Upgrade to Duet Enterprise 1.0 on SharePoint Server 2013
Applies to: Duet Enterprise for Microsoft SharePoint and SAP Server 2.0
Summary: Learn how to upgrade Duet Enterprise 1.0 on SharePoint Server 2010 to Duet Enterprise 1.0 on SharePoint Server 2013.
This article describes the process of upgrading Duet Enterprise 1.0 from SharePoint Server 2010 to Duet Enterprise 1.0 running on SharePoint Server 2013.
In this article:
Before you begin
Optional PowerShell scripts
Prepare the SharePoint Server farms for upgrade
Install Duet Enterprise 1.0 on the SharePoint Server 2013 farm
Configuration Health check
Verify upgrade
Switch users over to the new farm
Before you begin
To upgrade Duet Enterprise 1.0 on SharePoint 2010 to Duet Enterprise 1.0 on SharePoint 2013 requires a combination of steps that would be done for any SharePoint 2010 to SharePoint 2013 upgrade in addition to steps that are specific to Duet Enterprise 1.0. Therefore, this article refers you to the Upgrade to SharePoint 2013 content for the latest information about how to upgrade SharePoint Server and provides the procedures in this article that are specific to Duet Enterprise 1.0.
Before you start the upgrade, we recommend that you review Upgrade to SharePoint 2013.
Optional PowerShell scripts
A set of PowerShell Scripts are available for download that you can use to complete some of the procedures in this article. Although these scripts are not supported, they have been tested by the Duet Enterprise test team. Procedures in which scripts are available indicate that an optional script is available and also provide the manual steps for those who do not want to use scripts.
If you want to use the scripts, we recommend that you download them now from MSDN Code Gallery.
Prepare the SharePoint Server farms for upgrade
This section provides information about how to prepare the SharePoint 2010 and SharePoint 2013 farms for upgrade.
In this section:
Set the earlier version databases to be read-only
Gather information and files from the SharePoint 2010 farm
Prepare the SharePoint 2013 farm for upgrade
Set the earlier version databases to be read-only
Setting the databases on the SharePoint 2010 farm to read-only enables users to continue to read data in the original SharePoint farm while making sure that you capture all the data in the backup. For more information, see Set the earlier version databases to be read-only (https://technet.microsoft.com/en-us/library/jj839720.aspx\#readonly).
Gather information and files from the SharePoint 2010 farm
This section describes how to collect the information and files that you will need from the SharePoint Server 2010 farm for upgrade.
Get the Passphrase of the secure store service application
You'll have to know the passphrase that was used to encrypt the Secure Store Service application on the SharePoint Server 2010 farm. If the administrator who configured that Secure Store Service application does not know the passphrase, or if it's not recorded somewhere, you must refresh the Key in the Secure Store Service application before you back up the database. For information about how to refresh the key, see Work with encryption keys.
Note that this is specifically concerning the Secure Store Service application used by Duet Enterprise 1.0 that contains the target application named "WSDL". For more information, see Record the passphrase for the SecureStore_2nd service application (https://technet.microsoft.com/en-us/library/cc263026.aspx\#passphrase).
Export the encryption key for the User Profile service application
The User Profile Service service application requires an encryption key that is stored separately from the database and is needed if you want to upgrade the User Profile Sync database. You must export the Microsoft Identity Integration Server Key (MIIS) encryption key from the SharePoint Server 2010 environment. You will import this exported key to the SharePoint Server 2013 environment after you upgrade the User Profile service application databases. By default, the key is located on the server that is running SharePoint Server 2010 and that is hosting the Microsoft Forefront Identity Manager services in the following directory: <root directory drive>\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin.
To export the encryption key for the User Profile service application
Verify that you have the following memberships:
- Administrators group on the server on which you are running the command.
Open the Command Prompt window, and then change to the following folder:
%Program Files%\Microsoft Office Servers\14.0\Synchronization Service\Bin\
To export the key, type the following at the command prompt, and then press ENTER:
miiskmu.exe
In the Microsoft Identity Integration Server Key Management Utility wizard, verify that Export key set is selected, and then click Next.
In the Account Name box, type the account name for the farm administrator.
In the Password box, type the password for the farm administrator.
In the Domain box, type the domain that contains the farm administrator account, and then click Next.
In the Specify export file name and location box, type or click browse to select the path and file name to use for the exported key, and then click Next.
The key is exported as a file that has a .BIN file name extension.
Verify the information, and then click Finish.
A message appears indicating that the key was successfully exported.
Click Close to close the Microsoft Identity Integration Server Key Management Utility.
For more information, see Back up a User Profile Service application (SharePoint Server 2010).
Other information to collect
For more information about information that you might want to collect from the SharePoint Server 2010 farm that is not specific to Duet Enterprise, see Prepare for upgrade (https://technet.microsoft.com/en-us/library/ff607663.aspx\#Prepare).
Back up the SharePoint 2010 Products databases by using SQL Server tools
You must back up all service application and content databases that are associated with Duet Enterprise on the SharePoint 2010 farm. Specifically, Duet Enterprise depends on the service application types shown in the following table.
Table: Service application types
| Service application type | What it contains |
|---|---|
Business Data Connectivity service Application |
BDC models and External Content Types for Duet Enterprise 1.0. Important Make sure that you know the passphrase of the Secure Store Service application associated with this database before you back it up or you won't be able to upgrade it on the SharePoint Server 2013 farm. If you don't know the passphrase, refresh the key before you back up the database and make sure that you store the passphrase in a safe location. |
User Profile Service Application |
This service application uses three databases: a profile, social, and sync database. At a minimum you must back up the profile database, which contains the SharePoint user profiles. If role sync was run, this database also includes SAP roles. We recommend that you backup all three databases for this service application. Otherwise, when you attach the profile database to a new User Profile Service Application, SharePoint creates an empty social and sync database for the new service application. |
Secure Store Service Application |
Target Application used by Duet Enterprise 1.0 named "WSDL". Important Make sure that you know the passphrase of the Secure Store Service application associated with this database before you back it up or you won't be able to upgrade it on the SharePoint Server 2013 farm. If you don't know the passphrase, refresh the key before you back up the database and make sure that you store the passphrase in a safe location. |
In addition to the databases described in the table above, you must also backup all content databases that contain site collections used for Duet Enterprise.
For information about backing up the SharePoint 2010 databases, see Back up the SharePointAll_2nd_14 databases by using SQLServer_2nd_NoVer tools (https://technet.microsoft.com/en-us/library/jj839720.aspx\#backup).
Prepare the SharePoint 2013 farm for upgrade
In this section:
Install SharePoint 2013 in the new environment
Install SharePoint language packs
Restore the databases
Set the databases to read-write
Verify that the service instances are running
Database-attach upgrade
Verify that all of the new proxies are in the default proxy group
Create web applications
Create an alternate access mapping for the SSL-enabled web application
Next steps
Install SharePoint 2013 in the new environment
SharePoint Server 2013 does not support in-place upgrade so you must deploy a new SharePoint Sever 2013 Enterprise Edition farm.
Tip
Duet Enterprise is supported only on the Enterprise Edition of SharePoint Server 2013.
For information about how to installing SharePoint Server 2013, see the following:
Configure service applications (https://technet.microsoft.com/en-us/library/cc263026.aspx\#configfarm).
Configure farm settings (https://technet.microsoft.com/en-us/library/cc263026.aspx\#configfarmsettings)
Tip
-
You do not have to enable service applications that you will be restoring from the backup databases of the SharePoint Server 2010 farm. You will create these service applications in a later procedure.
-
You do not have to create the web applications now. You will create them in a later procedure.
Install SharePoint language packs
If you created sites for multiple languages for Duet Enterprise on the SharePoint Server 2010 farm, you must install SharePoint language packs for each language that was supported on the SharePoint Server 2010 farm. Otherwise, skip to Restore the databases later in this article.
The SharePoint 2013 language packs that you want to use must be installed on each web server in the SharePoint Server 2013 farm before you attach the databases. Otherwise, database attach will fail. For information about how to install SharePoint 2013 language packs, see Install or uninstall language packs for SharePoint 2013.
Restore the databases
You have to restore the backup copies of the databases to SQL Server that you backed up from the SharePoint Server 2010 farm.
The following table describes the service application types that Duet Enterprise depends on and what they are used for. To upgrade Duet Enterprise, you must restore the databases that contain these service application types.
Table: Service application types
| Service application type | What it contains |
|---|---|
Business Data Connectivity service Application |
BDC models and External Content Types for Duet Enterprise 1.0. |
Secure Store Service Application |
Target Application used by Duet Enterprise 1.0 named "WSDL". |
User Profile Service Application |
SharePoint user profiles. If role sync was run, then this database also includes SAP roles. Tip If you backed up the Social or Sync database, we recommend that you also restore those databases when you restore the Profile database for the user profile service application. |
In addition to the databases described in the table above, you must also restore all content databases that contain web applications used for Duet Enterprise.
After you configure the new SharePoint 2013 server farm, you can restore the backup copies of the databases to SQL Server 2008 R2. Start with one database, and then verify that the restoration has worked before you restore the other databases.
Important
Be sure to keep a copy of your original backups in reserve, just in case upgrade fails and you have to troubleshoot and try again.
To restore a backup copy of a database in SQL Server 2008 R2
Open Microsoft SQL Server Management Studio and connect to the SQL Server to which you want to restore databases. Verify that the user account that is performing this procedure is a member of the db_owner fixed database role for the databases.
After you connect to the appropriate instance of the SQL Server 2008 Database Engine, in Object Explorer, expand the server name.
Right-click Databases, and then click Restore Database.
The Restore Database dialog box appears.
In the Restore Database dialog box, on the General page, in the To database list, type the name that you want to assign to this database.
Tip
When you type the name for the restored database, you do not have to use the original name. If you want to change the database name from a name with a long GUID to a shorter, more friendly name, this is an opportunity to make that change. Be sure to also change the database and log file names in the file system (the MDF and LDF files) so that they match.
In the To a point in time text box, keep the default (Most recent possible).
To specify the source and location of the backup sets to restore, click From device, and then use the browse button to select the backup file.
In the Specify Backup dialog box, in the Backup media box, be sure that File is selected.
In the Backup location area, click Add.
In the Locate Backup File dialog box, select the file that you want to restore, click OK, and then, in the Specify Backup dialog box, click OK.
In the Restore Database dialog box, under Select the backup sets to restore grid, select the Restore check box next to the most recent full backup.
In the Restore Database dialog box, on the Options page, under Restore options, select the Overwrite the existing database (WITH REPLACE) check box.
Click OK to start the restore process.
A message appears after the database is successfully restored. Click OK to close this dialog box.
Repeat steps 3 thorough 13 if you have additional databases to restore. Otherwise, continue to the following procedure.
Set the databases to read-write
You must also set the databases back to read-write on the SharePoint 2013 farm before you restore them.
To set a database to read-write in SQL Server
In SQL Server Management Studio, in Object Explorer, connect to an instance of the Database Engine, expand the server, and then expand Databases.
Select the database that you want to configure to be read-write, right-click the database, and then click Properties.
In the Database Properties dialog box, in the Select a page section, click Options.
In the details pane, scroll down to the bottom of the list. In the State section, click the Database Read-Only row, click the arrow that appears, and then select False.
Click OK.
Repeat steps 2 through 5 for any other databases that you want to set to read-write. When finished, continue to the following procedure.
Verify that the service instances are running
Complete this procedure to make sure that the service instances that Duet Enterprise depends on are running in the SharePoint Server 2013 farm.
Note
You must be a farm administrator to complete this procedure.
In SharePoint 2013 Central Administration, on the Application Management page, in the Service Applications section, click Manage Services on server.
In the Business Data Connectivity service row, verify that the Status column shows the status Started. If it does not, in the Action column, click Start.
In the Secure Store Service row, verify that the Status column shows the status Started. If it does not, in the Action column, click Start.
In the User Profile Service row, verify that the Status column shows the status Started. If it does not, in the Action column, click Start.
In the User Profile Synchronizations Service row, verify that the Status column shows the status Started. If it does not, in the Action column, click Start.
Database-attach upgrade
You must upgrade the service application types that are listed in the following table.
Table: Service application types
| Service application type | What it contains |
|---|---|
Business Data Connectivity service Application |
BDC models and External Content Types for Duet Enterprise 1.0. |
Secure Store Service Application |
Target Application used by Duet Enterprise 1.0 named "WSDL". |
User Profile Service Application |
SharePoint user profiles. If role sync was run, then this database also includes SAP roles. |
To upgrade a service application, you create a service application and upgrade the database. You will also create a proxy for these service applications and add it to the default proxy group.
To upgrade the service applications, complete the steps in the following articles:
The "Upgrade the Business_Data_Connectivity_service application" section in Upgrade service applications to SharePoint 2013
The "Upgrade the SecureStore_2nd service application" section in Upgrade service applications to SharePoint 2013
The "Upgrade the User Profile service application" section in Upgrade service applications to SharePoint 2013
Note
You might also want to upgrade other service applications used by SharePoint Server. For information about how to upgrade other service application types, see Upgrade service applications to SharePoint 2013 (https://technet.microsoft.com/en-us/library/jj839719.aspx).
Verify that all of the new proxies are in the default proxy group
After you upgrade the service applications, you must verify that all proxies are in the default proxy group.
Use the following procedure to verify that the steps to create the proxies and add them to the default proxy group worked.
To verify that all of the new proxies are in the default proxy group by using Windows PowerShell
Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets. An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.
Note
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following commands:
$pg = Get-SPServiceApplicationProxyGroup -Identity " "
$pg.Proxies
Where:
$pg is a variable that you set to represent the default proxy group.
You use an empty identity parameter (" ") to specify the default proxy group. This returns a list of all proxies in the default proxy group, their display names, type names, and IDs.
For more information, see Get-SPServiceApplicationProxyGroup.
Now that the service applications are upgraded, you can start the process to upgrade the content databases. The first step in that process is to create the web applications that are needed for each content database.
Create web applications
You must create a web application on the SharePoint Server 2013 farm for each web application that exists in the SharePoint Server 2010 environment on which Duet Enterprise solutions are enabled.
Use the same URL, port number, and zone that you used on the SharePoint Server 2010 farm.
If you use a different URL, Office applications might not be redirected correctly to the new URLs and all bookmarks to the old URLs will not work. This will require that you configure the new web application using a Host header that is the same URL that is used by the web application on the SharePoint Server 2010 farm.
Tip
To do this, you must configure the web application to use a host header.
Use the same authentication method.
For example, if you use Windows Claims-based authentication in your old environment, and you want to continue using it, then you must create a web application that uses Windows Claims-based authentication. For more information, see Create claims-based web applications in SharePoint 2013.
Or, you can migrate to claims authentication. For more information, see Migrate from classic-mode to claims-based authentication in SharePoint 2013.
Re-create included paths.
Re-create quota templates.
Configure email settings for the web application.
For more information, see Configure email integration for a SharePoint 2013 farm.
Enable self-service site creation for any web application that used it in the previous environment. Recreate any self-service site creation settings.
Recreate any web application policies or other web application settings that you had configured in the previous environment.
To create a web application that uses Windows claims-based authentication
Verify that you have the following administrative credentials:
- To create a web application, you must be a member of the Farm Administrators SharePoint group and a member of the Windows Administrators group on the server that is running Central Administration.
On the Central Administration Home page, in the Application Management section, click Manage Web applications.
On the ribbon, in the Contribute group, click New.
In the IIS Web Site section, in the Name box, optionally enter a name.
In the IIS Web Site section, in the Port box, type the port number that is used by the web application of the SharePoint 2010 farm.
By default, this field is populated with a random port number.
In the IIS Web Site section, in the Host Header box, type the host name (for example, www.contoso.com) that you want to use to access the web application.
Note
This must be the same URL used to access the web application on the SharePoint 2010 farm. When you are ready to switch users over to the SharePoint 2013 farm, you will update the entry in DNS that refers user requests to this web application.
In the IIS Web Site section, in the Path box, optionally type the path of the IIS website root directory on the server.
This box is populated with a suggested path.
In the Claims Authentication Types section, make sure that the Enable Windows Authentication check box is selected and in the drop-down menu select either Negotiate (Kerberos) or NTLM.
Tip
This must match the configuration of your web application on the SharePoint 2010 farm.
For more information, see Plan for Kerberos authentication in SharePoint 2013.
In the Public URL section, change the URL to the fully qualified domain name. For example, https://corp.contoso.com:80. This must match the fully qualified domain name that is used by the web application of the SharePoint 2010 farm.
Note
The Zone value is automatically set to Default for a new web application.
In the Application Pool section, make sure that Create a new application pool is selected, and then type the name that you want to use for the new application pool or keep the default name.
Under Select a security account for this application pool, make sure that Configurable is selected and select the managed account that you want to use for this application pool.
In the Database Name and Authentication section, select the database server and database name for your new web application as described in the following table or accept the default values.
Item Action Database Server
Type the name of the database server and Microsoft SQL Server instance that you want to use in the format, SERVERNAME\instance. You can also use the default entry.
Database Name
Type the name of the database, or use the default entry.
In the Database Name and Authentication section, make sure that Windows Authentication (recommended) is selected.
If you use database mirroring, in the Failover Server section, in the Failover Database Server box, type the name of a specific failover database server that you want to associate with a content database.
In the Service Application Connections section, select the service application connections that will be available to the web application. In the drop-down menu, click default or custom. You use the custom option to select the services application connections that you want to use for the web application.
Tip
Duet Enterprise requires that the following service applications are associated with this web application: Business Data Connectivity service, Secure Store Service, and User Profile Service Application.
In the Customer Experience Improvement Program section, click Yes or No.
Click OK to create the new web application.
Click OK in the dialog box that appears. The web application that you created appears on the Web Applications Management page in Central Administration. Do not close this page because you will need it for the next procedure.
To extend the web application
Verify that you have the following administrative credentials:
- To create a web application, you must be a member of the Farm Administrators SharePoint group and a member of the Windows Administrators group on the server that is running Central Administration.
On the Central Administration Home page, in the Application Management section, click Manage Web applications.
On the Web Applications Management page, select the web application that you created in the previous procedure.
On the ribbon, in the Contribute group, click Extend.
On the Extend Web Application to Another IIS Web Site page, in the IIS Web Site section, make sure that Create a new IIS web site is selected.
Optionally, enter a name in the Name box, or accept the default name.
In the IIS Web Site section, in the Port box, type the port number that you want to use to access the web application. By default, this field is populated with a random port number.
Tip
This port number must match the port number that you used for the web application of the SharePoint 2010 farm.
In the IIS Web Site section, in the Host Header box, type the host name (for example, www.contoso.com) that you want to use to access the web application.
Tip
This must be the same URL you used for the extended web application of the SharePoint 2010 farm.
Optionally, in the IIS Web Site section, in the Path box, type the path of the IIS website root directory on the server. By default, this field is populated with a suggested path.
In the Security Configuration section, under Use Secure Sockets Layer (SSL), click Yes.
In the Claims Authentication Types section, make sure that Enable Windows Authentication is selected and in the drop-down menu, select either Negotiate (Kerberos) or NTLM. For more information, see Plan for Kerberos authentication in SharePoint 2013.
Tip
This must match the configuration of your web application on the SharePoint 2010 farm.
Select the Basic authentication (credentials are sent in clear text) check box.
In the Public URL section, change the URL to the fully qualified domain name. For example, https://corp.contoso.com:443.
In the Zone list, select the zone that you want to use for this port.
Important
You must select the same zone that is configured for the web application on the SharePoint Server 2010 farm.
Click OK to extend the web application.
Create an alternate access mapping for the SSL-enabled web application
The web application that you created in the previous procedure must be available by using the URL that is specified in the SSL certificate that you will bind to that web application (in a later procedure). If it is not the same URL, for example if the web application was created by using the fully qualified domain name (FQDN) but the certificate uses the short URL, you must create an alternate access mapping to specify the URL that is listed in the certificate.
Note
An example of a FQDN is http://contoso.corp.com. In this example, the short URL would be http://contoso.
If the URL listed in the SSL certificate and the URL used to create the web application are the same, then you do not have to perform this procedure.
To create an alternate access mapping
In Central Administration, on the Quick Launch, click System Settings.
In the Farm Management section, click Configure alternate access mappings.
Click Add Internal URLs.
In the Alternate Access Mapping Collection section, select the web application that you will use for your Duet Enterprise sites.
In the Add Internal URL section, do the following:
- In the URL protocol, host and port box, type the URL that is listed in the SSL certificate.
In the Zone list, select the zone that you used when you extended the web application.
Click Save.
The alternate access mapping that you created appears on the Alternate Access Mappings page.
Next steps
If you created any other alternate access mappings on the SharePoint 2010 farm, you must re-create them on the SharePoint 2013 farm. For more information about alternate access mappings, see this video.
Reapply any customizations from the SharePoint 2010 farm to the SharePoint 2013 farm and test the customizations. For more information, see Reapply customizations and Verify custom components.
Install Duet Enterprise 1.0 on the SharePoint Server 2013 farm
Complete the procedures in this section to install Duet Enterprise 1.0 on the SharePoint Server 2013 farm.
Pre-installation steps
This section shows the pre-installation preparations that you must complete before you install Duet Enterprise 1.0 on the SharePoint 2013 farm.
Prepare the Duet Enterprise 1.0 installation files
You must have access to the Duet Enterprise 1.0 installation files in a location on which you have read and write permissions. This can be a local folder on the SharePoint Server 2013 farm or a network share.
Tip
You need write access to the installation files because you will need to create a new file in that folder called setup.exe.config. Details about how to create that file are provided later in this article.
If you don't already have access to the Duet Enterprise 1.0 installation files, you can do the following:
Log on to the SharePoint Server 2013 farm as a member of the Administrators group.
Download the Duet Enterprise for Microsoft SharePoint and SAP (x64) - DVD file from MSDN Subscriber downloads. You have to use a Microsoft ID to log on to this site.
Burn a CD of the ISO image that you downloaded in step 2.
Copy the files from the CD to a local drive on the SharePoint Server 2013 farm or a network share. Ensure that the administrator who is installing Duet Enterprise has been granted read and write permissions on the folder or network share.
Create the setup.exe.config file
Installing Duet Enterprise 1.0 on SharePoint Server 2013 requires an additional file that is named setup.exe.config that was not required on the SharePoint Server 2010 farm. This file ensures that Duet Enterprise 1.0 uses version 4.0 of the .NET runtime.
Complete this procedure on the computer on which you copied the Duet Enterprise 1.0 files.
To create the setup.exe.config file
Click Start, point to All Programs, click Accessories, and then click Notepad.
In Notepad, enter the following text:
<configuration>
** <startup>**
** <supportedRuntime version="v4.0"/>**
** </startup>**
</configuration>
Click File, and then click Save As.
Browse to the folder or network share location where you copied the Duet Enterprise 1.0 installation files. This is the location that contains the setup.exe and setup.exe.manifest files.
In the File name box, enter setup.exe.config.
In the Save as type box, select All files.
Click Save.
Create a registry key
You have to create a registry key to specify that Duet Enterprise 1.0 should be installed to the 14 hive. You can do this manually or use the regkeyadd.ps1 PowerShell script. If you have not already done so, you can download the script from MSDN Code Gallery.
Do one of the following:
To create the registry key
To create the registry key using the regkeyadd.ps1 script
To create the registry key manually
Click Start, and then click Run.
In the Run dialog box, enter Regedit, and then click OK.
In the Registry Editor, expand the HKEY_LOCAL_MACHINE node, expand the SOFTWARE node, expand the Microsoft node, right-click the Office Server node, point to New, and then click Key.
Name the key 14.0.
Right-click 14.0, point to New, and then click String Value.
In the Name column, right-click the new string value that you created, click Rename, enter InstallPath, and then press ENTER.
Right-click the string value that you just created, and then click Modify.
In the Value data box, enter <systemDrive>:\Program Files\Microsoft\Office Servers\14.0\, and then click OK.
Where <systemDrive> is the drive letter on which Windows is installed.
The key that you created should resemble this:
Close the Registry Editor.
Repeat steps 1 through 9 on each remaining web servers in the SharePoint farm.
Proceed to Copy the stsadm.exe file to the 14 hive.
To create the registry key using the regkeyadd.ps1 script
Log on to a web server in the SharePoint farm as a member of the Windows Administrators group.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, enter the following command:
<path>\regkeyadd.ps1
Where <path> is the location where you downloaded the scripts. For example, if you downloaded the scripts to c:\scripts, then you would enter c:\scripts\regkeyadd.ps1.
After you press Enter, the location to which the key is written in the registry and other properties about the registry key is displayed in the command prompt as well as the message "Registry key created successfully".
You can optionally verify the existence of the registry key, as follows:
Click Start, and then click Run.
In the Run dialog box, enter Regedit, and then click OK.
In the Registry Editor, expand the HKEY_LOCAL_MACHINE node, expand the SOFTWARE node, expand the Microsoft node, expand the Office Server node, and then click the 14.0 node.
The registry key should resemble this:
Repeat steps 1 through 7 on all other web servers in the SharePoint Server farm.
Copy the stsadm.exe file to the 14 hive
The Duet Enterprise installation files require that the stsadm.exe file is in the 14 hive. Complete the following procedure to copy the stsadm.exe file from the 15 hive to the 14 hive. You can do this manually or use the stsadmcopy.ps1 PowerShell script. If you have not already done so, you can download the script from MSDN Code Gallery.
Do one of the following:
Copy the stsadm.exe file to the 14 hive manually
Copy the stsadm.exe file using the script
To copy the stsadm.exe file to the 14 hive manually
In Windows Explorer, go to the <systemDrive>:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\ folder.
Create a folder named BIN at that location.
Copy the stsadm.exe file from the <systemDrive>:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\BIN\ folder to the <systemDrive>:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\ folder.
Repeat steps 1 through 3 on all other web servers in the SharePoint Server farm.
Proceed to Verify service apps are running and record their names.
To copy the stsadm.exe file using the script
Log on to a web server in the SharePoint farm as a member of the Windows Administrators group.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:
<path>\stsadmcopy.ps1
Where <path> is the location where you downloaded the scripts. For example, if you downloaded the scripts to c:\scripts, then you would enter c:\scripts\stsadmcopy.ps1.
After you press Enter, the file folder to which the stsadm.exe file was copied is displayed and the "Copied Stsadm.exe successfully" message is also displayed.
You can optionally verify that the stsadm.exe file was copied by looking in the <systemDrive>:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\ folder.
Repeat steps 1 through 7 on all the other web servers in the SharePoint farm.
Verify service apps are running and record their names
Verify that you have the following administrative credentials:
- You must be a member of the Farm Administrators SharePoint group.
On the Central Administration Home page, in the Application Management section, click Manage service applications.
Record the name of the Business Data Connectivity service Application and make sure that this application services is started. If it is not started, start it.
Record the name of the Secure Store Service Application and make sure that this application services is started. If it is not started, start it.
Record the name of the User Profile Service Application and make sure that this application services is started. If it is not started, start it.
Install Duet Enterprise 1.0
The procedures in this section describe how to install the Duet Enterprise files, verify full control access to the User Profile Services application, and perform a basic installation of Duet Enterprise into the SharePoint configuration database. You must perform all procedures in the listed order.
In this section:
Install the Duet Enterprise 1.0 files
Verify Full Control access to the User Profile Service application
Configure the DuetConfig.exe.config file
Install the SharePoint October Cumulative Update
Run DuetConfig /install
Activate the Claim Provider feature
Configure the Duet Enterprise 1.0 solutions
Install the Duet Enterprise 1.0 files
This procedure copies files that are on the Duet Enterprise for Microsoft SharePoint and SAP DVD to the appropriate folders on the computer that is running Microsoft SharePoint Server 2013.
Tip
This procedure must be performed on all front-end web servers and application servers in the SharePoint Server farm.
To run setup
Verify that you have the following administrative credentials:
You must be a member of the Windows Administrators group on the front-end web server that is running SharePoint Server 2013 to complete this procedure.
You must also be a member of the Farm Administrators group on the SharePoint Server farm on which you are installing Duet Enterprise.
Log on to a front-end web server that is running SharePoint Server.
Open a Command Prompt window as administrator and go to the folder or file share to which you copied the Duet Enterprise 1.0 installation files.
Type setup.exe /install.
The following tables describe optional parameters.
Optional setup parameters
Parameter Use /installpath=<drive:\path>
Install Duet Enterprise to a different path. For example:
Setup.exe /installpath=d:\
Note
By default, Duet Enterprise files are installed to the <system>:\Program Files\Duet Enterprise\1.0 folder.
/languages=<comma separated list of language codes in language-region format as defined in RFC 5646>
Install language packs in the languages that you specify.
For example, to install the German and French language packs with Duet Enterprise, type Setup.exe /install /languages=de-de,fr-fr.
Important
You must install the Duet Enterprise language packs that were installed on the SharePoint Server 2010 farm.
/quiet
Suppresses error and success messages.
/logdir=<log file path>
Path to the Duet Enterprise related log files.
/?
Displays Help.
Note
Duet Enterprise cannot access SharePoint Server sites and site collections that use a language pack that is not installed for Duet Enterprise. If the SharePoint Server sites and site collections use a language that is not available as a language pack for Duet Enterprise, install the English language pack for Duet Enterprise and create the SharePoint Server sites and site collections in English.
Language codes
Language code Language ar-sa
Arabic (Saudi Arabia)
de-de
German
en-us
English (United States)
es-es
Spanish
fr-fr
French
he-il
Hebrew (Israel)
it-it
Italian
ja-jp
Japanese
pt-br
Portuguese (Brazil)
ru-ru
Russian
tr-tr
Turkish
zh-cn
Chinese (China)
zh-tw
Chinese (Taiwan)
Press ENTER.
On the Duet Enterprise for Microsoft SharePoint and SAP license agreement page, select the I accept the terms in the license agreement check box, and then click Install to continue.
After the “Duet Enterprise setup completed successfully” message is displayed, close the Command Prompt window. If setup fails, review the Duet Enterprise logs, resolve the problem, and then repeat step 4. If you used the /logdir parameter, the logs can be found in the folder that you specified. Otherwise, logs are stored in the Temporary folder of the user who ran Setup.exe /install.
If you have more than one server in a SharePoint Server 2013 server farm, repeat steps 1 through 7 on each additional front-end web and application server.
Verify Full Control access to the User Profile Service application
Before you perform the following procedure, verify that the account that you will use to run DuetConfig.exe is both a member of the Farm Administrators SharePoint group and has been granted Full Control permissions on the User Profile Service Application.
Note
You must be a member of the Farm Administrators SharePoint group to complete this procedure.
To verify access to the User Profile Service Application
On the Central Administration Home page, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click the row that contains the User Profile Service Application that you upgraded earlier.
On the ribbon, in the Sharing group, click Permissions.
In the Connection Permissions dialog box, do one of the following:
If the user account that you'll use to run DuetConfig.exe appears in the middle pane, click the user account.
If the user account that you'll use to run DuetConfig.exe does not appear in the middle pane, type the user account in the top pane, and then click Add.
In the bottom pane, verify that the Full Control check box is selected.
Click OK.
Configure the DuetConfig.exe.config file
When you ran the setup /install command earlier, a file that is named DuetConfig.exe.config was created. This file is in the <drive>:\Program Files\Duet Enterprise\1.0 folder, by default.
Where <drive> is the drive on which the Duet Enterprise files are stored.
You must make sure that this file is configured with the same accounts configured for this file on the SharePoint Server 2010 farm. The easiest way to achieve this is to replace the DuetConfig.exe.config file with the file from the SharePoint Server 2010 farm. You must also set the report publishing URL.
To verify user account settings in the DuetConfig.exe.config file
Open a Command Prompt window and go to the <drive>:\Program Files\Duet Enterprise\1.0 folder.
Where <drive> is the drive on which the Duet Enterprise files are stored.
At the prompt, type Notepad DuetConfig.exe.config, and then press ENTER.
In the DuetConfig.exe.config file, in the Reporting node, make sure that the value is the same value that was configured for the SharePoint Server 2010 farm and that the ReportPublishingURL value is the URL of the web application that you created earlier.
In a file that is not configured, the Reporting node has the value "NotSet" for both keys as shown in the following illustration.
In the Reporting node, ensure that the value of the ReportPublishingURL is the value of the extended port of web application that you created and extended earlier.
Important
Only one URL is supported for Report Publishing reports to the same web application. Do not specify multiple URLs for the same web application.
In the Workflow node, the ServiceAccount value must be set with the same value that was configured for the SharePoint Server 2010 farm. In an un-configured file, this value is blank, by default as shown in the following illustration.
Do not close the file yet. You will need it in the next procedure.
After verifying that all the settings are correct, you must add an additional node to the DuetConfig.exe.config file. This node ensures that Duet Enterprise 1.0 runs using ASP.NET 4.0.
Add the startup node to the DuetConfig.exe.config file
You must add the startup node to the DuetConfig.exe.config file so that Duet Enterprise knows which version of the .NET framework to use. You can do this manually or you can use the duetconfigmodify.ps1 PowerShell script. If you have not already done so, you can download the script from MSDN Code Gallery.
Do one of the following:
Add the startup node manuallyAdd the startup node manually
Add the startup node using the script
Note
This script is supported only on computers on which Duet Enterprise 1.0 is installed to the default folder, which is %Program Files%\Duet Enterprise\1.0. If Duet Enterprise was installed to a different folder, you must add the startup node manually.
To add the startup node manually
In Notepad, add the following node to the bottom of the DuetConfig.exe.config file, just above the </configuration> tag.
<startup>
** <supportedRuntime version="v4.0"/>**
</startup>
The bottom of your configuration file should resemble the following illustration.
Click File, and then click Save.
Close Notepad.
Proceed to Install the SharePoint Cumulative Update.
To add the startup node using the script
Log on to the computer on which the DuetConfig.exe.config file is installed, as a member of the Windows Administrators group.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:
<path>\duetconfigmodify.ps1
Where <path> is the location where you downloaded the scripts. For example, if you downloaded the scripts to c:\scripts, then you would enter c:\scripts\duetconfigmodify.ps1.
After you press Enter, a message is not displayed in the command prompt. You can optionally verify that the script was successful by opening the DuetConfig.exe.config file in Notepad and verifying that the <startup><supportedRuntime version="v4.0"/></startup> node has been added to the end of the file. This node will be just before the </configuration> tag.
Note
The DuetConfig.exe.config file is in the <systemDrive>:\Program Files\Duet Enterprise\1.0 folder, by default, where <systemDrive> is the drive on which the Duet Enterprise files are stored.
Install the SharePoint Cumulative Update
This update provides updates for supporting Duet Enterprise 1.0 on SharePoint Server 2013.
To install SharePoint October Cumulative Update
- Download the SharePoint Cumulative Update to a folder or file share and install it. You can request this cumulative update from Description of the SharePoint Server 2010 Cumulative Update Server Hotfix Package (MOSS server-package): October 26, 2010 (https://support.microsoft.com/default.aspx?scid=kb;EN-US;2394320). Or if you don't want to install the cumulative update, you can instead download and install Description of the Duet Enterprise for SharePoint and SAP hotfix package (Duetserver-x-none.msp): November 15, 2012. Both the October Cumulate Update and the hotfix package enable the Duet Enterprise Workflow solution to work correctly on SharePoint Server 2013.
Run DuetConfig /install
To run DuetConfig /install
Log on to a front-end web server as a member of the Farm Administrators group.
Tip
You have to complete this procedure on only one front-end web server.
Click Start, click All Programs, and then click Accessories.
Right-click Command Prompt, and then click Run as administrator.
In the Command Prompt window, go to the folder that contains the DuetConfig.exe file.
By default, this is the C:\program files\Duet Enterprise\1.0\ folder.
Type DuetConfig /install, and then press ENTER.
After the “Duet configuration succeeded” message appears in the Command Prompt window, close the Command Prompt window.
Activate the Claim Provider feature
Complete this procedure to activate the claim provider feature.
In Central Administration, in the Quick Launch, click System Settings.
In the Farm Management section, click Manage farm features.
In the Duet Enterprise SAP Roles Claims Provider row, click Activate.
Duet Enterprise 1.0 is now installed. The next step is to configure the solutions. Note that you do not have to install the BDC models because they are in the database that you restored and attached earlier for the Business Data Connectivity service Application.
Configure the Duet Enterprise 1.0 solutions
Complete the procedures in this section in the order shown to configure the Duet Enterprise 1.0 solutions.
In this section:
Verify the service application names in DuetConfig.exe.config
Configure Reporting
Configure Workflow
Configure the RoleSync solution
Configure Starter Services
Verify the service application names in DuetConfig.exe.config
The first step in configuring the solutions is to ensure that the service application names that you created during the database-attach upgrade are reflected in the DuetConfig.exe.config file.
Important
If you changed the names of your service applications when you upgraded them, you must make sure that the DuetConfig.exe.config file contains the new names. Use the following procedure to verify these values and update them as necessary.
Open a Command Prompt window and go to the <drive>:\Program Files\Duet Enterprise\1.0 folder.
Where <drive> is the drive on which the Duet Enterprise files are stored.
At the prompt, type Notepad DuetConfig.exe.config, and then press ENTER.
In the SecurityConfiguration node, make sure that the value of BDCServiceApplicationProxyName matches the name of the Business Data Connectivity service Application Proxy you are using for Duet Enterprise. Note that you can verify this name on the Manage Service Applications page of Central Administration. In an un-configured file, this value is "Business Data Connectivity Services Proxy" as seen in the following illustration.
In the ProfileSynchronization node, make sure that the UserProfileServiceApplicationName value matches the name of the User Profile Service Application that you are using for Duet Enterprise. Note that you can verify this name on the Manage Service Applications page of Central Administration. In an un-configured file, this value is User Profile Service Application as seen in the following illustration.
Configure Reporting
Complete the procedures in this section to configure the reporting solution that is provided with Duet Enterprise 1.0. The steps in this section assume that you have already created and extended the web application.
Tip
To enable the reports solution, you must complete the steps in this section in the order shown.
Ensure that the Business Data Connectivity service is started and configured
To complete the procedures in this article the Business Data Connectivity service must be running. Complete this procedure to ensure that the Business Data Connectivity service that you are using for Duet Enterprise is running.
Note
You must be a member of the Farm Administrators group or an administrator of the instance of the Business Data Connectivity service.
To ensure that the Business Data Connectivity service is started and configured
On the Central Administration website, in the System Settings section, click Manage services on server.
If the Business Data Connectivity service is stopped, start it.
Configure the Reporting solution
Use this procedure to enable a web application to receive reports. This procedure configures the reporting solution on the web application that you specify.
Note
You must be a member of the Farm Administrators group to complete this procedure.
To configure Reporting
Open a Command Prompt window and open <drive>:\Program Files\Duet Enterprise\1.0.
At the prompt, type DuetConfig /configuresolution "Reporting" /webappurl "http://<WebAppName>:<Port>"
Where:
WebAppName is the name of the web application that you want to configure to receive reports. If a host name was assigned to the web application and mapped in AD DS, use the host name. Otherwise, for a single server deployment on which a host name has not been assigned to the web application, use the NetBIOS name of the computer that is running SharePoint Server 2013.
Port is the port number of the customer-facing zone of that web application.
Tip
The name of the BDC model “Reporting” is case-sensitive.
Press ENTER.
When successfully configured, the Command Prompt window displays the following message: “Solution successfully configured.”
Configure Workflow
Complete the following procedures to configure the Workflow solution.
Note
To complete this procedure, you must be a member of the Farm Administrators group.
To configure workflow
Open a Command Prompt window and open <systemdrive>:\Program Files\Duet Enterprise\1.0.
At the prompt, type DuetConfig /configuresolution "Workflow" /webappurl "http://<WebAppName>:<Port>"
Where:
WebAppName is the name of the web application in which you will create a workflow site. If a host name was assigned to the web application and mapped in AD DS, use the host name. Otherwise, for a single server deployment on which a host name has not been assigned to the web application, use the NetBIOS name of the computer that is running SharePoint Server 2010.
Port is the port number of the customer-facing zone of that web application.
Tip
You must use the web application URL that corresponds to the zone that end-users will use to access the workflow site. Using the URL of a different zone on the same web application can cause end-users to receive email messages that have incorrect URLs to workflow action items.
Warning
The web application that you specify must be configured to use Basic authentication. For more information, see the "Prepare the Web application" section of Configure secure communications for a new Web application (Duet Enterprise).
Press ENTER.
When the workflow is successfully configured, the Command Prompt window displays the following message: “Solution successfully configured.”
Restart IIS
Note
You must be a member of the Windows Administrators group on the front-end web server to complete this procedure.
To restart IIS
Open a Command Prompt window.
Type iisreset /restart /noforce, and then press ENTER.
Configure the RoleSync solution
This article describes how to configure RoleSync. This article assumes that RoleSync was configured and run on the SharePoint Server 2010 farm. If it was not, then skip ahead to Attach content database to the web application and upgrade the database.
Ensure farm administrator has full control permissions and verify name of User Profile Service Application
Use this procedure to make sure that members of the Farm Administrators group have full control permissions to the default User Profile Service and the Business Data Connectivity service application in the SharePoint farm. The farm administrator who will configure profile synchronization, later in this article, must be granted this permission.
Tip
SharePoint Server 2013 supports multiple User Profile Service applications. However, Duet Enterprise role synchronization works only with the default User Profile Service application.
Note
You must be a member of the Farm Administrators group or an administrator of the User Profile Service application to complete this procedure.
To ensure that farm administrator has full control permissions
In Central Administration, on the Quick Launch, click Central Administration.
In the Application Management section, click Manage service applications.
In the Type column, click the row that contains the default User Profile Service Application to select the row. This is the user profile service application that you created earlier.
The name of the User Profile Service Application is listed in the Name column. Note the name of this service application because you will need it for a later procedure.
On the ribbon, in the Sharing group, click Permissions.
In the Connection Permissions dialog box, ensure that the farm administrator was granted Full Control permissions.
Click OK.
In the Type column, click the Business Data Connectivity Service Application for the service that you are using for role synchronization.
On the ribbon, in the Sharing group, click Permissions.
In the Connection Permissions dialog box, ensure that the farm administrator was granted the Full Control permission.
Click OK.
Provide the SharePoint Timer service account
You must provide the SAP administrator with the user account that is assigned to the SharePoint Timer Service, also known as the SPTimerV4 service. The SAP administrator must make sure that this account is mapped to an SAP user who is granted sufficient permissions on the SAP system to query the UserRoles assignments query.
Note
You must be a member of the Windows Administrators group to complete this procedure.
To get the user account for the SharePoint 2010 Timer service
Log on to a front-end web server in the SharePoint Server 2013 farm as a member of the Administrators group.
Click Start, point to Administrative Tools, and then click Services.
In the Name column, right-click SharePoint Timer Service, and then click Properties.
In the SharePoint Timer Service Properties dialog box, on the Log On tab, note the account name that is listed in the This account text box.
Give this account name to the SAP administrator.
Click Cancel to close the SharePoint Timer Service Properties dialog box.
Configure RoleSync
Use this procedure to create the Business Connectivity Services connection between the SharePoint and SAP systems and to update the settings for the Profile Synchronization job definition.
Note
You must be a member of the SharePoint Farm Administrators group to complete this procedure.
To configure profile synchronization
Open a Command Prompt window and go to the <drive>:\Program Files\Duet Enterprise\1.0 folder.
Where <drive> is the drive on which the Duet Enterprise files are stored.
At the prompt type DuetConfig.exe /configureprofileSync, and then press ENTER.
When profile synchronization is configured, you receive the following message: “The specified Profile Sychronization Job was successfully configured.”
Configure Starter Services
This section describes how to configure Starter Services. You must complete the procedures in this section in the listed order.
Note
You must be logged on as a Farm Administrator and you must also be a member of the Windows Administrators group to complete this procedure.
The following table lists the solutions that you configure by using this procedure. Note that all solutions are deployed to a specific web application.
| Solution | Deployment scope |
|---|---|
ProductWorkspace |
Web application |
OrderToCash |
Web application |
CustomerWorkspace |
Web application |
Portal |
Web application |
Note
The OrderToCash solution must be configured before the CustomerWorkspace solution is configured.
To configure Starter Services solutions
Click Start, click All Programs, and then click Accessories.
Right-click Command Prompt, and then click Run as administrator.
This opens a Command Prompt window with administrator permissions.
In the Command Prompt window, open the directory <SystemDrive>:\Program Files\Duet Enterprise\1.0\.
At the prompt, type DuetConfig.exe /configuresolution "ProductWorkspace" /webappurl http://<HostName>
Where HostName is the fully qualified domain name of the web application for which you are configuring Starter Services.
Press ENTER.
When you see “Solution successfully configured” in the Command Prompt window, go to the next step.
At the prompt, type DuetConfig.exe /configuresolution "OrderToCash" /webappurl http://<HostName>
Where HostName is the fully qualified domain name of the web application for which you are configuring Starter Services.
Press ENTER.
When you see “Solution successfully configured” in the Command Prompt window, go to the next step.
At the prompt, type DuetConfig.exe /configuresolution "CustomerWorkspace" /webappurl http://<HostName>
Where HostName is the fully qualified domain name of the web application for which you are configuring Starter Services.
Press ENTER.
When you see “Solution successfully configured” in the Command Prompt window, go to the next step.
At the prompt, type DuetConfig.exe /configuresolution "Portal" /webappurl http://<HostName>
Where HostName is the fully qualified domain name of the web application for which you are configuring Starter Services.
Press ENTER.
When you see “Solution successfully configured.” in the Command Prompt window, go to the next procedure to verify the health of the Starter Services solutions configuration.
Optional: Configure Feature Pack 1 solutions
If you installed Feature Pack 1 for Duet Enterprise 1.0 on the SharePoint Server 2010 farm, then install Feature Pack 1 on the SharePoint 2013 farm. Otherwise, skip ahead to Attach content database to the web application and upgrade the database.
For information about how to install Feature Pack 1, see Feature Pack 1 for Duet Enterprise 1.0. Note that you do not have to import the TimeEntry BDC model because it is contained by the database that you restored and attached earlier for the Business Data Connectivity service Application.
Tip
If you are going to be updating to Duet Enterprise 2.0 before you switch users over to the SharePoint Server 2013 farm, don't bother deploying the user profile-based list solution of Feature Pack 1 because it is not supported in Duet Enterprise 2.0.
Attach content database to the web application and upgrade the database
Next, you must attach your content database to the web application that you created for Duet Enterprise on the SharePoint 2013 farm. To achieve this, complete the procedure in the " Attach a content database to a web application and upgrade the database" section in Upgrade content databases to SharePoint 2013.
After you have successfully attached your database, we recommend that you follow the guidance in the articles shown in the following table.
| Article | Comment |
|---|---|
Shows you how to verify that the content database was successfully upgraded. |
|
Only relevant if you are attaching more than one content database. |
|
Only relevant if you are attaching more than one content database. |
|
Recommendations for steps that you should do to get your farm ready for use. |
Manage certificates
Three certificates are used to help secure Duet Enterprise 1.0:
An SSL certificate that is bound to the web application you created and trusted by the SAP system.
An SSL certificate that is bound to SAP NetWeaver and trusted by SharePoint Server.
A SharePoint Security Token Certificate which you export from SharePoint Server 2013 and give to the SAP administrator to establish a one-way trust relationship between the SAP system and the Security Token Service in SharePoint Server.
Export the SharePoint Security Token Service Certificate
This procedure assumes that the SharePoint Security Token Service is already running. You can verify this on the Manage Service Applications page in Central Administration.
Note
You must be a member of the SharePoint Farm Administrators group to complete this procedure.
To export the SharePoint Security Token Service certificate
Verify that you are a member of the Windows Administrators group on the SharePoint front-end web server.
Log on to a front-end web server as a member of the Windows Administrators group.
Click Start, click Run, type mmc in the Open box, and then click OK.
If the Certificate snap-in is listed in the Name column, go to step 5. Otherwise, do the following:
In the console, click File, and then click Add/Remove Snap-ins.
In the Add or Remove Snap-ins dialog box, in the Snap-in column, click Certificates, and then click Add.
In the Certificates snap-in dialog box, select Computer account, and then click Next.
Click Finish, and then click OK.
You will now see the Certificates snap-in listed in the Name column.
In the Console Root (navigation pane), expand the Certificates tree, expand SharePoint, and then click Certificates.
In the Issued To column, right-click SharePoint Security Token Service, point to All Tasks, and then click Open.
In the Certificate dialog box, on the Details tab, click Copy to File.
On the Welcome to the Certificate Export Wizard page, click Next.
Because only the public certificate is needed and not the private key, on the Export Private Key page, make sure that No, do not export the private key is selected, and then click Next.
On the Export File Format page, click Next.
On the Export File Format page, in the File name box, type the path and file name to which you want export your certificate, and then click Next.
For example, C:\share\STScert.
Tip
You do not have to type the file name extension.
On the Completing the Certificate Export Wizard page, click Finish.
In The export was successful dialog box, click OK.
Leave the Certificate dialog box open because you will need it in a later procedure.
Give the STS certificate to the SAP administrator
Provide a copy of the Security Token Service (STS) certificate that you exported to the SAP administrator. The SAP administrator will use the STS certificate to establish a one-way trust relationship with the Security Token Service.
Provide information about the STS certificate to the SAP administrator
You must provide the STS Issuer name to the SAP administrator. Use the procedure in this section to collect this information.
Note
You must be a member of the Windows Administrators group on a SharePoint front-end web server to perform the procedures in this section
To collect the STS Issuer name
In the Certificate dialog box, click the Details tab.
In the Field column, click Issuer.
In the bottom pane, note the value for CN, OU, O, and C.
Click OK to close the Certificate dialog box.
Establish a trust relationship with the SSL certificate from the SAP environment
For the SSL-enabled web application to accept information from the SAP environment, you must establish a trust relationship with the SSL certificate that was provided by the SAP administrator.
Note
You must be a member of the Farm Administrators SharePoint group to complete this procedure.
To trust the SSL certificate from the SAP environment
In Central Administration, on the Quick Launch, click Security.
In the General Security section, click Manage trust.
On the ribbon, in the Manage group, click New.
In the Establish Trust Relationship dialog box, in the Name box, type the name that you want to use for this trust relationship.
Next to the Root Authority Certificate box, click Browse.
In the Choose File to Upload dialog box, in the File name box, type the path and file name of the certificate for which you want to establish a trust relationship, and then click Open.
Click OK to close the Establish Trust Relationship dialog box.
The name that you typed in step 4 appears in the Name column on the Trust Relationship page.
Create or obtain an SSL Certificate
Note
To create an SSL certificate, you must be a member of the Administrators group on a front-end web server that runs Internet Information Services (IIS) 7.
To use Secure Sockets Layer (SSL) to help secure a web application, you must have an SSL certificate. For a production environment, we recommend that you obtain a signed certificate from either a third-party certification authority (CA) or a CA in your intranet domain. However, for test environments you can create a self-signed certificate for this purpose. For more information about the kind of certificate to use and how to create a self-signed certificate, see How to Setup SSL on IIS 7.0.
Create the SSL Binding for the SSL enabled zone
Complete this procedure to bind an SSL certificate to the SSL-enabled zone of your web application.
Note
You must be a member of the Administrators group on the computer that is running SharePoint Server 2010 to complete this procedure.
To create the SSL Binding for the extended web application
Log on to a front-end web server as a member of the Windows Administrators group.
Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In the Connections pane, expand Sites, and then select the site that is associated with the SSL-enabled web application that you created in an earlier procedure.
Tip
This site can be identified by the port number and name that you assigned to the site when you extended the web application.
In the Actions pane, in the Edit Site section, click Bindings.
In the Site Bindings dialog box, click Add.
In the Add Site Binding dialog box, select https from the Type drop-down list.
In the Port box, enter the port number of the site.
From the SSL certificate list, select the SSL certificate that you created or obtained in Create or obtain an SSL Certificate, and then click OK.
Click Close to close the Site Bindings dialog box.
Repeat steps 1 through 8 for each additional front-end web server in the load balance rotation of the SharePoint Server 2010 server farm.
Export the SSL certificate
If you obtained an SSL certificate from a certification authority (CA), then you do not have to do this procedure because you already have the certificate in your file system. However, if you used IIS on a SharePoint front-end web server to create a self-signed certificate for testing, you must export the certificate so that you can share a copy of that certificate with the SAP administrator.
Note
You must be a member of the Windows Administrators group on the SharePoint front-end web server to perform this procedure.
To export the SSL certificate
Log on to a SharePoint front-end web server for which you have bound the certificate.
If it is not already open, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In the tree view, select the server node.
In the middle pane, under IIS, double-click Server Certificates.
In the middle pane, double-click the certificate that you bound to your extended web application.
In the Certificate dialog box, on the Details tab, click Copy to File.
On the Welcome to the Certificate Export Wizard page, click Next.
On the Export Private Key page, make sure that No, do not export the private key is selected, and then click Next.
On the Export File Format page, click Next.
On the File to Export page, in the File name box, type the path and file name to which you want to export the certificate, and then click Next.
Tip
You do not have to type a file name extension.
Click Finish.
Click OK to close The export was successful dialog box
Click OK to close the Certificate dialog box.
Share the SSL certificate with the SAP administrator
You must give a copy of the SSL certificate to the SAP administrator. The SAP administrator will use the SSL certificate to establish communication between the SAP NetWeaver server in the SAP system and your web application.
Configuration Health check
After all the certificates are trusted on the appropriate systems, we recommend that you verify that SharePoint can communicate with the SAP system by running a configuration check. For more information, see Check configuration health (Duet Enterprise).
Verify upgrade
We recommend that you verify that there are no problems with your database-attach upgrade. For more information, see Verify database upgrades in SharePoint 2013. We also recommend that you verify any customizations that you might have made to the Duet Enterprise sites on the SharePoint Server 2010 farm work as expected on the SharePoint Server 2013 farm. We also recommend that you verify that the State Service application is started.
Disable the 2013 experience (Optional)
Duet Enterprise 1.0 is not supported on the 15 experience. If you plan to put Duet Enterprise 1.0 into production on SharePoint Server 2013 before upgrading to Duet Enterprise 2.0, you should consider disabling the 2013 experience on all site collections on which Duet Enterprise solutions are enabled.
For information about disabling the ability to upgrade a site collection to the 15 experience, see the "To change the upgrade notification and self-service upgrade settings for a web application by using Windows PowerShell" procedure of Manage site collection upgrades to SharePoint 2013.
For information about disabling the ability to create a site using a 2013 template in a particular web application, see the "To change compatibility range for site creation modes for a web application by using Windows PowerShell" procedure of Manage site collection upgrades to SharePoint 2013.
Switch users over to the new farm
You are now ready to switch users to the SharePoint Server 2013 farm. If you are using host names, this might be done by updating the IP address in DNS.