You need to add server to farm in sharepoint, then follow the step by step below. Let’s say, there is some issue due to which you disconnected web front-end server from sharepoint farm. Once issue resolved, you need to join web front-end server to farm again. In that case follow the step by step below.
Advertisements
Open the web front-end server which is disconnected from sharepoint farm or you need to join server to farm.
Click on sharepoint product configuration wizard from Start.
Click on Next from the dialog opened.
sharepoint products configuration wizard
Advertisements
You will get additional dialog box which will inform the services may have to be started or reset during configuration. You see internet information services, sharepoint administration service, sharepoint timer service will be restarted during this config wizard run. Click on Yes.
services started or reset
Advertisements
You will get a dialog connect to a server farm with options like connect to an existing server farm and create a new farm. Select the option Connect to an existing farm and click on Next.
You may skip to next step to enter details like Database server name and Database name.
Enter Database server name and click on Retrieve Database names. Config database will be auto populated in the field Database name.
specify configuration database settings
Advertisements
In the next dialog Specify Farm Security Settings, enter passphrase and click on Next.
enter passphrase
Advertisements
Next you need to Specify a Server Role since minrole is implemented in sharepoint 2019. Select Front-end server present under Dedicated Roles and click on Next.
specify server role
Advertisements
Verify details like Configuration Database Server, Configuration Database Name, Local Server Role and click on Next.
Install SSL certificate trusted root certificate Intermediate certificate is required on sharepoint servers which is provided by Certification Authority. SSL is a security protocol that establishes a secure connection by providing encrypted connection between server and client, typically between server and client browser. So, its mandatory to install ssl certificate in servers. Normally we create .pem file for SSL certificate. PEM file with full form “Privacy-enhanced Electronic Mail” is nothing but a file format, act as certificate container files. It stores cryptographic data, like “Keys” and “Digital Certificates“. Follow the step by step below to Install SSL certificate trusted root certificate Intermediate certificate on sharepoint web servers.
Advertisements
Generate CSR file
Create .pem file for SSL certificate
Install Certificate on Web Server from which CSR file is created
Install Certificate on Web Server from which CSR file is not created
Export certificate from server where CSR files is created and installed
Install PFX file certificate
Install Internal Certificates
Install Global Root CA
Install Intermediate Certificates RapidSSL RSA CA
Advertisements
Generate CSR file
Before requesting certificate, first generate csr file for ssl certificate from web server. Follow the step by step procedure below for CSR file (Certificate Signing Request file) generation.
Click on “Create Certificate Request” from right pane.
You will get a dialogue box “Request Certificate” wizard to fill “Distinguished Name Properties” like Common name, Organization, Organizational Unit, City/locality, State, Country/Region.
Department name in organization like “IT”, “Web Security” etc.
City/locality
company location legally
State/province
Country/region
Common name: SharePoint2019.spmcse.com
Organization: SPMCSE
Organizational unit: IT
City:
State:
Country/region: US
Advertisements
Click on “Next” once filled all details.
You will get next window “Cryptographic Service Provider Properties“.
Select the option “Microsoft RSA SChannel Cryptographic Provider” from drop down option “Cryptographic service provider“.
Select “Bit length” as “2048” from drop down and click on “Next“.
Cryptographic Service Provider Properties
Microsoft RSA SChannel Cryptographic Provider
Bit length
2048
Advertisements
Next window “File Name” will appear.
Under “Specify a file name for the certificate request“, choose “saved location for your CSR file ex. C:\certs\CsrFile.txt“. Default saved location is “C:\Windows\System32“.
Click on “Finish” once saved location of the CSR file is selected.
Create csr file for ssl certificate process completed.
Open CSR file with notepad. You will see information in CSR starts with “BEGIN NEW CERTIFICATE REQUEST” and at the end you will notice “END NEW CERTIFICATE REQUEST“. This is the format of CSR file created.
Advertisements
Create .pem file for SSL certificate
Next process is to request SSL trusted certificate from third party digital certificate authority provider. We will create .pem file for SSL certificate.
Login to any third party certificate authority site that provides digital certificate. Let me share one third party certificate authority provider “https://www.venafi.com“.
Under “Policy” from left navigation, expand “Certificate Under Management“.
Expand “External Facing Certificate“.
Expand “Enrollment Management Type“. You will find your server folder (Ex. SPMCSE) under that. Right click on “SPMCSE“.
Navigate to Add -> Certificate -> Certificate.
Fill details like “Certificate Name” and “Description” under the tab “General Information“.
Advertisements
Under the tab “CSR Handling“, select “CSR Generation” option as “User Provided CSR“. Below that there is a option “Upload CSR“. Click on “Upload CSR“.
Click on “Browse“, select the CSR files generated and saved as discussed in previous steps and click on “Upload“. Click on “OK“.
From next window under the tab “Subject Alt Name“, click on “Add/Remove“.
Select “SAN Type” as “DNS“.
Enter extra URL in “SAN Value (SharePoint2019.spmcse.com, MySite.spmcse.com)“.
Click on “Add“. URLs under “SAN Value” will be moved to “SAN“. Click on “Done“.
Advertisements
From next tab “Symantec MPKI Owner“, Enter manager information like “First Name“, “Last Name“, “Email“.
Click on “Save“.
From top navigation click on “Settings” and then click on “Renew Now“. Click on “Yes“.
Advertisements
Once security team approves the request, certificate is created and ready to be downloaded.
Log in to the CA provider. From “Settings” present at the top navigation, click on “Download“, choose certificate.
From pop up window “Download Certificate“, select the checkbox “Include Root Chain“.
Select “Chain Order” as “End-entity first“. “Format” as “Base64 (PKCS#8)“. Click on “Download“.
Advertisements
Install Certificate on Web Server from which CSR file is created
Now we need to install certificate on web server. Web server includes the server from which CSR file got generated and other servers from which CSR file is not generated. First we will discuss about how to install certificate on server from which CSR file is generated.
Click on the server name present under Connections from left navigation.
Click on “Server Certificates” present in “Center Pane” under IIS in “Feature view“.
Double click on “Server Certificates“.
Click on “Complete Certificate Request” from right pane.
You will get a dialogue box “Complete Certificate Request” wizard. Browse and select the certificate (.pem file) from the field “File name containing the certificate authority’s response“.
Populate next field “Friendly name” as “SharePoint2019.spmcse.com“.
From next field “Select a certificate store for the new certificate“, choose “Personal” from drop down. Click “OK“.
Now you can see the certificate under “Server Certificates” in “Features View“. This indicates that certificate is successfully installed.
Advertisements
Install Certificate on Web Server from which CSR file is not created
Installation of certificate on servers from which CSR file is not generated is a 2 step process as below.
Export certificate from server where CSR files is created and installed.
Install PFX file certificate.
Advertisements
Export certificate from server where CSR files is created and installed
Open the server from which SSL trusted digital certificate from certificate authority is generated.
From keyword shortcut keys, type “WINKEY+R” to open “run” window.
Type “mmc” and press “Enter“.
Navigate to “Console Root -> Certificates (Local Computer) -> Personal -> Certificates“.
You will find the installed certificate (SharePoint2019.spmcse.com) under it.
Select the certificate, right click on it.
Click on “All Tasks” and then select “Export“.
You will get the window “Certificate Export Wizard“. Click on “Next“.
From the next windows select the radio button “Yes, export the private key” and click on “Next“.
From next window, select the radio button “Personal Information Exchange – PKCS #12 (.PFX)“. Under that, make sure the check boxes related to options “Include all certificates in the certification path if possible” and “Export all extended properties” are selected. Click on “Next“.
From next window, select the checkbox “Password” and insert “New Password“. Click on “Next“.
FInally you will get the window “Completing the Certificate Export Wizard” with all selected settings. Click on “Finish“. You will get pop up like “The export was successful“. Click on “OK“.
Advertisements
Install PFX file certificate
Copy the exported certificate (.PFX) file to other servers where you need install this certificate.
Navigate to the .PFX file and right click on it.
Select on “Install PFX“.
You will get the window “Certification Import Wizard“.
Select the ration button option “Local Machine” present under “Store Location“. Click on “Next“.
From next window, browse to the stored location of .PFX file and select the certificate. Click on “Next“.
From next window, enter the same password that was set while exporting the certificate in previous steps.
Make sure the checkbox “Include all extended properties” selected present under “Import Options“. Click on “Next“.
From next window, browse “Place all certificate in the following store” as “Personal“. Click on “Next”.
From next window “Completing the Certificate Import Wizard“, you will see all selected options. Click on “Finish“.
Advertisements
Install Internal Certificates
Next process on Install SSL trusted root Intermediate certificate is to install internal certificates like “Global Root CA” and “RapidSSL RSA CA” in all servers that are using SSL certificate.
Install Global Root CA
Copy the folder “Global Root and intermediate CA – RapidSSL (internal certs)” to the server in which needs to be installed.
Open the folder, you will see 2 security certificates like “Global Root CA” and “RapidSSL RSA CA“.
Select and right click on the security certificate “Global Root CA“, click on “Install Certificate“.
You will get the window “Certification Import Wizard“.
Select the ration button option “Local Machine” present under “Store Location“. Click on “Next“.
From next window, browse to the stored location as “Trusted Root Certification Authorities“, click “OK” and move to “Next“.
From next window “Completing the Certificate Import Wizard“, you will see all selected options. Click on “Finish“. Finally click on “OK” from pop up window.
Advertisements
Install Intermediate Certificates RapidSSL RSA CA
Similarly select and right click on the security certificate “RapidSSL RSA CA“, click on “Install Certificate“.
You will get the window “Certification Import Wizard“.
Select the ration button option “Local Machine” present under “Store Location“. Click on “Next“.
From next window, browse to the stored location as “Intermediate Certification Authorities“, click “OK” and move to “Next“.
From next window “Completing the Certificate Import Wizard“, you will see all selected options. Click on “Finish“. Finally click on “OK” from pop up window. Rapidssl certificate installation completed.
As defined in Internet Information Services (IIS) an application Pool is a collection of one or more URLs that are serviced by one or a set of worker processes. After installation of SharePoint, open IIS Manager. You will notice application pools in iis.
You must select an existing Application Pool or create a new pool whenever you create a service or web application in SharePoint Server.
application pools in iis allow multiple SharePoint websites to run on a single server without the processes or code in one site interacting with any other sites. This is primarily a security benefit, since any outside intrusion on one site is isolated. Also, problematic or poor code running on one site is isolated so that other sites on the server are unaffected. For these reasons, you should plan to use dedicated application pools to isolate authenticated content and separate applications that contain password information.
we can run powershell command to get all application pools.
Get-IISAppPool
we can search one or more application pool directly by running the below command.
