IT tutorials
 
Applications Server
 

SharePoint 2010 : Service Applications - Establishing a trust relationship between two farms

6/13/2013 7:50:24 PM
- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

To be able to subscribe to another farm's content, there has to be a trust relationship set up between the two farms. This gives the two server farms, the ability to communicate. This is accomplished through certificates that uniquely identify the farms.

In this recipe you will see how to set this up.

Getting ready

Because we are showing this with PowerShell, you must be a member of the SharePoint_Shell_Access database role on the configuration database of both the publishing farm and consuming farm. You also must be a member of the WSS_ADMIN_WPG local group on the chosen servers.

Finally, the two servers you will be using (one on the Publishing Farm and one on the Consuming Farm) must be selected ahead of time and the same two servers must be used throughout the process. The suggested servers to use are the ones hosting Central Administration.

How to do it...

Export the certificates: Publishing Farm
  1. On the chosen publishing farm server, select Start | All Programs | Microsoft SharePoint 2010 Products | SharePoint 2010 Management Shell.

  2. In the PowerShell command prompt, type in the following two commands:

    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    $rootCert.Export("Cert")|Set-Content C:\pubfarm.cer -Encoding byte
    
Export the certificates: Consuming Farm
  1. On the consuming farm server, select Start | All Programs | Microsoft SharePoint 2010 Products | SharePoint 2010 Management Shell.

  2. In the PowerShell command prompt, type in the following four commands:

    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    $rootCert.Export("Cert")|Set-Content C:\consumingfarm.cer -Encoding byte
    $stsCert=(Get-SPSecurityTokenServiceConfig) LocalLoginProvider.SigningCertificate
    $stsCert.Export("Cert")|Set-Content c:\consumingfarmsts.cer -Encoding byte
    
    
    					  
Import the certificates: Publishing Farm
  1. Copy the consumingfar.cer and the consumingfarmsts.cer file from the consuming farm and put them in the C:\temp folder on the chosen server in the publishing farm.

  2. In the PowerShell command prompt, type in the following four commands:

    $trustCert=GetPfxCertificate c:\temp\consumingfarm.cer
    New-SPTrustedRootAuthority ConsumingFarm -Certificate $trustCert
    $stsCert=GetPFXCertificate c:\temp\consumingfarmsts.cer
    New-SPTrustedServiceTokenIssuer ConsumingFarm -Certificate $stsCert
    
Import the certificates: Consuming Farm
  1. Copy the pubfarm.cer file from the publishing farm and put it in the C:\temp folder on the consuming farm.

  2. In the PowerShell command prompt, type in the following two commands:

    $trustCert=GetPfxCertificate c:\temp\pubfarm.cer
    New-SPTrustedRootAuthority PublishingFarm -Certificate $trustCert
    

How it works...

Step 2 under How to do it... section comprises of two parts — setting the $rooCert variable to RootCertificate and then exporting that certificate to a physical file, pubfarm.cer.

Step 4 does the same thing except the fact that this is an extra step to provide the publishing farm with a Security Token Service (STS) certificate&;.

In steps 6 and 8, there are two italicized parameters — ConsumingFarm and PublishingFarm. These are unique names created by us as administrators. The names represent the purpose of the farm. It is recommended to give them more meaningful names so that their purpose is clear.

Both the publishing and consuming farms must exchange certificates. In addition, the consuming farm must export a security token service certificate, which the publishing farm imports.

Most of the service applications utilize web services to access the SharePoint databases. Web services do this on behalf of an authenticated client. In SharePoint 2010, it is the STS that authenticate clients.

There's more...

While exporting must be done with PowerShell, there is a user interface in Central Administration for importing certificates.

  1. Navigate to Central Administration and click Security.

  2. Under the General Security section, click Manage trust.

The ribbon will light up after clicking on the name of the farm. Now you can click New to establish a trust relationship, or you can click Edit to modify the Token issuer description or the certificates that are used.

Finally, there is a Delete option to allow you to remove a trust relationship.

 
Others
 
- Installing Exchange Server 2007 : Implementing Active Directory from Scratch (part 3) - Configuring Active Directory Sites and Services, Configuring a Global Catalog Server
- Installing Exchange Server 2007 : Implementing Active Directory from Scratch (part 2) - Installing the Service Pack, Installing the First Domain Controller for a New Domain
- Installing Exchange Server 2007 : Implementing Active Directory from Scratch (part 1) - Installing Windows Server 2003
- BizTalk Server 2009 : Playing By The Rules? Use The Business Rule Engine - How Does the BRE Work?
- BizTalk Server 2009 : Playing By The Rules? Use The Business Rule Engine - The Business Rule Composer
- Monitoring Microsoft Lync Server 2010 : Securing OpsMgr
- Monitoring Microsoft Lync Server 2010 : OpsMgr Component Requirements, Advanced OpsMgr Concepts
- Migrating to Configuration Manager 2007 : Conducting an In-place Upgrade (part 6) - Upgrading SMS 2003 Clients
- Migrating to Configuration Manager 2007 : Conducting an In-place Upgrade (part 5) - Upgrading Secondary Sites
- Migrating to Configuration Manager 2007 : Conducting an In-place Upgrade (part 4) - Upgrading a Primary Site
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.