I have setup a new SP 2010 server farm this week, and it all went very well actually. But if you use the correct account settings and configure most of the things manually (like the dreaded UPS) then everything should work just fine. There are some messages in the Health Analyzer that needs to be taken care of though, unless you’ve done this a couple of times. You’ll learn 🙂 One of them is if you create some of the service applications that are dependent on the Secure Store, for instance Performance Point or Visio. Then you need to setup an unattended service account.
The warning in Health Analyzer:

If you click on that warning, the following message is displayed:
Go to your Service applications, click on “Secure store service”:
You’ll get a message saying that you have to generate a key:
Look in the ribbon right above the message, and you have a button called “Generate new key”:
You are prompted to enter a passphrase (this will be used for adding new secure store service servers or if you need to restore this service):
Then you are told that there are no target applications in this service, no shit! Let’s create one then 🙂
Click on “New” in the ribbon:
Now add the name of your target app id, for instance “Visio” or maybe the name of your external data source, add a Display name, contact email, target application type (which decides HOW your users should authenticate – as them selves or as a group, I selected “individual”) and then just click “Next”:
