Setting up an Office Online Server farm with HTTPS without SSL offloading

If you are reading this post it means you are already familiar with the Microsoft article describing the way to deploy an Office Online farm. They provide instruction on how to set up a single server farm whether on HTTP or HTTPS but also how to deploy a multi-server, load-balanced Office Online Server farm that uses HTTPS. All nice but this guide assumes you will install a certificate on the load balancer in order to offload the SSL processing from your web server.

What if you do not want to offload the SSL processing form your server? In my case I have to always ask a certificate per server, even though my farm will be load balanced and it will run under its own DNS name I still need to request from the department managing the certificates a certificate for each server with a subject alternate name for my Office Online farm. As a result I end up with two certificates, one for each of my farm servers.  This is where the problem starts, because you will create the Office Online farm on node 1 let’s say when you try to add the second node to the farm you will get a message that the certificate is missing from the certificate store.  Of course it is missing, each server has its own certificate, my website FQDN is only specified in the alternate access mapping. The trick here is to change the friendly name of the certificate on each server to be the same. When you will add the second node to your Office Online farm, the certificate will be found and used as it is on the second node, meaning on node 1 you will encrypt the communication with certificate 1 and on node 2 you will encrypt the traffic with certificate 2. Since the certificate is only used to encrypt the data between the client and the server and it is not used for other internal tasks in the Office Online server farm there is no issue encrypting data with two different certificates depending on the node where you are connected to.


Office Web Apps Server 2013 available updates list

I find it quite difficult to find all the Office Web Apps Server 2013 updates in one place. As a result I will try to add all the updates here, based on the research I did. Comments are welcome.

According to this article you must install in this order updates:

SP1 then April 2014 PU then May 2014 PU, then June 2014 CU.

Then you can continue at will with the updates I provided here.

List of updates available until 27.03.2015, starting with SP1

SP1 patched 15.0.4571.1502: 



April 2014 PU – 15.0.4605.1001



May 2014 PU – 15.0.4615.1001: 



June 2014 CU: 


Download: Office Web Apps Server 2013/sp1/wacserver2013kb2881051fullfilex64glb/15.0.4623.1001/free/476105_intl_x64_zip.exe

July 8 2014



August 12 2014 


Download: Office Web Apps Server 2013/sp1/wacserver2013kb2883093fullfilex64glb/15.0.4641.1001/free/477601_intl_x64_zip.exe

October 14 2014


Download: Office Web Apps Server 2013/sp1/wacserver2013kb2889898fullfilex64glb/15.0.4659.1001/free/479136_intl_x64_zip.exe

December 9 2015


Download security updates:

Download CU: Office Web Apps Server 2013/sp1/wacserver2013kb2899574fullfilex64glb/15.0.4673.1000/free/480642_intl_x64_zip.exe

February 10 2015



March 10 2015


Download :

How to copy a SharePoint group from one site collection to another

I started working on this task a few days ago but I was not very lucky, I was not careful enough and I’ve spent a lot more time than usual. I am trying to copy a few groups from one site collection to another, instead of recreating them manually. You must add to this script the source and target site collection and then filter for the groups you are interested to copy. Make sure the owner(group or user) exists in the destination site collection, don’t load this variable from the source site collection as this will give you big problems if you choose a group. The groups are unique for each site collection. I loaded the owner group from the  source site collection and the groups I created were corrupt. I had to make changes in the content DB directly, a procedure which is not recommended by anyone. The following script will create groups with the same name, same members, your defined owner and by default only the owner will be able to change the content of the group. It will also copy the group description.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Input variables
$SourceWebURL = "http://source"
$TargetWebURL = "http://destination"
#In my scenario I will add a SharePoint group as the groups owner but you choose to use a user instead, make sure the user or group is available
#in the destination site collection
$ownername = "your owner group name"
#below define your string on which you filter for the groups to copy. You can choose to copy all groups or create your own filtering. 
#I filtered for groups which match a certain string. Change this based on your needs.
$yourstring = "*something*"
#Get the Webs
$SourceWeb = Get-SPsite $SourceWebURL
$TargetWeb= Get-SPWeb $TargetWebURL
$owner = $targetWeb.groups[$ownername]
#Get the Source groups
$SourceGroup = $SourceWeb.rootweb.sitegroups | where {$ -like ($yourstring) }
foreach ($group in $SourceGroup)
 $TargetWeb.SiteGroups.Add($group.Name, $owner, $null, $group.description)
 $destinationGroup = $TargetWeb.SiteGroups["$Group"]
 $destinationGroup.owner = $owner
foreach ($user in $Group.users){$TargetWeb.SiteGroups["$Group"].AddUser($user)}

Remove-SPManagedAccount failing after user was removed from Active Directory, in SharePoint 2013

Today I did a small mistake, I deleted an AD user before removing it first from the list of Managed accounts in SharePoint 2013. To be more specific about my case, the managed account was not used for anything, but still I was not able to delete it from the list of managed accounts after I deleted the AD account.

I was lucky to find a comment on one blog about a way to solve this  so I am sharing this with you. The person who posted the comment is called Jonathan Manley so all credits go to him. 

The solution is to use:

Get-SPManagedAccount -identity “domain\accountname” |Remove-SPManagedAccount

SharePoint 2013, initial farm configuration with PowerShell, the short version

A few months ago I did a small guide about starting up a SharePoint 2013 farm by using only PowerShell.  There are several reasons why I prefer this approach instead of the available “SharePoint 2013 Products Configuration Wizard”. The wizard is fine but if you do not have a dedicated instance for your SharePoint installation it brings too many problems instead of solving. Also having a script as a reference which can also be used on other nodes/farms with minimal adjustments is an added bonus.

I recently paid a subscription to Pluralsight and they have a dedicated training for setting up a farm with PowerShell, well this training takes the same approach I did in my old post but it is far from being perfect.

After researching I found that the same wizard can be used using psconfig.exe with a lot of switches. This is the TechNet reference if you need to adjust the script I will provide.

Here is the PowerShell script you can use to setup a new farm, specify the farm admin, a passphrase, create the Central Administration and the config DB’s, installs all services, installs all features, provisions a new Central Administration Web Application with NTLM authentication.

Add-PSSnapin "Microsoft.SharePoint.PowerShell"

psconfig.exe -cmd configdb -create -server SERVERNAME\INSTANCE_NAME -database CONFIG_DB_NAME -passphrase “YOUR PASSPHRASE” -user DOMAIN\FARM_ACCOUNT -password FARM_ADMIN_PASSWORD -admincontentdatabase CENTRAL_ADMIN_DB_NAME -cmd helpcollections -installall -cmd secureresources -cmd services -install -cmd installfeatures -cmd adminvs -provision -port YOUR_PORT -windowsauthprovider onlyusentlm -cmd applicationcontent -install

Save the above script(psconfig should be on one row with all the switches) and make modifications based on your needs. This will be used only on the first server of the farm, on the other nodes you will need to use the [-connect] switch with the  configdb option like here:

psconfig.exe -cmd configdb -connect -server <Server_name> -database <Database_name> -dbuser <DOMAIN\username> -dbpassword <password>

-dbuser can be used to specify an account with SQL database access in case the account you use to setup has no privileges on the SharePoint SQL databases/SQL instance.

Application Discovery and Load Balancer Service Application Proxy missing in SharePoint 2013

Today I had an interesting time with the Application Discovery and Load Balancer Service Application Proxy. I installed two SP 2013 farms to test Project Server 2013. For one of them I used the “Initial Farm Configuration Wizard” and on the second one I wanted to setup everything manually. The only problem was that on the one where I created everything manually the Proxy for Application Discovery and Load Balancer Service Application was missing(in the beginning). 

I know you are here for the same reason, why is this Proxy missing and how can I set it up.  Simple, you can’t, at least I did not find a command for it. But you don’t have to care about this as this is configured automatically  by SharePoint as soon as you have a Service Application that can be load balanced between the different nodes of the farm. even if your farm has one node this Proxy will still be created.

Please read here about this service application:

Also, this Proxy will always be created with a GUID after the name, don’t waste your time trying to change it.


SharePoint 2013 offline and unattended installation plus initial configuration

It’s a long time since I did not post anything, it was a busy period for me. Now that I live the most amazing time of my life I also try to focus on learning and work as much as I can. I can tell you this is quite difficult!

I’ve been thinking about writing this post for quite some time but I did not find the time to do it and as soon as I started I’ve discovered that there is a lot to learn before doing it.

First to put this into context, as I started to learn SharePoint 2013 because there will be an upgrade of the farm I manage at work, I’ve been thinking about documenting everything. Posting this on the blog so that the same community that helps me solve my problems and further develop my skills to also benefit from my work seemed like a very good idea for me.  I am very new to teaching something to other people and as I’ve discovered this is not an easy task, even when you know a product like SharePoint very well it’s still very hard to express that knowledge and to transfer it to a different person in a way that the person really understands what you want to transmit. And then there are the technical and organisational parts, people that create very good videos you see on YouTube put a lot of work in that, of course with time it gets easier but as I started it doesn’t look as easy as it looked before starting it.

Now going back to the subject, I plan to do a video training series on how to install, configure manage SharePoint 2013 and if everything goes well I’ll get into some upgrade topics as this is a very important part for me considering together with my team we will need to migrate a full SP2010 farm to SP2013 in the near future.

Please see here the video guide posted on YouTube and follow this blog post for links to the resources used in this session.

Why do I post an installation and initial farm configuration you might ask. Well there are a lot of guides on the internet, there is a lot of information, many options and to be honest at the beginning I got a little confused. Then there are small bits of information which are very good but I ended up with no great guide on how to install SP2013. I have to tell you that I am interested in a very easy way of doing it, I don’t want to spend too much time installing SharePoint.

In my case the installation is done on servers not connected to the internet. SharePoint is a great product to be used as the internal portal and many companies have their intranet not connected to the internet, most often when the intranet is a classified network.

When you install SP2013 exactly as with SP2010 there are actually two parts:  download and install the prerequisites and then install the SharePoint bits.   After you end the installation phase you will need to setup your farm using the “SharePoint 2013 Products Configuration Wizard”   which will help you create a new farm, choose a farm passphrase, creates the configuration database and the central administration database. The problem is this wizard will create those two databases with the default name and if you store another installation of SharePoint on the same instance you will get easily confused, even more when you used the same wizard on the other SP2010 farm stored on the same SQL.  So that was one requirement for me, to be able to specify the config and CA databases names. After you finish this wizard you have a SharePoint platform and the tools to manage it. It’s not really a farm because you create a farm using the second wizard proposed by Microsoft, the “Farm Configuration Wizard”. This wizard will deploy for you depending on what you select a number of service applications, all the time using the default values for the database names and configuring the service applications with a set of default settings.  You are able to specify a service account to be used as the application pool account for the service applications. The next step in this wizard is to create your first web application and the first site collection. This brings also a problem because the first web application will have a content database name of WSS_Content and it is created by default, there is no way to skip it.

After spending some time online I decided I want to skip both wizards and create my own scripts to deploy the farm.

Let’s start!

Phase 1

Install SharePoint Prerequisites offline and unattended.

1. Downloading the prerequisites

For this task you need to know on which platform you will install SharePoint and choose the right solution. I install SharePoint on a Server 2012 OS so I chose Craig Lussier’s script to download the prerequisites. It is the second script in his package and the name is very easy to guess. When you run the script you need to give a path where you will save your prerequisites.  Move those files to your SharePoint server or more easily if you install multiple servers put the files on a network share.

2. Creating the PrerequisiteInstaller.Arguments.txt

You can download a predefined sample here (right click, save as), and do a search and replace with the path where you stored the prerequisite installer files on your network share. Make sure you leave everything on one row. My file works fine for Server 2012. If you have a different infrastructure please adapt your path for the network share and where it is necessary also change the file name.  Prerequisites have a different name when you install them on different platforms.

3. Copy your SharePoint 2013 installation media to a network share and paste the PrerequisiteInstaller.Arguments.txt next to the Prerequisiteinstaller.exe. When you launch the prerequisiteinstaller.exe it will search for the arguments text file and if it’s there it will be used to install the prerequisites from the location you specified in your text file.

4. Launch the prerequisiteinstaller.exe and sit back while the prerequisites are installed.

Phase 2

Unattended installation of SharePoint 2013

For this part I had a few requirements: to install to a custom folder, a complete version of SharePoint 2013 and to have no interaction during the install process.

I will tell you here about what other options I found. The most used by admins seems to be AutoSPInstaller.   With AutoSPInstaller you create an input file and then it automatically installs SharePoint, configures your farm and so on.  Probably it’s great tool for people who do a lot of installations every day or week. My problem was that it does not allow you to select a custom location where you will install SharePoint. I was not interested in deploying service applications because I plan to treat this subject separately.  There is the option to edit the scripts but it’s not on my radar as I find the unattended way of installing SharePoint 2013 too easy to complicate things.

1. In order to install SP2013 unattended you will need a config.xml file with your specific parameters.

For a very good guide which I found at the time I was writing this post please look here.  For my config.xml sample please use this one. Use your serial number, configure the location of the installation go to the next step or further customize using the guide.

2. Copy the path to your config.xml file and start from a PowerShell window the installation using the following  “.setup.exe /config your pathconfig.xml”

3. At the end of the process cancel the “SharePoint 2013 Products Configuration Wizard”

Deploying the Central Administration

Download the following scripts I prepared for you here. The scripts are marked in order. Supply your own values in each script following the guidelines you will see inside.

1. First script will create the Configuration database and the Central Administration database, will setup a farm passphrase and will setup the farm account. More information on the command here.

2. Second script will install the features and services available.  More information about each command  Initialize-SPResourceSecurityInstall-SPServiceInstall-SPFeatureInstall-SPHelpCollectionInstall-SPApplicationContent.

3. Third script will deploy the Central Administration web application.

4. There are two scripts marked with 4, you any of them to create one managed account or multiple managed accounts.

5. Script number 5 will deploy the “State Service” service application

6.  Rest of the scripts are not mandatory, but you can use the one for changing the account under which the AppFabricCaching service runs.

What’s next

Next I will deploy several web applications but I will not do a post on that one and I will configure the service applications one by one. I hope that at least for the most complex service applications I will do a video guide on how to install and configure.


Doing the installation using the method described here should take you half an hour, it took me 45 minutes explaining it and doing it on a virtual system.

Please feel free to submit feedback, or post your questions below.