuration\ADM\word14.adm

1.3. User Configuration > Policies > Administrative Templates > Classic Administrative Templates

(ADM)

1.3.1 Microsoft Office 2010

1.3.2 http://technet.microsoft.com/en-us/library/cc179123.aspx

1.3.2.1 Miscellaneous

1.3.2.1.1 Suppress recommended settings dialog: Enabled

1.3.2.2 Tools | Options | General | Service Options… > Online Content

1.3.2.2.1 Online content options: Disabled

1.3.2.3 Privacy > Trust Center

1.3.2.3.1 Disable Opt-in Wizard on first run: Enabled

https://addons.mozilla.org/en-US/firefox/addon/firebug/

http://chrome.google.com/

https://getfirebug.com/releases/lite/chrome/

http://notepad-plus-plus.org/

http://www.7-zip.org/

http://www.mythicsoft.com/page.aspx?type=agentransack&page=home

http://fiddler2.com/get-fiddler

http://technet.microsoft.com/en-us/library/cc179123.aspx



1.3.2.3.2 Enable Customer Experience Improvement Program: Disabled

1.3.2.3.3 Automatically receive small updates to improve reliability: Disabled

1.3.3 Microsoft Outlook 2010

1.3.3.1 Outlook Options > Preferences > Junk E-mail

1.3.3.1.1 Junk E-mail protection level: Enabled – No Protection

1.3.3.2 Account Settings > RSS Feeds

1.3.3.2.1 Turn off RSS features: Enabled

1.3.4 Microsoft Word 2010

1.3.4.1 Word Options > Customize Ribbon

1.3.4.1.1 Display Developer tab in the Ribbon: Enabled

1.3.4.2 Word Options > Security > Trust Center > Trusted Locations

1.3.4.2.1 Allow Trusted Locations on the network: Enabled

1.3.4.3 Word Options > Save

1.3.4.3.1 Do not display file format compatibility… : Enabled

1.3.4.3.2 Set default compatibility mode on file creation: Enabled – Full functionality mode

1.3.4.3.3 Default file format: Enabled, Word Document (*.docx)

2. Group Policy Management > Default Domain Controllers Policy

2.1. Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User

Rights Assignments

2.1.1 Allow logon locally: Add: Domain Users; Administrators; DENALLIX\SPFarmService

2.1.2 Logon as a service: Add: DENALLIX\K2Service; DENALLIX\SPFarmService

2.1.3 Allow logon through Remote Desktop Services: Add: Remote Desktop Users

2.1.4 Log on as a batch job: Add: DENALLIX\Domain Users

2.2. Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies >

Security Options

2.2.1 Interactive logon: Do not require CTRL+ALT+DEL: Enabled

2.3. Computer Configuration > Policies > Administrative Templates > System

2.3.1 Display Shutdown Event Tracker: Disabled

2.4. Computer Configuration > Policies > Administrative Templates > Windows Components > Windows

Update

2.4.1 Configure Automatic Updates: Enabled

2.4.1.1 Configure automatic updating: 2 – Notify for download and notify for install

2.4.2 Do not display ‘Install Updates and Shut Down’ option in Shut Down Windows dialog box:

Enabled

2.4.3 No auto-restart with logged on users for scheduled automatic updates installations: Enabled

3. Active Directory Group Memberships

3.1. DENALLIX\K2Service: Member of: Account Operators

3.2. DENALLIX\K2WebService: Member of: IIS_IUSRS

3.3. DENALLIX\SPFarmService: Member of: Backup Operators

3.4. DENALLIX\CRMAsyncService: Member of: Performance Log Users

CERTIFICATE SERVER


1.1. Certificate Templates

1.1.1 Certificate Templates MMC (Start C:\Resources\Certificates\Certificates.msc)

1.1.2 Certificate Templates (DLX.denallix.com) > Web Server > Properties > Security

1.1.3 Domain Computers: Read, Enroll



1.1.4 Domain Controllers: Read, Enroll

1.1.5 Command Prompt

net stop "Active Directory Certificate Services"

net start "Active Directory Certificate Services"

1.2. Shared Certificate

1.2.1 IIS Manager > DLX > Server Certificates

1.2.2 Create Domain Certificate

1.2.2.1 Common Name: *.denallix.com

1.2.2.2 Organization: Denallix

1.2.2.3 Organizational Unit: IT

1.2.2.4 City/Locality: Redmond

1.2.2.5 State/Province: WA

1.2.2.6 Country/Region: US

1.2.2.7 Specify Online Certification Authority: denallix-DLX-CA\DLX.denallix.com

1.2.2.8 Friendly Name: *.denallix.com Certificate

1.3. Default Web Site Certificate

1.3.1 IIS Manager > DLX > Sites> Default Web Site > Actions > Bindings> Site Bindings > Add

1.3.1.1 Type: https

1.3.1.2 SSL Certificate: *.denallix.com Certificate

1.3.1.3 . Details > SSL Settings: Verify “Ignore” under Client certificates

1.4. Export Root Certificates

1.4.1 Certificates MMC (Start C:\Resources\Certificates\Certificates.msc)

1.4.2 Certificates (Local Computer) > Personal > Certificates

1.4.2.1 Export: denallix-DLX-CA

1.4.2.2 Export Private Key: No, do not export the private key

1.4.2.3 Export File Format: DER encoded binary X.509 (.CER)

1.4.2.4 File to Export: C:\Certificates\DenallixCA.cer

1.5. Group Policy Management > Default Domain Policy

1.5.1 Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies

> Trusted Root Certification Authorities

1.5.1.1 Import: C:\Certificates\DenallixCA.cer

1.5.1.2 Certificate store: Trusted Root Certification Authorities

1.6. Update Group Policy

1.6.1 gpupdate /force

1.7. Certificate Authority > denallix-DLX-CA > Properties > Extensions

1.7.1 In the list that is displayed, click

http://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELTACRLALLOWED>.crl.

1.7.2 Make sure that the following options are selected:

1.7.3 Include in CRLs. Clients use this to find the Delta CRL location.

1.7.4 Include in the CDP extension of issued certificates.

VPN

1. Network Policy and Access Services (Role)

1.1. Configure per this article http://geekyprojects.com/networking/how-to-setup-a-vpn-server-in-

windows-server-2008-r2/

1.2. Add Role Services:

1.2.1 Routing an Remote Access Services

1.2.1.1 Remote Access Service

1.2.1.2 Routing

http://geekyprojects.com/networking/how-to-setup-a-vpn-server-in-windows-server-2008-r2/

http://geekyprojects.com/networking/how-to-setup-a-vpn-server-in-windows-server-2008-r2/



1.3. Server Manager > Roles > Network Policy and Access Services > Routing and Remote Services >

Configure and Enable Routing and Remote Access

1.3.1 Custom configuration

1.3.1.1 VPN access

1.4. Start Service


2.1. Server Manager > Roles > Network Policy and Access Services > Routing and Remote Services >

Properties

2.1.1 Security > Authentication Methods

2.1.1.1 Microsoft encrypted authentication version 2 (MS-CHAP v2): Checked

2.1.2 Security > Accounting provider

2.1.2.1 Allow custom IPsec policy for L2TP connection: Checked

2.1.2.2 Preshared Key: K2pass!

2.1.3 IPv4 > IPv4 address assignment

2.1.3.1 Static address pool: 192.168.52.10-192.168.52.20

3. Domain User Access

3.1. Enable Remote Registry Service: Automatic, Start

3.2. Administrative Tools > Active Directory Users and Computers

3.2.1 For each user

3.2.1.1 Properties > Dial-in Tab

3.2.1.2 Network Access Permission: Allow Access

USER PROFILE (ADMINISTRATOR)

1. Windows Settings

1.1. Consoles at logon

1.1.1 Install Configuration Tasks: Set “Do not show this window at logon”

1.1.2 Server Manager: Set “Do not show me this console at logon”

1.2. Computer > Show on Desktop

1.3. Computer > Advanced > Performance Options

1.3.1 Visual Effects: Let Windows choose what’s best for my computer

1.3.2 Advanced: Programs

1.3.3 Data Execution Prevention: Turn on DEP for essential Windows programs and services

only

1.4. Computer > Advanced > Environment Variables > System Variables > Path > Edit

1.4.1 Append “;C:\Program Files\Common Files\Microsoft Shared\Web Server

Extensions\14\BIN\”

1.5. Control Panel > User Accounts > User Accounts > Change User Account Control settings

1.5.1 Move to: Never Notify

1.6. Taskbar and Start Menu Properties

1.6.1 Taskbar: Select “Lock the taskbar”

1.6.2 Start Menu

1.6.2.1 Clear

1.6.2.1.1 Default Programs

1.6.2.1.2 Devices and Printers

1.6.2.1.3 Help

1.6.2.1.4 Highlight newly installed programs

1.6.2.1.5 Network

1.6.2.1.6 Use large icons

1.6.2.2 Display as a menu



1.6.2.2.1 Computer

1.6.2.2.2 Control Panel

1.6.2.3 Don’t display as a menu

1.6.2.3.1 Documents

1.6.2.3.2 Games

1.6.2.3.3 Music

1.6.2.3.4 Personal folder

1.6.2.3.5 Pictures

1.6.2.4 Start menu size

1.6.2.4.1 Set: “Number of recent items to display:” to: 10

1.6.2.5 Privacy

1.6.2.5.1 Set: “Store and display a list of recently opened programs…”

1.6.2.5.2 Set: “Store and display a list of recently opened items…”

1.6.3 Notification Area > System Icons

1.6.3.1 On: “Network”

1.6.3.2 Off: “Volume”, “Action Center”

1.6.4 Desktop Background

1.6.4.1 Aero Themes: Windows 7

1.6.4.2 Color: White

1.6.4.3 Location:

“C:\Resources\Images\DesktopBackground\k2background_shield_bold_pattern1920x

1200.jpg”

1.6.4.4 Positioned: Select “Fit”

1.6.4.5 Display Settings: 1024x768

1.6.5 Start Menu > Programs > Startup > Open

1.6.5.1 Copy Shortcuts from "C:\Resources\Startup\Shortcuts"

2. Internet Explorer

2.1. Set Up Windows Internet Explorer 9

2.1.1 Turn on Suggested Sites: Select: “No, don’t turn on”

2.1.2 Choose your settings: Select: “Use express settings”

2.2. Internet Options

2.2.1 General

2.2.1.1 Home page: Set to:

2.2.1.1.1 about:blank

2.2.1.2 Delete…

2.2.1.2.1 Clear: “Preserve Favorites web site data”

2.2.1.2.2 Set: {Everything else}

2.2.2 Security

2.2.2.1 Trusted sites

2.2.2.1.1 Security level for this zone: Set: “Low”

2.2.2.1.2 Sites: Add: http://*.denallix.com; https://*.denallix.com;

http://dlx

2.2.3 Connections

2.2.3.1 LAN Settings

2.2.3.1.1 Automatic Configuration: Clear: “Automatically detect settings”

2.2.4 Advanced

2.2.4.1 Browsing

2.2.4.1.1 Clear: “Disable script debugging (Internet Explorer)”

http://*.denallix.com/

https://*.denallix.com/



2.2.4.1.2 Clear: “Disable script debugging (Other)”

2.2.4.2 Security

2.2.4.2.1 Clear: “Check for publisher’s certificate revocation”

2.2.4.2.2 Clear: “Check for server certificate revocation*”

2.2.4.2.3 Clear: “Check for signatures on downloaded programs”

2.3. Toolbars

2.3.1 Enable: Favorites, Status Bar

2.3.2 Favorites Bar

2.3.2.1 Delete: Suggested Sites, Web Slice Gallery

2.3.2.2 Copy C:\Resources\Configuration\Users\Favorites Bar to

C:\Users\Administrator\Favorites

2.4. Toolbars > New Toolbars

2.4.1 C:\Resources\User Shortcuts

3. Windows Explorer

3.1. Organize > Folder and Search Options

3.1.1 General > Navigation pane

3.1.1.1 Select: Show all folders

3.1.1.2 Select: Automatically expand to current folder

3.1.2 View

3.1.2.1 Unselect: Hide extensions for known file types

4. Desktop Artifacts

4.1. RDP Connection

4.1.1 Name: Local Server

4.1.2 Computer: dlx.denallix.com

4.1.3 Local devices and resources: Clear: “Printers”; (More: clear “Smart cards”)

4.1.4 Choose your connection speed: Select: LAN (10Mbps of higher)

4.1.5 Shortcuts: K2 Studio, K2 Workspace

4.2. Delete all Desktop shortcuts except: Computer, Recycle Bin, Local Server Reboot (for UAC) and

K2

4.3. Pin Chrome and Firefox to the taskbar

5. Browser Home Pages

5.1. IE: http://k2.denallix.com/designer; http://portal.denallix.com; http://k2.denallix.com/workspace

5.2. Chrome: http://k2.denallix.com/designer; http://portal.denallix.com

5.3. Firefox: http://k2.denallix.com/designer

5.4. Safari: http://k2.denalix.com/designer

MICROSOFT SQL SERVER 2012 ENTERPRISE (DATABASE ENGINE AND

REPORTING SERVICES)

1. Download and install

1.1. New installation or add features to an existing installation

1.2. SQL Server Feature Installation

1.2.1 Database Engine Services

1.2.1.1 Full-Text Search (Required for CRM 2011)

1.2.2 Reporting Services – Native

1.2.3 SQL Server Data Tools

1.2.4 Client Tools Connectivity

http://k2.denallix.com/designer

http://portal.denallix.com/

http://k2.denallix.com/workspace




http://k2.denalix.com/designer



1.2.5 Integration Services

1.2.6 Client Tools Backwards Compatibility

1.2.7 Client Tools SDK

1.2.8 Documentation Components

1.2.9 Management Tools – Complete

1.2.10 SQL Client Connectivity SDK

1.2.11 Master Data Service

1.3. Instance Configuration: Default Instance

1.4. Service Accounts:

1.4.1 SQL Server Agent: DENALLIX\SQLAgentService

1.4.2 SQL Server Database Engine: DENALLIX\SQLService

1.4.3 SQL Server Reporting Services: DENALLIX\SQLReportingService

1.4.4 SQL Server Integration Services 11.0: DENALLIX\SQLIntegrationService

1.4.5 SQL Full-text Daemon Launcher: NT Service\MSSQLFDLauncher

1.4.6 SQL Server Browser: NT AUTHORITY\LOCAL SERVICE

1.5. Collation: SQL_Latin1_General_CP1_CI_AS

1.6. Server Administrator: Domain Admins

1.7. Reporting Services Native Mode: Install and configure

1.8. Error Reporting: No

2. Post-installation Configuration

2.1. SQL Server Management Studio > Server > Properties > Memory

2.1.1 Max memory recommendations based on 8GB and 4 CPUs would be 3.2GB. That’s typically too

high for our needs so going with 1.5GB as max.

http://blogs.msdn.com/b/sqlsakthi/archive/2012/05/19/cool-now-we-have-a-calculator-for-finding-out-

a-max-server-memory-value.aspx

2.1.2 Minimum: 0 MB

2.1.3 Maximum: 1536 MB

2.2. Configuration Tools > Reporting Services Configuration Manager

2.2.1 Web Service URL

2.2.1.1 Virtual Directory: ReportServer

2.2.1.2 IP Address: All Unassigned

2.2.1.3 SSL: Remove all

2.2.2 Report Manager URL

2.2.2.1 Virtual Directory: Reports

2.2.2.2 Advanced > IP Address: All Unassigned

2.2.2.3 SSL: Remove all

2.2.3 E-mail Settings

2.2.3.1 Sender Address: [email protected]

2.2.3.2 SMTP Server: dlx.denallix.com

2.3. Navigate to http://dlx/Reports/Pages/Folder.aspx

2.3.1 Create Favorite

2.3.2 Folder Settings

2.3.3 New Role Assignment

2.3.3.1 User: DENALLIX\K2WebService

2.3.3.2 Role: Content Manager

2.3.4 New Role Assignment

2.3.4.1 User: DENALLIX\Domain Users

2.3.4.2 Role: Browser

http://blogs.msdn.com/b/sqlsakthi/archive/2012/05/19/cool-now-we-have-a-calculator-for-finding-out-a-max-server-memory-value.aspx

http://blogs.msdn.com/b/sqlsakthi/archive/2012/05/19/cool-now-we-have-a-calculator-for-finding-out-a-max-server-memory-value.aspx


http://dlx/Reports/Pages/Folder.aspx



2.4. Open SQL Server Configuration Manager

2.4.1 SQL Server Network Configuration > Protocols for MSSQLSERVER

2.4.1.1 Shared Memory: Disabled

3. Report Builder

3.1. Download and install Report Builder 3.0 for SQL 2012

3.2. Default target server URL: http://DLX/reportserver

3.3. Navigate to http://dlx/reports

3.4. Create New Folder: Samples

3.5. Upload Files from C:\Resources\Samples: FreeFormReport.rdl; MatrixwithSparklines.rdl; Product

Sales.rdl; Product Sales.rdl

3.6. View and Edit in Report Builder

3.7. Select Run to download and install

4. Feature Pack

4.1. Download and install SQL 2012 SP1 features: http://www.microsoft.com/en-

us/download/details.aspx?id=35580

4.1.1 Microsoft SQL Server 2012 ADOMD.NET (SQL_AS_ADOMD.msi)

4.1.2 Microsoft SQL Server 2012 Analysis Management Objects (SQL_AS_AMO.msi)

4.1.3 Microsoft SQL Server 2012 Command Line Utilities (SqlCmdLnUtils.msi)

4.1.4 Microsoft SQL Server 2012 Data-Tier Application Framework (dacframework.msi)

4.1.5 Microsoft SQL Server 2012 Management Objects (x64) (SharedManagementObjects.msi)

4.1.6 Microsoft AS OLE DB Provider for SQL Server 2012 (SQL_AS_OLEDB.msi)

4.1.7 Windows PowerShell Extensions for SQL Server 2012 (PowerShellTools.msi)

4.1.8 Microsoft SQL Server 2012 Transact-SQL Compiler Service (and ScriptDom)

(tsqllanguageservice.msi)

4.1.9 Microsoft System CLR Types for SQL Server 2012 (x64) (SQLSysClrTypes.msi)

4.2. Download and install SQL 2008 R2 SP2 features: http://www.microsoft.com/en-


4.2.1 Microsoft SQL Server 2008 R2 CLR Types (x64) (SQLSysClrTypes.msi)

4.2.2 Microsoft SQL Server 2008 R2 Management Objects (x64) (SharedManagementObjects.msi)

5. Adventure Works

5.1. http://msftdbprodsamples.codeplex.com/releases/view/55330

5.2. Download and run script to install: "C:\Resources\Samples\AdventureWorks2012\Create AW

Databases.sql"

6. Microsoft Update


MICROSOFT EXCHANGE SERVER 2010 ENTERPRISE


1.1. Command Prompt

sc config NetTcpPortSharing start= auto

ServerManagerCmd -ip D:\scripts\Exchange-All.xml -Restart

1.2. Install Microsoft Filter Pack 2.0: http://go.microsoft.com/fwlink/?LinkID=191548

1.3. Install IIS 6 Compatibility: http://technet.microsoft.com/en-us/library/0a71c4f6-68de-40f7-94cf-

74b73cbda37b.aspx

1.4. Run Exchange 2010 SP1 Setup

http://dlx/reportserver

http://dlx/reports





http://msftdbprodsamples.codeplex.com/releases/view/55330

http://go.microsoft.com/fwlink/?LinkID=191548

http://technet.microsoft.com/en-us/library/0a71c4f6-68de-40f7-94cf-74b73cbda37b.aspx

http://technet.microsoft.com/en-us/library/0a71c4f6-68de-40f7-94cf-74b73cbda37b.aspx



1.5. Exchange language option: Install only languages from the DVD

1.6. Install Microsoft Exchange

1.6.1 Error Reporting: No

1.6.2 Installation Type: Custom Exchange Server Installation

1.6.3 Specify the path: C:\Program Files\Microsoft\Exchange Server\V14

1.6.4 Automatically install Windows Server roles and features required for Exchange Server: checked

1.6.5 Server Role Selection: Mailbox, Client Access, Hub Transport, Management Tools

1.6.6 Exchange Organization: Denallix

1.6.7 Client Settings: No

1.6.8 The Client Access server role: unchecked

1.6.9 CEIP: No

1.7. Download and install SP2

1.8. Windows Update

2. Configuration (Exchange Management Console)

2.1. Enter PID: Exchange Mangement Shell:

2.1.1 set-exchangeserver -Identity 'DLX' -ProductKey 'XXXXX-XXXXX-XXXXX-XXXXX-XXXXX'

2.2. Server Configuration > Hub Transport > Default DLX

2.2.1 General > FQDN: dlx.denallix.com

2.2.2 Network > local IP addresses: 192.168.52.1:25

2.2.3 Network > remote IP addresses: ::- ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff and 0.0.0.0-255.255.255.255

2.2.4 Permission Groups:

AnonymousUsers,ExchangeUsers,ExchangeServers,ExchangeLegacyServers

2.3. Server Configuration > Hub Transport > Client DLX

2.3.1 General > FQDN: dlx.denallix.com

2.3.2 Network > local IP addresses: (All available IPv4 addresses):25 and (All available IPv6

addresses):25

2.3.3 Network > remote IP addresses: ::- ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff and 0.0.0.0-255.255.255.255

2.3.4 Permission Groups: AnonymousUsers,ExchangeUsers

3. Configure Autodiscovery

3.1. Start DNS

3.1.1 Forward Lookup Zone: denallix.com (Primary)

3.1.2 Other New Records

3.1.2.1 Service Location (SVR)

3.1.2.1.1 Service: _autodiscover

3.1.2.1.2 Protocol: _tcp

3.1.2.1.3 Priority: 0

3.1.2.1.4 Weight: 0

3.1.2.1.5 Port Number: 443

3.2. Host offering this service: dlx.denallix.com

4. Configuration (Exchange Management Shell)

4.1. Run "C:\Resources\Configuration\Setup Exchange Services and Mailboxes.ps1" to configure SMTP

for SharePoint, Auto Discovery and all Mailboxes

5. Post-install Startup

5.1. Services > Microsoft Exchange IMAP4: Automatic, Start



5.2. Add DENALLIX\K2Service to Microsoft Exchange Security Groups\View-Only Organization

Management and Recipient Management groups in AD

5.3. Rename auto-generated mailbox name to “Mailbox Database Denallix” per this article:

http://www.howexchangeworks.com/2010/06/dealing-with-first-exchange-2010.html

MICROSOFT SHAREPOINT 2010 ENTERPRISE


1.1. Install Software Prerequisites (must have internet connection)

1.2. Install SharePoint Server Enterprise SP1 (installing on DC will automatically select Farm

Complete)

1.3. Do NOT run Configuration Wizard

1.4. Install Office Web Applications SP1

1.5. Install latest service pack and/or cumulative update

1.5.1 Stop/Disable Services per this article:

http://blogs.msdn.com/b/russmax/archive/2013/04/01/why-sharepoint-2013-cumulative-

update-takes-5-hours-to-install.aspx

1.5.2 Install SharePoint Server 2010 SP2: KB2687453

1.5.3 Install Office Web Apps SP2: KB2687470

1.5.4 Install Latest CU (June 2013): http://support.microsoft.com/kb/2817527

1.5.5 Run from Command Prompt:

PSConfig.exe -cmd upgrade -inplace b2b -force -cmd

applicationcontent -install -cmd installfeatures

1.5.6 Start/Enable stopped services

1.6. Run Configuration Wizard

2. SharePoint Configuration Wizard

2.1.1 Farm: Create New

2.1.2 Database Server: DLX

2.1.3 Database name: SharePoint_Config

2.1.4 Database Access Account: DENALLIX\SPFarmService

2.1.5 Passphrase: K2pass!!

2.1.6 Central Administration Port: 44544

2.1.7 Web App Authentication Setting: NTLM

2.1.8 Help Make SharePoint Better? No

2.1.9 Configure Enterprise Search Application

2.1.10 Central Administration > Security > Configure managed Accounts

2.1.10.1 Register Managed Account: DENALLIX\SPSearchService

2.1.11 SharePoint 2010 Management Shell:

C:\Resources\Configuration\SetupEnterpriseSearch.ps1

2.1.12 Run Start-EnterpriseSearch C:\Resources\Configuration\searchconfig.xml

2.1.13 Start the Configure Farm Wizard

3. Configure Farm Wizard

3.1.1 Service Account: DENALLIX\SPFarmService

3.1.2 Services

3.1.2.1 Uncheck:

3.1.2.1.1 Access Services

3.1.2.1.2 Application Registry Service

3.1.2.1.3 Lotus Notes Connector

http://www.howexchangeworks.com/2010/06/dealing-with-first-exchange-2010.html

http://blogs.msdn.com/b/russmax/archive/2013/04/01/why-sharepoint-2013-cumulative-update-takes-5-hours-to-install.aspx

http://blogs.msdn.com/b/russmax/archive/2013/04/01/why-sharepoint-2013-cumulative-update-takes-5-hours-to-install.aspx






3.1.2.2 Check:

3.1.2.2.1 Business Data Connectivity Service

3.1.2.2.2 Enterprise Search Service Application (already provisioned above)

3.1.2.2.3 Excel Services Application

3.1.2.2.4 Managed Metadata Service

3.1.2.2.5 PerformancePoint Service Application

3.1.2.2.6 PowerPoint Service Application

3.1.2.2.7 Search Service Application

3.1.2.2.8 Secure Store Service

3.1.2.2.9 State Service

3.1.2.2.10 Usage and Health data collection

3.1.2.2.11 User Profile Service Applications

3.1.2.2.12 Visio Graphics Service

3.1.2.2.13 Web Analytics Service Application

3.1.2.2.14 Word Automation Services

3.1.2.2.15 Word Viewing Service

3.1.3 New top-level site: Skip

4. Create Web Applications (Central Administration > Application Management > Manage Web

Applications)

4.1. Run: C:\Resources\Configuration\ Setup SharePoint Web Apps.ps1

4.2. Portal (http://portal.denallix.com)

4.2.1 Create Site Collection

4.2.1.1 Title: Portal

4.2.1.2 Description: A site for teams to quickly organize, author, and share

information.

4.2.1.3 URL: /

4.2.1.4 Template: Collaboration > Team Site

4.2.1.5 Primary Administrator: DENALLIX\Administrator

4.2.1.6 Secondary Administrator: DENALLIX\SPWebService

4.2.2 Navigate to: http://portal.denallix.com

4.2.3 Site Actions > Site Settings

4.2.3.1 Site Collection Features > Activate

4.2.3.1.1 Document Sets

4.2.3.1.2 Office Web Apps

4.2.3.1.3 PerformancePoint Services Site Collection Features

4.2.3.1.4 SharePoint Server Publishing Infrastructure

4.2.4 Users and Permissions

4.2.4.1 Site Collection Administrators: DENALLIX\K2Service

4.2.4.2 People and Groups

4.2.4.2.1 Portal Members > Add Users: Domain Users

4.2.4.2.2 Designers > Add Users: Domain Users

4.2.5 Site Actions > New Site

4.2.5.1 Template: Sites > Records Center

4.2.5.2 Title: Records Center

4.2.5.3 Web Site Address: Records


4.2.6.1 Template: Sites > Business Intelligence Center

4.2.6.2 Title: Business Intelligence Center





4.2.6.3 Web Site Address: BI

4.2.6.4 Test Samples

4.2.6.5 Run Dashboard Designer (Install)


4.2.7.1 Template: Sites > Enterprise Search Center

4.2.7.2 Title: Search Center

4.2.7.3 Web Site Address: Search

4.2.8 Navigate to: http://portal.denallix.com

4.2.9 Site Settings > Look and Feel > Navigation > Global Navigation

4.2.9.1 BI - /BI

4.2.9.2 Search - /Search

4.2.9.3 Records - /Records

4.2.10 Site Permissions

4.2.10.1 Record Center Web Service Submitters for Records

4.2.10.1.1 Add Users: Domain Users

4.3. Manage Web Applications > Portal > General Settings > General Settings

4.3.1 Default Time Zone: (UCT-08:00) Pacific Time

4.3.2 Customer Experience: No

4.4. Manage Web Applications > Portal > General Settings > Workflow

4.4.1 User-Defined Workflows: Yes

4.4.2 Alert Internal Users: No

4.4.3 Alert External Users: No

4.5. New: MySite

4.5.1 Authentication: Classic Mode Authentication

4.5.2 Create new IIS Web Site: MySite

4.5.3 Port: 80

4.5.4 Host Header: mysite.denallix.com

4.5.5 Path: C:\inetpub\wwwroot\wss\VirtualDirectories\mysite

4.5.6 Authentication Provider: NTLM

4.5.7 Allow Anonymous: No

4.5.8 Use SSL: No

4.5.9 Application Pool: SharePoint Applications

4.5.10 Application Pool Identity: DENALLIX\SPWebService

4.5.11 Database Name: WSS_MySite

4.5.12 Service Application Connections:default



4.5.14.1 Title: My Site

4.5.14.2 Description: A personal site containing both private and public

content.

4.5.14.3 URL: /

4.5.14.4 Template: Enterprise > My Site Host


4.5.14.6 Secondary Admin: DENALLIX\SPWebService

4.6. Manage Web Applications > MySite > General Settings > General Settings

4.6.1 Default Time Zone: (UCT-08:00) Pacific Time


4.7. Manage Web Applications > MySite > General Settings > Workflow

4.7.1 User-Defined Workflows: Yes




4.7.2 Alert Internal Users: No

4.7.3 Alert External Users: No

NOTE: The physical directory structure for sub sites is limited to 256 characters. The root sites

are at 56 characters. Please be aware of this limit when building site maps.

5. Application Management (Central Administration)

6.1. All options are listed here: http://technet.microsoft.com/en-us/library/ee704544(office.14).aspx

6.2. Disable Office Web Application Sandboxing

6.2.6 SharePoint 2010 Management Shell: C:\Resources\Configuration\Disable OWA

Sandboxing.ps1

6.2.7 In the server’s c:\windows\system32\inetsrv\config\applicationHost.config add the line below

in the end of the dynamicTypes.

<add mimeType="application/zip" enabled="false" />

6.3. Enable Developer Dashboard

6.3.6 Run C:\Resources\Configuration\Enable Developer Dashboard.ps1

6.4. Enable Sandboxed Solutions

6.4.6 Run C:\Resources\Configuration\Enable Sandboxed Solutions.ps1

7. AD Replication

7.1. Delegate Control > Replicating Directory Changes to DENALLIX\SPFarmService and

DENALLIX\SPUserProfileService per http://blogs.msdn.com/sharepoint/archive/2009/12/14/how-

to-set-replication-directory-changes.aspx

7.2. Active Directory Users and Computers

7.3. Denallix.com > Delegate Control

7.4. Users or Groups: SharePoint User Profile Service

7.5. Tasks to Delegate: Create a custom task to delegate

7.6. Active Directory Object Type: This folder

7.7. Permissions

7.7.6 Create All Child Objects

7.7.7 Write All Properties

7.7.8 Replicating Directory Changes

8. User Profile Synchronization

8.1. Follow the steps in this article using the following DENALLIX accounts. These steps must be

followed or import/sync will not work after reboot: http://www.harbar.net/articles/sp2010ups.aspx

8.1.6 DOMAIN\spcontent = DENALLIX\SPSearchService

8.1.7 DOMAIN\spservices = DENALLIX\SPFarmService

8.1.8 DOMAIN\spups = DENALLIX\SPUserProfileService

8.2. Grant Logon Locally to SPFarm (already done)

8.3. Add DENALLIX\SPSearchService to Managed accounts in CA (already done)

8.4. Run C:\Resources\Configuration\Enable User Profile NETBIOS.ps1

8.5. Start UPS related Services

8.5.6 Add SPFarmService to the Administrators group and reboot

8.5.7 CA > System Settings > Manage Services on Server

8.5.8 Start User Profile Service (no options)

8.5.9 Start User Profile Synchronization Service

8.5.9.1 Enter Farm Account Password

8.5.9.2 Wait, wait, wait

http://technet.microsoft.com/en-us/library/ee704544(office.14).aspx

http://blogs.msdn.com/sharepoint/archive/2009/12/14/how-to-set-replication-directory-changes.aspx


http://www.harbar.net/articles/sp2010ups.aspx



8.5.10 When done, remove SPFarmService from Administrators group and reboot

8.5.11 Run "C:\Resources\Configuration\Enable User Profile Profile Leader (RunAs

SPFarmService).ps1" as DENALLIX\SPFarmService

8.5.12 Setup My Sites

8.5.12.1 Preferred Search Center: http://portal.denallix.com/Search/Pages

8.5.12.2 My Site Host Location: http://mysite.denallix.com

8.5.12.3 Personal Site Location: personal

8.5.12.4 Site Naming Format: User name (do not resolve conflicts)

8.5.12.5 Default Reader Site Group: All Users (windows); All Authenticated Users

8.5.12.6 My Site E-mail Notifications: [email protected]

8.5.12.7 Secondary Owner: DENALLIX\Administrator

8.5.13 Synchronization > Configure Synchronization Connections

8.5.13.1 Create New Connection

8.5.13.2 Connection Name: Denallix

8.5.13.3 Type: Active Directory

8.5.13.4 Forest name: denallix.com

8.5.13.5 Auto discover domain controller

8.5.13.6 Account name: DENALLIX\SPUserProfileService

8.5.13.7 Populate Containers: select Departments and Users\Administrator

8.5.14 Synchronization > Start Profile Synchronization

8.5.14.1 Start Incremental Synchronization

8.5.14.2 You can track progress using this tool: C:\Program Files\Microsoft Office

Servers\14.0\Synchronization Service\UIShell\miisclient.exe

9. Application Management (Central Administration)

9.1. Application Management > Manage Services on Server > SharePoint Foundation Search

9.1.6 Service Account: DENALLIX\SPFarmService

9.1.7 Content Access Account: DENALLIX\SPSearchService

9.1.8 Search Database: WSS_Search_DLX

9.1.9 Indexing Schedule: Hourly, 45, 45

9.2. Application Management > Manage Service Applications > Enterprise Search Service

Application

9.2.6 Default content access account: DENALLIX\SPSearchService

9.2.7 Contact e-mail address: [email protected]

9.2.8 Content Sources > Local SharePoint Sites

9.2.9 Full Crawl: Weekly, Saturday, 12:00 AM

9.2.10 Incremental: Daily, 12:00 AM

9.2.11 Edit Local Internet Sites Content Source and verify the following Start Addresses:

9.2.11.1 http://mysite.denallix.com

9.2.11.2 http://portal.denallix.com

9.2.11.3 sps3://mysite.denallix.com

9.2.11.4 Start Full Crawl (or after configuring claims)

9.3. Application Management > Manage Service Applications > Business Data Connectivity Service

9.3.6 Set Metadata Store Permissions > DENALLIX\Domain Admins

9.3.6.1 Edit, Execute, Selectable In Clients, Set Permissions

9.3.6.2 Propagate permissions to all BDC Models

9.3.7 Set Metadata Store Permissions > All Authenticated Users

9.3.7.1 Edit, Execute, Selectable In Clients

9.3.7.2 Propagate permissions to all BDC Models

http://portal.denallix.com/Search/Pages


http://mysite.denallix.com/




9.4. Application Management > Manage Service Applications > Secure Store

9.4.6 Generate New Key

9.4.7 Passphrase: K2pass!!

9.4.8 New Target Application

9.4.8.1 Target Application ID: Unattended Services

9.4.8.2 Display Name: Unattended Service account for Excel, Visio and K2

services

9.4.8.3 Contact E-mail: [email protected]

9.4.8.4 Application Type: Group

9.4.8.5 Fields: {Accept Defaults}

9.4.8.6 Administrators: DENALLIX\Administrator; DENALLIX\SPFarmService;

DENALLIX\SPWebService

9.4.8.7 Members: All Authenticated Users

9.4.8.8 Set Credentials

9.4.8.8.1 Credential Owner: All Authenticated Users

9.4.8.8.2 Credentials: DENALLIX\SPFarmService

9.5. Application Management > Manage Service Applications > Visio Graphics Service

9.5.6 Global Settings – Unattended Service Account – Application ID: Unattended Services

9.6. Application Management > Manage Service Applications > Excel Services Application

9.6.6 Global Settings – Unattended Service Account – Application ID: Unattended Services

9.6.7 Trusted File Locations – http:// - uncheck Warn on Refresh

9.7. Application Management > Manage Service Applications > PerformancePoint Service

Application

9.7.6 PerformancePoint Service Application Settings > Secure Store and Unattended Service

Account

9.7.7 Unattended Service Account: DENALLIX\Administrator

9.8. General Application Settings > InfoPath Forms Services

9.8.6 Configure InfoPath Forms Services

9.8.6.1 HTTP data connections: Clear "Require SSL for HTTP authentication to data

sources"

9.8.6.2 Authentication to data sources (user form templates): Set “Allow user form templates

to use authentication information contained in data connection files”

9.8.6.3 Cross-Domain Access for User Form Templates: Set "Allow cross-domain data

access for user form templates that use connection settings in a data connection file"

9.9. General Application Settings > External Service Connections > Configure Send To Connections

9.9.6 Web Application: http://portal.denallix.com

9.9.6.1 Send To Connections: New connection

9.9.6.2 Display Name: Records Center

9.9.6.3 URL: http://portal.denallix.com/Records/_vti_bin/officialfile.asmx

9.9.6.4 Send To action: Copy

9.10. Security > Configure self-service site creation

9.10.6 Self-service site management:

9.10.6.1 Web Application: http://mysite.denallix.com/

9.10.6.2 Enable Self-Service Site Creation: Select “On”

9.10.6.3 Managed Paths: /personal


9.10.7.1 Web Application: http://portal.denallix.com/




http://portal.denallix.com/Records/_vti_bin/officialfile.asmx



9.11. System Settings > Configure outgoing e-mail settings

9.11.6 Outbound SMTP Server: dlx.denallix.com

9.11.7 From address: [email protected]

9.11.8 Reply-to address: [email protected]

9.12. System Settings > Configure inbound e-mail settings

9.12.6 Configure New OU “SharePoint DMS” per these instructions:

http://technet.microsoft.com/en-us/library/cc262947.aspx#section5 and

http://sharepointgeorge.com/2010/configuring-incoming-email-sharepoint-2010

9.12.7 Enable Incoming E-mail: Yes

9.12.8 Settings Mode: Advanced

9.12.9 Directory Management Service: Yes

9.12.9.1 AD Container: OU=SharePoint

DMS,DC=denallix,DC=com

9.12.10 SMTP Server for incoming email: dlx.denallix.com

9.12.11 Incoming E-mail Server Display Address: portal.denallix.com

9.12.12 Safe E-Mail Servers: Accept mail from all e-mail servers

9.12.13 Email drop folder: C:\Resources\drop

9.12.14 Verify the following permissions on the drop folder and set if not found

9.12.14.1 WSS_Admin_WPG: Full Control

9.12.14.2 WSS_WPG: Read & Execute, List Folder Contents, and Read

9.13. SharePoint Central Administration > System Settings > Manage Services on Server

9.13.6 Microsoft SharePoint Foundation Incoming E-Mail: Start

9.14. Monitoring > Configure diagnostics logging

9.14.6 All Categories

9.14.7 Event log level: None

9.14.8 Trace log level: None

9.14.9 Trace Log Max: 1GB

9.15. Monitoring > Configure usage and health data collection

9.15.6 Uncheck: Enable usage data collection

9.15.7 Uncheck: Enable health data collection

9.15.8 Delete log files: %CommonProgramFiles%\Microsoft Shared\Web Server

Extensions\14\LOGS\

9.16. Update "C:\Program Files\Common Files\Microsoft Shared\Web Server

Extensions\14\ISAPI\web.config" to allow testing of web services

<configuration> <system.web>

<webServices> <protocols>

<add name="HttpGet" />

<add name="HttpPost" />

<add name="HttpPostLocalhost" />

<add name="Documentation" />

</protocols>

6. Microsoft Update


MICROSOFT SQL SERVER 2012 POWERPIVOT



http://technet.microsoft.com/en-us/library/cc262947.aspx#section5

http://sharepointgeorge.com/2010/configuring-incoming-email-sharepoint-2010



1.1. Follow this article: http://msdn.microsoft.com/en-us/library/ee210708.aspx


1.3. Installation Type: Perform a new installation of SQL Server 2012

1.4. Setup Role: SQL Server PowerPivot for SharePoint

1.4.1 Uncheck “Add SQL Server Database Relational Engine Services to the installation.”

1.5. Feature Selection

1.5.1 Analysis Services

1.5.1.1 Analysis Services SharePoint Integration

1.6. Instance Configuration

1.6.1 Instance ID: POWERPIVOT

1.7. Server Configuration

1.7.1 Service Account: DENALLIX\SQLAnalysisService

1.7.2 Analysis Services Administrators: DENALLIX\Administrator; DENALLIX\Domain Admins;

DENALLIX\SPFarmService

2. Post installation

2.1. Follow this article: http://msdn.microsoft.com/en-us/library/hh213153.aspx

2.2. Run PowerPivot for SharePoint Configuration Tool

2.3. Select Configure or Repair PowerPivot for SharePoint

2.3.1 Default Account Username: DENALLIX\SPFarmService

2.3.2 Database Server: DLX

2.3.3 Create PowerPivot Service Application

2.3.3.1 Service Application Name: PowerPivot Service Application

2.3.4 Database Name: PowerPivotServiceApplication-{GUID}

2.3.5 Deploy Web Application Solution

2.3.5.1 URL: http://portal.denallix.com

2.3.5.2 Max File Size: 2047

2.3.6 Activate PowerPivot Feature in a Site Collection

2.3.6.1 Site URL: http://portal.denallix.com

2.3.7 Create Unattended Account for DataRefresh

2.3.7.1 Target Application ID: PowerPivotUnattendedAccount

2.3.7.2 Friend Name: PowerPivot Unattended Account for Data Refresh

2.3.7.3 Unattended Account User Name: DENALLIX\SPFarmService

2.3.7.4 Site URL: http://portal.denallix.com

2.4. Create PowerPivot Gallery

2.4.1 Navigate to http://portal.denallix.com

2.4.2 Create a PowerPivot Gallery library

2.4.3 Upload "C:\Resources\Samples\PowerPivot\PowerPivot Healthcare Audit.xlsx"

2.4.4 Render the spreadsheet in the browser

2.4.5 Select a slicer to ensure data refresh

2.5. CA > Monitoring > Review Timer Job Definitions

2.5.1 Select Run Now for these jobs, Enable if not enabled

2.5.1.1 Microsoft SharePoint Foundation Usage Data Import

2.5.1.2 Microsoft SharePoint Foundation Usage Data Processing

2.5.1.3 PowerPivot Management Dashboard Processing Timer Job

2.6. CA > General Application Settings > PowerPivot Management Dashboard

2.6.1 Review time job definitions

2.6.2 Select Run Now for all jobs listed

2.7. SQL Server Management Studio

2.7.1 AS server name: DLX\POWERPIVOT

http://msdn.microsoft.com/en-us/library/ee210708.aspx

http://msdn.microsoft.com/en-us/library/hh213153.aspx







2.7.2 Verify PowerPivot Healthcare Audit Sandbox {GUID} is available in Databases

2.8. Upgrade to SP1: http://technet.microsoft.com/en-us/library/ee210646.aspx#qfe

MICROSOFT SQL SERVER 2012 REPORTING SERVICES SHAREPOINT

MODE


1.1. Follow this article: http://msdn.microsoft.com/en-us/library/gg492276.aspx


1.3. Installation Type: Add features to an existing instance of SQL Server 2012

1.3.1 Instance: MSSQLSERVER

1.4. Setup Role: SQL Server Feature Installation

1.5. Feature Selection

1.5.1 Reporting Services – SharePoint

1.5.2 Reporting Services Add-in for SharePoint Products

1.6. Reporting Services Configuration

1.6.1 Reporting Services SharePoint Integratied Mode

1.6.1.1 Install only

2. Post installation

2.1. CA > Manage Service Applications > New Service Application

2.1.1 Name: SQL Server Reporting Services Service Application

2.1.2 App Pool: SharePoint Web Services Default

2.1.3 Web Application Association: http://portal.denallix.com

MICROSOFT SHAREPOINT 2010 CLAIMS SUPPORT

1. SharePoint Certificates

1.1. IIS Manager > DLX > Server Certificates

1.2. Create Domain Certificate

1.3. Common Name: claims.denallix.com

1.4. Organization: Denallix

1.5. Organizational Unit: IT

1.6. City/Locality: Redmond

1.7. State/Province: WA

1.8. Country/Region: US

1.9. Specify Online Certification Authority: denallix-DLX-CA\DLX.denallix.com

1.10. Friendly Name: claims.denallix.com Certificate

1.11. Portal (Claims) Certificate

1.11.1 IIS Manager > DLX > Sites> Portal (Claims) > Actions > Bindings

1.11.1.1 Site Bindings > https > Edit

1.11.1.2 SSL Certificate: claims.denallix.com Certificate

1.11.1.3 In the details pane, double-click SSL Settings. Under Client certificates, verify

that the Ignore option is selected.

2. Create Web Applications (Central Administration > Application Management > Manage Web

Applications)

2.1. New: Portal

2.1.1 Authentication: Claims Mode Authentication

2.1.2 Create new IIS Web Site: Portal (Claims)

2.1.3 Port: 444

http://technet.microsoft.com/en-us/library/ee210646.aspx#qfe

http://msdn.microsoft.com/en-us/library/gg492276.aspx




2.1.4 Host Header: portal.denallix.com

2.1.5 Path: C:\inetpub\wwwroot\wss\VirtualDirectories\claims

2.1.6 Authentication Provider: NTLM

2.1.7 Allow Anonymous: No

2.1.8 Use SSL: Yes

2.1.9 Application Pool: SharePoint Applications

2.1.10 Application Pool Identity: DENALLIX\SPWebService

2.1.11 Database Name: WSS_Claims

2.1.12 Service Application Connections:default



2.1.14.1 Title: Portal (Claims)

2.1.14.2 Description: A site for teams to quickly organize, author, and share

information.

2.1.14.3 URL: /

2.1.14.4 Template: Collaboration > Team Site


2.1.14.6 Secondary Administrator: DENALLIX\SPWebService

2.1.15 Manage Web Applications > Portal > General Settings > General Settings

2.1.15.1 Default Time Zone: (UCT-08:00) Pacific Time

2.1.15.2 Customer Experience: No

2.1.16 Manage Web Applications > Portal > General Settings > Workflow

2.1.16.1 User-Defined Workflows: Yes

2.1.16.2 Alert Internal Users: No

2.1.16.3 Alert External Users: No

2.1.17 Manage Web Applications > Portal > General Settings > General Settings

2.1.17.1 Browser File Handling: Permissive

2.1.17.2 Alert Internal Users: No

2.1.17.3 Alert External Users: No

2.2. Application Management > Manage Service Applications > Enterprise Search Service

Application

2.2.1 Edit Local Internet Sites Content Source and verify the following Start Addresses:

2.2.1.1 http://mysite.denallix.com

2.2.1.2 http://portal.denallix.com

2.2.1.3 https://claims.denallix.com:444

2.2.1.4 sps3://mysite.denallix.com

2.2.2 Start Full Crawl

2.3. Navigate to http://portal.denallix.com

2.3.1 Add PowerPivot Gallery

2.3.2 Data Connections > Add Content Types

2.3.2.1 BI Semantic Model Connection

2.3.2.2 Report Data Source

2.4. PowerView Samples (on BI site)

2.4.1 Upload "C:\Resources\Samples\PowerViewSample\Images" to Images library

2.4.2 Upload "C:\Resources\Samples\PowerViewSample\HelloWorldPicnicPowerPivot.xlsx" to

PowerPivot Gallery

2.4.3 Upload "C:\Resources\Samples\PowerViewSample\HelloWorldPicnicDataSource.rsds" to

Data Connnections library

http://mysite.denallix.com/





2.4.4 Upload "C:\Resources\Samples\PowerViewSample\HelloWorldPicnicPowerView.rdlx" to

PowerPivot Gallery

2.4.5 Render HelloWorldPicnicPowerPivot chart and test slicers

2.4.6 Render HelloWorldPicnicPowerView report and test slicers

2.5. Security > Configure self-service site creation


2.5.1.1 Web Application: https://claims.denallix.com:444/


3. AD FS 2.0

3.1. Download and install: http://www.microsoft.com/download/en/details.aspx?id=10909

3.2. Server Role: Federation Server

3.3. Unselect Start Snap-in

3.4. Download and install Update Rollup 1: http://support.microsoft.com/kb/2607496

3.5. BUG (this doesn’t work with SQL 2012 so will need to allow it to install WID)

3.6. Run the AD FS 2.0 Federation Server Configuration Wizard from the AD FS 2.0 Management

snap-in

3.6.1 Create a new Federation Service

3.6.2 New federation server farm

3.6.3 Federation Service name: adfs.denallix.com

3.6.4 Service account: DENALLIX\ADFSService

3.6.5 SQL Server Configuration > SQL Server Network Configuration

3.6.5.1 Protocols for MICROSOFT##SSEE > Properties

3.6.5.2 Hide Instances: No

3.7. Verify everything’s running right

3.7.1 Navigate to: https://adfs.denallix.com/adfs/ls/idpinitiatedsignon.aspx

3.7.2 Click “Continue to Sign In”

3.7.3 Login with DENALLIX\Administrator to see login page

4. AD LDFS

4.1. Follow this article: http://www.thegeekispeak.com/archives/64

4.1.1 Instance name: Denallix ADLDS

4.1.2 LDAP port number: 50000

4.1.3 SSL port number: 50001

4.1.4 Partition name: CN=adlds,dc=denallix,dc=com

4.1.5 Service Account: DENALLIX\ADFSService

4.1.6 AD LDS Administrators: DENALLIX\Domain Admins

4.1.7 Importing LDIF Files

4.1.7.1 MS-AdamSyncMetadata.LDF

4.1.7.2 MS-InetOrgPerson.LDF

4.1.7.3 MS-User.LDF

4.1.7.4 MS-UserProxy.LDF

4.2. Follow the steps in "C:\Resources\Configuration\Users\Import AD LDS Schema.txt"

4.3. Connect via ADSIEdit

4.3.1 Name: AD LDS

4.3.2 Connection Point: dc=adlds,dc=local

4.3.3 Computer: dlx:50000

4.4. CN=Roles > Properties > member

http://www.microsoft.com/download/en/details.aspx?id=10909


http://www.thegeekispeak.com/archives/64



4.4.1 Add: DENALLIX\ADFSService; DENALLIX\K2Service; DENALLIX\SPWebService;

DENALLIX\SPFarmService

4.5. For each user in the OU=Departments

4.5.1 Reset the password

4.6. Set the msDS-UserAccountDisabled attribute to False

5. Trusted Provider (ADFS LDAP)

5.1. Start AD FS 2.0 Management

5.2. AD FS 2.0 > Attribute Stores

5.2.1 Add Attribute Store…

5.2.1.1 Display Name: LDAP

5.2.1.2 Attribute store type: LDAP

5.2.1.3 Connection string: LDAP://dlx:50000/dc=adlds,dc=local

5.3. AD FS 2.0 > Trust Relationships > Relying Party Trusts

5.3.1 Add relying party trust

5.3.2 Select Data Source: Enter data about the relying party manually

5.3.3 Display Name: SharePoint

5.3.4 Notes: This is for Denallix SharePoint 2010 SAML claims web application.

5.3.5 Profile: AD FS 2.0 Profile

5.3.6 Configure Certificate: {skip}

5.3.7 Configure URL:

5.3.7.1 Select Enable support for the WS-Federation Passive protocol

5.3.7.2 Relying party WS-Federation Passive protocol URL:

https://claims.denallix.com:444/_trust/

5.3.8 Configure Identifiers: Add: urn:denallix.com:sharepoint

5.3.9 Choose Issuance Authorization Rules: Permit all users to access this relying party

5.3.10 Open the Edit Claim Rules dialog

5.3.11 Add Rule…

5.3.11.1 Claim rule template: Send LDAP Attributes as Claims

5.3.11.2 Claim rule name: LDAP Claims

5.3.11.3 Attribute store: LDAP

5.3.11.4 Mapping of LDAP attributes to outgoing claim types:

5.3.11.4.1 LDAP Attribute: User-Principal-Name; Outgoing Claim Type: UPN

5.3.11.4.2 LDAP Attribute: SAM-Account-Name; Outgoing Claim Type: Name

5.3.11.4.3 LDAP Attribute: E-Mail-Address; Outgoing Claim Type: E-Mail Address

5.3.11.4.4 LDAP Attribute: Department; Outgoing Claim Type: Role

5.3.11.4.5 Claim rule language: c:[Type ==

"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname

", Issuer == "AD AUTHORITY"] => issue(store = "LDAP", types =

("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",

"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",

"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",

"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"), query =

"sAMAccountName={0};userPrincipalName,sAMAccountName,mail,department"

, param = regexreplace(c.Value, "(?<domain>[^\\]+)\\(?<user>.+)", "${user}"));

5.4. Service > Certificates

5.4.1 Select Token-signing certificate and View Certificate

5.4.2 Install Certificate

5.4.3 Place all certificates in following store: Trusted Root Certification Authorities

https://claims.denallix.com:444/_trust/



5.4.4 Security Warning: Yes, Click OK to close

5.4.5 View Certificate > Details

5.4.6 Copy to File…

5.4.7 Export File Format: DER

5.4.8 File to Export: C:\Resources\Certificates\DenallixADFS.cer

5.5. Configure SharePoint

5.5.1 Start SharePoint 2010 Management Shell

5.5.2 Run C:\Resources\Configuration\Setup ADFS for SharePoint (LDAP).ps1

6. Forms Based Authentication (LDAP)

6.1. Update web.config Settings

6.2. Open Central Administration site’s web.config:

"C:\inetpub\wwwroot\wss\VirtualDirectories\29170\web.config"

6.2.1 Find the <system.web> section

6.2.2 Replace

<roleManager> <providers> </providers> </roleManager> <membership> <providers> </providers> </membership>

With <membership> <providers> <add name="LdapMembershipProvider" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dlx.denallix.com" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="DC=denallix,DC=com" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> </providers> </membership> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" > <providers> <add name="LdapRoleProvider" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dlx.denallix.com" port="389" useSSL="false" groupContainer="DC=denallix,DC=com"



groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" userFilter="(ObjectClass=person)" scope="Subtree" /> </providers> </roleManager>

6.2.3 Double check whether the <membership> and <rolemanager> entries only exist ones.

Delete any double entries.

6.2.4 Add the following XML to the <PeoplePickerWildcards> entry

<add key="LdapMembershipProvider" value="*"/>

<add key="LdapRoleProvider" value="*"/>

6.2.5 Save and Close the web.config

6.2.6 Open Security Token Service (STS) site’s web.config: "C:\Program Files\Common

Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken\web.config"

6.2.7 Paste the following XML below the </system.net> entry

<system.web> <membership> <providers> <add name="LdapMembershipProvider" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dlx.denallix.com" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="DC=denallix,DC=com" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> </providers> </membership> <roleManager enabled="true" > <providers> <add name="LdapRoleProvider" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dlx.denallix.com" port="389" useSSL="false" groupContainer="DC=denallix,DC=com" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)"



userFilter="(ObjectClass=person)" scope="Subtree" /> </providers> </roleManager> </system.web>


6.2.9 Open LDAP Portal site’s web.config:

"C:\inetpub\wwwroot\wss\VirtualDirectories\claims\web.config"

6.2.10 Locate the <membership> entry

6.2.11 Add the following XML to the <providers> entry

<add name="LdapMembershipProvider" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dlx.denallix.com" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="DC=denallix,DC=com" userObjectClass="person" userFilter="(ObjectClass=person)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />

6.2.12 Locate the <roleManager> entry

6.2.13 Add the following XML to the <providers> entry

<add name="LdapRoleProvider"

type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dlx.denallix.com" port="389" useSSL="false" groupContainer="DC=denallix,DC=com" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" userFilter="(ObjectClass=person)"

scope="Subtree" />

6.2.14 Add the following XML to the <PeoplePickerWildcards> entry

<add key="LdapMembershipProvider" value="*"/>

<add key="LdapRoleProvider" value="*"/>


7. Configure Web Application Users

7.1. Central Administration > Application Management > Manage Web Applications

7.2. Select Portal (Claims) > Authentication Providers > Default



7.3. Claims Authentication Types

7.3.1 Enable Forms Based Authentication (FBA)

7.3.1.1 ASP.NET Membership provider name: LdapMembershipProvider

7.3.1.2 ASP.NET Role manager name: LdapRoleProvider

7.3.2 Trusted Identity Provider

7.3.2.1 Trusted Identity Provider: ADFS LDAP

7.4. Navigate to https://claims.denallix.com:444

7.4.1 Site Actions > Site Settings

7.4.1.1 Site Collection Features > Activate

7.4.1.1.1 Document Sets

7.4.1.1.2 Office Web Apps

7.4.1.1.3 PerformancePoint Services Site Collection Features

7.4.1.1.4 SharePoint Server Publishing Infrastructure

7.4.2 Users and Permissions

7.4.2.1 Site Collection Administrators: DENALLIX\K2Service

7.4.2.2 People and Groups

7.4.2.2.1 Portal Members > Add Users:

7.4.2.2.2 ADFS LDAP

7.4.2.2.2.1. UPN: [email protected]

7.4.2.2.2.2. Role: Domain Users, Finance, Headquarters, Human Resources, Legal,

Operations, Sales

7.4.2.2.3 Active Directory: DENALLIX\Domain Users

7.4.2.2.4 Forms Auth: administrator, domain users, finance, headquarters, human

resources, legal, operations, sales

7.4.2.2.5 Designers > Add Users:

7.4.2.2.6 ADFS LDAP

7.4.2.2.6.1. UPN: [email protected]

7.4.2.2.6.2. Role: Domain Users, Finance, Headquarters, Human Resources, Legal,

Operations, Sales

7.4.2.2.7 Active Directory: DENALLIX\Domain Users

7.4.2.2.8 Forms Auth: domain users, finance, headquarters, human resources, legal,

operations, sales

9.17. Setup services with Delayed Start

9.18. Run: C:\Resources\Configuration\Setup Services DelayedAutoStart.ps1

8. Configure IPFS Web Service Proxy

8.1. Export Certs to C:\Resources\Certificates

8.2. Start SharePoint 2010 Management Shell

8.3. Run C:\Resources\Configuration\Setup IPFS WS Proxy.ps1

8.4. http://help.k2.com/en/k2blackpearluserguide.aspx

9. Claims Viewer Web Part

9.1. Run "C:\Resources\Tools\SourceCode.Sample.Claims.WebParts\Install-

SourceCode.Samples.Claims.WebParts.ps1"

MICROSOFT OFFICE 2010 (32-BIT)

1. Microsoft Office 2010 Pro Plus (SP2)

1.1. Download and install

1.2. Install

https://claims.denallix.com:444/



http://help.k2.com/en/k2blackpearluserguide.aspx



1.2.1 Excel

1.2.2 InfoPath

1.2.2.1 VSTA

1.2.3 Outlook

1.2.4 PowerPoint

1.2.5 SharePoint Workspace

1.2.6 Visio Viewer

1.2.7 Word

1.3. All defaults, except do not install

1.3.1 Access

1.3.2 OneNote

1.3.3 Publisher

1.4. User Information

1.4.1 Full Name: Administrator

1.4.2 Initials: ADM

1.4.3 Organization: Denallix

2. PowerPivot for Excel 2010 (SQL 2012)

2.1. Download and install 32-bit version: http://www.powerpivot.com/download.aspx

3. Disable Excel Protected View

3.1. Steps extracted from: http://answers.microsoft.com/en-us/office/forum/office_2010-excel/the-file-

is-corrupt-and-cannot-be-opened-error-on/93af59c1-946c-4f5f-83c1-bd6f58dbd94f

3.2. Open Excel 2010

3.3. File > Options > Trust Center > Trust Center Settings > Protected View

3.4. Uncheck all the options under Protected View

4. Microsoft Office Visio 2010 Premium (SP2)

4.1. Default installation

5. Microsoft Office SharePoint Designer 2010 (SP2)

5.1. Default installation

6. Microsoft Lync 2010 Client

6.1. Download and install Lync 2010 Client

7. Outlook Spy

7.1. Download and install 32-bit

8. Microsoft Update

8.1.1 Install all Updates and Service Packs

MICROSOFT VISUAL STUDIO 2010 PROFESSIONAL


1.1. Visual C#

1.2. Visual Web Developer

1.3. Microsoft Office Developer Tools (x64)

1.4. Microsoft SharePoint Developer Tools

http://www.powerpivot.com/download.aspx

http://answers.microsoft.com/en-us/office/forum/office_2010-excel/the-file-is-corrupt-and-cannot-be-opened-error-on/93af59c1-946c-4f5f-83c1-bd6f58dbd94f

http://answers.microsoft.com/en-us/office/forum/office_2010-excel/the-file-is-corrupt-and-cannot-be-opened-error-on/93af59c1-946c-4f5f-83c1-bd6f58dbd94f



2. Microsoft Visual Studio 2010 Web Deployment Projects


3. Microsoft Report Viewer Redistributable 2005 SP1


4. Microsoft Visual Studio 2010 SP1


5. Silverlight 5 Tools for Visual Studio

5.1. Download and install http://www.silverlight.net/getting-started

6. Web Essentials

6.1. Download and install http://visualstudiogallery.msdn.microsoft.com/6ed4c78f-a23e-49ad-b5fd-

369af0c2107f

7. Startup Values

7.1. Start Visual Studio

7.2. Visual C# developer

7.3. No Customer Experience

8. Post-install Configuration

8.1. Improve Performance

8.1.1 Start Visual Studio and go to Tools > Options

8.1.2 Debugging

8.1.2.1 Clear the “Require source files to exactly match the original version“

8.1.3 Environment

8.1.3.1 General > Visual Experience

8.1.3.2 Make sure that all 3 checkboxes are unchecked:

http://stackoverflow.com/questions/2366507/visual-studio-slow-in-virtualbox

8.2. Disable Publisher Evidence: http://blogs.msdn.com/b/amolravande/archive/2008/07/20/startup-

performance-disable-the-generatepublisherevidence-property.aspx

Add this line:

<configuration>

<runtime>

<generatePublisherEvidence enabled="false"/>

</runtime>

</configuration>

To these files:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config"

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\Aspnet.config"

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config"

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet.config"

"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config"

"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Aspnet.config"

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config"

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet.config"

http://www.silverlight.net/getting-started

http://visualstudiogallery.msdn.microsoft.com/6ed4c78f-a23e-49ad-b5fd-369af0c2107f

http://visualstudiogallery.msdn.microsoft.com/6ed4c78f-a23e-49ad-b5fd-369af0c2107f

http://stackoverflow.com/questions/2366507/visual-studio-slow-in-virtualbox

http://blogs.msdn.com/b/amolravande/archive/2008/07/20/startup-performance-disable-the-generatepublisherevidence-property.aspx

http://blogs.msdn.com/b/amolravande/archive/2008/07/20/startup-performance-disable-the-generatepublisherevidence-property.aspx



8.3. Enable Right-Click GAC of DLLs

8.3.1 Run C:\Resources\Configuration\Enable Right-Click GAC.ps1

8.4. Create any project and target .NET Framework 3.5 which will cause next new project to do the

same

9. Disable Unhandled Exceptions VS Debugger

9.1. Run "C:\Resources\Configuration\Disable VS JIT Debugging.ps1"

10. Windows Update


MICROSOFT DYNAMICS CRM 2011

1. Server

1.1. Download and install (Version: 05.00.9690.1992):


1.1.1 Contains Reporting Extensions

1.1.2 Get updates

1.1.3 Install Required Components: Install

1.1.4 Installation Directory: C:\Program Files\Microsoft Dynamics CRM

1.1.5 Server Roles: Full Server

1.1.6 Database Server: DLX; Create a new deployment

1.1.7 Organizational Unit: OU=CRM System Groups,DC=denallix,DC=com

1.1.8 Service Accounts

1.1.8.1 Application Service: DENALLIX\CRMService

1.1.8.2 Deployment Web Service: DENALLIX\CRMWebService

1.1.8.3 Sandbox Processing Service: DENALLIX\CRMSandboxService

1.1.8.4 Asynchronous Processing Service: DENALLIX\CRMAsyncService

1.1.9 {Outside Installer} Create a new web site in IIS

1.1.9.1 Site Name: CRM

1.1.9.2 Host Name: crm.denallix.com

1.1.9.3 Path: C:\inetpub\wwwroot\crm

1.1.9.4 AppPool: CRM (DENALLIX\CRMService), .NET 4, Integrated

1.1.10 Web site: CRM

1.1.11 E-mail router server name: dlx.denallix.com

1.1.12 Organization

1.1.12.1 Display Name: Denallix

1.1.12.2 Unique Database Name: Denallix

1.1.12.3 ISO currency code: USD

1.1.12.4 Currency name: US Dollar

1.1.12.5 Currency symbol: $

1.1.12.6 Currency precision: 2

1.1.12.7 SQL Collation: Latin1_General_Cl_Al


1.1.14 Report Server URL: http://dlx/reportserver

1.2. Launch Reporting Extensions for SSRS Setup

1.2.1 Get updates

1.2.2 SQL Server: DLX

1.2.3 SSRS Instance: MSSQLSERVER




2. Setup Users

2.1. Settings > System > Administration > Users

2.1.1 Select Full Access Users

2.1.2 New Multiple Users

2.1.2.1 Utilize the user mappings defined in C:\Resources\Configuration\Users\CRM Users.txt

2.1.2.2 E-mail Incoming: E-mail Router

2.1.2.3 E-mail Outgoing: E-mail Router

2.2. Configure default views for Administrator

2.2.1 Settings > Customization > Customizations > Customize the System

2.2.2 Set default view (and publish it) to either “All” or “All Active” or “Open…” for: Account,

Contact, Invoice, Lead, Marketing List, Opportunity, Order and Quote

2.3. Add DENALLIX\K2Service to CRM System Groups\PrivUserGroup

2.4. Navigate to CRM > Settings > Administration > Users > K2 Service

2.5. General > Client Access License (CAL) Information

2.5.1 Access Mode: Read-Write

2.5.2 License Type: Full

2.6. Security Roles

2.6.1 System Administrator

3. E-mail Router


3.1.1 Install these components

3.1.1.1 Microsoft Dynamics CRM E-Mail Router Service

3.1.1.2 Rule Deployment Wizard

3.1.2 E-mail Router Configuration Manager

3.1.3 Configuration Profiles > New

3.1.3.1 Profile Name: Incoming

3.1.3.2 Direction: Incoming

3.1.3.3 E-mail Server Type: Exchange 2010

3.1.3.4 Use Autodiscovery: unchecked

3.1.3.5 Exchange Web Services URL: https://dlx.denallix.com/ews/exchange.asmx

3.1.3.6 Access Credentials: DENALLIX\K2Service

NOTE: Using this account since it already has Exchange Impersonate rights.

3.1.4 Configuration Profiles > New Profile

3.1.4.1 Profile Name: Outgoing

3.1.4.2 Direction: Outgoing

3.1.4.3 E-mail Server Type: SMTP

3.1.4.4 E-mail Server: dlx.denallix.com

3.1.4.5 Access Credentials: DENALLIX\Administrator

3.1.5 Deployments > New

3.1.5.1 Deployment: My Company

3.1.5.2 MSCRM Server: http://crm.denallix.com/denallix

3.1.5.3 Access Credentials: Local System Account

3.1.5.4 Incoming: Incoming

3.1.5.5 Outgoing: Outgoing

3.1.6 Users, Queues, and Forward Mailboxes

3.1.6.1 Load Data

3.1.6.1.1 Verify all users are loaded

3.1.6.1.2 Select all users and select Test Access to ensure incoming/outgoing success


http://crm.denallix.com/denallix



3.1.7 Publish

3.2. Cleanup CRM App Pool: IIS Manager > Application Pools > CRM – select Remove

4. Client (Outlook)


4.1.1 Install Now

5. List Component for SharePoint


5.1.1 SharePoint Management Console, Run: AllowHtcExtn.ps1 http://portal.denallix.com


5.1.3 Upload crmlistcomponent.wsp to Solutions gallery and Activate

5.1.4 Finish integration per this article http://www.ryanonrails.com/2011/02/25/hooking-crm-2011-

and-share-point-2010-together/

6. SDKs

6.1. Download and extract CRM 4 SDK: http://www.microsoft.com/en-


6.2. Download and extract CRM 2011 SDK:


6.3. GAC

6.3.1 "C:\Resources\Tools\MicrosoftDynamicsCRM4SDK\sdk\bin\64bit\microsoft.crm.sdk.dll"

6.3.2 "C:\Resources\Tools\MicrosoftDynamicsCRM4SDK\sdk\bin\64bit\microsoft.crm.sdktypeprox

y.dll"

6.3.3 "C:\Resources\Tools\MicrosoftDynamicsCRM4SDK\sdk\bin\64bit\microsoft.crm.sdktypeprox

y.xmlserializers.dll"

6.3.4 "C:\Resources\Tools\MicrosoftDynamicsCRM2011SDK\bin\microsoft.xrm.sdk.xml"

6.3.5 "C:\Resources\Tools\MicrosoftDynamicsCRM2011SDK\bin\microsoft.crm.sdk.proxy.dll"

7. Report Authoring (BIDS)

7.1. Download and install http://www.microsoft.com/en-us/download/details.aspx?id=27823

7.2. Run: SetupBIDSExtensions.exe

7.3. Select: Get updates for Microsoft Dynamics CRM

8. Load Sample Data (Optional)

8.1. Load Data

8.1.1 Navigate to http://crm.denallix.com

8.1.2 Settings > Data Management > Sample Data

8.1.3 Install Sample Data

9. Disable IE popup blocker

9.1. Tools > Popup Blocker > Popup Blocker Settings

9.2. Add crm.denallix.com to Allowed sites

10. Microsoft Update


K2 BLACKPEARL 4.6.6

1. Pre-Installation





http://www.ryanonrails.com/2011/02/25/hooking-crm-2011-and-share-point-2010-together/

http://www.ryanonrails.com/2011/02/25/hooking-crm-2011-and-share-point-2010-together/





http://crm.denallix.com/



1.1. MSMQ

1.1.1 Configure MSMQ per this topic:

http://help.k2.com/helppages/k2blackpearlGettingStarted4.6/webframe.html?page=MSDTC.

html

1.2. SSRS

1.2.1 Set SQL Server Reporting Services (MSSQLSERVER) service to Automatic and Start

1.3. Create IIS Application Pool

1.3.1 Name: K2

1.3.2 .NET Framework version: .NET Framework v2.0.50727

1.3.3 Managed pipeline mode: Classic

1.3.4 Advanced Settings…

1.3.4.1 Identity > Set: DENALLIX\K2WebService

1.4. Create IIS Web Site

1.4.1 Site name: K2

1.4.2 Application pool: K2

1.4.3 Physical path: C:\inetpub\K2

1.4.4 Host name: k2.denallix.com

1.4.5 Authentication

1.4.5.1 Anonymous Authentication: Disabled

1.4.5.2 Windows Authentication: Enabled

1.4.5.2.1 Providers: NTLM; Negotiate

2. General Installation

2.1. Download and install latest: K2 blackpearl 4.6.6 (4.12060.1560.0)

2.2. Installation Type

2.2.1 Select “Custom Installation”

2.2.2 Installation Folder: C:\Program Files (x86)\K2 blackpearl

2.3. Select Components

2.3.1 K2 blackpearl Server

2.3.2 K2 for Reporting Services

2.3.3 K2 Workspace

2.3.4 K2 for SharePoint 2010

2.3.4.1 K2 Designer for SharePoint 2010

2.3.5 K2 for Visual Studio Core

2.3.5.1 K2 for Visual Studio 2010

2.3.6 K2 Studio

2.3.7 K2 Core

2.3.8 K2 blackpearl Setup Manager

2.4. K2 Server Configuration

2.4.1 K2 Server Farm

2.4.2 K2 Server Farm Name (FQDN): k2.denallix.com

2.5. K2 Pass-through Authentication

2.5.1 Select “Windows”

2.6. K2 Server Configuration

2.6.1 Host Server Port: 5555

2.6.2 Workflow Service Port: 5252

2.6.3 Discovery Service Port: 49600

2.6.4 Select “Start the K2 blackpearl Service”

2.6.5 SMTP Server: dlx.denallix.com

2.6.6 From Address: [email protected]

http://help.k2.com/helppages/k2blackpearlGettingStarted4.6/webframe.html?page=MSDTC.html

http://help.k2.com/helppages/k2blackpearlGettingStarted4.6/webframe.html?page=MSDTC.html



2.7. K2 Workspace Web Site Configuration

2.7.1 Select “Use an existing Web site”

2.7.2 Web site name: K2

2.8. K2 Workspace Application Pool Configuration

2.8.1 Select “Use an existing Application Pool”

2.8.2 Application Pool: K2

2.9. SQL Reporting Services Configuration

2.9.1 Web Service URL: http://dlx:80/ReportServer

2.10. CRM Configuration

2.10.1 Check “Enable CRM Integration”

2.10.2 Version: CRM 2011

2.10.3 Server URL: http://crm.denallix.com

2.10.4 Organization: Denallix

2.11. Database Configurations

2.11.1 Database Name: K2 {default}

2.12. Service Accounts Configuration

2.12.1 K2 Administrator Account: DENALLIX\Administrator

2.12.2 K2 Service Account: DENALLIX\K2Service

2.13. Exchange Server Configuration

2.13.1 Check “Use Exchange for mail integration”

2.13.2 Configure Exchange On-Premises

2.13.2.1 From Address: [email protected]

2.13.3 EWS URL: https://dlx.denallix.com/EWS/Exchange.asmx

2.14. Exchange Server Configuration

2.14.1 Check “Enable standard Exchange integration (Calendar, Meeting)”

2.14.1.1 User Name: DENALLIX\K2Service

2.14.2 Check “Enable administrative Exchange integration (Mailbox)”

2.14.2.1 User Name: DENALLIX\K2Service

2.14.2.2 Exchange Version: Exchange 2010 SP2

2.15. SmartActions Configuration

2.15.1 Check “Enable SmartActions for Exchange”

2.15.1.1 Use K2 Service account (DENALLIX\K2Service)

2.16. Finished

2.16.1 Check “Launch the K2 for SharePoint Configuration Wizard”

2.16.2 Run wizard with all defaults

3. .NET 4 Mode

3.1. Run: C:\Resources\Scripts\ChangeK2NetFramework4.0.ps1

4. Central Administration > K2 for SharePoint > Activate All K2 Features and K2 Configuration >

Portal

4.1. Activation Location

4.1.1 Site Collection: http://portal.denallix.com

4.2. General Settings

4.2.1 Select “Update settings for all sub webs”

4.3. Feature Activation Settings

4.3.1 Select “Activate all K2 Features to selected site collection”

4.4. Connection Settings

4.4.1 Select “Add K2 Connection Settings to selected site collection”

http://crm.denallix.com/




4.4.1.1 Host Server: DLX

4.4.1.2 Host Server Port: 5555

4.4.1.3 Report Server URL: /

4.5. Environment Library Settings

4.5.1 Environment: Development

4.5.2 Select “Create new SharePoint Site URL”

4.5.2.1 Name: Portal

4.5.2.2 Description: Portal SharePoint Site URL

4.6. SharePoint Group Provider Settings

4.6.1 Select “Add group provider for site collection”

4.6.1.1 SharePoint Group Provider Label: Portal

4.7. Deployment Application Pool

4.7.1 Use existing application pool: SharePoint Applications (DENALLIX\SPWebService)

4.8. Process Designers

4.8.1 Site Collection Groups (Default)

4.8.1.1 Designers

4.8.1.2 Portal Owners

4.9. Process Participants


4.9.1.1 Designers

4.9.1.2 Portal Members


4.10. Process Approval

4.10.1 Select “No Approval Required”

4.11. K2 Process Portal


4.11.2 Site Actions > New Site > K2 Process Portal Site

4.11.2.1 Title: K2

4.11.2.2 Description: K2 Process Portal

4.11.2.3 URL: K2

4.11.2.4 User Permissions: Use same permissions as parent site

4.11.2.5 Use the top link bar from the parent site? Yes


4.11.4 Site Settings > Navigation

4.11.4.1 Navigation Editing and Sorting

4.11.4.2 Global Navigation

4.11.4.3 K2 - /K2 – Move to 1st position (or add at 1st position if not available)

4.11.5 Site Actions > Edit Page

4.11.5.1.1 Add Web Part: K2 Worklist

4.11.5.1.2 Change image to C:\Resources\Images\K2_logo.png

4.11.5.1.3 Horizontal Size: 120 px

4.11.5.1.4 Vertical Size: 70 px

5. Central Administration > K2 for SharePoint > Activate All K2 Features and K2 Configuration >

Portal (Claims)

5.1. Activation Location

5.1.1 Site Collection: https://claims.denallix.com:444

5.2. General Settings

5.2.1 Select “Update settings for all sub webs”






5.3. Feature Activation Settings

5.3.1 Select “Activate all K2 Features to selected site collection”

5.4. Connection Settings

5.4.1 Select “Add K2 Connection Settings to selected site collection”

5.4.2 Host Server: DLX

5.4.3 Host Server Port: 5555

5.4.4 Report Server URL: /

5.5. Environment Library Settings

5.5.1 Environment: Development

5.5.2 Select “Create new SharePoint Site URL”

5.5.3 Name: Portal (Claims)

5.5.4 Description: Portal (Claims) SharePoint Site URL

5.6. SharePoint Group Provider Settings

5.6.1 Select “Add group provider for site collection”

5.6.2 SharePoint Group Provider Label: Portal (Claims)

5.7. Deployment Application Pool

5.7.1 Use existing application pool: SharePoint Applications (DENALLIX\SPWebService)

5.8. Process Designers


5.8.1.1 Designers


5.9. Process Participants


5.9.1.1 Designers

5.9.1.2 Portal Members


5.10. Process Approval

5.10.1 Select “No Approval Required”

5.11. K2 Process Portal

5.11.1 Navigate to https://claims.denallix.com:444

5.11.2 Sign In: Windows Authentication

5.11.3 Site Actions > New Site > K2 Process Portal Site

5.11.3.1 Title: K2

5.11.3.2 Description: K2 Process Portal

5.11.3.3 URL: K2

5.11.3.4 User Permissions: Use same permissions as parent site

5.11.3.5 Use the top link bar from the parent site? Yes

5.11.4 Navigate to https://claims.denallix.com:444

5.11.5 Sign In: Windows Authentication

5.11.6 Site Settings > Navigation

5.11.6.1 Navigation Editing and Sorting

5.11.6.2 Global Navigation

5.11.6.3 K2 - /K2 – Move to 1st position (or add at 1st position if not available)

5.11.7 Site Actions > Edit Page > Web Parts

5.11.7.1.1 Add: K2 Worklist

5.11.7.1.2 Delete: K2 Claims Viewer (No K2)

5.11.7.1.3 Add: K2 Claims Viewer

5.11.7.1.4 Delete: Image





5.11.7.1.5 Delete: Getting Started

6. Documentation

6.1. Download and Install K2 blackpearl 4.6.4 Documentation Installer

6.2. Use all defaults

7. Video Pack

7.1. Download and Install K2 Guides Video Pack 4.5 (4.10060.1.0)

7.2. Use all defaults

8. SmartObject Services

8.1. Edit “C:\Program Files (x86)\K2 blackpearl\Host Server\bin\K2HostServer.exe.config”

8.2. Change the <configuration><smoServices> section as highlighted below

<smoServices enableEndpoints="true" enableEvents="true" enableCrossDomainPolicy="true" scheme="http" server="k2.denallix.com" port="8888" serviceRoot="SmartObjectServices" specialCharacterReplacement="_" enableMetadata="true" defaultSecurityLabel="K2"> <wcf binding="wsHttpBinding" bindingConfiguration="wsHttpBinding+Windows" /> <rest binding="webHttpBinding" bindingConfiguration="webHttpBinding+Windows" /> <managedEndpoints> <static> <endpoints /> </static> <excluded all="false" >  </excluded> </managedEndpoints> </smoServices>

8.3. Restart K2 blackpearl Server

9. Claims Configuration

9.1. Setup User Managers

9.1.1 Execute "C:\Resources\Configuration\K2\K2 User Managers\K2 LDAP User Manager

(Forms - Setup).sql" against K2 database

9.1.2 Execute "C:\Resources\Configuration\K2\K2 User Managers\K2 LDAP User Manager

(Trusted - Setup).sql" against K2 database

9.2. Setup Claims Configuration

9.2.1 Run: "C:\Resources\Configuration\K2\SourceCode.Security.Claims\Get-

ClaimTypeMappings.ps1"

9.2.2 Edit “C:\Program Files (x86)\K2 blackpearl\Host Server\bin\K2HostServer.exe.config”



9.2.3 Paste contents from

"C:\Resources\Configuration\K2\SourceCode.Security.Claims\SourceCode.Security.Claims-

Portal (Claims).xml" after </system.serviceModel>

9.2.4 Restart K2 blackpearl Server

10. Reporting Services Configuration

10.1. Copy "C:\Program Files (x86)\K2

blackpearl\Bin\SourceCode.Data.SmartObjectsClient.dll" to

C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies

10.2. Edit "C:\Program Files (x86)\Microsoft Visual Studio

10.0\Common7\IDE\PrivateAssemblies\RSPreviewPolicy.config"

10.2.1 Add the following line to the <mscorlib><security><policy><PolicyLevel><CodeGroup>

section

<CodeGroup Name="CustomDataExtensionCodeGroup" Description="Code group for the

Custom Data Extension" PermissionSetName="FullTrust" class="UnionCodeGroup"

version="1">

<IMembershipCondition class="UrlMembershipCondition" Url="C:\Program Files

(x86)\Microsoft Visual Studio

10.0\Common7\IDE\PrivateAssemblies\SourceCode.Data.SmartObjectsClient.dll"

version="1" />

</CodeGroup>

11. Startup Script

11.1. Edit "C:\Resources\Startup\StartupConfig.xml" and add the following to <urls>

 <url enabled="true" category="K2" path="http://k2.denallix.com/workspace/Navigation/Navigation.aspx" /> <url enabled="true" category="K2" path="http://k2.denallix.com/K2Services/WCF.svc" /> <url enabled="true" category="K2" path="http://k2.denallix.com/RuntimeServices/ClientEventService.asmx" /> <url enabled="true" category="K2" path="http://k2.denallix.com/RuntimeServices/InfoPathService.asmx" /> <url enabled="true" category="K2" path="http://k2.denallix.com/RuntimeServices/SharePointService.asmx" />

12. Shortcuts

12.1. Add IE Favorites Bar shortcuts after Portal

12.1.1 K2 Workspace: http://k2.denallix.com/workspace/Navigation/Navigation.aspx

12.1.2 K2 Services: http://k2.denallix.com/K2Services/WCF.svc

12.1.3 K2 SmartObject Services:

http://k2.denallix.com:8888/SmartObjectServices/endpoints/endpoints.xml

12.2. Add Shortcuts to desktop from C:\Resources\Scripts to allow starting of console mode

after adding K2 Service to local Administrators group. Also allow for starting Service after

removing from Administrators.

13. IIS Metabase Access (Optional)

13.1. Run: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -ga

DENALLIX\SQLReportingService

http://k2.denallix.com/workspace/Navigation/Navigation.aspx

http://k2.denallix.com/K2Services/WCF.svc

http://k2.denallix.com:8888/SmartObjectServices/endpoints/endpoints.xml



13.2. Run: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -ga

DENALLIX\K2WebService

14. SmartActions

14.1. Cache DENALLIX\K2Service credentials

14.2. IE > RunAs > DENALLIX\K2Service

14.3. Navigate to http://k2.denallix.com/workspace/Navigation/Navigation.aspx

14.4. User Settings > Single Sign-on

14.5. Security Label > K2 > Edit Credentials

14.6. Provide password and click OK

15. PowerPivot

15.1. Add SPN entries for PowerPivot

15.1.1 setspn -S HTTP/k2.denallix.com denallix\k2service

15.1.2 setspn -S HTTP/k2 denallix\k2service

16. Administrators

16.1. Add DENALLIX\K2Service to Administrators group for Console Mode capabilities

17. IE Compatibility Mode

17.1. Set IE compatibility mode for *.denallix.com per http://help.k2.com/en/kb001327.aspx

K2 PACKAGE AND DEPLOYMENT 1.0


1.1. Download and install latest: K2 Package and Deployment 1.0 (4.13210.1.0)

1.2. Select All Components

K2 SMARTFORMS 1.0.4


1.1. Download and install latest: K2 smartforms 1.0.1 (4.12165.1565.0)

1.2. Select Components

1.2.1 SmartForms Server

1.2.2 K2 Designer

1.2.3 K2 SmartForms Runtime

1.2.4 K2 SmartForms for SharePoint

1.2.5 K2 SmartForms Process Wizards

1.2.6 K2 SmartForms Setup Manager

1.3. K2 Server Database

1.3.1 SQL Server: DLX

1.3.2 Name: K2

1.3.3 Windows Authentication

1.4. K2 Designer Web Site

1.4.1 Use an existing Web site: K2

1.5. K2 Designer Site – Application Pool

1.5.1 Use an existing Application Pool: K2

1.6. SmartForms Runtime Site

1.6.1 Use an existing Web site: K2 smartforms

1.7. SmartForms Runtime Site – Application Pool

http://k2.denallix.com/workspace/Navigation/Navigation.aspx

http://help.k2.com/en/kb001327.aspx



1.7.1 Use an existing Application Pool: K2 smartforms

1.8. Check “Launch the K2 for SharePoint Configuration Wizard”

1.8.1 Run wizard with all defaults

1.8.2 Activate All for http://portal.denallix.com

1.8.2.1 Update settings for all sites in the site collection

1.8.3 Activate All for https://claims.denallix.com:444

1.8.3.1 Update settings for all sites in the site collection

2. Post-installation Configuration

2.1. Edit "C:\Resources\Startup\StartupConfig.xml" and add the following to <url>

 <url enabled="true" category="K2" path="http://k2.denallix.com/designer/default.aspx" />

2.2. Create a shortcut for K2 Designer on desktop

2.3. Add IE shortcut before Portal

2.3.1 K2 Designer: http://k2.denallix.com/designer/default.aspx


2.5. Site Actions > Edit Page

2.5.1.1 Add Web Part below K2 Worklist: K2 SmartForms Viewer

2.5.1.1.1 Name: K2 Worklist Item

2.5.1.2 Add Web Part right of K2 Worklist: K2 SmartForms Viewer

2.5.1.2.1 Name: K2 View Flow

2.5.1.2.2 Height: 400px

2.5.1.3 Configure connections

2.5.1.3.1 K2 Worklist > Send Row To > K2 View Flow > Get URL From > View Flow URL

2.5.1.3.2 K2 Worklist > Send Row To > K2 Worklist Item > Get URL From > Worklist Item

URL

K2 CONNECT 4.6.5

1. Temporary Rights

1.1. NOTE: DENALLIX\K2Service must be in the Local Administrators group to create Event Log

entries on first start

2. RFC Libraries

2.1. Download 32-bit and 64-bit libraries

2.1.1 32-bit: Copy librfc32.dll; msvcp71.dll; msvcr71.dll to C:\Windows\SysWOW64

2.1.2 64-bit: Copy librfc32.dll to C:\windows\system32

3. ERP Connect

3.1. Download and install ERPConnectSetup.exe with defaults

4. K2 connect

4.1. Download and install K2 connect for SAP 4.6.5 (4.10060.750.0)

4.2. Destination Folder: C:\Program Files (x86)\K2 connect

4.3. Custom installation

4.4. Select “Will be installed on local hard drive” for all options

4.5. SQL Server Name: DLX

4.6. Database Name: K2Connect

4.7. Database Creation: Windows Authentication

4.8. K2 connect Server: Windows Authentication

4.9. User Account: DENALLIX\K2Service

5. Post-install



http://k2.denallix.com/designer/default.aspx




5.1. Grant DENALLIX\K2Service db_datareader, db_datawriter, db_owner on the K2 connect

database

5.2. Grant DENALLIX\K2Service Full Control permissions on the

KEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SourceCode\connect\Configuration

registry key

5.3. Grant DENALLIX\K2Service Full Control permissions on the following directories

5.3.1 C:\Program Files (x86)\K2 connect\Configuration

5.3.2 C:\Program Files (x86)\K2 connect\Service

5.4. K2 connect Administration > Settings

5.4.1 Cluster Configuration

5.4.1.1 Cluster Name: k2.denallix.com

5.4.1.2 Assigned: dlx

5.4.2 Licensing: Enter Key

5.4.3 Configure Destinations

5.4.3.1 Connector > Add

5.4.3.1.1 Name: ERP Connect

5.4.3.1.2 Path: "C:\Program Files (x86)\K2

connect\Connector\SourceCode.ServiceObjectModel.ERP.Connect.dll"

5.4.3.1.3 Import shared destinations: No

5.4.3.2 Systems > Add

5.4.3.2.1 Name: SAP R4.7

5.4.3.3 Destination > Add

5.4.3.3.1 Name: K2SAP

5.4.3.3.2 CONNECTIONSTRING: ASHOST=216.9.6.75 SYSNR=KR3 CLIENT=900

USER={Username} PASSWD={Password}

5.5. Restart K2 blackpearl and K2 connect services

5.6. K2 blackparl Settings

5.6.1 Register Service Instance

5.7. Configure K2 connect service for Delayed Start

USER PROFILE (DEFAULT USER)

1. Copy Profile

1.1. Logoff (Note: Cold Boot might be required)

1.2. Optional: If Outlook has been started, remove the profile: http://support.microsoft.com/kb/197653

1.3. System Properties > Advanced > User Profiles > Settings

1.3.1 Select: “DENALLIX\Administrator”

1.3.2 Copy To…

1.3.2.1 Copy profile to: C:\Users\Default (Location of default profile)

1.3.2.2 Permitted to use: Authenticated Users

1.3.3 NOTE: Download Winabler if “Copy To” button is not enabled

(http://www.tinkertoys.net/Products.html).

USER PROFILES (CONFIGURATION)

The user accounts have been configured via group policy and scripts where possible. However,

there are a few remaining steps the accounts you wish to use in demos.

1. Cache Runas Credentials (stops prompts in browser and Office clients)

1.1. C:\Resources\Shortcuts – Open every user’s IE and…


http://www.tinkertoys.net/Products.html



1.1.1 Type password: K2pass!

1.1.2 Create their My Site:

1.1.2.1 Navigate to {User} My Site link on user name drop down in the upper right

1.1.2.2 Click on My Content to create the site

1.2. C:\Resources\User Shortcuts – Open every user’s Outlook and…

1.2.1 Configure via Autodiscovery

1.3. Add denallix.com to IE compatibility settings for all users

1.3.1 Run: "C:\Resources\Configuration\Users\Setup IE Compatibility View.ps1"

TESTING

1. Portal Testing

1.1. Test and Clean-up ECS, Records Center and Email-enabled Lists

1.1.1 Upload C:\Resources\Samples\Test Workbook.xslx; Test PowerPoint.pptx; Test

Diagram.vdw and Test Document.docx and render all in browser

1.1.2 Send To > Records Center – verify it is there – delete and empty recycle bin

1.1.3 Incoming email test – Documents > Document Library Settings > Incoming e-mail settings

1.1.3.1 Allow? Yes

1.1.3.2 E-mail Address: {libraryname}@portal.denallix.com

1.1.3.3 E-mail security policy: Accept e-mail messages from any sender

1.1.3.4 Accept all other defaults

1.1.3.5 Send email and verify it ends up in the list (can take a few minutes)

1.1.3.6 Remove email settings on list

1.1.4 Navigate to http://portal.denallix.com/BI

1.1.4.1 Dashboards > Library Settings > General Settings > Advanced Settings

1.1.4.2 Allow Management of Content Types: Yes

1.1.4.3 Library Settings > Content Types > Add from existing site content types

1.1.4.4 Add: Report Builder Model, Report Builder Report and Report Data Sources

1.1.4.5 New Document > Report Builder Report – Allow installation and close tool


1.2.1 Delete all Shared Documents and empty recycle bin

1.3. Central Administration -> Manage User Properties. Change one of them to Export and verify

synchronization will update AD. Change it back after verification

1.4. Central Administration > Manage Service Applications > Enterprise Search Service > Content

Source > Local SharePoint Sites > Start Incremental Crawl

2. VPN Testing

2.1. Configure External Network adapter to use Bridged networking and connect it to an external

network. Ensure it is configured with an IP address on the network, for example 192.168.1.148

2.2. Connect a mobile device to the same network, for example and iPhone on WiFi

2.3. Configure the mobile device to connect to the VM via VPN by IP address, for example

192.168.1.148. PPTP and L2TP are both configured on the server. L2TP requires secret.

NOTE: It is not recommended to use the Administrator account for VPN, browsing or email on

mobile devices

2.3.1 Description: Denallix

2.3.2 Server: 192.168.1.148

2.3.3 Account: denallix\anthony

2.3.4 Password: K2pass!

2.3.5 Secret: K2pass!

2.3.6 Encryption Level: Auto

2.4. Connect to VPN

http://portal.denallix.com/BI




2.4.1 Install Certificates: Yes

2.5. Verify configuration by opening a browser and navigating to http://portal.denallix.com

NOTE: Although Safari on iPhone can be configured to remember passwords, it will only

remember passwords for current session. http://www.ausbt.com.au/how-to-save-passwords-in-

safari-on-the-ipad-iphone


2.6. Configure mobile device email client for Exchange via ActiveSync.

2.6.1 Email: [email protected]

2.6.2 Server: dlx.denallix.com

2.6.3 Domain: denallix

2.6.4 Username: Anthony

2.6.5 Password: K2pass!

2.6.6 Description: Denallix

2.6.7 Use SSL: On


3. K2 Testing

3.1. Create Process that test

3.1.1 CRM – create entity

3.1.2 Exchange – create meeting

3.1.3 Exchange – disable mailbox

3.1.4 SmartActions – send actions

3.2. Using different designers create processes that test SharePoint, SQL, AD, Exchange and

SmartActions

CLEAN-UP

1. Correct Event Log and ULS Errors

1.1. See Appendix for detailed information on resolving errors

2. Clean-up SharePoint Health Rules

2.1. PowerPivot: Secondary Logon service (seclogon) is disabled

2.1.1 Verified Service is set to Manual as specified

2.1.2 Enabled: Uncheck

2.1.3 Scheduled: OnDemandOnly

2.2. PowerPivot: The Analysis Services instance runs in tabular mode, but the configuration setting

that specifies this mode is turned off.

2.2.1 Incorrectly fires because it is looking for SQL 10 not SQL 11



2.3. Web Analytics: Verifies that when the Web Analytics is installed and running, usage logging is

enabled in the farm.



2.4. Drives are at risk of running out of free space.



2.5. Web Analytics: Monitors the health of the Report Consolidator component.



2.6. Accounts used by application pools or service identities are in the local machine Administrators

group.


http://www.ausbt.com.au/how-to-save-passwords-in-safari-on-the-ipad-iphone

http://www.ausbt.com.au/how-to-save-passwords-in-safari-on-the-ipad-iphone






3. Windows Services

3.1. Set the following to Manual

3.1.1 Print Spooler

3.1.2 Windows Image Acquisition (WIA)

3.2. Set the following to Disabled

3.2.1 Windows Firewall

4. Clean-up Space

4.1. Truncate All Transaction Logs: "C:\Resources\Scripts\Truncate All Transaction Logs.sql"

4.2. Shrink All Databases: "C:\Resources\Scripts\Shrink All Database Files.sql"

4.3. Resize all Event Logs: "C:\Resources\Scripts\Resize All Event Logs.ps1"

4.4. Clear all Event Logs: "C:\Resources\Scripts\Clear All Event Logs.ps1"

4.5. Clear all RunMRU: "C:\Resources\Scripts\Clear RunMRU.ps1"

4.6. Delete all Windows Error Reports: del

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\*.*

4.7. Delete all SharePoint Log files: del C:\Program Files\Common Files\Microsoft Shared\Web

Server Extensions\14\LOGS\*.*

4.8. Clear Profile Run Jobs: C:\Program Files\Microsoft Office Servers\14.0\Synchronization

Service\UIShell\miisclient.exe

4.9. Delete installer $PatchCache$ per these articles:

http://blogs.msdn.com/b/jjameson/archive/2010/04/30/save-significant-disk-space-by-setting-

maxpatchcachesize-to-0.aspx, http://blogs.msdn.com/b/heaths/archive/2007/01/17/the-patch-

cache-and-freeing-space.aspx

4.9.1 Backup C:\Windows\Installer\$PatchCache$\Managed

4.9.2 Delete C:\Windows\Installer\$PatchCache$\Managed

4.10. Delete Exchange load counters per this article:

http://thoughtsofanidlemind.wordpress.com/2010/08/16/freeing-up-disk-space-after-exchange-

2010-installations/

4.10.1 Backup C:\Program Files\Microsoft\Exchange Server\V14\Logging\lodctr_backups

4.10.2 Delete C:\Program Files\Microsoft\Exchange Server\V14\Logging\lodctr_backups

4.11. Defrag Mailbox Database: "C:\Resources\Scripts\Defrag Exchange Mailbox

Database.ps1"

4.12. MSOCache – leave as-is

4.13. Winsxs – leave as-is

4.14. Disk Cleanup – delete everything

4.15. Windows Defrag (3x)

SERVER BACKUP (OPTIONAL)

1. Backup server and AD configuration

1.1. Start > All Programs > Accessories > System Tools > Windows Server Backup

1.1.1 Backup Once

1.1.2 Backup Options: Different Options

1.1.3 Select Backup Configuration: Custom

1.1.4 Select Items for Backup: Add Items: System State

1.1.5 Destination Type: Local Drives (map a USB drive for backup to)

http://blogs.msdn.com/b/jjameson/archive/2010/04/30/save-significant-disk-space-by-setting-maxpatchcachesize-to-0.aspx

http://blogs.msdn.com/b/jjameson/archive/2010/04/30/save-significant-disk-space-by-setting-maxpatchcachesize-to-0.aspx

http://blogs.msdn.com/b/heaths/archive/2007/01/17/the-patch-cache-and-freeing-space.aspx

http://blogs.msdn.com/b/heaths/archive/2007/01/17/the-patch-cache-and-freeing-space.aspx

http://thoughtsofanidlemind.wordpress.com/2010/08/16/freeing-up-disk-space-after-exchange-2010-installations/

http://thoughtsofanidlemind.wordpress.com/2010/08/16/freeing-up-disk-space-after-exchange-2010-installations/



FINALIZING THE VIRTUAL DISK

1. Enable Shutdown Tasks

1.1. Task Scheduler > Task Scheduler Library

1.1.1 Add C:\Resources\Tasks

2. Virtual Hard Disk Packaging (VHD)

2.1. Diskpart

2.1.1 select vdisk file="D:\Hyper-V\K2 Core 5.5.x\K2 Core 5.5.1.vhd"

2.1.2 attach vdisk

2.2. Command Prompt

2.2.1 Attrib i:\pagefile.sys –s -h

2.2.2 Del i:\pagefile.sys

2.2.3 sdelete –z i:

2.3. Diskpart

2.3.1 Detach vdisk

2.3.2 Attach vdisk readonly

2.3.3 Compact vdisk

2.3.4 Detach vdisk

2.4. Rearm (Optional)

2.4.1 Rearm Office: "C:\Program Files (x86)\Common Files\Microsoft

Shared\OfficeSoftwareProtectionPlatform\ospprearm.exe"

2.4.2 Rearm Windows: C:\Windows\System32\slmgr.vbs /rearm

2.4.3 Shutdown

2.5. Create compressed package with

2.5.1 Virtual Machine drive

2.5.2 EULAs

2.5.3 Configuration Guide

2.5.4 Readme

2.5.5 License

2.5.6 OrgChart

2.6. Create Torrent for package

Congratulations! You can now start using your K2 Core virtual machine.

Please Note: While all individual role services or features are not expressly outlined in this document, a

number of dependencies are automatically added or are required to be added as part of the installation of

the components listed.

To minimize the effect of future updates on this document and to simplify the configuration outlined, only

key components have been detailed. Where no detail on configuration is provided, please use the default

configuration.

Please ensure that appropriate verification and testing is performed as part of the build.



APPENDIX – ANALYZING LOGGED ERRORS

The following items may help to resolve errors found in various logs.

1. SQL Server Reporting Services Shared Service, Event 1110

1.1. The value for the UrlRoot in ursreportserver.config is not valid. Checking the value will confirm

that it is valid - ignore this error.

2. Excel Services and PowerPivot

2.1. There is a bug in ECS when it tries to get a windows identity. Still open with MS. To work

around the issue, force the use of the Unattended Services account per these articles:

http://technet.microsoft.com/en-us/library/hh525344.aspx and

http://powerpivotgeek.com/2009/11/06/taking-your-server-off-the-network/

2.2. CA > Site Actions > View All Site Content > PowerPivot Management > {GUID}

2.3. Download the following workbooks

2.3.1 PowerPivot Management Data.xlsx

2.3.2 1033\Server Health.xlsx

2.3.3 1033\Workbook Activity.xlsx

2.4. For each workbook open, change (per below) and upload back overwriting existing

2.4.1 Data Ribbon > Connections > Properties > Definition> Excel Services > Authentication

Settings

2.4.2 Change from Windows Authentication to None

3. Visual Studio F# Load error

3.1.1 Download and install http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ff97433b-

1d0d-4b1b-bc55-9f6ae9a2f275&displaylang=en

4. Group Policy Errors

4.1. Follow steps in this article: http://support.microsoft.com/kb/977695/en-us

4.2. IIS AppPool\Classic .NET AppPool; IIS AppPool\DefaultAppPool

4.3. NT Service\SQLSERVERAGENT; NT Service\MSSQLSERVER

4.4. NT SERVICE\WdiServiceHost

5. Replication Directory Errors

5.1. Follow steps in this article for DENALLIX\SPFarmService:

http://blogs.msdn.com/sharepoint/archive/2009/12/14/how-to-set-replication-directory-

changes.aspx

6. User Profile Service, Event ID 1511

6.1. Follow the steps in this article for DENALLIX\SPWebService:

http://blog.brainlitter.com/archive/2010/06/08/how-to-revolve-event-id-1511-windows-cannot-find-

the-local-profile-on-windows-server-2008.aspx

7. User Profile/FIM Service Event ID 1004, 1001, 1015

7.1. http://www.sysadminsblog.com/microsoft/event-1004-1001-1015-%E2%80%93-microsoft-

resourcemanagement-service-exe/

8. User Profile Service Error 3, FIMSynchronizationService, Event ID 6125, FIMSynchronizationService,

Event ID 6327

8.1. Basically any of these mean UPS is corrupt. Follow the steps in this article to re-check/reset all

account permissions, and then follow the steps in this KB to rebuild it:


9. CRM 2011 – Multiple Login Prompts

9.1. Follow the steps in this article (just IIS part): http://xrmrocks.com/crm-2011-repeated-login-

prompt

10. CRM 2011 – MRU Provisioning

http://technet.microsoft.com/en-us/library/hh525344.aspx

http://powerpivotgeek.com/2009/11/06/taking-your-server-off-the-network/

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ff97433b-1d0d-4b1b-bc55-9f6ae9a2f275&displaylang=en

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ff97433b-1d0d-4b1b-bc55-9f6ae9a2f275&displaylang=en

http://support.microsoft.com/kb/977695/en-us



http://blog.brainlitter.com/archive/2010/06/08/how-to-revolve-event-id-1511-windows-cannot-find-the-local-profile-on-windows-server-2008.aspx

http://blog.brainlitter.com/archive/2010/06/08/how-to-revolve-event-id-1511-windows-cannot-find-the-local-profile-on-windows-server-2008.aspx

http://www.sysadminsblog.com/microsoft/event-1004-1001-1015-%E2%80%93-microsoft-resourcemanagement-service-exe/

http://www.sysadminsblog.com/microsoft/event-1004-1001-1015-%E2%80%93-microsoft-resourcemanagement-service-exe/


http://xrmrocks.com/crm-2011-repeated-login-prompt

http://xrmrocks.com/crm-2011-repeated-login-prompt



10.1. Follow the steps in this post to force provision: http://social.microsoft.com/Forums/de-

DE/crmdeployment/thread/d81133c7-0fba-4a7a-a5e4-0784ab2430ad

11. CRM Timeout Errors (query exceeds 10 seconds), Event 17972

11.1. See this article https://community.dynamics.com/product/crm/f/117/p/64580/120711.aspx

and run this script USE [MSCRM_CONFIG] UPDATE ServerSettingsProperties SET IntColumn='60' WHERE ColumnName='LongQueryThresholdInSeconds'

12. CRM Miscellaneous Errors

12.1. http://inogic.blogspot.com/

13. MSCRMTracing Event ID 17203

13.1. http://support.microsoft.com/kb/907490

13.2. Run "C:\Resources\Configuration\Enable CRM Tracking.ps1"

14. SQL Server Reporting Services Shared Service, Event ID 1110

14.1. Reports that UrlRoot invalid and default will be used. This seems to be a bug that will not

resolve. SSRS is working so just ignore.

15. MSExchange Search Indexer, Event ID: 104

15.1. Reset the search index, open up the Exchange Management Shell navigate to

%PROGRAMFILES%\Microsoft\Exchange Server\V14\Scripts and then run the following

command:

.\ResetSearchIndex.ps1 -force -all

16. JIT Debugger Errors

16.1. Run "C:\Resources\Configuration\Disable JIT Debugging.ps1"

16.2. http://blogs.technet.com/b/stefan_gossner/archive/2010/05/10/common-problem-with-

sharepoint-2010-system-security-cryptography-cryptographicexception-keyset-does-not-

exist.aspx

17. DCOM, Event ID 10016

17.1. Follow steps in this article for DENALLIX\SPWebService and DENALLIX\SPFarmService:

http://www.wictorwilen.se/Post/Fix-the-SharePoint-DCOM-10016-error-on-Windows-Server-

2008-R2.aspx

18. VSS Errors

18.1. Follow steps in this article for DENALLIX\SPFarmService:

http://nitman.com/2009/11/27/vss-event-id-12289/

18.2. Also http://globaljosh.wordpress.com/2010/07/13/volume-shadow-copy-service-error-

failed-resolving-account-spfarm-with-status-1376/

18.3. Add DENALLIX\SPFarmService and DENALLIX\ADFSService to Backup Operators

group

18.4. Delete DENALLIX\SPFarmService and DENALLIX\ADFSService from

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\VssAccessControl (and

CurrentControlSet001 and 002)

19. WMI Event 10

19.1. Run “cscript C:\Resources\Configuration\Fix WMI Error (KB950375).vbs”


20. DCDiag Clock error

20.1. Run to set: w32tm /config /manualpeerlist:time.windows.com,0x1 /syncfromflags:manual

/reliable:yes /update

20.2. Run to validate: w32tm /config /manualpeerlist:time.windows.com,0x1

/syncfromflags:manual /reliable:yes /update

21. SQL Agent, Event 324

http://social.microsoft.com/Forums/de-DE/crmdeployment/thread/d81133c7-0fba-4a7a-a5e4-0784ab2430ad

http://social.microsoft.com/Forums/de-DE/crmdeployment/thread/d81133c7-0fba-4a7a-a5e4-0784ab2430ad

https://community.dynamics.com/product/crm/f/117/p/64580/120711.aspx

http://inogic.blogspot.com/


http://blogs.technet.com/b/stefan_gossner/archive/2010/05/10/common-problem-with-sharepoint-2010-system-security-cryptography-cryptographicexception-keyset-does-not-exist.aspx



http://www.wictorwilen.se/Post/Fix-the-SharePoint-DCOM-10016-error-on-Windows-Server-2008-R2.aspx


http://nitman.com/2009/11/27/vss-event-id-12289/

http://globaljosh.wordpress.com/2010/07/13/volume-shadow-copy-service-error-failed-resolving-account-spfarm-with-status-1376/

http://globaljosh.wordpress.com/2010/07/13/volume-shadow-copy-service-error-failed-resolving-account-spfarm-with-status-1376/




21.1. Wait for first Service Pack: http://letsdev.us/2012/04/ms-sql-server-2012-error-

opensqlserverinstanceregkeygetregkeyaccessmask-failed-reason-2/

22. SharePoint Foundation, Event ID 7043

22.1. Edit File posts don’t work, rename file: http://todd-carter.com/post/2010/05/03/Help-

Wanted-Taxonomy-Picker.aspx

22.2. C:\Program Files\Common Files\Microsoft Shared\Web Server

Extensions\14\TEMPLATE\CONTROLTEMPLATES\TaxonomyPicker.ascx

22.3. Locate the following line :

<%@ Control className="TaxonomyPickerControl" Language="C#"

Inherits="Microsoft.SharePoint.Portal.WebControls.TaxonomyPicker,Microsoft.SharePoint.

Portal, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>

Replace '&#44' with ',' , the correct line should look like

<%@ Control className="TaxonomyPickerControl" Language="C#"

Inherits="Microsoft.SharePoint.Portal.WebControls.TaxonomyPicker,

Microsoft.SharePoint.Portal, Version=14.0.0.0, Culture=neutral,

PublicKeyToken=71e9bce111e9429c" %>

23. SharePoint Usage Collection – Could not find stored procedure ‘dbo.Search_GetRecentStats’

23.1. http://spjoel.wordpress.com/2012/08/06/could-not-find-stored-procedure-dbo-

search_getrecentstats/

24. Office Web Application Errors

24.1. In the server’s c:\windows\system32\inetsrv\config\applicationHost.config

Add the line below in the end of the dynamicTypes.

24.2. Remember to delete and re-add any word docs that were rendered with errors.

25. DCOM Errors

25.1. http://www.wictorwilen.se/Post/Fix-the-SharePoint-DCOM-10016-error-on-Windows-

Server-2008-R2.aspx

http://blog.ronnypot.nl/?p=843

25.2. Component Services (DCOMCNFG.exe) > Computers > My Computer > DCOM Config >

IIS WAMREG admin Service > Properties

25.2.1 Security > Launch and Activation Permissions > Edit

25.2.1.1 Add: DENALLIX\SPWebService

25.2.1.2 Allow: Local Launch; Local Activation

26. WinRM service failed to create the following SPNs error

26.1. Follow these instructions: http://social.technet.microsoft.com/Forums/en-

US/exchange2010/thread/1a141035-1c5d-4fcb-90c0-573b7e7800a6

26.2. dsacls "CN=AdminSDHolder,CN=System,DC=denallix,DC=com" /G "S-1-5-

20:WS;Validated write to service principal name"

26.3. setspn -A WSMAN/dlx.denallix.com DLX

26.4. setspn -A WSMAN/dlx DLX

27. Windows Mail errors (ESENT 215)

27.1. Safely ignore: http://support.microsoft.com/kb/938494

28. Unknown SQL Exception 2812 occurred. Additional error information from SQL Server is included

below. Could not find stored procedure 'dbo.Search_GetQueryLatency'.

28.1. http://dirkvandenberghe.com/2011/01/26/getting-rid-of-dbo-search-getrecentstats-

error.html

29. Object Cache: The super user account utilized by the cache is not configured.

29.1. Run C:\Resources\Configuration\Setup Portal Super Accounts.ps1

http://letsdev.us/2012/04/ms-sql-server-2012-error-opensqlserverinstanceregkeygetregkeyaccessmask-failed-reason-2/

http://letsdev.us/2012/04/ms-sql-server-2012-error-opensqlserverinstanceregkeygetregkeyaccessmask-failed-reason-2/

http://todd-carter.com/post/2010/05/03/Help-Wanted-Taxonomy-Picker.aspx

http://todd-carter.com/post/2010/05/03/Help-Wanted-Taxonomy-Picker.aspx

http://spjoel.wordpress.com/2012/08/06/could-not-find-stored-procedure-dbo-search_getrecentstats/

http://spjoel.wordpress.com/2012/08/06/could-not-find-stored-procedure-dbo-search_getrecentstats/



http://blog.ronnypot.nl/?p=843

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/1a141035-1c5d-4fcb-90c0-573b7e7800a6

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/1a141035-1c5d-4fcb-90c0-573b7e7800a6


http://dirkvandenberghe.com/2011/01/26/getting-rid-of-dbo-search-getrecentstats-error.html

http://dirkvandenberghe.com/2011/01/26/getting-rid-of-dbo-search-getrecentstats-error.html



30. User Profile Service errors after SP1

30.1. Delete and Recreate following: http://www.harbar.net/articles/sp2010ups.aspx

31. Full Crawl error with access denied on sp3

31.1. http://www.thesanitypoint.com/archive/2010/05/27/successful-sharepoint-2010-people-

search.aspx

32. System.Data.SqlClient.SqlException: A transport-level error has occurred when sending the request

to the server. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the

pipe.) or Either a required impersonation level was not provided, or the provided impersonation level

is invalid. (Exception from HRESULT: 0x80070542)

32.1. Disable SQL Server Shared Memory protocol

33. SQL Paging Buffer Errors


34. Security-SSP Errors

34.1. Run check disk, sfc, and then finally might need a rearm

35. Microsoft Windows DNS Client, Event ID 1014

35.1. http://social.technet.microsoft.com/wiki/contents/articles/3336.event-id-1014-microsoft-

windows-dns-client.aspx

36. PowerView Errors

36.1. http://www.powerpivotblog.nl/tag/kerberos

36.2.

37. PowerPivot Miscellaneous Errors

37.1. http://powerpivotgeek.com/troubleshooting/diagnostic-guide-for-usage-and-the-

powerpivot-management-dashboard/

37.2. http://technet.microsoft.com/en-us/library/ff191197.aspx

37.3. Update max workbook size to 200mb: http://social.technet.microsoft.com/Forums/en-

US/sharepoint2010setup/thread/a504ba36-9136-42d5-b5de-5558bd62569d/

http://www.harbar.net/articles/sp2010ups.aspx

http://www.thesanitypoint.com/archive/2010/05/27/successful-sharepoint-2010-people-search.aspx

http://www.thesanitypoint.com/archive/2010/05/27/successful-sharepoint-2010-people-search.aspx


http://social.technet.microsoft.com/wiki/contents/articles/3336.event-id-1014-microsoft-windows-dns-client.aspx

http://social.technet.microsoft.com/wiki/contents/articles/3336.event-id-1014-microsoft-windows-dns-client.aspx

http://www.powerpivotblog.nl/tag/kerberos

http://powerpivotgeek.com/troubleshooting/diagnostic-guide-for-usage-and-the-powerpivot-management-dashboard/

http://powerpivotgeek.com/troubleshooting/diagnostic-guide-for-usage-and-the-powerpivot-management-dashboard/

http://technet.microsoft.com/en-us/library/ff191197.aspx

http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/a504ba36-9136-42d5-b5de-5558bd62569d/

http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/a504ba36-9136-42d5-b5de-5558bd62569d/

Date post:	30-Dec-2015
Category:	Documents
Upload:	vicanfon
View:	384 times
Download:	5 times