Todd Klindt's SharePoint Admin Blog

Please send me an email.

Thanks for the great information

its true. I hate to say it but its true.

It's great to have fans.  :)

tk

Good stuff, but Zones...covered them yet?

I haven't written any blog entries up about zones, but I certainly could.  Anything in particular that you'd like to see covered, or just a general introduction?

tk

Will be ignored. I will then whine about it not working, while continuing to ignore your advice. Boo hoo woe is me. (runs off to wallow in his vagina)

Nope this doesn't work. Have any other solution?

thx. this makes sence to me now. can not wait your user authentication article

I was wondering what you have to do in order to point your website to the server?  I don't want to mess the existing company website or webmail up in the process.  Any suggestions?

This solved my problem exactly. I wasn't able to access any of the links within Central Administration. Each one lead to a page with "Unknown Error". I used the command line option and it worked perfectly. Thanks so much again! HT

Hi Todd,

Thanks again for your tip. It was a great help to me yesterday. By any chance would you know of the stsadm command to change the default webaddress for my application? Once again I get an Unknown Error when I attempt to access the pages within Central Administration- Operations.

Many thanks,
Henry

I have a trip I use when I'm trying to find STSADM licensing.  I pipe the output through "find" and look for keywords.  For your question I tried the following:

stsadm | find "zone"

That shows you all the operations that contain the word "zone."  It looks like you may be able to use "deletezoneurl" to remove the URL for the Default zone and "addzoneurl" to add one.

If you get it to work, let me know what you did.  :)

tk

Sounds like you just need to create a DNS entry with your external name and point it to your SharePoint server.  Does that help?

tk

I ran the following command: "stsadm -o addzoneurl -url http://defaultwebaddress -urlzone default -zonemappedurl http://www.externaladdress.com"

I'm not sure if it's the correct command to use but it worked for me and changed the default web address.

HT

Thanks for all the info on this topic. I unfortunately am still having issues. I have WSS installed on the DMZ interface of my firewall. I have NAT configured identically for the Outside interface and the Inside interface. Here are the URLs I have configured. 74.8.14.153 is the outside and inside address.
http://gza-sharepointx  Default http://gza-sharepointx  
http://gza-sharepointx.gza.com  Default http://gza-sharepointx  
http://74.8.14.153  Default http://gza-sharepointx  

I am getting "Unable to determine IP address from host name for gza-sharepointx.gza.com" DNS on the sharepoint server and myself is pointing to 74.8.14.153 for gza-sharepointx.gza.com.

Any idea as to what I am doing wrong?

Does your AAM page look like the one above where the Incoming and Public URLs match for each zone.  From what you're saying it sounds like maybe the Public URL might be http://gza-sharepointx for each of your Incoming URLs.  That won't work without some kind of URL rewriter between your server and your users, which it doesn't sound like you have.  Verify your URLs look like the last picture above and see if that works.

tk

I tried this with the mysites web app and still have to put the port number in the url.  Is there a way to not have to have the port showing?  Main site is https://sharepoint.company.com and the mysites is https://my.sharepoint.company.com.  any ideas?  thanks for the article.

I've been killing myself trying to get https to stop jumping to http. thanks!

Please read the last portion. isubmitted the same content with out that information
example:
Only one Top Level Site (The very first web application in wssv3. and hence only one databasse)--- no host name specified

under the above site I have created following different top level site collections (Site1, Site2, Site3 etc...)

Here is the problem. I want to map www.Site1.com (dns
name for Site1 collection to Site1)
Similarly I want to map www.Site2.com (dns
name for Site2 collection to Site2)
and so on.....

Obiviously this can be done easily by creating a new Web application for each Sites (separate top level web site for Site1 and hence its own database and hence a new IIS web site for each one and I can specify host name when crerating each web application).

However I want to do this all in one web site.

Any ideas thoughts on how to implement this. Can AAM do this for me?

This question has really arisen out of the fact that we have used MCMS 2002 to implement host headers to channel mapping. we really running aorund 100 or more sites. Now how does this translate into WSSv3? obviously I dont want to create a new web application (in wss v3 terminology meaning new databas and new iis web site) for site1,site2 and so on.

I don't think AAMs can help you do this.  I didn't use MCMS any, so I'm not sure what to tell you about that.  I can recommand readin Andrew Connell's web site.  He's the CMS guru and all-around nice guy I go to when I have CMS questions.

I think what you're trying to provide are normally referred to as "vanity URLs."  In the few times I've had to deal with them I've just created a non-SharePoint web application and had the default page use a meta tag to redirect to the deep SharePoint link.  I know a redirect isn't what you're looking for, but it's the closest thing that I've done.

tk

Can you add more than just the 5 Public URL's? We want about a dozen different public host names all pointing to the same Web App and I am currently limited to the list of 5 in the AAM settings, is this possible?


Thanks

I don't know if any way to have more than five zones.  I'll do so looking around and post back here if I find anything.

tk

The internal server name shows up on all my links once  the page loads.  It does load with the alternate access mapping.

Dave

i figured it out...i didnt see the add internal urls on the AAM page.

doh!

I appreciate a post that doesn't leave out details needed to really understand the information.  Thanks for taking the time.

I'm glad to have been able to help.  It makes me happy that I can give back to the community that's given me so much.

tk

Great post!
Mysite seems to resolve when you login externally, but when i try and connect internally via our intranet, page cannot be found. I did the same AAM as my intranet and that seems to work with no  problem. Do you know what my be causing this?
Thanks

Todd, I'm not sure if you came across this article or not:
http://technet2.microsoft.com/windowsserver/WSS/en/library/c8ccffce-5162-46af-a3ef-1d7914e8efee1033.mspx?mfr=true

Scroll down to: Mistake 3: Trying to reuse the same URL in alternate access mapping or not aligning the URLs to the same zone

This is exactly my problem. People can get to the site from the internet, however, when they try to drill in two levels (e.g. Sub site > Shared Documents > Folder) all URLs resolve to the INTERNAL address.

e.g.

SharePoint site INTERNAL URL: http://Mycompany:48524

SharePoint site EXTERNAL URL: http://mycompany.dnsalias.net:3499/

Current environment:
I'm using single server implementation, SBS. I've configured my router to route all trafic coming to port 3499 to port 48524 (which is working just fine). I'm not using reverse proxy.

I have setup AAM the way you suggested but still having problems.

Any suggestions?

Mohamed

I think the mistake you're making is the port remapping.  I would try just forwarding port 3499 straight in to port 3499 on your SBS box.  Try that and see if it works.  Since you're not using a reverse proxy, that article isn't exactly what you're doing.

tk

Todd, thanks for the quick reply.

This is how I have it setup. On my router, I have setup a port forwarding to forward any requests coming to external port # 3499 and pass it to internal port #48524 (where I have my SharePoint site). 

I don’t want to expose my internal port # to the internet to avoid unnecessary headache with hackers.

Can this still be done? it sounds to me a simple port forwarding that shouldn't create all this grieve.

Pls advise.
Mohamed

Mohamed,
I'm not sure you can do this exactly the way you'd like.  You might try creating an AAM with your FQDN and port 48524.  That _might_ work.  I read there were some improvements made to the AAM mechanisms with SP1.  If you haven't already you might try installing that and see if it helps too.

tk

I have been trying to find a solution for access a SharePoint 2007 website (//server1:8080) without using the port number.  I have registed a new IP and hostname "newtestsite" in DNS and configured IIS with the IP and hostname. I get the standard page not found error when using  (//newtestsite).  If I add the port number (//newtestsite:8080) it renders the default page just fine.  I have tried using this AAM without any luck.  Any suggestions.

Thanks,
Frank

You must have a port other than 80 defined for the site.  After you create the AAM for port 80 does it show up in IIS Manager for that web app?  If not, try adding it to the host header list.

tk

Thank you for this information and sharing it with people. You made clear what other sites did not.  This was exactly what I needed.

I have a public ip (80.171.151.176) and it is forwarded to a SBS where sharepoint server is running. I am able to get the intranet zone working fine. However, i am not sure how to get the sharepoint accessible to internet users. I need to be able to do somethinglike http://80.171.151.176 or http://80.171.151.176/teamsite to point to the sharepoint site. Please help me with directions or specific steps would be great. Please help me with this, i am fairly new to shareppoint administration.
Thanks in advance. Appreciate ur help

Todd,

We have done a POC which we need to now showcase to our clients. The POC is on a server http://poc:12334 . This server is behind a big corporate firewall.

The network guys have said , they have opened port 443, and have done all the stuff like cname and portforwading to port 80.

We are taking the POC and extnding the application on port80 with hostheader which is the name of the https://clientname.s.com 

how do we go around getting the POC to show up on the browser from outside of our corporate network

TIA
Sunjay

You just need to create mappings for your External URL, whatever Internet folks will use to get to your site.  That's all I've done to make this site work.

tk

If you want to use HTTPS (and I highly encourage it) you need to make sure port 443 is forwarded to your box, which it sounds like it is.  Then you need an SSL certificate.  This will be installed via IIS Manager, SharePoint doesn't know anything about certificates.  Then you need to create AAMs for your new HTTPS addresses.

tk

I put a entry in the dns server to resolve on the intranet, problem is that FQN is

OrganizationPortal.Organization.com.pk

And share point is working on

OrganizationPortal:50000

When we put the FQN in the Webbrowser, the DNS forwards towards the server, but after authentication, it gives the error of page don;t found. But if we put the Host entry in the host file of the client than it has no problem.

The Server is domain joined and has the FQN as same, but still the problem is not getting resolve, what to do ?

Hey Todd,

First off thanks for the write up, I have been searching for a while trying to find a solution to my problem though I am still unsure if this would be correct.

Our company uses a portal that is accessable both internally and externally (https://someportal.domain.com). From this portal we have a link to our sharepoint (http://docmanager). This works great for anyone requesting the page internally, but once external users connect they can not resolve the name/address because it is local. I have tried setting up Apache with reverse proxy, but for some reason I am having no luck.

Control of devices is tight and I was wondering if this solution (mentioned in this blog post) would work for me. It does not appear like we have sharepoint setup to do SSL, but I could be wrong. I should also point out that we use NTLM authentication and this would be nice to have (even if it prompted a second time) in our portal. Any help or suggestions would be greatly appreciated.

Todd thanks so much your solution fixed our issue

Internally our wss site is foo.mycompany.com

Externally I want it to be foo.anotherURL.com

I have foo.anotherURL.com as an alternate mapping and am still having trouble.

I have an Apache server with mod_proxy in the firewall.  The ip for foo.anotherURL.com goes to that server.  From there I use ProxyPass/ProxyPassReverse to proxy requests to foo.mycompany.com.  I get the pop-up for authentication, but it never let's me log in. 

Suggestions?

Hi Todd,
I am doing an upgrade of four software packages at once. I am Upgrading WSS v2 to WSSv3, Dynamics SL 6.5 to 7.0, FRx 6.7 is a reinstall with the old database being used and Business Portal for Dynamics SL. That said, the upgrade worked but the old WSS site is an SSL site and I need help make the new WSS v3 site SSL. I am a little new at this and need some direction.
When I create the top level site in WSS v3 that the business portal gets installed on how do i make the site SSL using the current certificate that the old site was using?
The upgrade is very complicated.
First i did an in place upgrade of WSS v3, then I upgraded the back office application (Dynamics SL) then i uninstall the old business portal, create a WSS v3 web app and finally install the business portal on the new web app.
How to make a site able to accessed using SSL from the internet is the final task?
Thanks ahead of time,

Sean

Hey Sean,
You'll need to add the SSL Cert to your new web app in IIS.  This is normally a .CER file.  You should be able to get it from whatever authority you got it from for your v2 farm.  You may also be able to export the certificate from the v2 site to a .CER file, then add that to the v3 server.  After that is done you'll need to add an AAM for the HTTPS URL that users will be using.

Does that help?

tk

Todd
I have a moss 2007 site behind a isa 2004 firewall all is working except some of the links on the pages keep trying to go to the internal address instead of the external. It is set up with the aam correctly  What am I missing

Richard

I've only ever used ISA 2006. I know it's got support built in support for SharePoint. Is the internal URL the default? If so, you might try swapping the external and the internal and see if your internal folks still can use the site. I know SharePoint will use the Default if it can't figure out a different zone, so maybe ISA 2004 is screwing something up.

tk

After I made the changes in the original article (Update to using External URLs with WSS v3 )above.

When I connect try to the external url, I get a message saying that "I'm going to be redirected to a intranet site yes or no". After clicking yes it trys to connect to the WSS v3 site using internal URS's which of course will not work. what else do I need to do to make this work for internet users?

Hi Todd.
I'm trying to implement your solution but it doesn't work for me. I have WSS3.0 SP1 on W2008 std, without domain or domain controller. I set up the router to have the server on DMZ and set up everything as you explained, but I get no response at all when trying to connect. Not from the LAN and not from the Internet. No response either when connecting thru Telnet to the specified port. I don't know if there is anything missing in my configuration.
Please, let me know.
Thanks a lot.
Cesar.

Can you email me a screenshot of your AAM configuration pages? It sounds like everything is set up correctly.

tk

Hey Cesar,
Without more information I'm not sure where the problem is. Should the Internet URL be resolvable from your LAN? If so, does it work? If not, can you add an entry for it in the HOSTS file on a workstation and try it internally? I'm trying to think of ways to rule out the router being the issue.

tk

I can't tell you how many hours I've spend reading win2003 manuals, WSS3 manuals and forums looking for this simnple answer.   Worked great!

Hi,
we have the same solution, aam with revers proxy and additonal zone.
known problems:
- system alerts (space warnings, site not in use) have the default url in the notification
- mysite pictures are hard coded in the database with the default zone
- people search results have the proxy url https://...:80/... as result
- site collection alerts (exaple workflow) must be configured with admintool version 2

Regards

How can I post a screen shot?

Todd,
Great article. This is an issue I am having and relates to this, but did not find on your site where I could send a general question.

I have WSS 3.0 setup in small farm (2 FE, 1 Central Admin, 1 SQL database) and have main site. I used STSADM command to createsiteinnewdb for 7 top-level sites. So the main site as an example would be http://mysite.com, the top-level sites would be http://mysite.com/sites/top.
I extended my main site to use an external site with SSL FBA authenitcation following Andrew Connell's method. Works like a charm.
However, the permissions do not promulgate down from my main site to the top-level sites. I can add an external user to my main site and log into extended site no problem.
But when I try adding the external users to the top-level sites they are not found.
Have you heard of this or know how I can cretae the external users on my main site and have them replicate down to my sub-sites?
Any help you can offer would be greatly appreciated, oh high & mighty WSS Guru!

PS - saw you at TechEd Orlando and really learned a lot!

I have published two web applications on single sharepoint site.

Second web application is published using Port 8181. Internal URL is http:/myserver:8181.

Sharepoint site is running behind ISA 2004 server.

I've got to divert external URL working, i.e. typing http://www.mydomain.com takes me to Sharepoint site, however in the Address Bar it shows http://myserver:8181.

My AMM for this web application reads as follows;
Internal URL:                                     Public URL:
http://myserver:8181                         http://myserver:8181
http://www.mydomain.com                 http://www.mydomain.com

Pl suggest, where I've done wrong.

TIA
ShaiMerc

Hi Todd,
  Here is what I am trying to acheive. I have a subsite and to access the default page externally I have to enter
http://www.remcosoftware.com/About/Pages/default.aspx

whereas I would like to enter
http://www.remcosoftware.com/About

This should take me to the default page of the subsite. Is this possible ? I dont want to use redirection though.

Thanks in advance.
Pravin

              Sharepoint site is not working on some client machine, actually we have different IP address.
                   And the server IP is look like 999.99.3.15, the site is open under 3 series like 999.99.3.16, 999.99.3.17, 999.99.3.20...........:  
                  And the site is not open other than 3 series like 999.99.4.15, 999.99.5.16, 999.99.6.10.
                  I was change the all the IP settings what we want like scripting tags and the problem is not solved.       Please help me!

Thank You!

Hi,

Not sure if I should be using AAM for my probelm.
I have a site in WSS 3.0.  I can access the site with "http://<mymachinename>/sites/..."

But to make this site accessible on intranet, I used the IP address for the server in the URL.  So it looks like "http://<ServerIPaddress>/sites/..."

Even this works fine, but when I access site with IP address in URL some of the links are not working. Eg. Summary toolbar for a document library does not take me to Add Document page, Home link in Menu Navigation not working.

Kindly suggest some solultion on this.

Thank You!
Sarita D

You should create an AAM for any URL you use, including an IP address. Domains are pretty cheap, less than $10. It would probably be easier to buy a domain and set it up that way. Either way should work though.

tk

Thanks

Access is denied appeared for excel services when i open new link for mapping, but when i tried to open using link for server + port it works. both links are added to truseted file locations

I can't get my head around what AAM is needed to access my internal Sharepoint site via https???

It should be as easy as creating the AAM for the https address and adding the certificate in IIS. What have you tried? You'll also need to make sure your firewall isn't blocking port 445 traffic as well.

tk

Hi Todd-

I have 2 FE, 1 ISA 2006, 1 SQL,  When we setup the SharePoint site we have name http://mysite.domain.com  Site was published from ISA server with SSL to forward HHTPS to HTTP.  We use the same URL internal and external.  We are finding things like upload mulitple docs are not working.  We can play with the AAM to get it to work either internally or externally, never both at same time.

Thoughts?
BW

Hello Todd,
Is there a way to map an external url like <http://shorturl> to a top level site *within* a site collection rather than the root of the site collection? For example the top level site is <http://servername/sites/newsite/default.aspx> and I want  <http://shorturl> to map only to this site.  Please note, the web application *servername* contains other top-level sites under the /sites path.  I'm using WSS 3.0.   Please Help if you can!  Thanks,  AJCGirl

We have deployed a sharepoint site on port 443 (SSL) .It is FBA based site. We need to access it as follows
https://www.xyz.com
but when we try accessing the link it gives page not found error.But when we append /default.aspx the page shows up.
How can we map the default site page to url, the way it happens for ur site. that is on typing http://www.toddklindt.com 
http://www.toddklindt.com/default.aspx is opened

Thanks

Today I have one WFE catering to two webapps say myapp.hello.com and myapp.world.com and am using Apache as the reverse proxy. Now there is a need to add multiple WFEs to load balance. I would like to know if anyone has implemented such a scenario

User ---> Apache RP --------->3 WFEs

Thanks

I haven't used Apache for this. I'm an ISA guy myself. Hopefully another reader can pitch in.

tk

We installed SharePoint Services on a Windows 2008 Server and after installation and setup, we had to change the hostname of the server. Now we are unable to get to the SharePoint Central Administration page. I hand edited the URL so that the proper hostname is used this is also resulting in an HTTP 404 error. Any suggestions on how to fix this? Thanks.

Anyone know if there is a solution that allows workflows to start when they are entered from the external AAM?

I recently migrated my sharepoint site to a new domain and configured external access through ISA 2006.  Whenever a user enters a request from the external URL there are no workflows associated with the item.  However, if the user enters a request with the default internal URL the workflows work as designed. 

Internal URL              Zone         Public URL for Zone
http://pipisp2007        Default      http://pipisp2007 
https://share.nwc.biz  Internet     https://share.nwc.biz 

I was also wanting to setup an internal URL of http://share.  I setup DNS to point to the server and I was able to get to the site properly, but I have the same issue with workflows that I have with external URLs. 

Let me know if you need any clarification.

Sounds like it's only firing on the default URL. If it were me, I'd set one of the currently failing URLs to the default and see if the workflow follows the URL, or the zone. I know it's not a fix, but it will help you understand the problem better.

Also, what patch level are you at? The Infrastructure Update fixed a lot of AAM related issues.

tk

I have a Web Apt with all 5 AAM's assigned. Unfortunately there was an attempt to change the zone on two of these AAM's.

When I use Central Administration to remove the extended Web Application for either AAM the result is:

"Unexpected end of file while parsing Name has occurred. Line 27, position 17."

When I run stsadm.exe -o unextend I am told the operation is successful but the AAM still exist in CA. I have rebooted the server and still have no luck.

Is there a clean way to remove the AAM's (with the exception of the Default zone) and start over? Or am I stuck and looking at a rebuild / restore?

Hi Todd,

Let me join the chorus thanking you article.

I was going insane over this...:-)

One eccentricity is that certain links do not map to the external name.

For example on the site all the links are mapped correctly except, significantly, 'My Sites' and links to documents.

Instead of showing 'https//www.host.com/Mysites' instead the link is renders as 'http://servername/Mysites'.

Any insights?

Thanks,
Bob

Hi Todd,

Thanks for the solution!  Our users are now able to access our SP site, fill up InfoPath forms, and kick-off workflows.

However, we now have another problem with SP and InfoPath behavior.

Everything works fine within our network segment.  But, when accessing from the Intranet, the InfoPath view would be missing data previously filled in the form.

I am not sure if this problem is related to the original one.  Have you faced a similar problem?

Thanks.

///amirhs

I have a question...

Followed your instrucrtions and it worked (finally). However, my sharepoint server is behind two routers. The first router is forwarding port 85 to the second routers port 80 where it then goes to the sharepoint site on the server at port 80.

From the outside we type http://somthing.com:85 this gets you only so far as then the 85 gets dropped off and you cant get anywhere on the site. How do I set this up so this does not happen?

Since SharePoint has to deal with two different URLs (http://something:85 and http://something) you need to tell SharePoint about them, and how they are related. You have two types of URLs, Public and Internal. Here's how SharePoint looks at them:

Public URL = URL users put into their browser to get to your site
Internal URL = URL in the request that SharePoint gets.

Unless you have some sort of reverse proxy, or URL remapping going on, the two URLs will always be the same. In your case they aren't. To fix this, you need to assign an Internal URL. Go into the AAMs and click the "Add Internal URLs" link. In this case you want a Public URL of http://something.com:85 and an Internal URL of http://something:80. That should tell SharePoint when it gets a request for htttp://something.com that it should rewrite the links as http://something.com:85.

Good luck,
tk

Thanks for the quick reply. What I ended up doing was recreating the app and using port 85. Now that I have everything working I need to move a test sharepoint site that I have data in. This site was setup a bit different and I want to use its content but on the new install I have. I have been looking into this all morning and there seems to be various ways to do this. I am wondering if I can just backup and restore the databases and go through setup again and point it to the new (restored) databases instead of having it create new dbases.

Is that even an option?

You have a few options. You can copy the content database from one farm to another and attach it. The destination farm will have to be at the same SharePoint build or later. It will also have to have all of the same Solutions installed. You'll also need to make sure the destination has all the same managed paths as the source.

If you're just moving content around you can also use "stsadm -o backup" and "stsadm -o backup" shuffle content as well.

Do you listen to my weekly netcasts? I'll probably cover some of this in my next one.

tk

http://technet.microsoft.com/en-us/library/cc288609.aspx

Mistake 3: Trying to reuse the same URL in alternate access mapping or not aligning the URLs to the same zone

A common mistake is to use one internal URL twice, for intern and extern URL.
Solution: extended the web application. create a new intern URL and us this for remapping the extern URL. So the Alternate Access Mapping looks similar to this:

intern                                              
http://sharepoint                 Default     http://sharepoint
https://www.extern.com       Internet   http://www.extern.com
http://sharepoint.mydomain Internet   https://www.extern.com

important is that newly created internal URL is in the same zone as your extern URL, so WSS can generate the correct links for the external URL. Something like this:

Internal URL              Zone         Public URL for Zone
http://pipisp2007        Default      http://pipisp2007  
https://share.nwc.biz  Internet     https://share.nwc.biz  

didnt work for all link types.

Another great example of how AAMs are so confusing. Thanks for sharing.

tk

Hi Todd, Thank you for a great Post. My question is somewhat similar to a post from a few months ago.
I have a web application: http://server01:7774 and a top level site (http://server01:7774/sites/intranet/Pages/Default.aspx) not at the root of the web application.
I would like for users within the network to be able to access the top level site from their workstation by typing:
http://intranet
I tried to extend the web application on port 80, using intranet as the host header and accepted all the other default settings.
This created a new IIS website on the IIS Manager (besides Sharepoint -7774 web site).
Unfortunately when I type http://intranet on a user's workstation I keep getting either "http - 404 page not found" or "this link appears to be broken".
Would you be kind enough to let me know what I am doing wrong?
Thanks
Elie

Hi,

we have MOSS and MY Site on different web applications include AAM. It looks fine but we have the follwing problems:
- system email notifications (e.g. site collection space full)
- workflow overdue email (the edit link)
- profile picture url (e.g. on presence from OCS integration)
have the default url, not the public url from AAM
We had a lot of calls with the "Vendor", known issues, no solution availabe.

Any ideas ?

Regards,

Heiko

If you just want to type in URL http://intranet to bring users to http://server01:7774/sites/intranet/Pages/Default.aspx, can you create a web site (IIS on the sharepoint WFE) which redirects to http://server01:7774/sites/intranet/Pages/Default.aspx?

Just a thought

I am working in a Sharepoint (Moss) test environment.  I have a  site collection with a URL http://servername on port 80 in the default zone that I would like to extend as a forms based site in the extranet zone and have a URL for the extranet zone that does not include a port number.  What is the best way to do that?

There's really only one way to do it. You need to create a new web application by extending your existing one. That's the only way you can use a different authentication model, in this case FBA.

tk

Hi Tood,

In my topology, I have 2 front end server, one for intranet and one for publishing. I configured  AAM for default zone (like http://portal) and for internet zone (like http://portal.abc.com). In local network, when i open an InfoPath form, every thing okie, but when I open that form in Internet URL (like http://portal.abc.com/Lib/_layouts/FormServer.aspx?XsnLocation=...) the error appear:

---------------------
An error occurred accessing a data source.
An entry has been added to the Windows event log of the server.
Log ID:5566
---------------------


Any ideas ?

Regards,
Hung Vo

When i try to browse my site like "http://172.16.1.100" it automatically redirects to http://<machinename>

i donot want this thing to happen?

Do you have an AAM for the IP address? If not, you need one.

Why are you trying to get to it by IP address? If you don't want it going to a specific machine name you'd be better off creating a new name (portal, team, etc) and point that at your server.

tk

We have an intranet publishing site, this site has links on the navigation for some legacy intranet asp pages.  We only would like to have those pages available when users are accessing the site internally.  Currently the publishing site can be accessed both from the outside and internally.  The problem we have is that fact that when the users hit the pages from the outside world they get a very unfriendly error.  Do I have to add the legacy sites in the AAM so SharePoint can handle the links and display a custom 404 error?  If so how?  If not how do we handle the error with a custom page?  Thank you
Todd

That depends on how the link to the ASP pages is formed. If it's a hostname (http://server) then you're out of luck. When the user is at home when they click that their ISP is going to try to resolve "server" in DNS to determine where to send that traffic. Of course "server" doesn't resolve in Internet DNS so the user gets an unfriendly error.

If the link to the ASP pages is a Fully Qualified Domain Name (http://server.company.com) then you do have some control, so long as you have control over the company.com DNS. Most companies these days have what's called "Split brain DNS." That means that there is one company.com zone that internal users resolve against and a different company.com zone that Internet users resolve against. If your Nav links go to FQDNs, and if you're running split brain DNS you can have the external DNS for server.company.com point to an external server that only renders up a friend "this page is only accessible internally" type error.

This is not a SharePoint issue in any way. If you had a standard IIS site, or even and Apache site you'd have the same issues, with the same potential fixes.

tk

Internal URL                     Zone        Public URL for Zone
http://XYZ                       Default      http://XYZ  
http://portal.domain.com  Intranet     http://portal.domain.com

We have 2 WFE sharepoint 2007 servers in NLB. When access list in Datasheet view, we have to use Default URL, like http://XYZ. Using Intranet URL will got an error. Access everything else have no problem using intranet URL. What could be wrong? Please help.

Steve

I made my sharepoint site accessible from the internet, but I had a big problem that alerts contained links to the internal name.

It took me hours to figure out why because i thought AAM was to blaim. But it turns out that when a user subscribes to alerts it stores the website url the user is connected with.
I setup all the user on the lan so it stored the lan url. Just delete the alerts and recreate them from the external url.

Or look at the database:
http://msdn.microsoft.com/en-us/library/dd587562(office.11).aspx
content tables: ImmedSubscriptions, SchedSubscriptions

use Microsoft SQL Server Management Studio Express and connect to \\.\pipe\mssql$MICROSOFT##SSEE\sql\query
to have a look at the tables.
p.s. you can change the url here as well, that's at your own risk of course.

Bert

Hi Todd,
Thanks for your article, it helps me alot to clarify this dark corner.  Recently, I have discussed with a colleague about AAM, and there is still one point that I am still not sure if I understand AAM correctly.  Let's take a concreate example:
1.  We have an existing internet portal with the public URL defined in internet zone as: http://Long-Name.ch
2.  We would like to change the URL to http://Short.ch (no change in zone and authentication policy:  always Internet zone and anonymous access)
3.  DNS and everything has been done so that the new http://Short.ch is now a valid URL
4.  SharePoint Admin will extend the existing Web Application to give the new URL http://Short.ch, and make sure that AAM are set correctly after the extension of the web application.
Question:  My colleague argue that I don't need to extend the web application because we don't want to create a new authentication policy for the new URL.  I just need to go to the AAM and add the entry that maps the new URL in the internet zone.  This argument confuses me again.  I believe that even if I don't change the authentication policy, I still need to extend the web application so that the IIS Web site is correctly created and point to the same SharePoint Web Application for me?  Could you please help me on this question, and confirm who is right or wrong in this case?
Thank you in advance.
Kind regards,
Thanh-Nu Leroy

Leroy,
I'm afraid I have to side with your colleague. If the only thing you are changing is the URL, then you can just add an additional AAM, no need to create or extend a new web application. Depending on your setup, you may need to also go into IIS and create a host header for http://short.ch, so that IIS knows to send requests for that URL to SharePoint. Those are the only two steps you'll need.

Like your colleage said, if you were changing something like authentication providers, or anonymous access, then you would need a new web app. But since all of the settings are the same, you can continue to use the one you currently have.

I hope you didn't have a lunch bet riding on this or anything. :)

tk

Hi Todd,
Thank you so much for your prompt reply.  No I didn't have a lunch bet riding on this :-)
But still, if we have to go into IIS to create host header, why not just let SharePoint create a new IIS Web site for my new URL, this is my naive approach, to have everything setup by SharePoint, because it doesn't cost me much to extend Web Application via Central Administration?  May be you will tell me that it doesn't cost me anything to do so, but it does cost the system resource to have an additional IIS web site for nothing?  Anyway, thanks for your kindness, and I am looking forward to reading your new book on SharePoint 2010 Administration :-)
TN Leroy

I just wanted to thank you for your help the other day. (This is Brandon with elabra.....i am sure you remember the great crash of 2010)The site seems to be working well! Just wanted to say thanks again

Hi Todd,
I have learned recently from your answer that to ADD a new URL (alias) to an existing Web Application, you can just add this additional URL in AAM and add this new host header into IIS.  I have tested it, and it works perfectly.
Now another scenario:  If you don't want to add a new URL but REPLACE it (the new URL will replace the old one, and there will be no trace of the old URL anymore), can we follow the same steps:
1. Edit and change the old URL to the new one in AAM
2. Edit and change the old host header to the new one in IIS
Are these 2 steps sufficient or we need to delete and recreate the web application with the new URL as host header?
Thank you in advance, and kind regards,
Thanh-Nu Leroy

Hello! I've been using the Sharepoint service in my local network without a problem.

The thing is, I was asked to publish it on the Internet, and change the DNS name. It was mapped to the internal name, as in http://server and now it's http://server.company.com for both internal and internet zones.

After creating the internet mapping and changing the local, I'm still able to access internally from http://server but when I try to reach http://server.company.com it keeps prompting for username and password, as if the windows authentication could not retrieve the credentials from the logged account. After I enter the credentials, the site opens correctly, but I wanted to keep the automatic authentication for users logged on the domain. Is it possible?

Thank you very much!

You need to add server.company.com  to the "Local intranet" zone in Internet Explorer for your username and password to be sent to it automatically.

tk