Part 3: Windows Server 2012 R2 AD FS - Federated Web SSO

This is Part 3 of a multi-part series on how to deploy a complete end-to-end Federated Web SSO solution using Windows Server 2012 R2's AD FS role and the Web Application Proxy. In this part I will deploy CONTOSO's and FABRIKAM's SQL 2014 Standard servers.  In case you missed it:

Here is Part 1 - Overview

Here is Part 2 - Installing AD DS, AD CS, and DNS Records

Topology

The following topology highlights in yellow the two servers that will be built for this part and where they fit into the overall topology. If you wish to see the full topology click here.

Background

SharePoint 2013 needs a SQL database to store its information as does Windows Server 2012 R2's AD FS Federation Service if the AD FS role will be deployed in a highly available configuration. You can read more about how each service uses databases via the following links:

SharePoint 2013: Hardware and Software Requirements for SharePoint 2013

Windows Server 2012 R2 AD FS: The Role of the AD FS Configuration Database

Deploy CONTOSO's SQL 2014 Server

  1. Log into the CONTOSO domain controller (CONT-DC01) and create a new Domain User called srv_SQL
  2. Deploy a Windows Server 2012 R2 workgroup server and configure the IP addess, subnet mask, hostname, and DNS servers. For the purposes of this series the information will be as follows:
    1. Hostname: CONT-SQ01
    2. IP Address: 192.168.30.3
    3. Subnet Mask: 255.255.255.0
    4. DNS Servers: 192.168.30.2
  3. Join the contoso.com domain
  4. After rebooting, log into the server using CONTOSO domain credentials (i.e. CONTOSO\Administrator)
  5. Ensure that the Windows Server 2012 R2 DVD is in the CD ROM drive or the ISO is mounted.
  6. Open an elevated PowerShell window and type the following command: Add-WindowsFeature Net-Framework-Features, Net-Framework-Core -Source D:\Sources\sxs . If you get an error, ensure that the drive letter matches the drive letter of your Windows Server 2012 R2 installation source.
  7. If you are installing SQL 2014 to a Virtual Machine I recommend you take a snapshot of the Virtual Machine at this point so that in the event that the SQL install fails, you can revert to snapshot and try again vs. having to reinstall the Virtual Machine's Operating System.
  8. Open an elevated command prompt and change the directory to the directory where the SQL installation files are located (i.e. D:\)
  9. Run the following command from an elevated command prompt. Ensure that you replace the information in the following command with the proper service account name and password as well as adding the desired administrator account to the SQLSYSADMINACCOUNTS. Setup.exe /QS /ACTION=Install /FEATURES=SQL, Tools /INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT="CONTOSO\srv_SQL" /SQLSVCPASSWORD="<StrongPassword>" /SQLSYSADMINACCOUNTS="CONTOSO\Administrator" /AGTSVCACCOUNT="NT AUTHORITY\Network Service" /IACCEPTSQLSERVERLICENSETERMS
  10. For additional information on deploying SQL Server 2014 from the command prompt click here.
  11. Once the installation is done go to Start > and type Management then press Enter to open SQL Server 2014 Management Studio
  12. Click Connect to connect to the local SQL instance. If SQL 2014 was successfully installed, your output should be similar to the one shown in the following Figure.
  13. If you have chosen to leave the Windows Firewall enabled in your lab or production environment, click here and follow the steps to enable port 1433 through the Windows Firewall.
  14. If you took a snapshot of the virtual machine in Step 4 above, the snapshot should now be deleted to prevent inadvertently reverting back to a state where SQL is not installed.

Deploy FABRIKAM's SQL 2014 Server

  1. Log into the CONTOSO domain controller (FABR-DC01) and create a new Domain User called srv_SQL
  2. Deploy a Windows Server 2012 R2 workgroup server and configure the IP addess, subnet mask, hostname, and DNS servers. For the purposes of this series the information will be as follows:
    1. Hostname: CONT-SQ01
    2. IP Address: 192.168.30.21
    3. Subnet Mask: 255.255.255.0
    4. DNS Servers: 192.168.30.20
  3. Join the fabrikam.com domain
  4. After rebooting, log into the server using FABRIKAM domain credentials (i.e. FABRIKAM\Administrator)
  5. Ensure that the Windows Server 2012 R2 DVD is in the CD ROM drive or the ISO is mounted.
  6. Open an elevated PowerShell window and type the following command: Add-WindowsFeature Net-Framework-Features, Net-Framework-Core -Source D:\Sources\sxs . If you get an error, ensure that the drive letter matches the drive letter of your Windows Server 2012 R2 installation source.
  7. If you are installing SQL 2014 to a Virtual Machine I recommend you take a snapshot of the Virtual Machine at this point so that in the event that the SQL install fails, you can revert to snapshot and try again vs. having to reinstall the Virtual Machine's Operating System.
  8. Open an elevated command prompt and change the directory to the directory where the SQL installation files are located (i.e. D:\)
  9. Run the following command from an elevated command prompt. Ensure that you replace the information in the following command with the proper service account name and password as well as adding the desired administrator account to the SQLSYSADMINACCOUNTS. Setup.exe /QS /ACTION=Install /FEATURES=SQL, Tools /INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT="FABRIKAM\srv_SQL" /SQLSVCPASSWORD="<StrongPassword>" /SQLSYSADMINACCOUNTS="FABRIKAM\Administrator" /AGTSVCACCOUNT="NT AUTHORITY\Network Service" /IACCEPTSQLSERVERLICENSETERMS
  10. For additional information on deploying SQL Server 2014 from the command prompt click here.
  11. Once the installation is done go to Start > and type Management then press Enter to open SQL Server 2014 Management Studio
  12. Click Connect to connect to the local SQL instance. If SQL 2014 was successfully installed, your output should be similar to the one shown in the following Figure.
  13. If you have chosen to leave the Windows Firewall enabled in your lab or production environment, click here and follow the steps to enable port 1433 through the Windows Firewall.
  14. If you took a snapshot of the virtual machine in Step 4 above, the snapshot should now be deleted to prevent inadvertently reverting back to a state where SQL is not installed.

Conclusion

You now have two forests one named contoso.com and one named fabrikam.com along with the DNS records and certificate services needed to support SharePoint 2013 and AD FS, and SQL 2014 installed in both forests to support each environment's database requirements. In the upcoming posts additional services will be deployed including SharePoint 2013, AD FS, the Web Application Proxy, and external DNS.