Summary
This blogs details how to completely configure a SharePoint Server Subscription Edition Farm to use SharePoint Apps from PowerShell. When necessary, I will show the equivalent GUI steps.
Note: Many of these steps apply to all version of SharePoint Server except for the certificate creation steps.
Steps
1. Configure DNS with a zone and wildcard binding.
1 2 |
dnscmd dc /zoneadd spapps.local /dsprimary dnscmd dc /recordadd spapps.local * CNAME spwfe.contoso.local |
Ping a radon name to verify it works.
1 |
ping app-1234.spapps.local |
2. Create a new wildcard SSL certificate from SharePoint.
1 |
New-SPCertificate -FriendlyName "SharePoint Apps" -CommonName 'spapps.local' -AlternativeNames "*.spapps.local" -OrganizationalUnit "Contoso IT Department" -Organization "Contoso" -Locality "Redmond" State "Washington" -Country "US" -Exportable -KeySize 2048 -HashAlgorithm SHA256 -Path "c:\temp\certs\spapps.txt" |
3. Sign the Cert from the Certificate Authority.
4. Import the certificate from SharePoint and extend web application
1 2 3 4 5 6 7 8 9 10 11 |
#Import the signed cert $spcert = Import-SPCertificate -Path c:\temp\spapps.cer" #URL of the default zone of the web application $webAppDefaultZoneUrl = "https://spwfe.contoso.local/" #Set the Sp Web Application Object $wa = Get-SPWebApplication $webAppDefaultZoneUrl #Create the new extended zone to use the new Auth Provider New-SPWebApplicationExtension -Name "SP Apps" -Identity $wa -SecureSocketsLayer -Port 443 -Certificate $spcert -Zone Custom -Url 'https://spapps.local' -UseServerNameIndication |
Note: Do not use a host header for the app site.
5. Enable SupportMultipleAppDomains
1 2 3 |
$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService $contentService.SupportMultipleAppDomains = $true $contentService.Update() iisreset |
6. Configure the Subscription Settings and App Management service applications (if they don’t already exist)
1 2 3 4 |
#Create the Subscription Settings Service / Proxy Application $appPool = Get-SPServiceApplicationPool "SharePoint Web Services Default" $ssappService = New-SPSubscriptionSettingsServiceApplication -ApplicationPool $appPool -Name 'Subscription Settings Service App' -DatabaseName "SubscriptionSettings_SPSE_DB" $ssproxy = New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $ssappService |
1 2 3 4 |
#Create the SP App Management Service / Proxy Application $appPool = Get-SPServiceApplicationPool "SharePoint Web Services Default" $AMappService = New-SPAppManagementServiceApplication -ApplicationPool $appPool -Name 'App Management Service App' -DatabaseName "AppManagementService_DB" $AMproxy = New-SPAppManagementServiceApplicationProxy -ServiceApplication $AMappService |
7. Specify the app domain and app prefix
1 |
Set-SPAppDomain spapps.local Set-SPAppSiteSubscriptionName -Name "app" -Confirm:$false |
GUI Equivalent:
8. Enable the “Apps that require accessible internet facing endpoints” feature.
1 2 |
$farm = Get-SPFarm $f = $farm.FeatureDefinitions['IfeDependentApps'] Enable-SPFeature -Identity $f -Url 'https://spwfe.contoso.local' -Confirm:$false |
GUI Equivalent:
Via GUI:
- In Central Administration, click Application Management.
- On the Application Management page, click Manage Web applications.
- On the Manage Web Applications page, select the web application that you want to change.
- On the ribbon, click Manage Features.
- In the feature list, next to Apps that require accessible internet facing endpoints, click Activate.
- Click OK.
9. Set the Correct Endpoint for Store Apps
1 |
Set-SPAppStoreConfiguration -Url http://office.microsoft.com -Enable $true |
10. Allow AppInv page to be iframed per KB5005546
1 2 3 |
$farm = Get-SPFarm $farm.AddGenericAllowedListValue("AllowIframeAppAuthorizePageDomains","spwfe.contoso.local") $farm.Update() |
Public Microsoft Document
Configure an environment for apps for SharePoint Server – SharePoint Server | Microsoft Docs