Re: SharePoint 3.0: problems with external access

OK So I think I've got this portion out of the way. Here's what I've done so
far.

Under SP 3.0 Central Administration/Operations/Alternate Access
Mappings/Public Zone URLs, I have
1) http://servername:8084 for Default Zone
2) https://FQDN:8889 where the port number is the assigned SSL port in IIS
for Internet Zone

I created the Web Certificate and assigned it port 8889 (thanks for the
suggestion on how to create it)

So before I move onto the ISA portion of this I got a few interesting
questions.
1. From IIS when I go to the WSS3.0 website and click "Browse" I cannot get
a page.
2. To access my WSS3.0 website internally the URL is
http://servername:8084/sites/companyweb3 which leads me dumbfounded over why
my default zone is http://servername:8084 This link takes me nowhere as
it is incomplete. Is this all correct so far?



"Costas" <cpstechgroup@xxxxxxxxx> wrote in message
news:OueGHqFsIHA.4376@xxxxxxxxxxxxxxxxxxxxxxx
Is Certificate Services installed on your server? Go to Administrative
Tools, Certificate Services.

If the services is not installed, go to Control Panel, Add/Remote
Programs, Add or Remove Windows Components and add the Certificate
Services component. When it asks you for the name, give it the name of
your business. This will allow you to issue certificates. Try running
the SSL wizard again and see if the options is visible.

--
Costas


"AllenM" <noreply@xxxxxxxxxxx> wrote in message
news:u0aPhkFsIHA.4476@xxxxxxxxxxxxxxxxxxxxxxx
Well it appears it does not allow me to "create a new certificate". I do
not have the option to 'Send the request
immediately....' so if I select the given to create now and send later
when I'm through going through the process it appears it does not create
it because when I come back in I cannot "View Certificate".


"Costas" <cpstechgroup@xxxxxxxxx> wrote in message
news:emLg5O%23rIHA.672@xxxxxxxxxxxxxxxxxxxxxxx
Allen,

Click on delete pending request and then start the wizard again. Click
on 'Create a new certificate', select the option 'Send the request
immediately....', under name give a name for the certificate (e.g,
mysite.publicdomain.com), give the name of your organization, and
organization unit, under common name, type the public name of the domain
(e.g. mysite.publicdomain.com), provide the location, then the port
(this is the port where the site will listen to for SSL requests), and
under certification authority, you should select the certification
authority of your domain (it should be in the format
server.domain.local\Name of Authority).

That will create a certificate for the web site.

--
Costas


"AllenM" <noreply@xxxxxxxxxxx> wrote in message
news:uDDSjH8rIHA.4952@xxxxxxxxxxxxxxxxxxxxxxx
thanks costas,
Here's where I am a bit confused. After starting the certificate wizard
it get to the window box "Pending certificate Request" with 2 options.

1. Process the pending request and install certificate (default)
2. Delete pending request.

So I accept the default and select option 1. Now here is where it
becomes confusing to me. The next window that pops up is........
Process a pending certificate request by retrieving the file that
contains the certification authority's response.
Path and file name:
C:\*.cer

with a Browse button. Where do I browse to or do I simply type a new
name for a new certificate and if so where shall I save it to?

"Costas" <cpstechgroup@xxxxxxxxx> wrote in message
news:uQsyk$7rIHA.2492@xxxxxxxxxxxxxxxxxxxxxxx
Allen,

Since the WSS site is functional internally, go to IIS Manager, right
click on the site, select 'Directory Security', click 'Server
Certificate' and create a new server certificate. Give it the port
number (e.g. 5000) on which you want the site to respond to.

After that you need to create a wildcard certificate, to be able to
have different sites behind ISA. There is one more possibility but I'm
not sure if it will work. Instead of creating a wild card
certificate, use the publishing.xxx.xxx certificate that ISA creates
when you run CEICW. I'll have to test that and I'll post back.

When I had ISA installed the WSS 3.0 site was on a different server. I
created a wildcard certificate and the server will listen to two
different URLs. When I was typing myremote.mydomain.com it will go to
SBS and when I was typing myportal.mydomain.com it will forward the
request to SharePoint on the member server.

I'll have to test the scenario I mentioned earlier and let you know

--
Costas


"AllenM" <noreply@xxxxxxxxxxx> wrote in message
news:OxyKwa7rIHA.1872@xxxxxxxxxxxxxxxxxxxxxxx
Costas,
Please excuse my ignorance but I am having some problems
understanding the correct procedures to do this. I know your time is
valuable but if you can take a few moments here to walk me through
this I sure would appreciate it.

What would be my first step?
Create a new certificate for the WSS 3.0 website? I'm a bit confused
or lack the knowledge to do so correctly.

"Costas" <cpstechgroup@xxxxxxxxx> wrote in message
news:egNpSL7rIHA.2064@xxxxxxxxxxxxxxxxxxxxxxx
That is in the SharePoint 3.0 Central Administration, under
'Operations'.

--
Costas


"AllenM" <noreply@xxxxxxxxxxx> wrote in message
news:eljT7G7rIHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
Where is this located?
"Go to 'Alternate Access Mappings' and in the 'Internet Zone' for
your
application,type: https://remote.domain.com:8000



"Costas" <cpstechgroup@xxxxxxxxx> wrote in message
news:C7B8291E-C694-41CF-A387-87A89408E707@xxxxxxxxxxxxxxxx
Allen,

Port 443 won't work because it is already used by the Default Web
Site. What you need to do is create a wildcard certificate and use
it in ISA. This will allow you to have multiple web sites behind
ISA. The steps are outlined in the following document
http://www.microsoft.com/technet/isa/2004/maintain/wildcard.mspx

If I remember correctly, when I used to run CEICW, it used to
overwrite the certificate with the publishing.x.x so I had to
reset it.

I'll try to find sometime to see if there is any other way to do
that but I don't believe there is. ISA 'complicates' things a bit
for small business environment but that's only because it's
designed to be very secure


--
Costas


"AllenM" <noreply@xxxxxxxxxxx> wrote in message
news:udDIKJ6rIHA.5096@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Costas. Quick question regarding the SSL port to use and
the ISA rule. Does it require a certain SSL port to use? Any
preferred port for SSL? 443? Also what protocaol/Listener do I
use when creating the ISA rule. SBS Web Listener?


"Costas" <cpstechgroup@xxxxxxxxx> wrote in message
news:05EBDF02-207C-42C0-8973-A039FED53701@xxxxxxxxxxxxxxxx
Allen,

The steps to publish WSS 3.0 applications behind ISA 2004 are
the same as those that I posted earlier. The additional step
would be to create a secure web server publishing rule in ISA
Server to forward the requests to the site. I had a similar
setup up to recently but I don't currently have any
installations with ISA installed to be able to guide you
step-by-step.

If you have any problem configuring ISA let me know and I'll do
my best to help. There is also a document you might want to
take a look at (
http://www.microsoft.com/downloads/details.aspx?FamilyID=4C5BF9DD-3EFB-451D-B213-98ED039190BF&displaylang=en )
This talks bout Portal Server 2003, but the steps as far as ISA
2004 is concerned are the same. Actually I think the document
is more complicated than the process to setup the rules :-)

As far as linking to the application from within companyweb,
first you must complete the above steps and then add a link, in
companyweb, to the external URL. That should do it.

--
Costas


"AllenM" <noreply@xxxxxxxxxxx> wrote in message
news:eKPp%23b5rIHA.1768@xxxxxxxxxxxxxxxxxxxxxxx
Pardon my intrusion here but I've been following this thread as
it is similiar to what I am trying to accomplish. Costas you
seem to have a good knowledge of WSS 3.0 and publishing it for
external access. So instead of posting my own thread if you all
don't mind I'll post as a continuation here. thanks.

Here's my situation. Like Charles I have installed WSS 3.0 in a
side by side configuration as suggested by MS. Everything works
fine as well as my WSS 2.0 companyweb. I have SBS 2003 Premium
server SP1 and am using ISA 2004 SP2. My WSS 2.0 companyweb is
accessable from internal as well as external.

http://companyweb (internal)
https://FQDN:444 (external)

I want to be able to access my WSS 3.0 externally as well. So I
thought the easiest way to do it was to add a link to my WSS
2.0 companyweb that points to my WSS 3.0 website. Works fine.
Internally only. I was wrong to think that it would work
externally. So my question to you all would be.........

1. How would I get the link on my WSS 2.0 companyweb pointing
to my WSS 3,0 website to work externally.
2.How would I publish the WSS 3.0 website to access externally
direct.

http://servername:8084/sites/companyweb3/default.aspx (internal
URL for WSS 3,0 website)


"Costas" <cpstechgroup@xxxxxxxxx> wrote in message
news:%23cG1173rIHA.548@xxxxxxxxxxxxxxxxxxxxxxx
Charles,

Glad to hear external access worked. As far as editing
directly the IP address in IIS, that is something that isn't
recommended with SharePoint sites. Anything you need to do,
you must do from within Central Administration.

If the application didn't work internally, having as IP
address the 'All Unassigned', that most probably means, that
you didn't provide a host header name when you created the
application. If a host header is defined, IIS knows where to
router the requests for 'http://mysite'

--
Costas


"Charles" <Charles@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BEBDDCE0-1ADB-4407-B003-D6B4F80C03ED@xxxxxxxxxxxxxxxx
Costas,
Many thanks, this is exactly the input I needed. So the port
number one
needs in the external address is in fact the port used by
SSL! Of course of
course. So I did exactly that and...it works externally,
great !

I had an issue with internal access as a result of the
changes, but I think
I will able to solve it on my own (or so I hope-;): under the
SP 3.0 website
in IIS, I had to tweak the IP address under properties (from
undetermined to
192.168.16.2) so that I regained internally access. Any
thoughts on that?
Correct you think?

Unfortunately I cannot test external access right now because
I am on the
LAN and that my computer at home is not available for VPN
(btw, do you any
easy way to test remote access other than VPNing a specific
computer off the
LAN?)

Anyway I will keep you posted on external+internal access but
the hardest
part is behind me now, thanks again
"Costas" wrote:

Charles,

Let's say that your Internet facing side responds to:
https://remote.domain.com (in other words in order to access
RWW you type
https://remote.domain.com/remote)

In IIS, go to the web site that SharePoint is using and
create a certificate
that listens to port 8000 (as per your example). Make sure
that next to
SSL, it shows 8000, in the Properties section.

Go to 'Alternate Access Mappings' and in the 'Internet Zone'
for your
application,type: https://remote.domain.com:8000

Open the port 8000 on the firewall and forward it to the
server's internal
IP.

That should do it

--
Costas


"Charles" <Charles@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:64EB8D07-F5FA-43C8-9BEE-DC5764A67553@xxxxxxxxxxxxxxxx
Hi all,
We have SBS 2003 standard SP2 behind a Sonicwall TZ 180.

We installed SharePoint 3.0 side-by-side with SP 2.0, no
problem during
installation, we followed the MS instructions for SP 3.0
on SBS 2003.
Everything works fine internally. We like SP 3.0, which we
find a great
improvement over SP 2.0. So far so good.

The trouble is with external access, which we find
incredibly complex to
set
up and so far does not work. Here is what we did :
- Under SP 3.0 Central Administration/Operations/Alternate
Access
Mappings/Public Zone URLs, we have 1) under «default » the
internal url ;
2)
under « internet » https://ip-address:portnumber, where
the port number
was
the one allocated to the site during the initial set up of
the intranet
following the MS intructions (ie "25364") and the
ip-address is our static
external address (also used to access RWW without
difficulty, for
example).
- Under IIS, we found the SP 3.0 web site created during
setup, but with
no
Certificate, which we then added (we used the existing
cert also used for
RWW), and specified a SSL port different from the TCP one
(which is the
above
25364, so that the SSL is, for example, 8000). I think
that I don't
really
understand how the SSL port works and what it is for, so I
suspect that I
am
doing something wrong here.
- In the Sonicwall, we opened both the 25364 and the 8000
ports
After trying different combinations of the above (for
example : no
specification of the SSL port. ?), the SP 3.0 site still
does not work
externally.
What I am doing wrong or missing ?
Thanks for your help
Charles























.