Configuring eDiscovery for SharePoint 2013 the complete steps

 I noticed that the available documentation for configuring eDiscovery Integration between SharePoint 2013 and Exchange 2013 not complete so here you are the complete steps



1  Create Application management Service Application
2  Start the App Management Service
3  Start the Microsoft Foundation Subscription Settings Service
4  Create Search Service Application
5  Create User profile Application
6  Start the User Profile service
7  Start the User profile Sync service.
8  Configure the user profile sync service
9  Start user profile synchronization.
10 Start web services app pool from IIS on all SharePoint servers
11 Create Https web application to host the eDiscovery center with site collection using eDiscovery  template  from the Enterprise templates and need to adjust DNS record to point to it and if there are virtual IP request
a.       On the first WFE:
                                                            i.      Use IIS to generate new SSL Certificate request for eDiscovery Web Application
                                                            ii.      Used an internal certificate authority to:
1.      Process and Save SSL certificate request for eDiscovery Web Application
2.      Save Root Certificate
                                                            iii.      Copied Root Certificate and new SSL Certificate file from internal certificate authority to local drive
                                                            iv.      Imported Root Certificate into Trusted Root Certificate Authorities store
                                                            v.      Used IIS to complete previously generated certificate request for eDiscovery Web Application
                                                            vi.      Confirmed that certificate was imported successfully, Private Key is available, and certificate chain is valid
                                                            vii.      Assigned the certificate to the HTTPS binding in IIS for the eDiscovery Web Application
                                                            viii.      Using certificates MMC:
1.      Exported SSL Certificate for eDiscovery Web Application along with Private Key (for other SharePoint Servers)
2.      Exported SSL Certificate for eDiscovery Web Application without Private Key (for Exchange Servers)
b.      Then on each other front end and on each apps server do the following:
                                                            i.      Copied Root Certificate and new SSL Certificate file with private key from Web FE Server
 1 to local drive
ii.      Using Certificates MMC:
1. Imported Root Certificate into Trusted Root Certificate Authorities store
2. Imported the SSL certificate for the eDiscovery Web Application into the Personal Certificate Store of the Computer (not User)
                                                          iii.      Confirmed that certificate was imported successfully, Private Key is available, and certificate chain is valid
                                                          iv.      Assigned the certificate to the HTTPS binding in IIS for the eDiscovery Web Application


12-  Using command shell – ran iisreset /restart on each SharePoint Server sequentially starting from server running central admin


13-  In Central Admin Security – General Security – Manage Trusts, confirmed that only 1 item existed – labeled ‘local’
14-  Then on each SharePoint server needs to do the following:
a.Install the Exchange Web Service API 1.2 (EwsManagedApi.msi) on
                                   i.    Download the latest version here: http://www.microsoft.com/en-us/download/details.aspx?id=28952
                                   ii.   When download completes, open a Windows PowerShell command prompt.
                                   iii.  Navigate to the location of the downloaded EwsManagedApi.msi file, and then run the following command: msiexec /I EwsManagedApi.msi addlocal =ExchangeWebServicesApi_Feature, ExchangeWebServicesApi_Gac
                                   iv.    Run IIs Reset
b.New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://autodiscover.x.com/Autodiscover/metadata/json/1" -Name "Exchange"
c.Get-SPTrustedSecurityTokenIssuer | fl  (This command was run simply to view the certificate SharePoint obtained from the Exchange Server – Exchange Self Signed Certificate used for Exchange Server Authentication)
d.$exchange=Get-SPTrustedSecurityTokenIssuer
e. $app=Get-SPAppPrincipal -Site https://ediscovery.x.com -NameIdentifier $exchange.NameId
f. $site=Get-SPSite https://ediscovery.x.com
g. Set-SPAppPrincipalPermission -AppPrincipal $app -Site $site.RootWeb -Scope sitesubscription-Right fullcontrol -EnableAppOnlyPolicy
h. stsadm -o setapppassword -password Password01

Note: if the there is trust between forest and need to add users to the ediscovery web app then will need to run the following commands so users can be added using the people picker
                                                              i.      stsadm -o setproperty -url http://ediscovery.x.com -pn peoplepicker-searchadforests -pv "domain:ecsuc.x.com,"account name",Password"
                                                            ii.      stsadm -o execadmsvcjobs

15-  On ALL Exchange Servers, copied Root Certificate and new SSL Certificate file without private key from SharePoint Web FE Server 1 to local drive
16-  Then on one Exchange server need to do the following:
a.       Using Certificates MMC:
                                                              i.      Imported Root Certificate AND SSL certificate for the eDiscovery Web Application into Trusted Root Certificate Authorities store
                                                            ii.      Confirmed that certificate was imported successfully, Private Key is NOT present, and certificate chain is valid
b.      Using Exchange Control Panel
                                                              i.      Added a mailbox enabled account and a non-mailbox enabled account to the discovery management role group
c.       On one Exchange Server, ran the following set of commands using Exchange Management Shell under the security context of an Exchange Organization Administrator
                                                              i.      Get-PartnerApplication | fl name, identity  (to confirm that there are no existing Partnerships for SharePoint)
                                                            ii.      Executed a script located in the Scripts folder in the installation path for Exchange e.g. "D:\Program files\Microsoft\Exchange Server\V15\Scripts"
                                                          iii.      ./Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl https://ediscovery.x.com/_layouts/15/metadata/json/1 -ApplicationType SharePoint
                                                          iv.      Upon completion of the script, confirmed the prompts concluding with:
1.      Created Partner Application <SharePointEnterprise-17f19bdc25d74e3ba5c45e32c2a0bb55>.
2.      THE CONFIGURATION HAS SUCCEEDED.
d.      Get-PartnerApplication | fl name, identity  (this time to confirm that a new Partnerships for SharePoint exists)
e.       Test-OAuthConnectivity -Mailbox myersja -Service SharePoint -TargetUri https://ediscovery.x.com/_layouts/15/metadata/json/1 (this was intended as a test to confirm OAuth connectivity between Exchange and SharePoint)
                                                              i.       Confirmed that the Task “Checking Sharepoint API Call Under Oauth” completed with a Result Type of “Success” 


17-  On any SharePoint server:
a.       From central admin: Application Management – Manage service applications – Search Service Application – Manage – Result Sources – added a new result source:
§  Name: Exchange
§  Protocol: Exchange
§  Exchange Source URL: https://mail.x.com/EWS/Exchange.asmx
b.      Using Web Browser, navigated to URL of eDiscovery web application (https://ediscovery.x.com), authenticated as the test account (with an exchange mailbox), created a case and confirmed desired functionality of being able to query Exchange Mailboxes and SharePoint Sites - successful
c.       Repeated the test with an account which did not have a mailbox - successful


·         A delay was observed before we could actually query Exchange Mailboxes from eDiscovery Center.  I believe we ran “stsadm -o execadmsvcjobs” to push things along. And adding and removing permission also can help in pushing the functionality to work as sometimes you may get error not able to connect to the search service application)

Comments

Popular posts from this blog

SharePoint 2013 User Profile synchronization versus import

Adjust the Search SharePoint Performance level

PowerShell scripts to Create personal site