SharePoint 2013 Step-By-Step: Configuring eDiscovery

  • Article

Documentation for configuring eDiscovery Integration between SharePoint 2013 and Exchange 2013 here you are the complete steps

Steps

Create Application management Service Application

  1. Start the App Management Service
  2. Start the Microsoft Foundation Subscription Settings Service
  3. Create Search Service Application
  4. Create User profile Application
  5. Start the User Profile service
  6. Start the User profile Sync service.
  7. Configure the user profile sync service
  8. Start user profile synchronization.
  9. Start web services app pool from IIS on all SharePoint servers
  10. Create Https web application to host the eDiscovery center with site collection using eDiscovery template from the Enterprise templates and need to adjust DNS record to point to it and if there are virtual IP request

On the first WFE:

  1. Use IIS to generate new SSL Certificate request for eDiscovery Web Application
  2. Used an internal certificate authority to:
    1. Process and Save SSL certificate request for eDiscovery Web Application
    2. Save Root Certificate
  3. Copied Root Certificate and new SSL Certificate file from internal certificate authority to local drive
  4. Imported Root Certificate into Trusted Root Certificate Authorities store
  5. Use IIS to complete previously generated certificate request for eDiscovery Web Application
  6. Confirmed that certificate was imported successfully, Private Key is available, and certificate chain is valid
  7. Assigned the certificate to the HTTPS binding in IIS for the eDiscovery Web Application
  8. Using certificates MMC:
    1. Export SSL Certificate for eDiscovery Web Application along with Private Key (for other SharePoint Servers)
    2.  Export SSL Certificate for eDiscovery Web Application without Private Key (for Exchange Servers)

Then on each other front end and on each apps server do the following:

  1. Copied Root Certificate and new SSL Certificate file with private key from Web FE Server to local drive
  2. Using Certificates MMC:
    1. Imported Root Certificate into Trusted Root Certificate Authorities store
    2. Imported the SSL certificate for the eDiscovery Web Application into the Personal Certificate Store of the Computer (not User)
  3. Confirmed that certificate was imported successfully, Private Key is available, and certificate chain is valid
  4. Assigned the certificate to the HTTPS binding in IIS for the eDiscovery Web Application
  5. Using command shell – ran iisreset /restart on each SharePoint Server sequentially starting from server running central admin
  6. In Central Admin Security – General Security – Manage Trusts, confirmed that only 1 item existed – labeled ‘local’

Then on each SharePoint server needs to do the following:

Install the Exchange Web Service API 1.2 (EwsManagedApi.msi)

  1. Download the latest version here: http://www.microsoft.com/en-us/download/details.aspx?id=28952

  2. When download completes, open a Windows PowerShell command prompt.

  3. Navigate to the location of the downloaded EwsManagedApi.msi file, and then run the following command:

    msiexec /I EwsManagedApi.msi addlocal =ExchangeWebServicesApi_Feature, ExchangeWebServicesApi_Gac

  4. Run IIs Reset

  5. Then run the following commands

    New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://autodiscover.x.com/Autodiscover/metadata/json/1" -Name "Exchange"

    Get-SPTrustedSecurityTokenIssuer | fl (This command was run simply to view the certificate SharePoint obtained from the Exchange Server – Exchange Self Signed Certificate used for Exchange Server Authentication)

    $exchange=Get-SPTrustedSecurityTokenIssuer

    $app=Get-SPAppPrincipal -Site https://ediscovery.x.com -NameIdentifier $exchange.NameId

    $site=Get-SPSite https://ediscovery.x.com

    Set-SPAppPrincipalPermission -AppPrincipal $app -Site $site.RootWeb -Scope sitesubscription-Right fullcontrol -EnableAppOnlyPolicy

    stsadm -o setapppassword -password Password01

Note: if the there is trust between forest and need to add users to the ediscovery web app then will need to run the following commands so users can be added using the people picker

  1. stsadm -o setproperty -url http://ediscovery.x.com -pn peoplepicker-searchadforests -pv "domain:evsc.x.com,"account name",Password"
  2. stsadm -o execadmsvcjobs

 On ALL Exchange Servers

Copied Root Certificate and new SSL Certificate file without private key from SharePoint Web FE Server 1 to local drive

 Then on one Exchange server need to do the following:

  1. a. Using Certificates MMC:
    1. Import Root Certificate AND SSL certificate for the eDiscovery Web Application into Trusted Root Certificate Authorities store
    2. Confirm that certificate was imported successfully, Private Key is NOT present, and certificate chain is valid
  2. b. Using Exchange Control Panel    
    1. Add a mailbox enabled account and a non-mailbox enabled account to the discovery management role group
  3. c. On one Exchange Server, ran the following set of commands using Exchange Management Shell under the security context of an Exchange Organization Administrator
    1. Get-PartnerApplication | fl name, identity (to confirm that there are no existing Partnerships for SharePoint)
    2. Execute a script located in the Scripts folder in the installation path for Exchange e.g. "D:\Program files\Microsoft\Exchange Server\V15\Scripts"
    3. ./Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl https://ediscovery.x.com/\_layouts/15/metadata/json/1 -ApplicationType SharePoint

Upon completion of the script

Confirmed the prompts concluding with:

  1.  Created Partner Application <SharePointEnterprise-17f19bdc25d74e3ba5c45e32c2a0bb55>.
  2. THE CONFIGURATION HAS SUCCEEDED.
    1. Get-PartnerApplication | fl name, identity (this time to confirm that a new Partnerships for SharePoint exists)
    2.  Test-OAuthConnectivity -Mailbox myersja -Service SharePoint -TargetUri https://ediscovery.x.com/\_layouts/15/metadata/json/1 (this was intended as a test to confirm OAuth connectivity between Exchange and SharePoint)
  3.  Confirmed that the Task “Checking Sharepoint API Call Under Oauth” completed with a result Type of “Success” 

 On any SharePoint server

  1. From central admin: Application Management – Manage service applications – Search Service Application – Manage – Result Sources – added a new result source:
  2. Using Web Browser,
    1. navigate to URL of eDiscovery web application (https://ediscovery.x.com),
    2. authenticate as the test account (with an exchange mailbox),
    3. create a case and confirm desired functionality of being able to query Exchange Mailboxes and SharePoint Sites
  3. Repeat the test with an account which does not have a mailbox

A delay might be observed before you actually can query Exchange Mailboxes from eDiscovery Center.

We ran “stsadm -o execadmsvcjobs” to push things along.

And adding and removing permission also can help in pushing the functionality to work as sometimes you may get error not able to connect to the search service application)