Hi All,
This is my second SharePoint install, my first 2013 install and my first trying to start services running in custom app pools. This is for a real world need as a UAT tier for our organization.
I've tried installing service apps to 2013 as a separate user following the guidelines depicted here - http://technet.microsoft.com/en-us/library/cc263445.aspx, specifically, the Secure Store Service.
Many things are broken with this paradigm...
1. Even though you specify the pool user to be a specific user (other than the one used to install SP), the Secure Store Database is created by the user that was used to install SharePoint 2013 and then 2013 does not give this user any permissions to the database. When you create a key for this new service, it fails because there are no db permissions. You can only create a key if you log into Central Admin as the user used to create the service. After that, you can't manage the service as the normal Farm admin (again, no db permissions).
I can't imagine giving permissions to the secure store database to my install user to be the correct approach to fixing this...
2. When you create a service app, even though you specify the name of the apppool you want to run this service app in, SP creates an apppool in IIS 8 with a name tantamount to "20solih23slejwt-02923glhg" even though Get-SPServiceApplicationPool in management shell shows the "normal" name you specified. What might be wrong?
How is the Central Admin experience supposed to be when running service apps as other users? Should I be expecting to log into CA as these other users to manage the service apps or should any farm admin be able to manage all service apps (which will not happen because SharePoint isn't handling DB permissions correctly)? I've not found any documentation that depicts what should be experienced if this is set up correctly so there is no way to tell if what I'm observing is normal or an actual problem.
Any advice/thoughts would be helpful...
Thanks!
Paul
