Installing Shopping Central

You must ensure a suitable web server certificate exists in the local machine certificate store, and permissioned to allow the Shopping Installer Account and Shopping Central service account to read it. Default permissions are sufficient. For web server certificate requirements, please refer to Shopping Server certificate.

Only HTTPS connections are supported to the Shopping website, because supported browsers block Cross-Origin Resource Sharing (CORS) in non-secure contexts such as HTTP.

Licenses: If you do not have a valid license key when you install Shopping, you will be able to automatically use a 30-day evaluation. If you have a Shopping 5.x license and are entitled to upgrade, or if you need to run Shopping beyond the evaluation period, contact Sales for a new license key.

You will need a 1E license that covers the Shopping-specific instructions if you want to use the client-side features of Shopping's Order Tracking feature. Contact 1E for a Shopping addition to your 1E license if you do not already have it.

Intune: If you're planning to use Shopping with Intune, you should follow the instructions on Microsoft Intune integration before starting the installation of Shopping central.

1E: To use Shopping with 1E, you should follow the instructions on 1E Platform integration before starting the installation of Shopping Central.

Installing Shopping central with the wizard

To install the Shopping central components, start a command prompt with elevated rights using Run as administrator , change directory to the location where you downloaded ShoppingCentral.msi and run the following suggested command-line:

Copy
msiexec /i ShoppingCentral.msi /l*v ShoppingCentralInstaller.log

Welcome

This screen provides the version number for Shopping and outlines what the wizard will do. Click Next to go to the next screen.

Shopping Prerequisites

On the Prerequisites screen, background checks are run to ensure the prerequisites are met and click Next.

License Agreement

On the License Agreement screen, accept the license agreement and click Next.

Installation Type

On the Installation Type screen, choose from the following options, and then Click Next.

Installation Option

Explanation

Enable integration with Intune

Early in the Shopping Central installation wizard, when you specify the installation type you can indicate whether Intune integration should be enabled.

You can use Shopping 6.0 with Microsoft Intune in much the same way as with Configuration Manager.

You can do this by checking Enable integration with Intune.

Refer to Microsoft Intune integration for details on how to:

  • Prepare Azure Active Directory applications

  • Configure Shopping integration during installation or upgrade

  • Configure Shopping Intune Integration after installation or upgrade

  • Enable Configuration Manager co-management.

Complete Install

Installs the Shopping Web application, Shopping APIs, Shopping database, Shopping Admin console and Shopping services.

Web Only

Installs only the Shopping Web on secondary devices.

It requires a complete Shopping installation to already exist on the network as the installer will prompt you for the host, port and IP address for the Shopping website.

Admin Console Only

Installs only the Admin console on secondary devices.

It requires a complete Shopping installation to already exist on the network as the installer will prompt you for the location of the Shopping database server.

Customer Information

Enter the following and click Next:

  1. The name and organization details.

  2. License key for Shopping.

    If you are evaluating Shopping, leave the license key blank for a 30-day evaluation period.

  3. Keep the WSA License Key field blank.

    Windows Servicing Assistant (WSA) is no longer supported.

Custom Setup

This corresponds to the installation type you chose in step 4.

You can change the default installation location for each component by selecting the component and click Change...

Feature

Installation location

Complete

C:\Program Files (x86)\1E\Shopping\

Database

C:\Program Files (x86)\1E\Shopping\Database\

Website

C:\Program Files (x86)\1E\Shopping\WebSite\

Website Application

C:\Program Files (x86)\1E\Shopping\Website\Shopping\

WebAPI

C:\Program Files (x86)\1E\Shopping\WebSite\ShoppingAPI\

Service

C:\Program Files (x86)\1E\Shopping\CentralService\

Admin Console

C:\Program Files\1E\Shopping\AdminConsole\

Database Server

Enter the following details and click Next.

  1. The name of the SQL Server instance to host the Shopping database. Checks are made to see if the machine is an SQL Server. You have the option to drop any existing Shopping database.

    If you are upgrading and want to preserve your existing data, ensure that you do not select the Drop any existing Shopping database option.

     

    The SQL Server Name defaults to (local) which sets Shopping to use the local machine to host the Shopping database. Both SQL alias and FQDN are supported for determining the SQL Server by the Shopping Central installer. You can also set a named instance using the format: <ServerName>\<InstanceName>.

    For example, if there is an SQL named instance called Admin on the server SMS01, populate the SQL Server Name: field with SMS01\Admin. You can also change the name for the Shopping database that gets created.

    When upgrading Shopping, if a database with that name already exists it will be upgraded, otherwise a new database will be created. If the default database name was changed for a previous Shopping installation, you will need to enter that name if you want it upgraded.

  1. If TLS 1.0 is disabled on either server that will host the Shopping website or SQL Server, then:

    • Enable the checkbox TLS 1.0 disabled - install using TLS 1.1 / 1.2.

    • Install SQL Server Native Client 11.0 as described in Installation when TLS 1.0 is disabled.

    • Click Next.

Active Directory Integration

Enter the details to access an AD domain controller. This may be specified using the server name or the LDAP namespace. For example, a particular DC can be referenced using the server name such as ACMEDC01 or an AD namespace such as ACME.local.

The AD server value defaults to localhost. Change this to refer to the AD domain controller. Using the AD namespace is preferred in that if you specify a domain controller and that DC becomes unavailable, you won't be able to open the Shopping console.

Access to the AD server or namespace will be verified when you click Next.

Service Account

Enter the name and password for the Shopping Central service domain account. It must have the appropriate security rights already, please refer to Shopping Central service account for details.

For example, to set the ShoppingSrv service account for the ACME domain, enter ACME\ShoppingSrvin the User name: field. The name and password for the account will be verified when you click Next.

You must also set an account or group to be used by the Shopping Central website to validate communications from the Shopping Receivers. If you provide a:

  • Domain account, this same account must be used by all Shopping Receivers

  • Security group, all the service accounts used for by Shopping Receivers must belong to this group.

This second option is of particular use when using the network service account for the Shopping Receivers. In this case, you simply add the computer account where the Receiver service is running to the security group provided here.

Click Next.

Exchange or SMTP Server

Enter the fully qualified domain name for your Exchange or SMTP server. The SMTP server name defaults to localhost for locally defined SMTP servers.

You can change the SMTP server name to an external server by entering its name into the field. For example, you could set the SMTP server name to the fully qualified server name for an Exchange server such as smtp.acme.local. The server entered will be verified when you click Next.

Click Next.

Configuration Manager Integration

Enter the Configuration Manager server name (it defaults to local host) but you can set this to a remote server by entering the server name in the Configuration Manager Server field and click Next.

This is normally the Configuration Manager CAS site server but if you have multiple sites in your ConfigMgr hierarchy, this could be the ConfigMgr Primary site server for any sites you want to manage with Shopping.

Admin Console Node Security

Enter the Shopping security groups as described in Shopping Console Access groups.

For example, we have created three Shopping security groups:

  • ShoppingConsole_Admins

  • ShoppingConsole_Users

  • ShoppingConsole_SMSUsers

These groups are required even if you are not using the Console Node Security feature. If you want to use the Console Node Security feature the ShoppingConsole_Admins group must be configured so that it has security permissions in AD to write to itself and to the two other groups.

Other permissions are added to the groups automatically during installation if the installation account has AD Rights to update these groups. The accounts will be validated and warnings are raised if problems are encountered.

Click Next.

Shopping Management Accounts

Enter the details for specific accounts/groups used by Shopping to manage information, for more details please refer to Shopping Administrator groups.

Account

Explanation

Admin account

Refers to the Shopping Administrators group that has default access to all the nodes in the Shopping Admin console and is able to see the Administration tab on the Shopping Web portal.

Reports access account

Refers to the Shopping Report Managers group, that is granted web access to reports, using the Reports tab on the Shopping Web portal, detailing the types of Shopping interactions that have been made.

License manager account

Refers to the License Managers group, whose members are sent emails of any license threshold notifications.

The entries will be validated and warnings are raised if problems are encountered. The installer searches for email addresses for the Admin and License manager accounts using each account's AD-defined mail field. If these are not found a warning is not displayed, and they will have to be added in the Shopping Admin Console Web settings post installation.

1E recommends using AD Groups instead of individual accounts because groups can be managed outside of Shopping.

Click Next.

Website Configuration

Enter the IIS Port, which defaults to 443, and Host Header for the Shopping Website. You can provide an IP address for it and if you want to be non-specific about the IP address, use *.

As the Shopping Central installer defaults to using HTTPS, you will also need to select a Web Server certificate that will be used for the HTTPS bindings. To select the certificate, click on the Browse... button - which displays a dialog containing a list of the Server certificates available on the local computer.

In our example, a Server certificate has been previously requested specifically for Shopping. When you have selected the certificate, click OK, to set this on the Website Configuration screen.

Once a certificate has been set, you can also click View... to display its details.

For IIS configuration requirements, refer to Shopping Central IIS configuration. For web server certificate requirements, refer to Shopping Server certificate.

Click Next.

The certificates list may be empty if you are not running as an elevated administrator, or your certificates(s) are not the correct type, or have expired. For details on the certificate requirements, refer to Shopping Server certificate.

Shopping URL Prefix

Set the base URL for accessing the Shopping API so that the Shopping Central service can communicate with the Shopping Web. Typically, this is set to the host header you defined in the Web configuration screen plus the port number.

For example https://shopping.acme.local:443, or if you have modified the port from its default of 443, https://shopping.acme.local:4434

Click Next.

You must specify HTTPS. Do not specify HTTP.

Intune Integration

If you enabled the integration with Intune, specify the Intune Integration details, then click Next.

ID

Note

Azure tenant ID

This is the same as your Azure tenant ID, available in the Overview node of your AAD console.

Service authentication client app ID

Available in the Overview node for the app in the App Registrations or Enterprise applications nodes of your AAD console.

Console authentication client app ID

Available in the Overview node for the app in the App Registrations or Enterprise applications nodes of your AAD console.

1E Platform portal

  1. Check the Enable 1E Platform Integration checkbox if you require any of the following Shopping features:

    • Shopping for 1E Instructions

    • Client-side Order Tracking to notify Shoppers via a notification icon and toast pop-ups.

  2. Fill in the following fields for your 1E Platform implementation.

    Field

    Description

    1E Platform base URL

    Set this to the base URL of your 1E Platform. For example, https://tachyon.acme.local:443/.

    Setup User

    Set this to the user name of the account you want to use for running the 1E Instruction that implements the Client-side Order Tracking feature and any 1E Instructions you are making available as Shopping applications. The user name must be provided in the form of Domain\User. You could even set this to the account details you used for the Shopping Service account to avoid having to provision another account.

    This user has to perform the following tasks:

    • Create the Shopping Administrators role in 1E.

    • Create an instruction set called 1E Shopping and add the Client-side Order Tracking instruction to it.

    • Give the Shopping Administrators role permission to run the instruction.

    • Add the specified user account to the 1E Platform.

    • Assign the user account to the Shopping Administrators role.

    • Save the name as 1E username in the Shopping Console settings (also saves its password encrypted).

    • Allow read access on the private key.

    Integration User

    This user is to be added as a Shopping administrator in the 1E Platform. The user name must be in UPN format.

    Client Assertion App ID

    The Client Assertion App ID is used to retrieve tokens for authentication in the 1E Platform.

    Signing certificate for Platform tokens

    This is the thumbprint of the certificate that is added to the Client Assertion App and also imported to the certificate store of the server.

    Add private key permissions

    This checkbox grants read permission to the Shopping Admin group and Central service account on the private key of the above certificate in the certificate store. This permission is required for creating the jwt required to fetch the authentication platform token.

  3. Click Next to continue.

Order Tracking emails are also available without the 1E Platform integration.

Ready to Install the Program

Click Install to start the Shopping installation.

InstallShield Wizard Completed

When the installer completes, optionally check Show the Windows Installer log, then click Finish to close the installer.

Installing Shopping in unattended mode

You must ensure a suitable web server certificate exists in the local machine certificate store, and permissioned to allow the Shopping Installer Account and Shopping Central service account to read it. Default permissions are sufficient. For web server certificate requirements, please refer to Shopping Server certificate.

Shopping 6.1 onwards only supports HTTPS connections to the Shopping website, because supported browsers block Cross-Origin Resource Sharing (CORS) in non-secure contexts such as HTTP.

You can install the Shopping Central service in unattended mode using the msiexec.exe command-line.

For example, to install all Shopping components with a Shopping service account, license it, setup the admin, reports and license manager accounts, define the Shopping security AD groups, locate the AD, SMTP, SQL and Configuration Manager server, then use an install script.

Command-line switches are described in Shopping Central installer properties.

Please note the following:

  • If you use the example Shopping_Install.cmd then it must be placed in the same folder with the ShoppingCentral.msi.

  • The ^ at the end of each line is a continuation character used by batch scripts and included for clarity.

  • We recommend removing the /qn to perform a dry run through installation and validate all the parameters first, this allows to visually see and confirm the values entered.

  • Any items which include spaces in the name or groups should be enclosed in quotes "" as shown.

Mandatory properties: The IISHOSTHEADER, THUMBPRINT and SHOPPINGURLPREFIX properties are required for an unattended installation. They create the HTTPS binding for the Shopping website, select the web server certificate, and the URL used by users and Receivers to connect to the Shopping website. Each must have the same FQDN which also matches a Subject Alternate Name (SAN) in the Web Server certificate.

The binding can also include:

  • IISIPADDRESS – you can provide a custom IP address for the Shopping Website, set it to * if you want it to be non-specific

  • IISPORT – the IIS port for the Shopping Website

For IIS configuration requirements, please refer to Shopping Central IIS configuration.

Integrating Shopping with the 1E Platform

If you want to integrate Shopping with the 1E Platform, add the following command-lines (substitute the [parameters>] for your environment):

Copy
ENABLETACHYON=1
PLATFORMURL=https://tachyon.sdl.local
PLATFORMUSERNAME=shoppinguser@corellianengineering.onmicrosoft.com
PLATFORMADMINUSER=Darth.Vader@corellianengineering.onmicrosoft.com
PLATFORMDIRAPPID=0c83091d-fc2f-40b5-8aca-940e4cf5f9b5
PLATFORMSIGNTHUMBPRINT=12826b39a28db45fa095748e5ac25ce67f110374
ADDPVTKEYPERM=1

Integrating Shopping with Application Migration

Ensure that the parameters you provide are correct. No validation takes place for this part of the unattended installation, nor are integration errors logged. If the integration fails, configure the parameters manually, refer to Application Migration integration.

If you want to integrate Shopping with Application Migration, add the following command-lines (substitute the [parameters>] for your environment):

Copy
APPMIGRATIONENDPOINTURL=http://[host:port] ^
APPMIGRATIONMODE=1 ^
SLAPLATFORMUSERNAME=[domain\user] ^
SLAPLATFORMPASSWORD=[password] ^

Integrating Shopping with Intune

If you want to integrate Shopping with Intune, add the following command-lines (substitute the [parameters>] for your environment):

Copy
ENABLEINTUNESUPPORT=1 ^
AZURETENANTID=[Azure tenant ID] ^
SERVICECLIENTAPPID=[service authentication app ID] ^
CONSOLECLIENTAPPID=[console authentication app ID] ^

Download the below Shopping_Install.cmd.

Copy
msiexec /i ShoppingCentral.msi ^
ACTIVE_DIRECTORY_SERVER=ACME.local ^
INSTALLDIR="C:\Program Files (x86)\1E\Shopping" ^
SVCUSER=ACME\ShoppingSrv ^
SVCPASSWORD=svcpassword ^
SHOPPINGCONSOLEADMINUSERS="ACME\FullShopAdminsGroup" ^
SHOPPINGCONSOLEUSERS="ACME\PartShopAdminsGroup" ^
SHOPPINGCONSOLESMSUSERS="ACME\ShopSMSUserGroup" ^
ADMINACCOUNT="ACME\ShopAdminsGroup" ^
REPORTSACCOUNT="ACME\ShopReportsGroup" ^
LICENSEMGRACCOUNT="ACME\ShopLicenseMgrsGroup" ^
PIDKEY=abcdef-1234-5678-8765-4321 ^
SQLSERVER=ACME-SQLSERVER ^
SMTP_SERVER_NAME=smtp.acme.local ^
SMSPROVIDERLOCATION=SMS01 ^
IISHOSTHEADER=shopping.acme.local ^
THUMBPRINT=88ca58f5f14ec12187433ae91b514f9e1425cdb6 ^
SHOPPINGURLPREFIX=https://shopping.acme.local ^
RECEIVERACCOUNT="ACME\ShopReceiversGroup" ^
DATABASENAME=Shopping2 ^
DATABASE_COMMANDTIMEOUT=3600 ^
DATABASE_CONNECTIONTIMEOUT=30 ^
DATABASE_MODE=multiuser ^
USEGLOBALCATLOG=1 ^
ENABLETLS12=0 ^
/l*v %temp%\ShoppingCentral-install.log /qn 

@echo Press any key to close
@pause>nul 

Upgrading

Refer to Upgrading Shopping for details.

If you use the above script to upgrade Shopping, and the command-line encounters errors, a rollback occurs which may leave your production system in an unstable state. Should that happen, you can restore the database and the files from the backup you made.

If you are having trouble with the restore, contact 1E Support.

Prior to running an upgrade (this is recommended and good practice):

  1. Backup your Shopping database (Shopping2).

  2. Backup the binaries and files in the installation folder typically located at: C:\Program Files (x86)\1E\Shopping. Ensure that you copy all folders and files.

  3. Test the unattended installation command-line in your lab environment to ensure it works before running it on your production environment.

Post Installation

See Post-installation steps.

Uninstalling Shopping

Shopping can be uninstalled from Windows Control Panel, Programs and Features or by running the ShoppingCentral.msi and choosing the Remove option. Alternatively, you can run a command-line to uninstall Shopping with: msiexec /x ShoppingCentral.msi /qb

When you uninstall Shopping central, its database (Shopping2) is left on the database server. If you subsequently reinstall Shopping, you have the option to drop the old database in the installer screen.