System Requirements

OS Requirements

  • 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter
  • Or 64-bit edition of Windows Server 2012 Standard or Datacenter

Notification Service

  • SharePoint 2013
  • The Notification Service wsp can be deployed to an specific Web App as long as it is on the same server as the Central Administration:
    • If you have a Central Administration server separate from you Web Front End servers, make sure that the "Microsoft SharePoint Foundation Web Application" service is running on that server and deploy the Notification Service on the Central Administration Web Application.
    • It is possible that when you try to browse to the Notification Endpoint the browser will send you a 400 error. This could happen, but as long as the Web Service is available and Aspire is able to communicate with it, everything should work as expected. You can use a SOAP Client to test that (e.g. SOAP UI).

Aspire BDC Service

1. In Windows Server 2008 R2 SP1

  • IIS Server role
    • Common HTTP Features
      • Static Content
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • HTTP Redirection
    • Application Development
      • ASP.Net
      • .Net Extensibility
      • ISAPI Extensions
      • ISAPI Filters
    • Security
      • Basic Authentication
      • Windows Authentication
      • Digest Authentication
      • Client Certificate Mapping Authentication
      • IIS Client Certificate Mapping Authentication
      • URL Authorization
      • Request Filtering
      • IP and Domain Restrictions
    • Management Tools
      • IIS Management Console
      • IIS Management Scripts and Tools
      • Management Service
  • Application Server role
    • All role features (confirm all dependencies)
  • Microsoft .NET Framework version 4.5


2. In Windows Server 2012

  • IIS Server role
    • Common HTTP Features
      • Static Content
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • HTTP Redirection
    • Application Development
      • ASP.Net 3.5
      • ASP.Net 4.5
      • .Net Extensibility 3.5
      • .Net Extensibility 4.5
      • ISAPI Extensions
      • ISAPI Filters
      • Server Side Includes
    • Security
      • Basic Authentication
      • Windows Authentication
      • Digest Authentication
      • Client Certificate Mapping Authentication
      • IIS Client Certificate Mapping Authentication
      • URL Authorization
      • Request Filtering
      • IP and Domain Restrictions
    • Management Tools
      • IIS Management Console
      • IIS Management Scripts and Tools
      • Management Service
  • Application Server role (confirm all dependencies)
    • .Net Framework 4.5
    • TCP Port Sharing
    • Web Server (IIS) support
    • Windows Process Activation Service Support
      • Named Pipes Activation
      • HTTP Activation
      • TCP Activation

Note: These prerequisites can be installed either manually configuring via Server Manager or running SharePoint 2013 prerequisite installer.

User Requirements

To run the deploy scripts use an account with the following requirements:

  • Domain user.
  • Member of the Administrators user group.

The following are the user requirements for each component of the Endpoint:

Intermediate Repository

  • Domain user
  • Member of AspireUsers user group

Aspire BDC Service

  • Domain user
  • Member of AspireUsers user group

Notification Service

  • Domain user
  • Member of AspireUsers user group
  • SharePoint Shell Admin (user who has SharePoint_Shell_Access role in farm configuration database, and member of WSS_Admin_WPG group)
  • The SharePoint Application Pool Account has to be Search Service Application administrator
  • Default content access account
  • BDC Service Application administrator
  • BDC Metadata Store Permissions:
    • Edit
    • Execute
    • Selectable in Clients
    • Set Permissions
  • “WSS_Content_Application_Pools” administration content database role.

Note: If the user running the SharePoint Application Pool is different from the user you are using to access the Notification Service, then the Application Pool account should be the one that has the Search Service Application administrator permission and not the account that has access to the service. In that case, after setting the application pool account as a Search Service Application administrator, confirm that you have the following permissions on that account in the Search Databases, if not, add them manually:

Database NameRole
Search_Service_Application_AnalyticsReportingStoreDB_<GUID>
  • SPSearchDBAdmin
Search_Service_Application_CrawlStoreDB_<GUID>
  • SPSearchDBAdmin
Search_Service_Application_DB_<GUID>
  • SPSearchDBAdmin
Search_Service_Application_LinksStoreDB_<GUID>
  • SPSearchDBAdmin


Manually add user permissions

  • Make the SharePoint Application Pool account a Search Service Application administrator:
    • Central Admin -> Application Management -> Manage Service Applications.
    • Select “Search Service Application” row (not the link).
    • Click on the “Administrators” button on the ribbon.
    • Add the user and give it “Full Control” permissions.
  • Make the user the Default content access account:
    • Go to Central Admin -> Application Management -> Manage Service Applications -> Search Service Application.
    • Click the current access account.
    • Enter the new account credentials
  • Make the user a Business Data Connectivity Service administrator:
    • Central Admin -> Application Management -> Manage Service Applications.
    • Select “Business Data Connectivity Service” row (not the link).
    • Click on the “Administrators” button on the ribbon.
    • Add the user and give it “Full Control” permissions.
  • Give the user Metadata Store permissions:
    • Central Admin -> Application Management -> Manage Service Applications -> Business Data Connectivity Service.
    • On the ribbon, select "Set Metadata Store Permissions".
    • Add the user and select all the permissions.
    • Click OK.
  • Add administration content database role membership:
    • Add database role membership “WSS_Content_Application_Pools” of SharePoint_AdminContent_<GUID> to Notification Endpoint app pool user:
  • For search databases, confirm that you have the SPSearchDBAdmin database role. This should be added to the account you set up as the Search Service Application administrator, if not, add them manually.
    • To access the list of database roles on SQLSERVER:
      • Open the SQL Server Management Studio.
      • Go to Security -> Logins.
      • Right click on the user and select Properties.
      • Select "User Mappings".

Database Roles Checklist

    • After doing all the changes specified previously, this is the complete list of user database roles as they should be.
Database NameRole
SharePoint_Config
  • SPDataAccess
  • SharePoint_Shell_Access
SharePoint_AdminContent_<GUID>
  • SPDataAccess
  • WSS_Content_Application_Pools
  • SharePoint_Shell_Access
Bdc_Service_DB_<GUID>
  • SPDataAccess
Search_Service_Application_AnalyticsReportingStoreDB_<GUID>
  • SPSearchDBAdmin
Search_Service_Application_CrawlStoreDB_<GUID>
  • SPSearchDBAdmin
Search_Service_Application_DB_<GUID>
  • SPSearchDBAdmin
Search_Service_Application_LinksStoreDB_<GUID>
  • SPSearchDBAdmin

Note: Since SharePoint setup user and server farm account have these privileges, it is recommended to use one of those accounts for this. Setup user is recommended, since it has machine admin rights as well.

Security Pre-Trimmer

The Security PreTrimmer requires that the user identity sent to it contains at least one of the following claim types:

  • claims/userlogonname: This is for windows authentication. The pretrimmer will use this value to send it to the Aspire Group Expansion.
  • claims/primarysid: This is for other types of authentication (e.g. ADFS). The pretrimmer will take the primary SID value and translate it into a valid user id to send it to the Aspire Group Expansion.
  • No labels