Export (0) Print
Expand All

Enable apps in AAM or host-header environments for SharePoint 2013

SharePoint 2013
 

Applies to: SharePoint Server 2013, SharePoint Foundation 2013, Microsoft SharePoint technologies

Topic Last Modified: 2014-07-28

Learn how to enable app domains for alternate access mappings or host-header web application environments after installing the March 2013 Public Update.

One of the feature updates of the March 2013 Public Update for SharePoint 2013 enables you to use multiple app domains in SharePoint 2013 environments with alternate access mapping or host-header web application configurations. Before the Public Update, you could only host one app domain and it had to be in the Default zone. You could not use the app domain on alternate access mappings or host-header web application configurations. The Public Update enables you to configure an app domain for each web application zone and use alternate access mapping and host-header web application configuration. For more information about apps for SharePoint 2013, see, Overview of apps for SharePoint 2013.

Although the Public Update automatically installs the necessary pieces, the feature is not enabled by default. To use the new feature, you must prepare the environment, enable the feature, and configure the app domains and zones.

ImportantImportant:
To enable and use this feature, you have to use a reverse proxy to allow traffic for the app domains. The Public Update does not install or configure the reverse proxy. You must set up the reverse proxy. For more information about how to set up a reverse proxy for SharePoint 2013, refer to the proxy hardware manufacturer’s documentation.
NoteNote:
You can only enable and configure this feature by using Windows PowerShell.
The March 2013 Public Update for SharePoint 2013 installs the following new Windows PowerShell cmdlets:
  • New-SPWebApplicationAppDomain

  • Get-SPWebApplicationAppDomain

  • Remove-SPWebApplicationAppDomain

To complete the process, follow the procedures consecutively.

In this article:

You must configure the farm-level app domain. For more information, see Configure an environment for apps for SharePoint (SharePoint 2013).

To use the enabled feature, you have to configure the app domains, create DNS entries with specific routing rules, and then enable the feature. Use the following procedures to create the DNS entries and routing rules, and to add, remove, or alter app domains. You only have to run the configuration one time for each app domain in each zone on every web application. To enable the feature, see Enabling the feature later in this article.

NoteNote:
Apps domains can be shared across web applications if the zone, application pool identity, and authentication schemes match. For example suppose that webappA is configured to use the Default zone and webappB is also configured to use the Default zone. In addition, both web applications use the same application pool identity, and both web applications use NTLM. In this scenario, the web applications can share a single app domain.
ImportantImportant:
Ensure that the domains follow the same guideline for the wildcard DNS entry and SSL cert as the farm app domain. For more information see, Configure an environment for apps for SharePoint (SharePoint 2013).
You must also create DNS entries for each app domain, including a routing rule. For more information about how to do this, see Configure an environment for apps for SharePoint (SharePoint 2013).
Because the SharePoint 2013 backup and restore process does not restore the alternate access mapping or host-header web application configuration, we recommend that you use a script to perform the configuration. If necessary, you can restore settings by running the script again.

In this section:

To configure app domains by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. At the Windows PowerShell command prompt, type the following command:

    New-SPWebApplicationAppDomain -AppDomain <AppDomain> -WebApplication <WebApplicationID> -Zone <Zone> -Port <Port> -SecureSocketsLayer
    

    Where:

    • <AppDomain> is the URI of the app domain.

      This parameter is required.

    • <WebApplicationID> is the GUID, URI, or name of the web application for which the app domain is being configured.

      This parameter is required.

    • <Zone> is the security zone to which the app domain will be assigned. Possible values are “Default”, “Intranet”, “Internet”, “Custom”, or “Extranet”. If no value is specified “Default” will be applied.

      This parameter is optional.

    • <Port> is the IIS port number to which the app domain will be assigned. If no value is specified, the same port that is used by the web application for the zone will be applied.

      This parameter is optional.

    • -SecureSocketsLayer is a parameter to specify that the app domain will use Secured Sockets Layer (SSL) security. If no value is specified, no SSL security will be used.

      This parameter is optional.

To remove app domains by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. At the Windows PowerShell command prompt, type the following command:

    Remove-SPWebApplicationAppDomain -WebApplication <WebApplicationID> -Zone <Zone>
    

    Where:

    • <WebApplicationID> is the GUID, URI, or name of the web application for which the app domains will be removed.

      This parameter is required.

    • <Zone> is the security zone from which the app domain will be removed. Possible values are “Default”, “Intranet”, “Internet”, “Custom”, or “Extranet”. If no value is specified, all of the app domains for the web application will be removed.

      This parameter is optional.

To alter app domains settings by using Windows PowerShell
  1. To alter the settings for an app domain, such as after the authentication scheme of the zone is changed, you must use the Remove –SPWebApplicationAppDomain cmdlet to remove the app domain and then use the New –SPWebApplicationAppDomain cmdlet to re-create it. For more information about how to use these cmdlets, see the sections earlier in this article.

To use the feature, you must first configure the app domains and then enable the feature. Use the following procedures to enable or disable the feature.

NoteNote:
Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
To enable feature by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. At the Windows PowerShell command prompt, type the following command:

    ImportantImportant:
    Executing these commands will briefly interrupt Internet Information Services (IIS) 7.0.
    $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
    
    $contentService.SupportMultipleAppDomains = $true
    
    $contentService.Update()
    
    Iisreset
    

    To disable the feature, at the Windows PowerShell command prompt, type the following command:

    ImportantImportant:
    Executing these commands will briefly interrupt IIS 7.0.
    $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
    
    $contentService.SupportMultipleAppDomains = $false
    
    $contentService.Update()
    
    Iisreset
    

A SharePoint Health Analyzer (SPHA) rule is also installed with the feature but it is not enabled by default. This rule helps you detect any configuration problems that might occur with app domains. Use the procedure below to enable this SPHA rule.

To enable the SharePoint Health Analyzer rule by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. At the Windows PowerShell command prompt, type the following command:

    Get-SPHealthAnalysisRule WebApplicationAppDomainsConfigurationTest | Enable-SPHealthAnalysisRule
    

For more information, see Get-SPHealthAnalysisRule or Enable-SPHealthAnalysisRule.

The feature in the Public Update has some special conditions and limitations. Review this list before you create app domains to ensure that the app domains are created correctly. The list might also help you troubleshoot problems when you create app domains:

  • You cannot add an app domain to a zone that does not exist. Ensure that the zone exists, or create it, before you add app domains to the zone.

  • To share an app domain across two web applications, the web applications must share the same application pool identity and both have to be configured to use the same zone and authentication scheme.

  • You cannot use IIS ports that are already being used when you configure app domains.

  • If the app domain is configured to use secure sockets layer (SSL) you must configure the app domain to use a wildcard certificate and bind the SSL to a different port from the web application SSL port.

  • You cannot use both the -Identity and -WebApplication parameters at the same time with the Get-SPWebApplicationAppDomain Windows PowerShell cmdlet. You can use either parameter by itself but not both together.

  • If the app domain is associated with multiple web applications, the Get-SPWebApplicationAppDomain Windows PowerShell cmdlet returns an ambiguous error when you use the –Identity parameter. The error message is: Get-SPWebApplicationAppDomain : Cannot find an SPAppDomain object with AppDomain: <Domain>.

  • You must enable the feature before you can use an app domain that you create. If you use the New-SPWebApplicationAppDomain Windows PowerShell cmdlet to create an app domain before you enable the feature, the cmdlet will create the app domain. You must enable the feature before you can use the app domain. To simplify the process, ensure that you enable the feature before you create app domains. You can use the Get-SPWebApplicationAppDomain Windows PowerShell cmdlet to confirm successful creation of app domains

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft