SharePoint 2013, initial farm configuration with PowerShell, the short version

A few months ago I did a small guide about starting up a SharePoint 2013 farm by using only PowerShell.  There are several reasons why I prefer this approach instead of the available “SharePoint 2013 Products Configuration Wizard”. The wizard is fine but if you do not have a dedicated instance for your SharePoint installation it brings too many problems instead of solving. Also having a script as a reference which can also be used on other nodes/farms with minimal adjustments is an added bonus.

I recently paid a subscription to Pluralsight and they have a dedicated training for setting up a farm with PowerShell, well this training takes the same approach I did in my old post but it is far from being perfect.

After researching I found that the same wizard can be used using psconfig.exe with a lot of switches. This is the TechNet reference if you need to adjust the script I will provide.

Here is the PowerShell script you can use to setup a new farm, specify the farm admin, a passphrase, create the Central Administration and the config DB’s, installs all services, installs all features, provisions a new Central Administration Web Application with NTLM authentication.

Add-PSSnapin "Microsoft.SharePoint.PowerShell"

psconfig.exe -cmd configdb -create -server SERVERNAME\INSTANCE_NAME -database CONFIG_DB_NAME -passphrase “YOUR PASSPHRASE” -user DOMAIN\FARM_ACCOUNT -password FARM_ADMIN_PASSWORD -admincontentdatabase CENTRAL_ADMIN_DB_NAME -cmd helpcollections -installall -cmd secureresources -cmd services -install -cmd installfeatures -cmd adminvs -provision -port YOUR_PORT -windowsauthprovider onlyusentlm -cmd applicationcontent -install

Save the above script(psconfig should be on one row with all the switches) and make modifications based on your needs. This will be used only on the first server of the farm, on the other nodes you will need to use the [-connect] switch with the  configdb option like here:

psconfig.exe -cmd configdb -connect -server <Server_name> -database <Database_name> -dbuser <DOMAIN\username> -dbpassword <password>

-dbuser can be used to specify an account with SQL database access in case the account you use to setup has no privileges on the SharePoint SQL databases/SQL instance.

How to reset the Farm Passphrase in Sharepoint 2010

You might find yourself in the same situation like me, you try to add a new server to your farm but after trying all the passphrases in your mind it seems like none of them work. Hope this happens on your test farm and not on the production one and not because you cannot fix it but this might signal other problems with the way you manage your farm, with your configuration management.

In order to change the Farm PassPhrase you need to log in to one of your farm  servers and open SharePoint 2010 Management Shell in admin mode(right click Powershell and select Run as administrator).

The two cmdlets you will use are:

ConvertTo-SecureString  Link to TechNet site

Set-SPPassPhrase Link to TechNet site

The Set-SPPassPhrase cmdlet is used to change the PassPhrase but it takes a secure string as parameter. In order to do that you will first have to define a secure string using:

$NewPassPhrase = ConvertTo-SecureString -asPlainText -Force -string YOUR_OWN_STRING

The string needs to be(if the default settings are used):

 “at least 8 characters; contains at least three of the following
four character groups: English uppercase characters (A through Z); English lowe
rcase characters (a through z); Numerals (0 through 9); Non-alphabetic characte
rs (such as !, $, #, %). Type a passphrase which meets these requirements. “

Please replace YOUR_OWN_STRING with…you guessed it your own string which will become the new PassPhrase. This cmdlet converts your string from plain text to a secure string. $NewPassPhrase will take the value  of this secure string during your powershell session.

In order to change the PassPhrase to your new secure string defined before you will use:

Set-SPPassPhrase -PassPhrase $NewPassPhrase

It will automatically prompt you to insert the string configured before even if you do not use the -confirm switch.

It will ask you to confirm your action by selecting Y and hitting enter.

This cmdlet will change the PassPhrase on all of your farm servers. If for whatever reason you want or you have to do it on each server use the -LocalServerOnly when you run the  Set-SPPassPhrase cmdlet(ex: Set-SPPassPhrase -PassPhrase $NewPassPhrase -LocalServerOnly).

Now keep track of this new Farm PassPhrase in a secure place.