SharePoint 2013 : Configuring an on-premise farm for Apps

At Ridgian we’ve stood-up an on-premise SharePoint 2013 Farm. Well actually it’s running in Windows Azure under an extension to our own AD and one thing we wanted to test and run through is configuring the Farm for Apps. Basically setting up our own App Store.

Now TechNet have a an article http://technet.microsoft.com/en-us/library/fp161236.aspx which is a really good article and quite easy to follow. There is one problem though. If you are using SSL and do actually configure a separate DNS domain for your Apps, the article is incomplete. There is one extremely important item missing and this item results in you always getting redirected to a 404 “Page Not Found” when you deploy and run your App.

Luckily Chris Whitehead, bless him, a Microsoft Premier Field Engineer has filled in the essential detail in his blog article http://blogs.technet.com/b/mspfe/archive/2013/01/31/configuring-sharepoint-on-premise-deployments-for-apps.aspx which took me quite a while to track down.

The missing item in the TechNet article is the “Routing Web Application”. Basically when you have set up everything as per the TechNet article, I was left wondering how does SharePoint actually know where to redirect the request to when all the Apps have a dynamically created DNS name such as apps-12345678abcdef.yourappsdomain.co.uk . Yes, it exists in DNS as a wildcard entry against your Apps server, but the server itself has no knowledge of this domain name and so refuses the request. The trick is in this final step which Chris mentions but the TechNet article omits. You create a new Web Application through SharePoint which has either:

A different IP address to the main SharePoint Domain or …
No Host Header if it shares the same IP address as the main SharePoint Domain.

This means that the server can now respond to any dynamically generated DNS name and SharePoint internals handles the fiddly routing bit. Now since we’ve run up our servers in Azure we cannot grant our Apps domain a separate IP address. This results in another issue. We end up with the Apps domain Web Application using the same certificate as the main SharePoint domain, so we get a certificate error coming up. So on your production domain you need to have two IP addresses available in order to successfully implement an App Store using SSL without certificate errors.

I thought this stuff was meant to be getting easier!

In summary read both the TechNet and Chris Whitehead’s articles if you want to successfully run up a production App Store on-premise and make sure you have 2 IP addresses available. One for the SharePoint domain, one for the App domain.

Hope this helps

Cheers

Dave Mc

4 responses

Trevor

June 8, 2013 at 5:10 am

Wow! I am still going nuts trying to configure SharePoint to work with apps using ssl/https. I am at the last stage: everything works except the redirection. The app site domain is using the same cert as the web application domain and I get cert errors (wrong name) whenever I add an app and actually try to use it.

I have a single IP address server farm and use host headers. There is no host header for the port 80 http site. SharePoint is “trying to redirect” properly. I have purchased and installed both wildcard certificates and followed all the directions to setup SharePoint to use apps including the advanced part to issue security tokens. . Are you saying I need a separate IP address for the app site, need to change my DNS entry to match that IP, and then I need to add another network card to assign that IP? Then it will work?

I wish somebody would actually demo the scenario you describe. I have Microsoft partners/consultants involved that can’t seem to do this and/or setup SharePoint properly.

I would pay you to help me, and I am very serious. I left my email address… contact me… please! I am just trying to have the server farm up and running with the basics of a server farm configured properly.

Reply
1. Rajapn@live.com
  
  September 15, 2014 at 12:34 am
  
  Trevor,
  
  I guess you have already found the solution to the problem you are facing (Considering the date you have posted the question). However, I’m posting my suggestion for future readers of this good blog.
  
  If you have only one IP address, you can use this for the main sharepoint web application or for the routing web application. IIS wont even allow you to use two certs to be associated to one IP, unless we use different port number such as 443, 4443
  
  Reply
Jason Robertson

February 28, 2014 at 2:32 am

No one explains how to go about creating the Routing Web Application in SharePoint

Reply
1. Rajapn@live.com
  
  September 15, 2014 at 12:35 am
  
  Jason,
  
  You may find responses for this question asked in this URL helpful – http://social.technet.microsoft.com/Forums/en-US/4f264c70-f0c5-44df-bac3-c99380ba1319/app-setup-in-sharepoint-2013?forum=sharepointadmin
  
  Reply

The Blog

Dave Mc muses about history, travel, writing, coaching, astronomy, technology and life, family and the world around us. You may agree with his opinions, you may not, that’s life …