Exchange 2013 CU4 (SP1) and Outlook for Mac 2011 Error 19721

Reading Time: 4 minutes

Recently I upgraded our hosted exchange 2013 CU1 servers to CU4 (aka SP1). I didn’t do an in-place upgrade but I chose rather to build an Exchange 2013 CU4 environment and then migrate all mailboxes.

The migration process went relative well, except for one peculiar problem:

Mac users with Outlook for Mac:2011 couldn’t send e-mails after the migration. Read more »

Comments Off on Exchange 2013 CU4 (SP1) and Outlook for Mac 2011 Error 19721  

KEMP LoadMaster vs IIS 8.0 ARR: a note on security

Reading Time: 5 minutes


In my spare time I like to test software/appliances that I work with, for security flaws.

Since the heartbleed bug has made news headlines around the world, I take extra measures to secure everything that needs SSL to work.


Kemp has released a firmware that patches the Hearbleed vulnerability. Please download it and apply it to your Kemp LoadMaster.


I will be designing and implementing an Unified Communications solution very soon. Lync 2013 requires a reverse proxy for the Lync mobility feature. Before I can give an unbiased advise on the reverse proxy setup that we need, I like to take each solution for a test drive.

My list of reverse proxy solutions are:

– KEMP LoadMaster VLM-100

– Windows Server 2012 with IIS 8.0 acting as a reverse proxy


Let’s start with Kemp LoadMaster and it’s default security implementation.


Kemp LoadMaster

Default behaviour (out-of-the-box not that secure)

By default, the Kemp LoadMaster accepts all kind of security protocols and ciphers, as shown by this screenshot:


This default behaviour results in a combined score of C on Qualys SSL Labs :



This behaviour is correct, because Kemp gives you all the freedom to select the ciphers and protocols that you need to loadbalance your workload. It’s the responsibility of the administrator/IT Pro to select the correct security ciphers and protocols.

Hardening the Kemp LoadMaster

In order to harden the Kemp LoadMaster, you need to disable weak protocols and ciphers. These weak protocols and ciphers are needed for older operating systems (Windows XP)and web browsers (IE6,IE7,IE8). This can be done in the web user interface of the Kemp LoadMaster.

Step one

Select your virtual service that needs to be hardened. In my case I select “Lync Reverse Proxy HTTPS”.


Click on the “modify” button and you will be presented with a screen like this:


note that the Assigned Ciphers are empty and thus using all default protocols and ciphers. Let’s change that.

Step two

Assign the following cyphers to the Assigned Ciphers box:

4) AES128-SHA256
5) AES256-SHA256


Click on the button “Set Ciphers” and the new ciphers will be set and operational.

Step three

Run a new SSL test at Qualys SSL Labs and after a few seconds you should see the new results:








Windows 2012 with IIS 8.0 + ARR 3.0

Windows 2012 with IIS 8.0 + ARR 3.0 is recommended by Microsoft as a supported reverse proxy configuration for Lync 2013 and other workloads (Exchange 2013 and Sharepoint 2013).

With this information, I installed a windows 2012 virtual machine. Afterwards I activated the IIS role in windows 2012. The last step was to install ARR 3.0. From here I created the correct URL Rewrite Rules for Lync 2013.

Qualys SSL Labs rates this default configuration with an A



Not bad Microsoft, not bad Winking smile

The next question comes to my head: “How can I make this setup even better (more secure)” ?

The answer is quite simple:

– Run a simple powershell script, courtesy by:

– Run IIS Crypto 1.4 :

NOTE: You have to choose one option to improve the security of IIS 8.0. Applying both solutions will result in mixed results. Chose either to run the powershell script or the IIS Crypto tool.

Both options will secure your IIS 8.0 setup. I chose to run the simple powershell script and I’m happy to share the improved results:






After the heartbleed fiasco, security is on everybody’s mind. It makes sense to check your SSL appliances in your perimeter network for their SSL implementation. If you happen to have a KEMP LoadMaster in your network, please install the latest firmware (7.0-14b). The latest firmware version fixes the heartbleed vulnerability.

Another important aspect that I want to highlight is that we (IT pro’s) are solely responsible to implement the best possible security options on our perimeter appliances. This includes selecting the appropriate ciphers and protocols.

I’m glad to find out that windows 2012 server with IIS 8.0 is secure enough to be implemented as a reverse proxy/load balancer for various workloads. By changing a few options, you can make a windows 2012 with IIS8.0 reverse proxy server, very secure.

KEMP LoadMaster’s SSL implementation is not that secure by default. The administrator has to select the correct ciphers and protocols that he wants to use in order to achieve the highest possible rating and security. I would prefer that KEMP put a note in their product guide to alert IT pro’s about this minor inconvenience.

By no means at all I’m trashing KEMP and their LoadMaster. I just would like to see that their LoadMasters are secured by default. Besides this minor security inconvenience, I like KEMP Loadmaster very much because they are simple to install and to operate. It’s the best cost effective load balancer that won’t break the bank.

Comments Off on KEMP LoadMaster vs IIS 8.0 ARR: a note on security  

One for the books

Reading Time: 3 minutes

Last week I had the opportunity to sit down for the 70-337 (Enterprise Voice & Online Services with Microsoft Lync Server 2013) exam. Passing this exam will reward you with the MCSE: Communication title.

Little is known on how to study for this exam. In this blog post I want to share my experience on how to prepare for this exam.

Step 1: Read the skills measured page

At you can read what skills will be measured. By reading this first you will have better understanding about the technical skills that will be tested.

This exam is all about voice. Voice, voice, voice, that’s the motto for this exam.

Step 2: Register at

There is no official Microsoft Press/Sams book covering the topics about the 70-337 exam. The jump-start videos at

covers about 90% of the skills that will be tested on exam day.

Plan a weekend to go through all those videos. You will be rewarded with knowledge.

Step 3: Build your own lab to practice

This step is highly recommended, if you have the computing resources to run virtual machines to build a Lync 2013 environment.

I have at home a modest lab environment were I can test everything regarding Unified Communications and specially Lync 2013.

Since we are building our knowledge about enterprise voice, you will need an IP-PBX that you can configure in order to fully understand enterprise voice. A free IP-PBX that you can use for your lab is Asterisk of FreePBX. The integration between Lync and Asterisk, is well documented here

I highly recommend to buy a Lync Phone Edition desktop phone. A Polycom CX500 Desktop IP Phone can be bought for as little as $50 at Ebay. This will help you understand how a certified Lync Phone works with Lync Server 2013 and how each audio codec sounds in real life.

Step 4: Register for the exam

When you feel confident with your newly acquired knowledge, you can register for the 70-337 exam at your nearest Prometric Test Center. This is a straightforward action.

Tip: Grab a free second shot voucher. With this voucher, you will receive 20% discount on your exam fee. Should you fail to pass the 70-337 exam, you will have a second chance to pass this exam at no additional cost.

Step 5: Take the exam

On exam day you will have the chance to prove yourself and your employer that you have the necessary skills to implement enterprise voice using Microsoft Lync Server 2013.

Due to the NDA disclosure that I signed, I can’t reveal any specific details about the exam.

Step 6: Enjoy your new title

If you passed the 70-337 exam, congratulations! You have joined a select group of IT pro’s with deep understanding of Lync 2013. After a few days after passing your exam, you will have the option to download or order your MCSE: Communication title




Closing thoughts

My journey towards this certification was a rocky one. Back in 2013 I have heard about Lync and I wasn’t that interested in real time communications. My old employer decided to introduce Lync into the organisation. I had the pleasure to administrate this environment. By tinkering around with Lync Server 2010 / Lync Server 2013, something amazing happened. I was triggered to know more about Lync, because I had the responsibility to keep real time communication infrastructure up and running.

You may be thinking, what’s the point going all the way to achieve this MCSE title? The answer is simple: Unified Communications based on Microsoft products is hot. The world needs UC specialists to implement and to manage these environments.

The magic quadrant for Unified Communications from Gartner, shows that Microsoft is a leader in this market. You can read the research here.

Unified Communications is here to stay and the market needs highly trained professionals that understands the UC ecosystem, specially Lync. If you don’t want to miss the opportunity to boost your career, start now towards your MCSE: Communication certification. Your boss will thank you later for it.

Comments Off on One for the books  

Bad request (HTTP 400 error) in Exchange 2013 OWA/ECP

Reading Time: 3 minutes


I have managed our Exchange 2013 environment for 6 months in 2013. This Highly Available (HA) Microsoft Exchange 2013 setup was designed and installed by Dave Stork.

I have installed various cumulative updates on this setup and almost everything went without a hitch.

Since then, I moved on.


The issue

Last week our IT deparment had a big problem with Outlook Web App (OWA) on Microsoft Exchange 2013. It was not working anymore and it was inaccessible for all our 500+ employees. However, all other services kept on working normally (ActiveSync, Outlook Anywhere, etc.).

Since I’m not managing this Microsoft Exchange 2013 environment anymore, I wasn’t fully aware of this problem, until the IT Department asked me to take a look at it, in the hope that I could fix it.

In the end, we managed to fix this problem without too many complications. I have to thank my colleague and partner in crime, Chris Petit (@christiaanpetit) for his insights and tips. He was a great help during this ordeal at work.


The problem

Our IT department changed the authentication option on the ECP virtual directory and suddenly Outlook web access was not working anymore. All our employees working in the field use Outlook Web App to communicate. You can just imagine how frustrating this can be for customers.




On smartphone devices, colleagues could see the nice Outlook Web App login page of Microsoft Exchange 2013, only to find out that it doesn’t work. After providing their (correct) credentials, they received this error:

“Outlook web app didn’t initialize. If the problem continues please contact your helpdesk.

Couldn’t find a base theme (folder name=base)”

In the eventviewer we saw a lot of these error messages:


With this informationin mind, we concluded that some web technology and perhaps some webservice was at fault.


The solution

The solution to this problem is a neat one.

On the internet we read blogposts telling us that we needed to recreate the Outlook Web App (OWA) and Exchange Control Panel (ECP) virtual directories.

We did do this, following the instructions from this blogpost:

But… recreating the virtual directories did not solve anything for us.

Then, my colleague Chris Petit (@christiaanpetit), pointed me to this blogpost:

At first, I was sceptical about this solution because it was tested for Microsoft Exchange 2010 only. Since there is little known about Exchange 2013, I gave this solution a shot and, luckily, it worked flawlessly.

If you encounter this problem (bad request, http 400 error) on your Exchange 2013 infrastructure, these are the steps that you can follow to fix it.

The powershell scripts are not mentioned anywhere in the official Technet documentation.
The powershell scripts are only mentioned on several blogposts regarding Microsoft Exchange 2010.

  1. Login to your Exchange 2013 CAS server
  2. Start the Exchange Management Shell
  3. Navigate to your Exchange 2013 binaries location, for example:C:\Program Files\Microsoft\Exchange Server\V15\Bin\
  4. Execute the UpdateCas.ps1 Windows PowerShell script and wait a few moments.
    This script will rebuild your OWA interface.
  5. If you haven’t executed UpdateConfigFiles.ps1 , now is a good time. Execute it.
    It looks like you need to execute this Windows PowerShell script, after each cumulative update of Microsoft Exchange 2013 to keep everything working smooth.



After each installation of a cumulative update for Exchange 2013, remember to execute both the UpdateCas.ps1 and UpdateConfigFiles.ps1 Windows PowerShell scripts.

It will save you a lot of trouble, troubleshooting errors with OWA and ECP.

Special thanks goes to my colleague and partner in crime, Chris Petit (@christiaanpetit) for his insights and tips. He was a great help during this ordeal at work.


Installing a Sharepoint 2013 HA environment from scratch…Part 3

Reading Time: 4 minutes


This is the last part of the series. I will be showing you how to setup Sharepoint 2013 Enterprise. The only difference is that your databases (configuration, content, user profiles, etc) will be residing in a highly available SQL 2012 Enterprise AlwaysOn group.


Part one – Installing Sharepoint 2013 Enterprise

Installing Sharepoint 2013 is a breeze. If you have taken care of the prerequisites, you should be able to install Sharepoint 2013 Enterprise without any problems.

I will not go in detail on how to install Sharepoint 2013 Enterprise. There are a lot of blog posts covering this subject. What I will do is explain some little things that you need to keep in mind, during the installation of Sharepoint 2013 Enterprise with a Microsoft SQL 2012 Enterprise AlwaysOn Availability group as the backend database infrastructure.


Step one – mount the .ISO file and type your key in.

After that, press “Next” and the window below will appear:


The best practice is to split the location of the Sharepoint 2013 binaries and other files. After you have done this, you can press the big install now button.

Once the setup has completed, the Sharepoint 2013 Product Configuration wizard will start. Let the fun part begin.

Step twolet’s configure Sharepoint 2013

Once the Sharepoint Products Configuration Wizard has started you will be presented with two options:

1) Create a new farm

2) Join an existing farm

Since we are building a Sharepoint 2013 Enterprise highly available environment from the ground up, we select the first option (“Create a new farm”)

You will see a windows like this:


These are the options you need to fill in:

Database server: Your Availability group listener DNS Name + SQL Server Instance. The SQL server instance is NOT a requirement for Sharepoint. It’s just a neat way to segregate databases on a Microsoft SQL 2012 Server.

In my case, I had to fill in the following:

Database server: SP2013_AG\SP2013

Database name: SharePoint_Config

The database name can be anything you like. I like to keep things simple Winking smile

Database Access Account must be an Active Directory user account with enough access rights to the database server.

I had to fill in:

Username: <domain>\sa_sp2013_daa

Password: A long password generated via a password manager software

Once everything is filled in, proceed by clicking on “Next”.


Here you specify the Farm Passphrase. This passphrase is needed to join new Sharepoint 2013 servers to the Sharepoint 2013 farm. It’s important to save this passphrase in a password manager program.

Press “Next” to continue with the setup.



At this point you are almost done with the Sharepoint 2013 initial configuration. You have to specify a http port that will be bound to the Central Administration webpage.

Then you have to make a crucial selection here. Do I go for NTL security (easy to implement, but less secure) or do I go with Kerberos. I went with Kerberos Authentication, because I had business requirements to follow.

To implement Kerberos Authentication is not that hard. There are good blog post online explaining the necessary steps. I used this blog post to implement Kerberos authentication for our Sharepoint 2013 farm:

Once you have decided which security setting you want, you can proceed by clicking on “Next”.

Once you have clicked on “Next”, you will be presented with a summary of all settings:


Click “Next” one last time and the Sharepoint 2013 Farm will be configured. At the end, the Sharepoint Products Configuration Wizard will open the Central Administration webpage and you can begin fine tuning your Sharepoint 2013 environment.


Last words

I hope you enjoyed my previous blog posts (part 1 and part 2) and that I saved you many hours of troubleshooting. As for myself, I have enjoyed blogging about Sharepoint and Microsoft SQL 2012 AlwaysOn Availability group. I will continue to blog about Sharepoint, Exchange, Lync and other Microsoft products.

Feel free to drop me a line on twitter. If you have questions or comments, please feel free to contact me via Twitter (@SMKappel).

Comments Off on Installing a Sharepoint 2013 HA environment from scratch…Part 3  

Installing a Sharepoint 2013 HA environment from scratch…Part 2

Reading Time: 9 minutes


In my previous blogpost I had the opportunity to share my thoughts about setting up a Microsoft SQL 2012 Server AlwaysOn Availability group. I will continue with explaining the steps that you need to perform in order to have your first AlwaysOn Availability group up and running in a matter of 45 minutes. It took myself 2 hours of reading and troubleshooting, before I had a working AlwaysOn Availability group.

Our ultimate goal is to see the wizard complete successfully.


I assume that you have a working Active Directory infrastructure, before proceeding. Without an Active Directory in place, it will be almost impossible to setup the Windows Server Failover Cluster environment.

Part One – Networking

All the Microsoft SQL 2012 Enterprise servers that are going to be participating in the AlwaysOn group, must reside in the same subnet as by Microsoft recommendations. As long as every server can ping each other , you will be fine and the AlwaysOn group will work.

You don’t need a special “clustering network or vlan” in your networking infrastructure.


Part two – Install Windows Server Failover Cluster role

I will provide a step-by-step procedure on how to setup the Windows Server Failover Cluster Role.

1) On the central Server Manager Dashboard, you click the Manage button and select “Add Roles and Features’’


2) You will be presented with this screen


Select: Role-based or feature-based installation and press “Next”

3) You have to select the destination server that will host the the Windows Server Failover Cluster Role


After selecting the first server, continue to the next screen by pressing “Next”

4) Select the Application Server role and press “Next”


5) Put a checkmark on the Failover Clustering Feature. Extra Roles and Features will be installed (click on Add Features). After that you can continue by clicking on the next button.






Windows 2012 will proceed to install the required binaries on the first server. It will take around 5 minutes to complete.

Remember: Each server that will be part of the Microsoft SQL Server AlwaysOn group must have the Windows Server Failover Cluster Role installed.

E.g: If you are planning to have two Microsoft SQL 2012 Servers with the AlwaysOn feature, you have to repeat the procedure above twice.


There you go. You have installed the Windows Server Failover Cluster role successfully.


Part three – Configuring the Windows Server Failover Cluster

To configure the Windows Server Failover Cluster, I want to redirect you to this amazing blogpost, that helped me a lot during my own installation of the Microsoft SQL Server 2012 AlwaysOn group.

The blogpost above describes vividly how to setup an AlwaysOn Availability group.

What I will do in this part is explain, some pitfalls that I encountered myself. It will save you, the reader, a lot of troubleshooting and headaches. I will also

I begin with the most important technet article that you need to read thoroughly:

My personal tip for you: Make sure that the Cluster computer object, is allowed to create computer objects. Without this simple checkmark


You will not succeed in creating your first AlwaysOn Availability group. The validation of the AlwaysOn Availability group will fail.

I will provide some screenshots on how to configure the computer object that represents the Windows Server Failover Cluster.

First I start with my Windows Server Failover Cluster Setup. The screenshots are in their correct order of execution (left to right, each row).


I have shown in 7 steps how the setup process is executed. The following computer objects can be seen in the Active Directory User and Computers management console:


Take notice of the computer objects. I will explain them now for your better understanding:

– WSFC1 is the first virtual machine that is hosting the Windows Server Failover Cluster role. In my previous blogpost, I have installed Microsoft SQL 2012 Server enterprise edition on this virtual machine.

– WSFC2 is the second virtual machine that is hosting the Windows Server Failover Cluster role. In my previous blogpost, I have installed Microsoft SQL 2012 Server enterprise edition on this virtual machine.

– SPCLUSTER is a virtual network name for our AlwaysOn Availability group and this computer object is a special one that needs some security editing.

Friendly reminder:

If you forget to give the Failover Cluster computer object (e.g.: SPCLUSTER in my case)  the needed security rights, you will not be able to successfully complete the AlwaysOn Availability group wizard. The wizard will abort all operations. I am saving you the headache and troubleshooting despair Hot smile

Part four – Setting up Active Directory computer object rights

Let’s continue with the most important change that you have to do in your Active Directory environment. You will be giving the Windows Server Failover computer object, one special permission (Create computer objects).

1) Open the Active Directory User and Computers management console


Right click on the “Computers’’ container and select “Properties”. The following window will appear:


Go to the “Security” tab and select “Advanced”

2) Click on “Add’’ and the following window will appear


You will be selecting and providing the following information:

Principal: The failover cluster computer object. In my case: SPCluster

Type: Allow

Applies to: This object and all descendant object

In my case it happens to be this


Friendly reminder:

Take notice of the high lightened Permission. I have selected “Create Computer objects”. This is the only permission that you need to give the failover cluster computer object.

When you are done, you can click on “OK” and then on “Apply” to close everything.

This concludes applying the correct permissions for the failover cluster computer object. I will now proceed activating the AlwaysOn Availability option in Microsoft SQL 2012 Server Enterprise Edition.


Part five – Enabling the AlwaysOn Availability option

I will be brief in this part. I want to redirect you to this blogpost:

Scroll down to the section titled:

“Enable SQL Server 2012 AlwaysOn Availability Groups Feature”

and read the small instruction on how to activate the AlwaysOn Availability.

In my case:


Please, do not forget to restart the SQL Server service as stated in the blogpost above.

Part six – Creating your first AlwaysOn Availability group

You have reached the end of this blogpost. If you have followed my steps correctly, you will be ready to create your first AlwaysOn Availabity group in SQL Server Management Studio. Let’s proceed.

1) Open SQL Server Management Studio and connect to the SQL Server instance that you created earlier.

2) In Object Exporer, expand the AlwaysOn High Availability folder.

3) Right-click on the Availability Groups folder and select the New Availability Group Wizard… option. This will launch the New Availability Group Wizard.

4) Read or skip the introduction page and click “Next”

5) Specify an Availability Group name. In my case I have used this convention: <Short application description><application version>AG is short for Availability Group. e.g. SP2013AG. SP2013AG stands for: <Sharepoint><2013><Availability group>.


6) Select the databases that needs to reside in the Availability group. The databases have to be in Full recovery model prior to joining them in the Availability group. In my case I have created a temporary_seed database, that I will be using to create the Availability group. You will do this only when you are going to use Sharepoint 2013. Sharepoint 2013 (as with Sharepoint 2010) will provision all databases during the installation of Sharepoint.


Click “Next” and you will proceed to specify replica partners.


I will add my second Microsoft SQL 2012 Server as the replica partner. I do this by clicking on the “Add Replica” button. A connect window will appear. Here you connect to the second Microsoft SQL 2012 Enterprise Edition server.


7) Once you’ve selected all the correct options, you will be presented with this screen:


Pay attention on how I have configured the options:

SPSQL01 is the primary AlwaysOn server

SPSQL02 is the secondary AlwaysOn server.

Automatic failover is selected for both servers. I have checked this option, because the business requirements dictates that a failover must occur automatically without an administrator’s intervention. If this is not your case, then you can uncheck both options. But this defeats the purpose of AlwaysOn Sarcastic smile.

Synchronous Commit has been selected, because the business requirements dictates that no data must be lost in case of a disaster.

Readable Secondary has been activated. I have done this, to keep our Sharepoint 2013 farm online and serve content, in case of a disaster.

8) Proceed to the “Listener” tab and configure the Listener name and ip.


I have used this convention:

<Short application description><application version>_<LISTENER>.  e.g. SP2013_LISTENER. SP2013_LISTENER stands for: <Sharepoint><2013>_<LISTENER>.

Friendly reminder:

Remember to create the AlwaysOn Group listener DNS name in your internal DNS infrastructure. An A-record will suffice. The A-record must contain the following information:

– hostname e.g. SP2013_LISTENER

– IP Address it must resolve to: e.g

9) When you are happy with the settings in the “Replica” and “Listener” tab, click on “Next”.

10) Select the Data Synchronization method and select the “FULL” option. Point the wizard to a shared folder on your network accessible by all SQL 2012 Enterprise Edition servers. The SQL Server service account used by both replicas must have write permissions to this shared folder.

11) Proceed to the validation page, by clicking on “Next”. The Availability group wizard will run some checks on your whole setup and infrastructure.


If you have followed my steps correctly, you shouldn’t have any error and you will be able to click on the “Next” button to start the process of creating your first Availability groupThumbs up.

12) In the summary page, verify that all configuration settings are ok and click “Finish”. Your first Availability group will be setup right away.

13) In the results page, verify that all tasks have been completed successfully.

Congrats! You have just created your first SQL Server 2012 AlwaysOn Availability group. Sharepoint 2013 or any other application that needs a database server, can use the Availability group listener’s name as the database connection string.


You can clearly see that my Availability group is working and that I can manipulate it using SQL Management Studio. SPSQL01\SP2013 is the primary node of the SP2013 Availability group. SP2013_AG is Listener DNS name for my Sharepoint Availability group.


Closing thoughts

I have enjoyed writing the second part of the Sharepoint 2013 HA series. Tomorrow I will finish the series, by sharing my knowledge on how to complete a Microsoft Sharepoint 2013 Setup that will run on a Microsoft SQL 2012 Server AlwaysOn Availability group. After all, your first AlwaysOn Availability group is up and running Open-mouthed smile


I want to wish my readers/followers/fellow Sharepoint Administrators a Merry Christmas, filled with joy and happiness.


Reading material

I want to share the original blogpost that helped me in the quest to setup my first AlwaysOn Availability group.

Comments Off on Installing a Sharepoint 2013 HA environment from scratch…Part 2  

Installing a Sharepoint 2013 HA environment from scratch…Part 1

Reading Time: 6 minutes


The company I work for has implemented Microsoft Exchange Server 2013 and Microsoft Lync Server 2013. To complete the Unified Communication Collaboration enviroment, I was asked to setup a Microsoft Sharepoint Server 2013 environment. To quote Jeremy Clarkson from TopGear:

How hard can it be?

It's not that hard to setup, but you have to read and re-read various Technet articles to have a mental picture of the whole Sharepoint Server 2013 architecture. This blogpost aims to help fellow Sharepoint Server administrators/consultants to implement a Highly Available (HA) Sharepoint Server 2013 environment.

Business requirements

The business provided me with the following requirements:

  • The Sharepoint Server 2013 infrastructure must sustain a server failure in either the SQL Server Back-End or in the Sharepoint Server Front-End. Two servers are allowed to fail.
  • The SQL Server backend must continue to work without intervention from a system administrator, in case of a failure.
  • The Virtual Machines (VMs) need to run on top of VMware ESXi 5.1.
  • This Sharepoint Server 2013 greenfield implementation must support the following applications: Anywhere365 and Microsoft Project Server 2013.
  • Claims-based authentication need to be used by default.
  • The Sharepoint Server 2013 and thus the SQL Server 2012 environment must be backed up with Veeam B&R.


Business Resources

The business provided me with the following resources:

  • 4 Virtual Machines (VMs) with the following specifications:
    • 4 vCPU's,
    • 12GB of memory.
    • I was allowed to size the harddisk capacity for each server.
  • 4 Microsoft Windows Server 2012 Standard licenses
  • 2 Microsoft Sharepoint Server 2013 Enterprise licenses
  • 2 Microsoft SQL Server 2012 Enterprise licenses
  • Plenty of storage capacity on the Storage Area Network (SAN)
  • 32 hours (4 working days) to complete this setup.


That's basically it.

Now, let's proceed to guide you through setting up a Microsoft SQL Server 2012 AlwaysOn Cluster for Sharepoint Server 2013/any other application.


Part one – Prepare the VMs with Windows Server 2012

I had the pleasure to install Microsoft Windows Server 2012 Standard on four Virtual Machines (VMs). You might be thinking: "Why use Windows 2012 Standard instead of Datacenter?". In the documentation of Microsoft SQL Server 2012, you'll find that Windows Server 2012 Standard is fine for hosting a SQL Server AlwaysOn setup. Back in the Microsoft SQL Server 2008 days, you had to use a few enterprise licenses of Windows Server 2008, in order to setup a SQL cluster. This requirement has been dropped in Microsoft SQL Server 2012 and you can use Windows Server 2012 Standard. This saves your IT manager a few bucks.

Installing Windows Server 2012 inside VMs is child's play. After installing Windows Server 2012, I have applied all Windows Updates and a few critical hotfixes.These hotfixes are needed for a smooth operation of the Failover cluster role in Windows Server 2012.

These are the hotfixes that you might need to install on your windows 2012 servers that will participate in the AlwaysOn cluster:

Before installing the above hotfixes, I installed a few roles on both servers with this PowerShell Cmdlet:

Add-WindowsFeature Application-Server,Web-Server -IncludeAllSubFeature

After you have completed this installation of roles, you can proceed to join the server to your company's Active Directory.

Once you joined the servers that will host SQL Server 2012 onto your domain, you must reserve 4 internal IP adresses for your SQL Server Cluster. In my case, I'm planning on using two servers for the SQL Server AlwaysOn setup.

You'll need 1 IP address for each server participating in the AlwaysOn cluster and 1 IP address for the Failover clustering network. The last internal IP-address will be used by the AlwaysOn listener.

Part two – Installing SQL Server 2012 Enterprise

Because we want AlwaysOn, we need to pay for it. AlwaysOn is a feature found only in SQL Server Server 2012 Enterprise.

Other versions of SQL Server 2012 do not have this feature!

Let's start first by mounting the ISO into our Virtual Machine (VM). Once the iso file has been mounted, you can start the SQL Server 2012 Setup Wizard. The SQL Server Setup Wizard will conduct a pre-flight check before continuing with the phase of the setup. If the SQL Server Setup Wizard pre-flight check passes, you must type in your product key and accept the license terms. After clicking on the "Next >" button you can proceed to choose the options that you want on your SQL Server installation:


In my case, I decided to install all features of SQL Server 2012. Now, let's continue with the rest of the installation:


I decided that I want to use a Named instance, because this SQL Server AlwaysOn cluster will host many more instances and I want to keep things separated from each other.


Everything checks out. I click on ''Next >"


At this part of the setup I choose Windows Authentication mode as the authentication mode. I add a security group that I just created for this purpose. IMHO, domain admins are not database administrators (DBAs)! Once you are finished with adding the correct security group, you must proceed to the "Data Directories" tab. Here you will split the SQL Server database files from the log files.

Microsoft and a lot of DBA's around the globe, recommend to keep log files (.ldf) on a different partition than the SQL database files (.mdf). Please excuse my screenshot. On the actual setup I have separated the logs and the database files.


After setting up the correct partitions for your log files and database files, you can click on the "FILESTREAM" tab. It should look like this:

If you are happy with the settings, you can continue with the setup. I will provide a few more screenshots for the sake of this blogpost.


The same recommendations can be applied here. Add a security group instead of a single user and use different partitions to host the files that Analysis Services will use.


At this point I select "Install and configure"


At this point you must provide a user or users access to the DRC. It's best to consult with your DBA, which users are allowed to have permissions to the DRC.



You can use the default settings.



We are done configuring the initial setup of SQL Server 2012. Click on "Finish" and watch the progress bar completing. In a few minutes you will have a working SQL Server 2012 setup.

Friendly reminder:
You must repeat this installation sequence on the second/third/fourth SQL server that will join the AlwaysOn group.

When ready, please install ServicePack 1 and CU6 for SQL Server 2012 with ServicePack 1. CU6 contains a fix for a memory leak problem in SQL Server 2012 with ServicePack 1 when deployed in an AlwaysOn group.

Closing thoughts

I hope this first part of this blogpost server has helped you to install SQL Server 2012 Enterprise on one or more servers. The setup process is quite easy if you are planning to host an AlwaysOn group. In the second blogpost I will guide you through the setup of your first AlwaysOn group. I will explain the pitfalls that I have encountered during my first AlwaysOn setup. The deployment of an AlwaysOn environment is quite easy, once you know how to do it. I'm here to help you along and to spare you countless hours of reading and troubleshooting.


Reading material

Comments Off on Installing a Sharepoint 2013 HA environment from scratch…Part 1  

About me

Reading Time: < 1 minute

I'm Sergio, born and raised on the beatiful Island of Curacao (formally the Netherlands Antilles). At the age of 8 I had my first experience with computers. My father sent me to a computer course. My first experience was with Windows 3.11 and with Windows 95. I was hooked to the game "SkiFree". You remember right? Fast forward 18 years later and I'm a IT Professional in the world of Unified Communications and Virtualization.

Sander Berkouwer taught me a lot about the WIndows ecosystem. In 2006 I had the pleasure to be one of his students. After his teachings, I began learning new stuff on my own. Dave Stork thought me the basics of Exchange 2003/2007. These two IT Pro's are responsible for me to pursuit my success in the IT industry. Till this day I'm very thankful for their teachings.

In my spare time I like to tweak my hardware at home and to build labs on my home server. When I'm not tweaking or doing anything that has to do with IT, I like to take my car for a spin (literally). Besides that, I love diving in my spare time and when I'm on vacation.

Currently I work for OGD, with their hosting department called Officium. I am responsible for the infrastructure that makes cloud computing possible. I manage the hypervisor, the servers, the network, the firewalls. I also manage the mail infrastructure that is based on Exchange and I help my colleagues with their exchange related questions.

I will be using this blog to share my daily WTH-moments (What the heck) and tips and tricks I learn daily on my job.



Comments Off on About me