Configuring IIS involves creating an application pool and granting certificate permissions.
For the services, create an application pool (called, for example, ‘Services’). The application pool should use the .NET Framework v.4.0.30319, and be set to integrated mode.
Once you’ve created the application pool, go into the Advanced settings or properties for the pool and change the Identity to the account that you want to use, for example Network Service.
If you do not already have a separate application pool to run Portal, it is recommended that you do so now. Portal requires .NET Framework v.4.0.30319, and uses integrated mode. Similarly, you should then set the Identity for the pool to the account you want to use.
The identities that run the services, Performance DNA, and Portal need access to the private key of the certificate that is used to sign the requests (for the STS) and encrypt the token requests (for Portal, Performance DNA, and the notification service).
Granting certificate permissions
- Click Start.
- Search for mmc.exe (Windows 7) or open a command line console via start > run > cmd.exe
- Run mmc.exe or type mmc.exe into the command line console and press Enter.
- Add the Certificates snap-in (choosing to manage certificates for the local computer account when asked) by clicking File, Add/Remove Snap-in and selecting the Certificates option from the Available snap-ins section.
- Select computer account.
- Under the Certificates (Local Computer) hierarchy expand the Personal node and click Certificates.
- Right-click the certificate used for the web server, and choose All Tasks > Manage Private Keys.
- If the application pool users do not appear in the list, click Add to add them.
- Give the new user accounts Read access in the permissions list.
- Click OK to save changes.
- Right-click the certificate used for the web server and select Copy.
- Browse to the Trusted People/Certificates folder and paste the certificate to this folder
- Close mmc.exe.