Configuring SharePoint Farm for SharePoint Hosted Add-Ins
Not much has been changed for Apps other than the fact that they are now called Add-Ins. The configuration remain the same.
1. Need to setup an Apps Domain for SharePoint Apps (Zone)
2. Need a certificate for app domain
3. Perform App Configuration on Central Administration
4. Creating App Catalog Site collection,
5. Uploading and adding an Add-In
Creating App Domain for Add-Ins
SharePoint hosted Add-Ins require a unique app domain. You must create a new Zone in DNS for you farm. If you have multiple farms in your environment, you can create root domain and then a sub domain for every farm. It is fully supported by Microsoft.
1. Login to Domain Controller VM
2. Open DNS Manager – Right Click on Forward Lookup Zones – New Zone
3. Click Next
4. Choose Primary Zone – Click Next
5. Click Next.
6. Type In your App domain. I am using contoso16appscom
7. Choose do not allow auto updates. Click Next
8. Click Finish
9. Expand the Forward Lookup Zones – Right click on contoso16apps.com – New CNAME
10. Alias Name type * (Asterisk) – Click Browse – Double Click on Your Domain Controller Name – Forward Lookup Zone – Contoso.com – Select the SharePoint box and Click OK.
11. Click OK
12. Open PowerShell or command prompt and type the following
13. Ping app-1234.contoso16apps.com
14. Just to make sure try the same from SharePoint Box as well.
15. Now let’s complete the App Configuration
16. Open SharePoint Central Administration – Apps – Configure App URLs
17. To Fix the above error, I check if both App Management and Subscription Settings services are running.
Get-SPServiceInstance | ? TypeName -like “*Subscription*” | Select Id, TypeName
Get-SPServiceInstance | ? TypeName -like “*App Management*” | Select Id, TypeName
18. Then I check if both App Management and Subscription settings service application exist
Get-SPServiceApplication | ? TypeName -like “*Subscription*” | Select Id, TypeName
Get-SPServiceApplication | ? TypeName -like “*App Management*” | Select Id, TypeName
19. The result showed that I do not have the subscription settings service application. I used the script below to create it.
$AppPool = Get-SPServiceApplicationPool “SharePoint Web Services Default”
$Subscription = New-SPSubscriptionSettingsServiceApplication -Name “Subscription Settings” -DatabaseName “2016_Subscription” -ApplicationPool $AppPool -Verbose
New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $Subscription
20. Went back to Configure apps page and refresh
21. Now Type the app domain and App prefix and click OK.
22. Now Click on Manage App Catalog – Select the portal web application – Click OK.
23. Click OK after create a new app catalog site.
24. Type the site collection name, description and URL
25. Type in Primary site collection Admin and end users group name. Everyone to give all users access to apps. Click OK.
26. Once the site is created click on Link to Open in new tab.
27. Click on Apps for SharePoint – Click Upload – Select and Add-In file and click Upload. Enter apps title and click OK.
28. You can find the sample app here
Adding an Add-In to SharePoint Site.
First Open Management Shell as Administrator – type iisreset and press enter.
Open SharePoint Site – Click on Site Contents – Add an App – Select From your organization – App 4
Click Trust IT
Now click on the App – You will see the Certificate Error. We will resolve this error in the next step.
Clicking on Continue to this website will prompt for authentication.
App Configuration is complete. We will now request a certificate.
Creating a Certificate for App Domain
There are two options for certificate one is self-signed certificate and then using a certificate from Certificate authority. For some reason I did not liked self-signed certificate. I always configure enterprise certificate store in my lab. Creating a Certificate Authority in a Lab is very easy process. Please find the blog post below on how to set it up.
Installing an Enterprise Certificate Authority in Windows Server 2012
Once you have installed and configured the Certificate Authority, the next step would be to create a certificate template. We will create this template by duplicating the web server template. We will then make sure this template has permissions for domain computers to enroll, private key is exportable. We will then issue the template. Let’s do that.
Login to Domain Controller – Server Manager – Click Certificate Authority
Right Click on Certificate Template – Manage
Right Click on Web Server template – Duplicate Template
Certificate Template Console will open
Enter Template Display Name and validity Period from General Tab, from Request Handling “Allow private key to be exported”.
Do not choose 5 years. 2 years are good 🙂
Click on Security Tab -> Add Type “Domain Computers” – Choose Enroll – Authenticated Users – Enroll
Click OK. Minimize Certificate Template Console
In Certificate Authority Console – Right Click on Certificate Templates – New – Certificate Template to Issue
Choose SharePoint template that we created
Our template is now complete. Let’s request a new certificate for apps.
Search MMC from start screen and Open MMC
Click Add Snapin – Certificates – Add – Computer Accounts – Next – Finish – OK
Right Click on Personal – All Tasks – Request New Certificates
Click Next – Next – Click ON More information link next to sharePoint2016 Cert Template.
Select Common Name – type *.contoso16apps.com – Click Add
Select DNS – type *.contoso16apps.com – Click Add
From General type Friendly Name and Description – Click Apply OK.
Select the certificate template and click Enroll
Right Click – All Tasks – Export – Next
Yes, export the private key – Next
Check the password checkbox and click Next.
Click Browse and provide the File name and Click Save.
Click Next and Finish.
Copy the Certificate to SharePoint VM.
Assign Apps Certificate to No Host Header Web Application
Open IIS Manager
Click on Server Node – Double Click on Server Certificates – Import – Select the new exported certificate – Select the certificate – enter password and click OK.
Right click on No Host Header Web App – Edit Bindings
Click Edit – Select the new Apps SSL – Click OK – Close
Go back to page where the app was loaded and click Refresh
Certificate Error is now gone.