Table of Contents

Summary............................................................................................................................................................................

About the Author...........................................................................................................................................................

Introduction.......................................................................................................................................................................

Introducing the SharePoint 2016 Feature Pack 1.......................................................................................

New Features Introduced with the Release of SharePoint 2016.............................................

Administrative Actions Logging..............................................................................................................

What Does SharePoint 2016 Mean for Hybrid Environments?....................... .................................

Hybrid Taxonomy (Preview)...........................................................................................................................

Hybrid Auditing......................................................................................................................................................

Discontinued Features in SharePoint 2016....................................................................................................

How to prepare for an Upgrade?.....................................................................................................................

Database Attach Upgrade.............................................................................................................................

How to retrieve all sites in SharePoint 2010 Before Upgrading.........................................

What Is New in the SharePoint 2016 Topology?....................................... ...............................................

Zero Downtime Patching..........................................................................................................................

New MinRole Features and Improvements...................................................................................

Other Roles.........................................................................................................................................................

Best Practices................................................................................................................................................................

Hardware................................................................................................................................................................

Upgrading to the Latest Version...................................................................................... ........................

DB Best Practices................................................................................................................................................

Primary Drive...................................................................................................................................................

ULS Logs..............................................................................................................................................................

Database Files.................................................................................................................................................

TempDB...............................................................................................................................................................

Disk Allocation Size .......................................................................................................................................

ModelDB..............................................................................................................................................................

Maximum Degree of Parallelism..........................................................................................................

3

4

5

6

8

9

10

10

11

12

13

13

14

16

17

17

19

20

20

20

22

23

23

24

24

25

25

26

Table of Contents

SQL Alias............................................................................................................................................................

Web.config Files and Solution Deployment.......................................................................................

Recommended Cumulative Updates....................................................................................................

Site Collection Upgrade.................................................................................................................................

SharePoint Security............................................................................................................................................

Site Collection Sizes ....................................................................................................................................

SharePoint Code Quality................................................................................................................................

Default URLs, SQL Alias, and Domain...................................................................................................

Services and Proxies..........................................................................................................................................

Blog Caching Enable.......................................................................................................................................

Updating All Server...........................................................................................................................................

Claims-Based Authentication ....................................................................................................................

Things You Are Most Likely Going to Misconfigure................................................................................

Enable Usage and Health Data Collection......................................................................................

Site Collection Size.............................................................................................................................................

Content Database Autogrowth..................................................................................................................

Number of Application Pools......................................................................................................................

Object Cache User Account........................................................................................................................

Loopback Disabled...........................................................................................................................................

Publishing Cache................................................................................................................................................

Web Application URL Check...................................................................................................................

Office Web Apps HTTPS...........................................................................................................................

AppPool User in Performance Log Group......................................................................................

Conclusion......................................................................................................................................................................

26

27

27

28

28

29

29

30

31

32

33

33

35

35

36

37

37

38

38

39

39

40

41

42

This white paper discusses SharePoint 2016 and what new functionalities it brings

to users from an architectural perspective.

The second section of this white paper focuses on how SharePoint administrators

can prepare for the upgrade from SharePoint 2010 and SharePoint 2013 to

SharePoint 2016 and what IT Pro best practices are when it comes to managing

a SharePoint environment.

Some of the new and updated features discussed in this document will be the

highly anticipated MinRole, hybrids in SharePoint 2016, compliance features,

SharePoint search, and more.

Among the carefully planned out preparations for migration, it is important to

keep in mind certain procedures that most users commonly forget.

Because of this, the white paper outlines different SharePoint best practices

for SharePoint on-prem and SharePoint Online before making a leap towards

upgrading to SharePoint 2016, as well as how to maintain a healthy SharePoint

environment.

Summary

3

He graduated from the Faculty of Electrical Engineering and Computing in Zagreb,

where he obtained his master’s degree and gathered valuable experience in

development, system administration, project management, and the requirement

analysis sector.

Over the years, Toni has contributed to the Microsoft community, becoming a

valuable member and earning awards in multiple categories. He is a seven-time

SharePoint MVP and currently holds the title for Microsoft Office Servers and

Services.

Having in-depth knowledge of SharePoint administration, Toni invested his time

and expertise into starting his own company—SysKit Ltd., which he has successfully

run for more than seven years. The company is based in Zagreb, Croatia and is

the name behind one of the most popular SharePoint admin solutions, SPDocKit.

SysKit Ltd. also develops enterprise solutions, helping numerous consultants deal

with their SharePoint, Office 365, Windows Servers, Remote Desktop Services,

Citrix, and SQL Server environments.

Toni Frankola is an entrepreneur, IT

consultant, seven-time SharePoint MVP, and

Microsoft Office Servers and Services MVP.

About the Author

4

Introduction

SharePoint 2016 brings quite a few new

features, as well as some updates, and

for that reason, certain preparations

are necessary before you start your

upgrade.

It is also important to go over the

most common problems that baffle

SharePoint administrators across

the globe as well as discuss how

SharePoint environment management

can be improved.

From an architectural perspective,

SharePoint hasn’t changed drastically

since the 2010 version; although, let

it be noted that changes occurred

regarding the use of SharePoint on-

prem since more and more users

are moving their environments to the

cloud. However, when comparing the

2016 and 2007 versions, you can see

some significant differences.

Regardless of which version is being

used, what is important is that

SharePoint administrators get all of

their best practices in order so that the

SharePoint environment can function

smoother. Thus, this white paper has

a clear purpose: to better understand

what novelties SharePoint 2016 brings

and what you should concern yourself

with when it comes to managing your

environment.

5

Since the release of SharePoint 2016 in March 2016, a lot of new features have

been introduced, with its main focus on IT pro stuff, especially in relation to

SharePoint Online.

Microsoft has followed with additional public updates that have been announced

every month. With the release of the SharePoint 2016 Feature Pack 1, you will get

cumulative updates each month.

In this section, we will try to point out some of the most important novelties and

what to look out for when implementing them.

This arrangement with feature packs is completely new to SharePoint. In fact, the

Feature Pack 1 is the first time that SharePoint has provided new features without

users having to upgrade to an entirely new version of SharePoint. You can see

just how much it has changed since the time when cumulative updates were

coming out every two months.

The innovations that are coming directly to SharePoint Online are the current

focus of Microsoft’s plans, and it is focusing on a proper way to deliver these new

features to on-prem users.

Introducing the SharePoint 2016 Feature Pack 1

6

As for SharePoint in general, Microsoft plans to continue with major releases

every two years, release new updates every month, and offer a new Feature

Pack roughly once a year.

Where we are now?

7

SECURITY UPDATE

Release

PUBLIC UPDATE

As required

New features

Monthly

Every 2-3 yearsMAJOR RELEASE

Frequency Contents

SharePoint 2016 has a converged code base that serves both cloud and on premises customers.

Major releases remain on atraditional 2-3 year release cycle.

SharePoint

SharePoint2016(Mar 2016) PU PU

PU PU PU

FeaturePack 2(H2 2017)

FeaturePack 1(PU)PU

What’s new with the 2016 Feature Pack:

Administrative actions logging for common SharePoint administrative actions

MinRole enhancements to support small and medium-sized farms

OneDrive for Business modern experience

Custom tiles in the SharePoint app launcher

SharePoint hybrid auditing unified across site collection on-premises and Office 365

Hybrid taxonomy unified across on-premises and Office 365

OneDrive API for SharePoint on-premises

Now, what is important to SharePoint administrators is questioning how these

new features affect their environment. How do you plan for deployment? Hybrid

environments pose an important question.

If you’re wondering whether you can get Feature Pack 1 for SharePoint 2013, you

cannot. Only SharePoint 2016 is available.

As previously mentioned, there are a lot of new features. Some worth mentioning

are the MinRole, which will be discussed in further detail later on; new controls

for working with OneDrive for Business; Site Folders view; customized web parts;

document and library accessibility; Information Rights Management; Encrypted

Connections; SharePoint business intelligence; and more.

New Features Introduced with the Release of SharePoint 2016 Feature Pack 1

8

We should mention some other things that have been improved when it comes

to end users and user interface.

Microsoft also offers the ability to connect all the audit logs stored into SharePoint

on-prem with the Office 365 environment. This means you can sync these logs into

your Office 365, giving users access to the search engine for all logs as well as

the ability to search all events and analyze them. In order to use this feature, you

need to have Office 365 and then connect it with your on-premise installation.

Just a quick warning for this feature: although it has been shipped as part of the

Feature Pack 1, it’s still in preview and not yet ready for production.

In reference to the auditing feature, SysKit Ltd. worked with administrators

managing large SharePoint farms, and what we realized years back is that the

feature our clients wanted most was actually the ability to track changes; for

example, changes made in the Central Administration. Today more than ever,

users find it important to keep track of users who delete, modify, and in any way,

change the content.

SysKit Ltd. came up with SPDocKit and developed a feature able to track changes

made in farm configuration, web applications, permissions, and web.config

files. This is one of the features that revolutionized the way you now manage

your environment. For this reason, our tool, SPDocKit, became popular, helping

numerous SharePoint administrators and consultants around the world.

The 2016 Feature Pack 1 brings an auditing feature that can tell you exactly who

has made changes in the Central Administration. SPDocKit offers full support for

Feature Pack 1 so you can view this report in SPDocKit application. In addition,,

SPDocKit enables you to take snapshots of current farm settings and store them

for future comparison.

Administrative Actions Logging

9

Today, we can see an increase in hybrid environments, and configuring such

environments is now a lot easier than it was a few years ago.

When we talk about hybrids, SharePoint 2016 brings good news by improving

hybrid abilities.1 Microsoft has put a lot of work into developing a hybrid

configuration that would make such an environment easier to handle. Hybrid

environments are useful in scenarios where part of your environment is on-prem,

such an internal collaboration site, while a segment of it is stored in the SharePoint

Online environment; for example, provisioning a part of the infrastructure in

SharePoint Online for a specific project that you have been working on with

another company.

Hybrid Taxonomy (Preview)

What Does SharePoint 2016 Mean for Hybrid Environments?

Hybrid taxonomy is a solution intended to create and maintain a shared

taxonomy between SharePoint on-premises and a SharePoint Online tenant.

With an updated taxonomy in SharePoint Online, changes are automatically

propagated across all site collections and lists.

The key element in every hybrid environment is the hybrid sites, making it possible

to have sites both on-prem and online. Microsoft made it possible to sync profiles

between SharePoint on-prem and SharePoint Online. You can even connect

OneDrive to a hybrid OneDrive.

An interesting new feature is the hybrid search: the ability to search both

environments at the same time, which is very useful if you are not sure where

your site is located. Other features that might interest hybrid users include Office

365 profiles and Hybrid Follow.2

1Julien Stroheker & Nicolas Georgeault, SharePoint and Office 365 hybrid configuration from A to Z:(http://www.slideshare.net/ngeorgeault/sharepoint-and-office-365-hybrid-configuration-from-a-to-z-spstoronto-2015) 2Graham Gillen, SharePoint 2016 Hybrid Search: “One Search to Rule Them All”: http://www.searchtechnologies.com/sharepoint-2016-hybrid-search

10

Hybrid Auditing is a new feature that came with the SharePoint 2016 Feature

Pack. This feature allows users to upload their SharePoint diagnostic and usage

logs and have reports generated for them in Office 365.3 Hybrid Auditing in

SharePoint 2016 is done via the Microsoft SharePoint Insight service; however, the

feature is still in preview and is not recommended for current use in the production

environment. Refer to this Microsoft TechNet article to find out how to configure

SharePoint Hybrid Auditing in SharePoint 2016.4

3SharePoint Hybrid Auditing (Preview): https://technet.microsoft.com/en-us/library/mt764270(v=office.16).aspx4SharePoint Hybrid Auditing in SharePoint 2016: https://technet.microsoft.com/en-us/library/mt622371(v=office.16).aspx

There is also a feature that offers the ability to connect to Term Stores, meaning

you can now have a single Term Store across the entire environment, both

SharePoint on-prem and SharePoint Online. This could be useful, for example, if

you have unified taxonomy on both environments. This feature is also in preview

at this moment, so if you are planning on using it, make sure you test it out first.

Hybrid Auditing

11

Of course, when certain new features surface, there are features that also get

discontinued. That is not a problem by itself; however, it tends to become a

problem when upgrading. For example, users upgrading from SharePoint 2013

may not be able to use specific features once they migrate to SharePoint 2016.

Therefore, a lot of attention and detail need to be put into upgrades.

Features that will not be available in the SharePoint 2016 are as follows:

SharePoint Foundation

Standalone Install mode

ForeFront Identity Manager client (FIM)

Excel Services in SharePoint

SharePoint BI capabilities (SQL2016)

Tags and Notes

SharePoint Designer

InfoPath

Due to these discontinued features, you may encounter a hiccup if you have

been running SharePoint Foundations. Also, it will not be possible for you to install

SharePoint as a standalone install, meaning you will not be able to auto-provision

the SQL Server (that option was available with SharePoint 2013 and SharePoint

2010).

Now, for SharePoint Designer, you have an option to use SharePoint Designer

2013 with SharePoint 2016 and SharePoint Online, although you should avoid this

whenever possible. A good piece of advice would be to focus on upcoming

features to upgrade existing workloads, such as PowerApp, Flow, SharePoint

Framework, and others.

Discontinued Features in SharePoint 2016

12

Before you can upgrade to SharePoint 2016, you need to make sure you are

running an adequate version of SharePoint 2013.

SharePoint Server 2016 supports an upgrade from SharePoint Server 2013 with

Service Pack 1 with the March 2013 PU, version 15.0.4481.1005 or higher.

Even if you don’t plan on moving to SharePoint 2016 at the moment, you still need

to lay out a plan and prepare your environment for the upgrade because your

current SharePoint needs to be up to date to upgrade.

How to prepare for an Upgrade?

5AutoSPInstaller available online at: https://autospinstaller.com/

Database Attach Upgrade

The only available way to upgrade from Microsoft is the database attach.

Once you have SharePoint 2013 that is on version 15.0.4481.1005, you need to

take the database and attach it to a new farm—in this case, a SharePoint 2016

farm and then you will be able to upgrade. The other way is to contact a third-

party migration vendor and migrate your content to a new database. By using

a migration tool, you will not be stuck with upgrading to Service Pack 1, and you

can also upgrade from an earlier version of SharePoint like SharePoint 2010.

When creating a new farm, we would also recommend you use the AutoSPInstaller5

script that will prepare and install everything so you don’t have to bother with

the process. AutoSPInstaller is an open-source project and, by joining forces

with the SPDocKit, it helps SharePoint administrators provision SharePoint farms

automatically. With SPDocKit, you can generate the input XML configuration file

that you can use with AutoSPInstaller and create a new SharePoint farm that is

identical or very similar to your current farm environment.

13

How to retrieve all sites in SharePoint 2010 Before Upgrading

This input from SPDocKit is an XML file that contains farm topology as well as

other details about the SharePoint farm. The configuration file reduces the time

needed to deploy SharePoint, and since everything is reusable, you can create

production and staging/testing environments that are identical.

A tool such as the AutoSPInstaller is very useful, especially in cases where you

have multiple SharePoint farms, such as DEV, QA, TEST, etc. Then, you can use

the same script to auto-provision farms and tidy up your environment. Note that

your databases names are not going to have those horrible GUIDs, and the

names are going to follow the naming convention of your choice.

If you are doing a database attach yourself, and we cannot stress this enough,

make sure you are on a proper version.

If you recall, when we upgraded from SharePoint 2010 to SharePoint 2013, there

was the ability to retain the 2010 look and feel and still run it on a SharePoint 2013

server. Sadly, this is no longer supported in SharePoint 2016. That is why you must

make sure you have converted all sites to the SharePoint 2013 user interface.

There is no concept of “site collection compatibility modes” in SharePoint Server

2016. You must be running the latest version at all times.

If you have a SharePoint environment that was upgraded from SharePoint 2010

to 2013, the following is the PowerShell command that can be used to retrieve all

sites that are still in the SharePoint 2010 mode.

14

You can use the following commands to get more information on the compatibility

level:

Get-SPSite -Limit All | ? { $_.CompatibilityLevel -eq 14 }

Get-SPSite -ContentDatabase <database name> -Limit All | ? {

$_.CompatibilityLevel -eq 14 }

Once you retrieve all the sites, you will need to upgrade these before proceeding

with the upgrade to 2016.

15

What Is New in the SharePoint 2016 Topology?

A typical topology for SharePoint 2013 and earlier versions as well would look

like this: you would have Web Front End servers, and we have only two in my

case; then a layer of Application servers; and, finally, a couple of SQL Servers.

Of course, you might also have additional servers, like Search server or Cache

server.6

Now, the SharePoint 2016 topology has MinRoles, which come out of the box

and look like this:

Front-End

Service applications, services, and components that serve user requests belong on a Front-end server. These servers are optimized for high performance.

Application

Service applications, services, and components that serve back-end requests, such as search crawl requests, belong on an Application server. These servers are optimized for high throughput.

Distributed Cache

Service applications, services, and components that are required for a distributed cache belong on a Distributed Cache server.

Search

Service applications, services, and components that are required for search belong on a Search server.

Custom

Service applications, services, and components that you want tomanage, instead of using MinRole to manage them, belong on a Custom server.6

6Planning for a MinRole server deployment in SharePoint Server 2016: https://technet.microsoft.com/en-us/library/mt743704(v=office.16).aspx

16

So what in fact you have is a Web Front End that handles all the user interaction,

Application role that handles all the background tasks, Distributed Cache that

caches all the components, and a Search role.

This means SharePoint 2016 has four key roles and you can configure them by

clicking on a server and assigning it a certain role. What happens then is that

SharePoint turns off all features that are not necessary for the chosen role, and

it switches the services for that particular role as well. This is not hardcoded and

you can change that as you please. Of course, there are rules that check these

roles all the time, and configure the services as they run.

The MinRole is important when it comes to zero downtime patching. It allows you

to deploy updates and fixes while minimizing downtime and user disruption.

When you had SharePoint 2013 or SharePoint 2010, it was a challenge to create

an internal procedure that would allow you to patch your SharePoint and still

have zero downtime. Changes that are being made with MinRoles are going to

allow you to patch your SharePoint with zero downtime.

Now that we have concluded that a SharePoint 2016 farm needs at least four

servers to run it, if you want to have a zero downtime patching, you might consider

getting eight servers into your farm. That way, you can have a copy of each of

your four servers with their unique roles in order to patch it with a zero downtime.

With MinRoles, you needed a lot of servers to run, and that is why in Feature Pack

1 of SharePoint 2016, Microsoft has changed that a little bit and introduced

Zero Downtime patching

New MinRole Features and Improvements

17

improvements to support small environments—something that the community

affectionately calls the Mini MinRole.

Now you are getting two additional roles: Microsoft combined roles for smaller

installations for companies that do not need eight servers to run a SharePoint

farm and added combined roles.

The new combined role is a Web Front End with a distributed cache; it combines

Web Front End and Distributed Cache, and the other combines Application with

Search. Now, you can run your SharePoint farm with just two servers. However, if

you want to have higher availability, you will still need four servers.

To configure roles, navigate to the configuration wizard, and the wizard will ask

you which server role you wish to assign to which server. For typical Mini MinRoles

patching, you only need four servers to have a zero downtime patching, and

once one server goes offline, the other one will handle all tasks and so on and

so forth.

Figure 1 - SharePoint 2016 Products Configuration Wizard

18

Basically if you want to have higher availability, you should go with four servers as

a minimal topology, although, as mentioned earlier, it is possible to run SharePoint

2016 with just two.

The bottom line is that the Mini MinRoles are the most important changes when

it comes to SharePoint 2016, and this is something that you need to plan ahead

for by making calculations for how many servers you need and how many roles

you are going to provision.

Other roles

One special role is the Custom role, and this role can be configured in any way

you please. Basically, you can configure it to run as any role; for example, as

custom services. What’s important is that this role is not controlled by specific

rules like the remaining four we mentioned in the previous section.

Also, there are some special roles, such as the single server farm, which are used

for development and testing only and are not meant to be used as production. This

means that SharePoint in production does not support a single server scenario

because you need more than one server to run the production SharePoint farm.

19

When it comes to upgrading, there are certain best practices that help you

transition to the new SharePoint version rather quickly.

Best Practices

Hardware

In regard to hardware for SharePoint 2016, there is no significant change;

requirements are similar to those in 2013 and are as shown below:

Single serverrole that usesSQL Server

Single serverrole that usesSQL Server

Web Server orapplicationserver in athree-tier farm

Web Server orapplicationserver in athree-tier farm

16GB

24GB

12GB

16GB

64 BIT, 2 CORES

80 GB for system drive100 GB for second drive

80 GB for system drive80 GB for second drive

80 GB for system drive100 GB for second driveand additional drives

80 GB for system drive80 GB for second driveand additional drives

64 BIT, 4 CORES

Upgrading to the Latest Version

Firstly, if you are planning to upgrade to the next major release of SharePoint,

make sure your existing environment is running a version of SharePoint that

supports upgrades. Then, check that you have a proper build number, and since

these numbers are hard to track down on the Internet, we will list them on the

next page.

20

SCENARIO RAM PROCESSOR HARD DISK SPACE

64 BIT, 1 CORE

64 BIT, 1 CORE

Upgrade from SharePoint 2007 to 2010, minimal build: SharePoint 2007 SP2, build number (12.0.6421.1000)

Upgrade from SharePoint 2010 to 2013, minimal build: SharePoint 2010 SP1, build number (14.0.6029.1000)

Upgrade from SharePoint Server 2013 to 2016, minimal build: SharePoint Server 2013 SP1 + March 2013 PU, build number (15.0.4481.1005)

Upgrading takes time and meticulous planning, and this is especially important

if you are a consultant—it is crucial you plan ahead in case your customer is not

using a proper version of SharePoint as upgrading a large database takes a

certain amount of time.

When we discuss updates, there are other things you need to update that are

frequently forgotten. There are other components, except the main part, either

within SharePoint or outside of SharePoint servers, which need to be patched.

This is a list of updates you should jot down, just in case you forget about them:

For example, if you have Office Web Apps, these need to be patched (they are

now called the Office Online Server). Note that this is a separate server that

renders your Word, Excel, and PowerPoint documents.

Office Web App/Office Online Server

App Fabric (2013)

Language packs

Project Server

21

When it comes to databases, there are a lot of things users need to do. Keep in

mind that most SharePoint administrators are not SQL administrators, and they

don’t know much about DBs. That is why you need to check if these things are

configured properly.

Here is a little reminder of all the things you should keep in mind:

Database files and transaction log files should not be on the primary drive

Storing all files in the same location and on the system drive can lead to severe performance issues in the SQL Server

TempDB (number of files, size, and response times)

Disk allocation size

ModelDB (growth and initial file size)

Maximum Degree of Parallelism (MAXDOP) (SP2013+)

Use an alias whenever possible

You can find these best practices and more on the Best Practices SPDocKit

website. For now, let us discuss the abovementioned ones.

DB Best Practices

In SharePoint 2013, we had the App Fabric as a separate update, and we suppose

by now, most users have the latest version. There have been some challenges

with this one, so be sure it is up to date.

If you are running a multi-lingual SharePoint, then you need to patch your

language packs as well. In SharePoint 2013, if you had a Project Server as a

separate update, do not forget to patch it.

22

Never use a primary drive for logs and data. Many people just provision a virtual

machine with a C drive— that’s not a good practice. If you have an SQL Server,

the databases should be on a secondary drive. Also, logs should be there as well

as SharePoint logs, the SharePoint search index, ULS logs, usage logs, IIS logs,

and SQL logs— if any of these logs also generate.

In this section, we will try to point out some of the most important novelties and

what to look out for when implementing them. Many log entries will cause your

primary drive to run out of space, and that leads to the shutdown of your server

and potential corruption of the entire server or virtual machine.

Make sure your ULS logs are enabled. It’s a common practice to forget about them;

here is an article on how to enable ULS logging files in Central Administration7.

Most people forget to enable them, and then they run into a problem. If there

isn’t a logging turned on, they are unable to diagnose what is going on.

Also, make sure logs are restricted because they can easily accumulate to an

unimaginable scale. Additionally, be sure to monitor your SharePoint for a couple

of days to check if you have enough disk space for the abovementioned logs.

When troubleshooting something, change the setting of your logs to verbose,

but when you are done, turn it off.

Primary Drive

ULS Logs

23

7Configure diagnostic logging in SharePoint Server 2016: https://technet.microsoft.com/en-us/library/ee748656(v=office.16).aspx

There are three types of data files: primary (.mdf), secondary (.ndf), and

transaction log files (.ldf). It is important that you don’t keep the database files

and the transaction logs in the same location.

As a matter of fact, keep them on a dedicated physical drive. If these files are all

on the same physical disk, it can cause the disk to run slower because the reads

and writes occur at the same time.

It is worth repeating: don’t use the primary drives. If the drive gets filled with

database data and logs, it is going to wreak havoc on the operating system, and

the entire server will probably shut down.

TempDB is a system database and serves as a global resource available to all

users connected to the instance of the SQL Server. For the TempDB, the most

important things to keep an eye on are the files, recovery model, response time,

and size.

Be sure to allocate dedicated disks for the drive that stores TempDB data files.

It is best to have an equal number of TempDB data files to the number of CPU

cores. Then comes the matter of size: each TempDB data file should be the same

size. Let’s say you have four CPU cores; then you need to have four separate

TempDB files. For SharePoint, these files need to be at least 10 percent of the

largest content database because when an SQL is performing queries, it needs

to be able to use the TempDB in an optimal way. Then, check the recovery model

for the TempDB and set it to “SIMPLE.” Keep in mind that changing to the simple

option will no longer have log backups.

TempDB

Database Files

24

The Block Size on the partitions holding data and log files should be configured

properly. This means that the Block Size value should be 64K, and the Partition

Offset/Block Size should be an integer number. However, please check your

storage documentation and cross-reference to check if this rule applies to your

particular case.

ModelDB, or model database, serves as a template when creating databases,

and there should always be a correctly configured ModelDB on an SQL Server.

If that is not the case, the DBA will have to adjust the database options on each

database manually.

It is crucial that your ModelDB has the appropriate growth and file size; otherwise,

some SharePoint databases are going to end up with, for instance, 1MB size and

a growth of 2MB. That is why you need to make sure you have chosen the proper

ModelDB initial size.

The ModelDB autogrowth should be in megabytes and set to a value higher than

the default (which is 1MB). This means avoiding the default settings and adjusting

the value according to your environment needs.

Adjust the recovery model for the ModelDB to “FULL.” It is the recommended

option because, if needed, you can recover the data or even restore to a certain

point in time; for example, prior to an application or user error.

As far as the response time is concerned, check whether the value is higher than

20 ms. If so, you need to troubleshoot and find out the cause for a slow response

time; usually, the problem might be the disk or network or some other issue.

Disk Allocation Size

ModelDB

25

9Aliases (SQL Server Configuration Manager): https://technet.microsoft.com/en-us/library/dd981072(v=sql.105).aspx10SPDocKit Best Practices: SQL Server Alias: https://docs.syskit.com/bp/v1/databases/sql-alias/

SQL Alias

SharePoint servers should be configured to use SQL aliases whenever possible.

An alias is an alternate name that can be used to make a connection. The alias

encapsulates the required elements of a connection string and exposes them

with a name chosen by the user.9 In SharePoint, once you enter the server name,

it is forever associated with the SharePoint farm, and there is no supported way

to simply change the database name later on.

Keep in mind that you should configure the SQL Server aliases BEFORE deploying

SharePoint.10

8Recommendations for the “max degree of parallelism” configuration option in SQL Server: https://support.microsoft.com/en-us/help/2806535/recommendations-and-guidelines-for-the-max-degree-of-parallelism-configuration-option-in-sql-server

Figure 2 - Specifying the configuration settings without using an SQL Server client alias.

Maximum degree of parallelism (MAXDROP) is a configuration option that controls

the number of processors used for executing a certain query in a parallel plan.8

For SharePoint 2013 and SharePoint 2016, you must set the maximum degree of

parallelism to 1. This setting will disable the parallel execution on the instance.

While this is a must for the SP 2016 and 2013, it is recommended for SharePoint

2007 and SharePoint 2010.

Maximum Degree of Parallelism

26

Make sure that:

If you have any farm solutions, one of the common best practices is to check that

web.config is equal across all your servers. Typically, people make changes, which

is normal; however, they then forget to replicate those changes throughout all

severs. This mistake can cause problems when you have a different configuration

on each server.

When deploying the code, make sure that the exact same version of your code

has been deployed to all your servers. If you are using solution deployment from

the Central Admin, please be aware it might fail in some cases, so double-check

the version of your assemblies. Otherwise, people hitting different servers might

get different results depending on the difference in code. We will discuss this

topic in further detail in the SharePoint Code Quality section.

Our fellow MVP, Todd Klindt11, has his own site where he offers users a list of all

changes. He also makes some interesting notes; for instance, if there is a bug in

a particular cumulative update.

In recent years, Microsoft has improved its own list; however, we recommend you

visit Klindt’s because it makes the whole approach easier to follow.12

11Todd Klindt’s SharePoint Admin Blog: http://toddklindt.com/blog/Lists/Posts/Post.aspx?ID=346 12SharePoint Updates: https://technet.microsoft.com/en-us/library/mt715807(v=office.16).aspx

Recommended Cumulative Updates

Web.config Files and Solution Deployment

All web.config files are the same across all servers and web application zones

You are running the same code on all servers

27

First things first: make sure you have updated all your site collections to the latest

UI version. We have already discussed in the previous sections why it is not

advisable to run the SharePoint 2010 mode if you are on SharePoint 2013.

When auditing SharePoint, it is of the utmost importance that the environment

runs smoothly. The other important thing is to know who your privileged users

are.

The farm administrator can assign himself or herself access to the entire content,

and that is why you must know who your primary farm administrator is. While you

are at it, check that the primary administrator is not a local administrator as well

because a situation like this can lead to many problems. Users with Privileged

Access are individuals that have access to your content even if they’re not listed

in your SharePoint. For security reasons, you should be aware of who those users

are.

Once you establish and sort out the permissions, double-check who your site

collection owners are and who has access to which sites.

The best practice for cumulative and public updates is to not update unless there

is something in the knowledge base article that you might be affected by. For

example, if there is a bug you are hitting, go and update; otherwise, to stay on

the safe side, wait for the Service Pack or the Feature Pack because these new

cumulative updates might bring on new bugs that lead to other problems in your

environment.

Site Collection Upgrade

SharePoint security

28

Over the years, we have commonly encountered problems among our clients in

relation to difference in code.

The best advice we can give you, through our experience, is that the key to

avoiding these problems is to understand what kind of code is being deployed

to your SharePoint farm. We understand that not all SharePoint administrators

are code savvies, but it is a must to check these kind of things since difference in

code affects the entire SharePoint performance and can serious problems. Trust

us on this one, we have seen our fair share of disasters—this was one of them.

What you have at your disposal is to use common code conventions. You could

also try out-of-the-box tooling to analyze your code. For SharePoint 2010, you

can use the free tool SPDisposeChecker. We can also recommend a third-party

tool called SPCAF13 which will analyze what kind of code you have as well as list

if there are any issues with the given code.

13SharePoint Code Analysis Framework: https://www.spcaf.com/

If you need to monitor something closely and continuously, it should be the size

of your site collections. Here are the recommended figures and values so you

can keep track what is going on:

The maximum number of content databases per farm is 500. For content

databases, when it comes to general usage scenarios, the maximum size is

200GB per content database. For all other usage scenarios, the content database

should be no more than 4TB per content database. These are not numbers set in

stone; however, try to at least run SharePoint in the proximity of these numbers.

Site Collection sizes

SharePoint Code Quality

29

15Rename a stand-alone server (Office SharePoint Server): https://technet.microsoft.com/en-us/library/cc261986(v=office.12).aspx

14SharePoint 2010 Client Object Model: https://msdn.microsoft.com/en-us/library/ee537247(v=office.14).aspx

There is an initiative in Microsoft to move all of the code outside SharePoint. In

the previous version of SharePoint products and technologies, your options for

accessing data from client applications were largely limited to the SharePoint

ASP.NET Web services.

For example, SharePoint Online was very restricted when it came to code

deployment—you couldn’t deploy a farm solution code. Now, Microsoft is trying

to move everything to a client-object model14 where the majority of things will

be running in browsers, and there are a few good reasons for this. Client code is

more secure since it doesn’t have direct access to the entire farm, and yet, again,

it is compatible with SharePoint Online. One of the most important things is that

the client-object model can hardly make a mess in your farm while a faulty server

code can rip it to shreds.

That is how you have the new SharePoint Framework, where all changes, such

as UI changes, can be performed by simply using JavaScript and CSS. For what

it’s worth, it might be a really good change because you might be driven to do

more on the client side and less on the server side of SharePoint while running

optimal performance.

Default URLs, SQL Alias, and Domain

You should use an SQL alias. Now you might ask, “Why?” Well, if anything

happens to your SQL Server, and its name needs to be changed, it is going to

be a nightmare to change it back again.

However, by using an SQL alias, you can easily change SQL Servers while still

retaining the functionality of your SharePoint installation.

In some situations, certain clients will need to change the name of the server

where SharePoint is installed. Server rename is not supported15 out of the box,

and you will have to reinstall the entire farm and move your databases to the

new installation.

30

The same applies if you need to move your servers from one domain to another.

If users are also being moved, you will have to perform user SID mapping.16

Having SharePoint in a separate domain might be a good idea to ease some

of the situations mentioned above because you would not need to reinstall

SharePoint.

It is always important to make sure your services and proxies are running. The

following are important not to forget:

When preoccupied with upgrades, databases, and other tasks, clients often

forget the services. What we have come across are clients’ environments that

are in an operational state, but some of their background services aren’t running

properly or running at all.

When checking your farm health, you need to be aware that all your background

services are actually running, including proxies. If there are certain services you

do not need, remove them, or if you do not use them often, disable them.

For clients that are doing continuous tests in their environment or that have an

16Creating a SID Mapping File with Windows PowerShell: https://blogs.technet.microsoft.com/deploymentguys/2009/12/14/creating-a-sid-mapping-file-with-windows-powershell/

Services and Proxies

State Service

Search

Sandbox Code Service

UPA

Web Analytics (SharePoint 2010)

Apps (SharePoint 2013+)

Distributed Cache (SharePoint 2013+)

31

What some of our clients also forget is to enable binary large object (BLOB)

caching.

You can enable it by editing the web.config file for the web application and

changing the code block below and setting enable=true.

You can also change the storage location for blob files and lists of file that are

going to be cached.

If you have a lot of files such as, for instance, image files, SharePoint can run

much faster if these files are cached and stored on a local disk drive.

Blog Caching Enabled

<BlobCache location=”C:\BlobCache\14” path=”\.

(gif|jpg|jpeg|jpe|jfif| emedbmp|themedcss|themedgif|t

hemedjpg|themedpng|ico|png|wdp|hdp|css|js|asf|avi|flv

|m4v|mov|mp3|mp4|mpeg|mpg|rm|rmvb|wma|wmv|ogg|ogv|og

a|webm|xap)$” maxSize=”10” enabled=”true” />

outside vendor coming in to help them with deployment, our company occasionally

comes across a scenario where clients have duplicated their service applications.

This can sometimes be a valid choice, and we repeat, in some situations; however,

for most cases, users have made a mistake. For instance, clients have two search

engines or two user profile sync engines running or already deployed to a farm.

To avoid these cases, check the Service Applications list for any duplicate service

applications.

32

There are cases where clients update just one server in a multiple server

environment.

That is why before running an upgrade, you must make sure that all servers have

been upgraded to the same version. Double-check this in the administration!

To see the installed Windows and SharePoint Server updates, open the Control

Panel, go to Programs>Programs and Features, and then click View installed

updates.

The Control Panel, however, will just show installed binaries. Installing SharePoint

binaries is only a part of the patching process. To verify the upgrade status of a

SharePoint farm and servers in the farm, open the Central Administration tool,

and in the Upgrade and Migration section, click Check upgrade status.

Once all the bits have been installed, make sure you run the configuration wizard.

This is especially important for people who have eight servers or more—make

sure they are all on the same patch level.

Updating All Servers

Claims-Based Authentication

If you are upgrading from SharePoint 2010 to SharePoint 2016, you need to move

to the claims-based authentication.

Claims-based authentication is an essential component in SharePoint 2013.

Although you can migrate a non-claims web application to SharePoint 2013,

many underlying components will not function properly. If you are planning

an upgrade, we recommended that you upgrade your existing non-claims

SharePoint 2010 application to claims-based applications prior to your upgrade.

33

17Migrate from classic-mode to claims-based authentication in SharePoint 2011: https://technet.microsoft.com/en-us/library/

gg251985.aspx

We also recommend that you perform a couple of test runs before you complete

the production upgrade.

Converting from classic authentication to claims-based authentication can be

achieved using the Convert-SPWebApplicationPowerShell cmdlet. If you are in

the mixed mode, refer to this article from TechNet.17

Audit SharePoint farm configuration

– Best Practices reports:

www.spdockit.com

34

We will conclude this white paper with a list of the most important things that

need to be configured if you want your environment to function as a whole.

We will also include the links to related articles so you can do the research later

by yourself.

The rest of the section covers the most commonly misconfigured options and

a short description on how to configure them properly as well as additional links

for more information.

SharePoint Server 2016 writes usage and health data to the logging folder and

logging database. You can use the SharePoint Central Administration website to

configure health data collection settings.18

SharePoint Usage and Health Log Data should be enabled, and it is useful

when in need of information on how your system is functioning. However, keep

in mind that turning this on can load the system with logs, thereby affecting the

performance. The solution for this is to log only the necessary events. Refer to

configure usage and health data collection in SharePoint Server 2016 for more

information.

18Configure usage and health data collection in SharePoint Server 2016: https://technet.microsoft.com/en-us/library/ee663480(v=office.16).aspx

Things You Are Most Likely Going to Misconfigure

Enable Usage and Health Data Collection

35

19Move site collections to a new database (split a content database) (Windows SharePoint Services 3.0): https://technet.microsoft.com/en-us/library/cc825327(v=office.12).aspx

It is recommended that you track whether site collections are growing out of

control.

When starting with a new SharePoint site, it is usually uncertain whether the

adoption is going to take off. What you can then do is monitor your site collections

and try to analyze and predict how big your content database for a particular

site might get.

For general usage, it is recommended that the site collection size ought to be set

to 100GB.

The best practice of limiting the size to 100GB has its reasons and is mostly to

keep the SQL Server unballasted because demanding SQL Server operations

affects the overall server performance.

The other reason is that the SharePoint site collection back and restore option is

only supported for a maximum site collection size of 100GB. If you have a larger

site collection, you must back up your entire content database.

By itself, this is not such a big issue unless you have a few site collections larger

than 100GB contained in a single content database. THEN you have a problem.

To back up and restore this, it will take quite some time and is not the safest

operation to perform. In situations like this, it is advised to create a new content

database and move other site collections to the new database.

Refer to the TechNet article titled Move Site Collection to a New Database for

more information on how to perform this action.19

Site Collection Size

36

When the content database is configured correctly, the system should run at its

best. That is why it is advised to avoid letting your content database grow

beyond 200GB.

To support content databases of up to 4TB, a disk sub-system performance of

0.25 IOPS per GB is required. The content database’s initial size should be set to a

value larger than the default. These values should be set in accordance with your

environment and expected amount of data.

Note that you can have content databases without a defined size limit; for

example, bigger than 4TB but under strict requirements. The key is to monitor

the databases and, if needed, tweak a few settings. It is also a good idea to run

database maintenance on an SQL level that will allow you to have a disk in the

optimal state.

The best practice for IIS is that there should only be ten application pools running

on a single server.

Because application pools allow a set of web applications to share one or more

similarly configured work processes, they offer a way to isolate a set of web

applications from other web applications on the server. However, since every IIS

app pool that serves a SharePoint web application consumes a lot of memory, it

is recommended to keep the number of pools at ten (this amount can be different

depending on the hardware setup).

To do this, the best solution is to host site collection within the existing web

application. The other option is to host named site collections.

Content Database Autogrowth

Number of Application Pools

37

For improved performance, certain SharePoint features may use the object

cache, so make sure to configure the accounts needed for caching. For that, you

will need two accounts: Portal Super User Account and Portal Super Reader

Account. Please refer to the Best Practices SPDocKit article20 to get an additional

explanation and a how-to guide for configuring object cache user accounts in

SharePoint.

Windows Server 2003 Service Pack 1 introduced a loopback security check

designed to prevent reflection attacks on the server. If the FQDN or the custom

host header of the SharePoint web application does not match the local computer

name, authentication will fail. What you would get is an “access denied” error

when trying to access something you know with certainty you have

privileges to access.

This is where the loopback comes in, and what you need is the so-called

“loopback fix.”

To have optimal performance, the loopback should be disabled. This can

sometimes cause problems with the authentication, but when it is properly

configured, you will see an improvement in search performance and services

running on the SharePoint server. Sometimes, what happens is that the application

pool user is not part of the performance log group on the SharePoint server.

The account needs to be in this local group to be able to retrieve performance

metrics. This is important when you are troubleshooting something and looking

into logs and other places to see what is going on.

20Object Cache User Accounts: https://docs.syskit.com/bp/v1/web-applications/caching/object-cache-user-accounts/

Object Cache User Accounts

Loopback Disabled

HTTP 401.1 – Unauthorized: Logon Failed

38

You can improve your browser performance for users by reducing the database

load with a disk-based binary large object, also known as BLOB.21

You enable and configure the BLOB cache and make configuration changes to

the page output cache profiles and the object cache in the Web.config file in the

web application to which you want to apply those changes. The changes you

make to the Web.config file will be applied to all site collections within the web

application.22

The page output cache uses cache profiles that specify how long items should

be held in the cache. Keep in mind that activating the output cache can also

introduce certain side effects, so make sure the page output cache is

configured and turned on for the affected sites.

Community best practices advise that you don’t use the server name for the

SharePoint web application URL. What will happen is that the DNS record will

only point to the server whose name is used in the URL.

The best option is to use a dedicated name for the SharePoint web application.

First of all, try to use a URL that’s easy to remember. Also, choose fully qualified

domain names (FQDN) for URLs for SharePoint web applications.

Follow this link to learn how to change the URL and IIS bindings of a web

application.

21Plan for caching and performance in SharePoint Server 2013: https://technet.microsoft.com/en-us/library/ee424404.aspx22Configure cache settings for a web application in SharePoint Server 2013: https://technet.microsoft.com/en-us/library/cc770229.aspx

Publishing Cache

Web Application URL Check

39

This section discusses the best practices for the Office Web Apps Server and

using SSL for HTTPS.

Office Web Apps Server delivers browser-based versions of Office apps in

an on-premises environment, giving users more flexibility and collaboration

opportunities.23 The Office Web Apps infrastructure should be configured to use

SSL connections.

If you want to use the Office Web Apps with SharePoint, you must configure the

Web Application Open Platform Interface (WOPI endpoints first and then create

a WOPI binding between the SharePoint and Office Web Apps infrastructure.)

23Plan Office Web Apps Server: https://technet.microsoft.com/en-us/library/jj219435.aspx

Figure 3 - Office Web Apps infrastructure

Office Web Apps HTTPS

40

Application pool user accounts must have required permissions to gather

performance counter metrics, and this means that the application pool account

must be in the local Performance Log Users group.

You have to verify this permission setting on all servers. It is recommended that

you go over the Plan for Administrative and Service Accounts in SharePoint 201324

article for more information.

24Plan for administrative and service accounts in SharePoint 2013: https://technet.microsoft.com/en-us/library/cc263445.aspx

AppPool User in Performance Log Group

For production Office Web Apps Deployments, it is recommended your use the

SSL-secured HTTPS; however, in TEST and DEV, it is okay to use unsecured HTTP

interfaces. Follow the steps in the Configure Office Web Apps for SharePoint 2013

article for more details regarding the test environment that uses HTTP.

41

We are all human and make mistakes every day—this is something that is

absolutely understandable. Managing a SharePoint environment is not easy, no

matter how hard you try. However, that is why we, at SysKit Ltd., have made it

our mission to make it as easy as possible for all SharePoint administrators and

consultants through the use of SPDocKit.

As mentioned in previous sections, everything you need to know about tweaking

your SharePoint environment can be found on the SharePoint Best Practices

Library by SysKit website, which we update regularly, allowing you to validate

your farm configurations and optimize them according to the latest SharePoint

best practices.

Conclusion

42

Professionals treat time as the most valuable

asset at their disposal. Use SPDocKit.

www.spdockit.com

www.spdockit.com