SharePoint 2010 Service Application Communication Scheme

The default communication scheme for many of the SharePoint 2010 Service Applications is ‘http’ (i.e. unsecured). This can be changed easily in the GUI by selecting the service application and clicking the ‘publish’ ribbon button:

Service Application publish ribbon toolbar button

It should however be noted that a number of Service Application communication schemes run by default over https and cannot be modified, these are:

  • Application Discovery and Load Balancer Service Application
  • Search Administration Web Service
  • Secure Store Service Application
  • Security Token Service Application

The communication scheme of a few Service Applications cannot be inspected using the GUI (and the publish ribbon button remains greyed out when they are selected):

  • SharePoint Server ASP.NET Session State Service
  • SharePoint Session State Service Application
  • WSS_UsageApplication

Modifying the communication scheme of all of the Service Applications can be time consuming and can be error prone, especially when using SharePoint 2010 Enterprise and the Office Web Applications with all of the Service Applications available configured for use. With this in mind, the following PowerShell will change the communication scheme of all of the Service Applications where it is possible to do so to https:

1
2
3 1 # This script sets the communication scheme of all Service Applications to be https instead of http  2 # Note that the communication scheme for a number of Service Applications cannot be changed  3   4 # Grab a list of the Farm's Service Applications  5 $ServiceApps  \= Get\-SpServiceApplication | Sort\-Object TypeName  6  7 # Iterate through the Service Applications  8 foreach ($ServiceApp  in  $ServiceApps)  9 { 10  if (($ServiceApp.TypeName \-ne  "Application Discovery and Load Balancer Service Application") \` 11  \-and ($ServiceApp.TypeName \-ne  "Search Administration Web Service Application") \` 12  \-and ($ServiceApp.TypeName \-ne  "Security Token Service Application") \` 13  \-and ($ServiceApp.TypeName \-ne  "Secure Store Service Application") \` 14  \-and ($ServiceApp.TypeName \-ne  "SharePoint Server ASP.NET Session State Service") \` 15  \-and ($ServiceApp.TypeName \-ne  "State Service") \` 16  \-and ($ServiceApp.TypeName \-ne  "Usage and Health Data Collection Service Application")) 17 { 18  # We can modify the communication scheme  19  Write\-Host "Current communication shceme for"  $ServiceApp.DisplayName ":"  $ServiceApp.DefaultEndpoint.Name 20  if (($ServiceApp.DefaultEndpoint.Name \-eq  "https") \-or ($ServiceApp.DefaultEndpoint.Name \-eq  "secure")) 21 { 22             Write\-Host "Service Application already using https, skipping"  \-ForegroundColor Red 23 } else { 24  # Change the communication scheme to https  25   26  27  if ($ServiceApp.TypeName \-eq  "PowerPoint Service Application") { 28  # PowerPoint Service Application has "fast" instead of "http" and "secure" instead of "https"  29   $SAEhttps  \=  $ServiceApp  | Get\-SPServiceApplicationEndpoint | where {$\_.DisplayName \-eq  "secure"} 30 } else { 31  $SAEhttps  \=  $ServiceApp  | Get\-SPServiceApplicationEndpoint | where {$\_.DisplayName \-eq  "https"} 32 } 33             Write\-Host "Setting Service Application communication scheme to https"  \-ForegroundColor Green 34  $ServiceApp.DefaultEndpoint \=  $SAEhttps  35  $ServiceApp.Update() 36 } 37         Write\-Host "\`n"  38 } 39 }

To reverse these changes, and set the communication scheme of all Service Applications for which it is possible to modify the communication scheme, the following PowerShell can be used:

1
2
3 1 # This script sets the communication scheme of all Service Applications to be http instead of https  2 # Note that the communication scheme for a number of Service Applications cannot be changed  3   4 # Grab a list of the Farm's Service Applications  5 $ServiceApps  \= Get\-SpServiceApplication | Sort\-Object TypeName  6  7 # Iterate through the Service Applications  8 foreach ($ServiceApp  in  $ServiceApps)  9 { 10  if (($ServiceApp.TypeName \-ne  "Application Discovery and Load Balancer Service Application") \` 11  \-and ($ServiceApp.TypeName \-ne  "Search Administration Web Service Application") \` 12  \-and ($ServiceApp.TypeName \-ne  "Security Token Service Application") \` 13  \-and ($ServiceApp.TypeName \-ne  "Secure Store Service Application") \` 14  \-and ($ServiceApp.TypeName \-ne  "SharePoint Server ASP.NET Session State Service") \` 15  \-and ($ServiceApp.TypeName \-ne  "State Service") \` 16  \-and ($ServiceApp.TypeName \-ne  "Usage and Health Data Collection Service Application")) 17 { 18  # We can modify the communication scheme  19  Write\-Host "Current communication shceme for"  $ServiceApp.DisplayName ":"  $ServiceApp.DefaultEndpoint.Name 20  if (($ServiceApp.DefaultEndpoint.Name \-eq  "http") \-or ($ServiceApp.DefaultEndpoint.Name \-eq  "") \-or ($ServiceApp.DefaultEndpoint.Name \-eq  "fast")) 21 { 22             Write\-Host "Service Application already using http, skipping"  \-ForegroundColor Red 23 } else { 24  # Change the communication scheme to https  25   if ($ServiceApp.TypeName \-eq  "Visio Graphics Service Application") 26 { 27  # Visio Graphics Service Application has "" instead of "http" (equivalent to "default" in the GUI)  28   $SAEhttp  \=  $ServiceApp  | Get\-SPServiceApplicationEndpoint | where {$\_.DisplayName \-eq  ""} 29 } elseif ($ServiceApp.TypeName \-eq  "PowerPoint Service Application") { 30  # PowerPoint Service Application has "fast" instead of "http" and "secure" instead of "https"  31   $SAEhttp  \=  $ServiceApp  | Get\-SPServiceApplicationEndpoint | where {$\_.DisplayName \-eq  "fast"} 32 } else { 33  $SAEhttp  \=  $ServiceApp  | Get\-SPServiceApplicationEndpoint | where {$\_.DisplayName \-eq  "http"} 34 } 35             Write\-Host "Setting Service Application communication scheme to http"  \-ForegroundColor Green 36  $ServiceApp.DefaultEndpoint \=  $SAEhttp  37  $ServiceApp.Update() 38 } 39         Write\-Host "\`n"  40 } 41 }

Note that an IISRESET will be required on all servers in the farm once either of the above PowerShell scripts has been run to complete the modification of the communication scheme.