Costas
Tue May 06 11:38:07 PDT 2008
Allen,
Port 443 won't work because it is already used by the Default Web Site. What
you need to do is create a wildcard certificate and use it in ISA. This
will allow you to have multiple web sites behind ISA. The steps are
outlined in the following document
http://www.microsoft.com/technet/isa/2004/maintain/wildcard.mspx
If I remember correctly, when I used to run CEICW, it used to overwrite the
certificate with the publishing.x.x so I had to reset it.
I'll try to find sometime to see if there is any other way to do that but I
don't believe there is. ISA 'complicates' things a bit for small business
environment but that's only because it's designed to be very secure
--
Costas
"AllenM" <noreply@NoEmail.com> wrote in message
news:udDIKJ6rIHA.5096@TK2MSFTNGP02.phx.gbl...
> Thanks Costas. Quick question regarding the SSL port to use and the ISA
> rule. Does it require a certain SSL port to use? Any preferred port for
> SSL? 443? Also what protocaol/Listener do I use when creating the ISA
> rule. SBS Web Listener?
>
>
> "Costas" <cpstechgroup@gmail.com> wrote in message
> news:05EBDF02-207C-42C0-8973-A039FED53701@microsoft.com...
>> Allen,
>>
>> The steps to publish WSS 3.0 applications behind ISA 2004 are the same as
>> those that I posted earlier. The additional step would be to create a
>> secure web server publishing rule in ISA Server to forward the requests
>> to the site. I had a similar setup up to recently but I don't currently
>> have any installations with ISA installed to be able to guide you
>> step-by-step.
>>
>> If you have any problem configuring ISA let me know and I'll do my best
>> to help. There is also a document you might want to take a look at (
>>
http://www.microsoft.com/downloads/details.aspx?FamilyID=4C5BF9DD-3EFB-451D-B213-98ED039190BF&displaylang=en )
>> This talks bout Portal Server 2003, but the steps as far as ISA 2004 is
>> concerned are the same. Actually I think the document is more
>> complicated than the process to setup the rules :-)
>>
>> As far as linking to the application from within companyweb, first you
>> must complete the above steps and then add a link, in companyweb, to the
>> external URL. That should do it.
>>
>> --
>> Costas
>>
>>
>> "AllenM" <noreply@NoEmail.com> wrote in message
>> news:eKPp%23b5rIHA.1768@TK2MSFTNGP03.phx.gbl...
>>> Pardon my intrusion here but I've been following this thread as it is
>>> similiar to what I am trying to accomplish. Costas you seem to have a
>>> good knowledge of WSS 3.0 and publishing it for external access. So
>>> instead of posting my own thread if you all don't mind I'll post as a
>>> continuation here. thanks.
>>>
>>> Here's my situation. Like Charles I have installed WSS 3.0 in a side by
>>> side configuration as suggested by MS. Everything works fine as well as
>>> my WSS 2.0 companyweb. I have SBS 2003 Premium server SP1 and am using
>>> ISA 2004 SP2. My WSS 2.0 companyweb is accessable from internal as well
>>> as external.
>>>
>>>
http://companyweb (internal)
>>> https://FQDN:444 (external)
>>>
>>> I want to be able to access my WSS 3.0 externally as well. So I thought
>>> the easiest way to do it was to add a link to my WSS 2.0 companyweb that
>>> points to my WSS 3.0 website. Works fine. Internally only. I was wrong
>>> to think that it would work externally. So my question to you all would
>>> be.........
>>>
>>> 1. How would I get the link on my WSS 2.0 companyweb pointing to my WSS
>>> 3,0 website to work externally.
>>> 2.How would I publish the WSS 3.0 website to access externally direct.
>>>
>>>
http://servername:8084/sites/companyweb3/default.aspx (internal URL for
>>> WSS 3,0 website)
>>>
>>>
>>> "Costas" <cpstechgroup@gmail.com> wrote in message
>>> news:%23cG1173rIHA.548@TK2MSFTNGP06.phx.gbl...
>>>> Charles,
>>>>
>>>> Glad to hear external access worked. As far as editing directly the IP
>>>> address in IIS, that is something that isn't recommended with
>>>> SharePoint sites. Anything you need to do, you must do from within
>>>> Central Administration.
>>>>
>>>> If the application didn't work internally, having as IP address the
>>>> 'All Unassigned', that most probably means, that you didn't provide a
>>>> host header name when you created the application. If a host header is
>>>> defined, IIS knows where to router the requests for '
http://mysite'
>>>>
>>>> --
>>>> Costas
>>>>
>>>>
>>>> "Charles" <Charles@discussions.microsoft.com> wrote in message
>>>> news:BEBDDCE0-1ADB-4407-B003-D6B4F80C03ED@microsoft.com...
>>>>> Costas,
>>>>> Many thanks, this is exactly the input I needed. So the port number
>>>>> one
>>>>> needs in the external address is in fact the port used by SSL! Of
>>>>> course of
>>>>> course. So I did exactly that and...it works externally, great !
>>>>>
>>>>> I had an issue with internal access as a result of the changes, but I
>>>>> think
>>>>> I will able to solve it on my own (or so I hope-;): under the SP 3.0
>>>>> website
>>>>> in IIS, I had to tweak the IP address under properties (from
>>>>> undetermined to
>>>>> 192.168.16.2) so that I regained internally access. Any thoughts on
>>>>> that?
>>>>> Correct you think?
>>>>>
>>>>> Unfortunately I cannot test external access right now because I am on
>>>>> the
>>>>> LAN and that my computer at home is not available for VPN (btw, do you
>>>>> any
>>>>> easy way to test remote access other than VPNing a specific computer
>>>>> off the
>>>>> LAN?)
>>>>>
>>>>> Anyway I will keep you posted on external+internal access but the
>>>>> hardest
>>>>> part is behind me now, thanks again
>>>>> "Costas" wrote:
>>>>>
>>>>>> Charles,
>>>>>>
>>>>>> Let's say that your Internet facing side responds to:
>>>>>> https://remote.domain.com (in other words in order to access RWW you
>>>>>> type
>>>>>> https://remote.domain.com/remote)
>>>>>>
>>>>>> In IIS, go to the web site that SharePoint is using and create a
>>>>>> certificate
>>>>>> that listens to port 8000 (as per your example). Make sure that next
>>>>>> to
>>>>>> SSL, it shows 8000, in the Properties section.
>>>>>>
>>>>>> Go to 'Alternate Access Mappings' and in the 'Internet Zone' for your
>>>>>> application,type: https://remote.domain.com:8000
>>>>>>
>>>>>> Open the port 8000 on the firewall and forward it to the server's
>>>>>> internal
>>>>>> IP.
>>>>>>
>>>>>> That should do it
>>>>>>
>>>>>> --
>>>>>> Costas
>>>>>>
>>>>>>
>>>>>> "Charles" <Charles@discussions.microsoft.com> wrote in message
>>>>>> news:64EB8D07-F5FA-43C8-9BEE-DC5764A67553@microsoft.com...
>>>>>> > Hi all,
>>>>>> > We have SBS 2003 standard SP2 behind a Sonicwall TZ 180.
>>>>>> >
>>>>>> > We installed SharePoint 3.0 side-by-side with SP 2.0, no problem
>>>>>> > during
>>>>>> > installation, we followed the MS instructions for SP 3.0 on SBS
>>>>>> > 2003.
>>>>>> > Everything works fine internally. We like SP 3.0, which we find a
>>>>>> > great
>>>>>> > improvement over SP 2.0. So far so good.
>>>>>> >
>>>>>> > The trouble is with external access, which we find incredibly
>>>>>> > complex to
>>>>>> > set
>>>>>> > up and so far does not work. Here is what we did :
>>>>>> > - Under SP 3.0 Central Administration/Operations/Alternate Access
>>>>>> > Mappings/Public Zone URLs, we have 1) under «default » the internal
>>>>>> > url ;
>>>>>> > 2)
>>>>>> > under « internet » https://ip-address:portnumber, where the port
>>>>>> > number
>>>>>> > was
>>>>>> > the one allocated to the site during the initial set up of the
>>>>>> > intranet
>>>>>> > following the MS intructions (ie "25364") and the ip-address is our
>>>>>> > static
>>>>>> > external address (also used to access RWW without difficulty, for
>>>>>> > example).
>>>>>> > - Under IIS, we found the SP 3.0 web site created during setup, but
>>>>>> > with
>>>>>> > no
>>>>>> > Certificate, which we then added (we used the existing cert also
>>>>>> > used for
>>>>>> > RWW), and specified a SSL port different from the TCP one (which is
>>>>>> > the
>>>>>> > above
>>>>>> > 25364, so that the SSL is, for example, 8000). I think that I
>>>>>> > don't
>>>>>> > really
>>>>>> > understand how the SSL port works and what it is for, so I suspect
>>>>>> > that I
>>>>>> > am
>>>>>> > doing something wrong here.
>>>>>> > - In the Sonicwall, we opened both the 25364 and the 8000 ports
>>>>>> > After trying different combinations of the above (for example : no
>>>>>> > specification of the SSL port. ?), the SP 3.0 site still does not
>>>>>> > work
>>>>>> > externally.
>>>>>> > What I am doing wrong or missing ?
>>>>>> > Thanks for your help
>>>>>> > Charles
>>>>>> >
>>>>>>
>>>>
>>>
>>>
>>
>
>