SharePoint 2013 : Configuring an on-premise farm for Apps

At Ridgian we’ve stood-up an on-premise SharePoint 2013 Farm.  Well actually it’s running in Windows Azure under an extension to our own AD and one thing we wanted to test and run through is configuring the Farm for Apps.  Basically setting up our own App Store.

Now TechNet have a an article which is a really good article and quite easy to follow.  There is one problem though.  If you are using SSL and do actually configure a separate DNS domain for your Apps, the article is incomplete.  There is one extremely important item missing and this item results in you always getting redirected to a 404 “Page Not Found” when you deploy and run your App.

Luckily Chris Whitehead, bless him, a Microsoft Premier Field Engineer has filled in the essential detail in his blog article which took me quite a while to track down.

The missing item in the TechNet article is the “Routing Web Application”.  Basically when you have set up everything as per the TechNet article, I was left wondering how does SharePoint actually know where to redirect the request to when all the Apps have a dynamically created DNS name such as .  Yes, it exists in DNS as a wildcard entry against your Apps server, but the server itself has no knowledge of this domain name and so refuses the request.  The trick is in this final step which Chris mentions but the TechNet article omits.  You create a new Web Application through SharePoint which has either:

  • A different IP address to the main SharePoint Domain or …
  • No Host Header if it shares the same IP address as the main SharePoint Domain.

This means that the server can now respond to any dynamically generated DNS name and SharePoint internals handles the fiddly routing bit. Now since we’ve run up our servers in Azure we cannot grant our Apps domain a separate IP address.  This results in another issue.  We end up with the Apps domain Web Application using the same certificate as the main SharePoint domain, so we get a certificate error coming up.  So on your production domain you need to have two IP addresses available in order to successfully implement an App Store using SSL without certificate errors.

I thought this stuff was meant to be getting easier!

In summary read both the TechNet and Chris Whitehead’s articles if you want to successfully run up a production App Store on-premise and make sure you have 2 IP addresses available. One for the SharePoint domain, one for the App domain.

Hope this helps


Dave Mc


About davemcmahon81
Software Developer & Architect, User Group Leader, Speaker, Writer, Blogger, Occasional Guitarist, Man-made Global Warming Sceptic, Climate Change Believer, General Optimist but most of all proud Husband and Dad ...

4 Responses to SharePoint 2013 : Configuring an on-premise farm for Apps

  1. Trevor says:

    Wow! I am still going nuts trying to configure SharePoint to work with apps using ssl/https. I am at the last stage: everything works except the redirection. The app site domain is using the same cert as the web application domain and I get cert errors (wrong name) whenever I add an app and actually try to use it.

    I have a single IP address server farm and use host headers. There is no host header for the port 80 http site. SharePoint is “trying to redirect” properly. I have purchased and installed both wildcard certificates and followed all the directions to setup SharePoint to use apps including the advanced part to issue security tokens. . Are you saying I need a separate IP address for the app site, need to change my DNS entry to match that IP, and then I need to add another network card to assign that IP? Then it will work?

    I wish somebody would actually demo the scenario you describe. I have Microsoft partners/consultants involved that can’t seem to do this and/or setup SharePoint properly.

    I would pay you to help me, and I am very serious. I left my email address… contact me… please! I am just trying to have the server farm up and running with the basics of a server farm configured properly.

    • says:


      I guess you have already found the solution to the problem you are facing (Considering the date you have posted the question). However, I’m posting my suggestion for future readers of this good blog.

      If you have only one IP address, you can use this for the main sharepoint web application or for the routing web application. IIS wont even allow you to use two certs to be associated to one IP, unless we use different port number such as 443, 4443

  2. Jason Robertson says:

    No one explains how to go about creating the Routing Web Application in SharePoint

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: