You are browsing the archive for 2013 March.

Service Provider Foundation (SPF) – Installation Step by Step

12:59 pm in Uncategorized by Christopher Keyaert

Hello Everyone,


First question, what is System Center 2012 SP1 Service Provider Foundation?
On TechNet (, I found the following description:

Service Provider Foundation is provided with System Center 2012 – Orchestrator, a component of System Center 2012 Service Pack 1 (SP1). Service Provider Foundation exposes an extensible OData web service that interacts with Virtual Machine Manager (VMM). This enables service providers and hosters to design and implement multi-tenant self-service portals that integrate IaaS capabilities available System Center 2012 SP1.

In other words:

  • Service Provider Foundation is available on the same ISO file than System Center Orchestrator 2012 SP1.
  • A hoster is any person that is providing a hosting services (Hyper-v hosts, networks, …) from his infrastructure to different customers/tenants who will deploy VM, Apps, websites on the hoster’s infrastructure.
  • SPF will help these hosters to build a multi-tenants self-service portal that will present an extended web service for Virtual Machine Manager.
  • Concerning the portal, you could build one on your own or you could use the Windows Azure Services for Windows Server. (This topic will be cover in another blog post)


  • A new server on which we will install SPF (We will call it SRV-SPF01)
  • Orchestrator Iso file
  • The Virtual Machine Manager 2012 SP1 Administrator Console must be installed on SRV-SPF01
  • A SQL server that could be used by SPF for installing its DB
  • Download the Certificate Creation Tool here :
  • Download and install MVC4:
  • Download and install WCF Data Services 5.0 for OData V3 :
  • A Active Directory Global Security group that we will called SPF-Admins
  • A service account that is member of the VMM Administrator group, SPF-Admins group and local administrator group on SRV-SPF01
  • Your AD account must be member of the SPF-Admins group also
  • The following Roles and Features must be installed on SRV-SPF01


Create the SSL certificates

Service Provider Foundation requires that a Secure Sockets Layer (SSL) server certificate be configured for its website bindings. The Service Provider Foundation website is the endpoint for the Admin service and the Virtual Machine Manager (VMM) service that use Representational State Transfer (REST) and Open Data Protocol (OData) technology to communicate with clients and portal applications.

The certificate should conform to the following recommendations:

  • A self-signed certificate should be used only for testing purposes.
  • The fully qualified domain name (FQDN) should be specified for the certification path instead of “localhost”.
  • A self-signed certificate should be placed in the personal store.

A complete explanation is available on TechNet:

We first need to create test Root Certificate, with the MAKECERT application that we download in the perquisites.

makecert -pe -n “CN=TestRootCA” -ss personal -sr LocalMachine -sky signature -r “TestRootCA.cer”

We now have to create a certificate for the machine itself

makecert -pe -n “CN=SRV-SPF01.CONTOSO.COM” -ss my -sr LocalMachine -sky exchange -eku, -in “TestRootCA” -is personal -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 SPFTestCert.cer

At the end, we have two new certificates, move these certificates to a folder that we will access later.

SPF installation

Start the setup.exe file on the Orchestrator cd and at the bottom, there is the Service Provide Foundation section, click on Install.

A new window, dedicated to SPF pops up, click on install.

Accepts the license terms and click on Next.

Check the box and click on Next.

Once the prerequisites check done, click on Next.

Specify your SQL Server and click on Next.

Click on Change Folder and browse to the folder where you stored the two certificates that you created earlier.
Review the information available in Certificate Store and Certificate Name, if everything is ok, click on Next.

Specify the AD group and service account that we created during the perquisites and click on Next.

Specify the AD group and service account that we created during the perquisites and click on Next.

Specify the AD group and service account that we created during the perquisites and click on Next.

Selection your own values and click on Next.

Review all the information and click on Install.

SPF installation in progress.

Installation completed.

This post is in fact the first one of a service dedicated to Windows Azure Services for Windows Server.
Stay tuned!!!


How to access to SCOM 2012 SP1 Web Console from Windows Server 2003 SP2 / Windows Xp / …

2:18 pm in Operations Manager by Christopher Keyaert

Hello All,

I had a customer that is running SCOM 2012 SP1 as monitoring platform, but he is using a Windows Server 2003 SP2 Citrix image as terminal server, and he wants to be able to access to the SCOM Web Console from that terminal server.

The first time that you access to the SCOM Web Console, you have to configure the Silverlight installation.

But, when you tried that to configure it on a Windows XP SP3, Windows Server 2003 OS, it crashes with the following error:

The procedure entry point LocaleNameToLCID could not be located in the dynamic link library Kernel32.dll

The problem is explained on Mihai’s blog, but the proposed fix only works for SCOM 2012 and it doesn’t work anymore for SCOM 2012 SP1.

Now, how to get this working with SCOM 2012 SP1?

  1. Download the .reg file on Mihai’s blog
  2. Double click on it and accept the registry modification

  3. Start a MMC console and Add the certificates snap-in for the Local Computer store
  4. Expand Local Computer
    Certificates Store > Trusted Publishers > Certificates
  5. Remove all the Microsoft Corporation Microsoft Code Signing PCA certificates (the .reg file installed 3 certificates which are for SCOM 2012, in fact the one for SCOM 2012 SP1 is missing).
  6. Download the attached certificate

  7. Import it to Local Computer
    Certificates Store > Trusted Publishers > Certificates

  8. Restart internet explorer and go to the SCOM Console Website
  9. Enjoy J

Tim has a really good solution to automate that task by GPO, just use the certificate that I provided in step 6.