Setup point data server

Before you begin, make sure that you understand this action plan. If the SharePoint farm becomes completely inaccessible, or if the configuration database becomes corrupted, you will have to restore the functionality from the latest farm backup. If you want to store the databases on different SQL Server instances, modify the script accordingly.

This step is required so that when you create databases without specifying the database server, they won't connect to the old SQL Server instance. The following action plan is going to point all databases to the same SQL Server instance the one that serves the configuration database.

Modify this script to match your requirements. This step describes how to directly modify the SharePoint configuration database. Direct database modification is generally not supported for most SharePoint-related databases. The actions that are specified here are permitted only for this specific purpose. We do not grant permission to use these steps to make any other changes.

The query returns a single row that has two columns. One column is for the GUID of the configuration item, and the other is for the content of the configuration item, as in the following example:. In the Username box, type the user name of the farm administrator service account.

Security note : The farm administrator service account is used to access your configuration database. It also acts as the application pool identity account for the SharePoint Central Administration application pool, and it is the account under which the Microsoft SharePoint Foundation Timer service runs. The user account that you specify as the farm administrator service account has to be a domain user account.

However, it does not have to be a member of any specific security group on your SharePoint servers or your database servers. We recommend that you follow the principle of least-privilege and specify a user account that is not a member of the Administrators group on your SharePoint servers or your database servers.

Although a passphrase resembles a password, it is usually longer to improve security. It is used to encrypt credentials of accounts that are registered in SharePoint Server. For example, the SharePoint Server server farm administrator service account that you provide when you run the SharePoint Products Configuration Wizard.

Ensure that you remember the passphrase, because you must use it every time that you add a server to the farm. On the Specify Server Role page, choose the appropriate role, click Next. For a single server farm, we recommend choosing the Single Server Farm role, although you can select a Custom role if you want to individually manage the services instances that run on the server. You can change the role of a server later if you change your mind or want to expand your farm by adding additional servers.

Either select the Specify port number check box and type the port number that you want the SharePoint Central Administration web application to use, or leave the Specify port number check box cleared if you want to use the default port number. On the Completing the SharePoint Products Configuration Wizard page, review your configuration settings to verify that they are correct, and then click Next.

On the Configuration Successful page, click Finish. When the wizard closes, setup opens the web browser and connects to Central Administration. If you are prompted for your user name and password, you might have to add the SharePoint Central Administration web site to the list of trusted sites and configure user authentication settings in Internet Explorer. You might also want to disable the Internet Explorer Enhanced Security settings.

If you see a proxy server error message, you might have to configure proxy server settings so that local addresses bypass the proxy server. Instructions for configuring proxy server settings are provided in the following section.

For more information about how to configure browser and proxy settings, see Configure browser settings. If you are not using Internet Explorer, you might have to configure additional settings for your browser. For information about supported browsers, see Plan browser support in SharePoint Servers and To confirm that you have configured browser settings correctly, log on to the server by using an account that has local administrative credentials.

Next, connect to the SharePoint Central Administration web site. If you are prompted for your user name and password when you connect, perform the following procedures:. To add the SharePoint Central Administration website to the list of trusted sites. On the Security tab, in the Select a zone to view or change security settings area, click Trusted Sites , and then click Sites.

Clear the Require server verification https: for all sites in this zone check box. To configure proxy server settings to bypass the proxy server for local addresses. In the Automatic configuration area, clear the Automatically detect settings check box. You have now completed setup and the initial configuration of SharePoint Server. You have created the SharePoint Central Administration web site. You can now configure your farm and sites, and you can select services by using the Farm Configuration Wizard.

On the Configure your SharePoint farm page, next to Yes, walk me through the configuration of my farm using this wizard , click Start the Wizard. On the Service Applications and Services page, in the Service Account section, click the service account option that you want to use to configure your services. Security note : For security reasons, we recommend that you use a different account from the farm administrator account to configure services in the farm.

If you decide to use an existing managed account — that is, an account of which SharePoint Server is aware — make sure that you click that option before you continue. On the System Role Selection page of the Create Site System Server Wizard or Add Site System Roles Wizard , depending on whether you add the site system role to a new or existing site server, select Software update point , and then configure the software update point settings in the wizard.

The settings are different depending on the version of Configuration Manager that you use. For more information about how to install site system roles, see Install site system roles. You must configure the proxy server, and then specify when to use the proxy server for software updates. Configure the following settings:.

Configure the proxy server settings on the Proxy page of the wizard or on the Proxy tab in Site system Properties. The proxy server settings are site system specific, meaning that all site system roles use the proxy server settings that you specify. Specify whether to use the proxy server when Configuration Manager synchronizes the software updates and when it downloads content by using an automatic deployment rule. Configure the software update point proxy server settings on the Proxy and Account Settings page of the wizard or on the Proxy and Account Settings tab in Software update point Properties.

The Use a proxy when downloading content by using automatic deployment rules setting is available but it is not used for a software update point on a secondary site. Only the software update point on the central administration site and primary site downloads content from the Microsoft Update page. By default, the Local System account for the server on which an automatic deployment rule was created is used to connect to the Internet and download software updates when the automatic deployment rules run.

When this account does not have access to the Internet, software updates fail to download and the following entry is logged to ruleengine. Configure the credentials to connect to the proxy server when the Local System account does not have Internet access.

Use the information in the following sections to configure the WSUS settings. If you still require a user proxy despite the security trade-offs, a new software updates client setting is available to allow these connections. You must configure the WSUS port settings on the Software Update Point page of the wizard or in the properties of the software update point.

Use the following procedure to determine the port settings used by WSUS. You can configure SSL communication on the General page of the wizard or on the General tab in the properties of the software update point.

You can enable a software update point to accept communication from clients on the internet via a cloud management gateway CMG. For more information about this setting, see Configure client-facing roles for CMG traffic.

You can configure an account to be used by the site server when it connects to WSUS that runs on the software update point. When you don't configure this account, the Configuration Manager uses the computer account for the site server to connect to WSUS.

You can configure the account in different places of the wizard depending on the version of Configuration Manager that you use.

For more information about Configuration Manager accounts, see Accounts used. You can configure the upstream synchronization source for software updates synchronization on the Synchronization Source page of the wizard, or on the Sync Settings tab in Software Update Point Component Properties. Your options for the synchronization source vary depending on the site. Use the following table for the available options when you configure the software update point at a site. The following list provides more information about each option that you can use as the synchronization source:.

Synchronize from Microsoft Update : Use this setting to synchronize software updates metadata from Microsoft Update. The central administration site must have Internet access; otherwise, synchronization will fail. This setting is available only when you configure the software update point on the top-level site.

You can also choose to restrict access on the firewall to limited domains. For more information about how to plan for a firewall that supports software updates, see Configure firewalls. Ensure that the internet access requirements are met for each of the WSUS servers. If internet access requirements aren't met, then sync failures can occur. You may see different software update points at the top-level site syncing with Microsoft.

Synchronize from an upstream data source location : Use this setting to synchronize software updates metadata from the upstream synchronization source. The child primary sites and secondary sites are automatically configured to use the parent site URL for this setting.

You have the option to synchronize software updates from an existing WSUS server. Do not synchronize from Microsoft Update or upstream data source : Use this setting to manually synchronize software updates when the software update point at the top-level site is disconnected from the Internet.