Recommendations to Managing Central Admin

From here

Running Central Administration on more than one server in the farm.

Correcting the Central Administration AAM Collection

Modifying the CentralAdministrationURL Registry key.

Providing “Highly Available” SPCA using Network Load Balancing

Running Central Administration on the standard Port

Running Central Administration over SSL.


  1. Don’t let the SPCW pick a random high port
    If you wish to keep a high port for SPCA, stick with something sensible like 8080. I like 8080 as it’s contiguous with other default ports in the product (Document Conversions uses 8081 and 8082 by default) and it’s also a semi-standard from back in the day when admin ports like 88 and 8080 were common.
  2. Don’t use DNS CNames (Aliases)
    You should only use Aliases when you need one. In addition they cause problems with certain clients (IE6) and Kerberos. Oh and did I mention you shouldn’t use an alias when it’s not an alias you’re after? 🙂
  3. Windows Firewall on Windows 2008
    Remember this guy will get in the way of your inter-server communications, including requests to SPCA on high ports. You will need to allow your SPCA ports through. Another in depth post on how to configure the Windows Firewall for a SharePoint Farm is coming soon.
  4. Internet Explorer Trusted Zone
    Ignore the crazy install guides – don’t use them. Don’t be adding SPCA URLs into the Trusted Zone! It’s a totally bogus, single server recommendation. Use the Intranet Zone instead which will send credentials automatically and means you don’t need to turn off Internet Explorer Enhanced Security Configuration.
  5. AAMs are not backed up
    The only way to back up your AAM configuration is to document it. The only way to restore your AAM configuration is to re-implement it based upon that documentation. This is not specific to SPCA but a general problem (one of many!) with AAMs.
  6. Save hassle by running the SPCW first on a machine you want to host SPCA.
    Tidying up later is always a hassle as the SPCW will not change this. If you install SPCA on the Application server and later “move” it, the registry key will always be the application server URL.
  7. Use SETADMINPORT and AAMs with caution!
    In addition changing the admin port or AAM Internal URL, will modify the registry key:

    1. Running STSADM –o SETADMINPORT will reset the key back to the original server with the port specified, on all servers in the farm. It will also reset the AAM URLs back to the original ‘redirect’ configuration.
    2. Modifying the first AAM Internal URL will set the key to that value, on all servers in the farm