Remote access to Sharepoint on SBS2008 server
Hi I have recently installed an SSL cert issued by godaddy for a clients SBS2008 server so they can use outlook anywhere.
Outlook anywhere works perfectly but I have noticed a problem with accessing sharepoint via the hostname used in the certificate.
If I attempt to goto https://remote.domainname.com:987 on a system not added to the domain the page loads perfectly asking for credentials and then loading the sharepoint site.
However if I try the same from a system that has been added to the domain the page simply does not load. IE example "Internet Explorer cannot display the webpage".
If I navigate to the sharepoint site without using the SSL cert registered name and just the IP e.g https://xxx.xxx.xxx.xxx:987 the site will of course say there is a certificate error and give the user a choice to continue to the website or close (sharepoint then loads).
All the above tests occur when the user is outside the company network.
Any ideas what could be wrong?
Outlook anywhere works perfectly but I have noticed a problem with accessing sharepoint via the hostname used in the certificate.
If I attempt to goto https://remote.domainname.com:987 on a system not added to the domain the page loads perfectly asking for credentials and then loading the sharepoint site.
However if I try the same from a system that has been added to the domain the page simply does not load. IE example "Internet Explorer cannot display the webpage".
If I navigate to the sharepoint site without using the SSL cert registered name and just the IP e.g https://xxx.xxx.xxx.xxx:987 the site will of course say there is a certificate error and give the user a choice to continue to the website or close (sharepoint then loads).
All the above tests occur when the user is outside the company network.
Any ideas what could be wrong?
are you sure that all these from inside or outside your network ? please sepcify
ASKER
Yes these tests are from outside the internal network.
Following are the main DNS records I have in use:
An SRV record for outlookanywhere autodiscovery:
_autodiscover._tcp port 443 remote.domainname.com
An A record of to map remote.domainname.com to the server public IP:
remote xxx.xxx.xxx.xxx
Also as I said, the outlook anywhere is working.
Also I can access the RDP over SSL to control systems within the internal network connected to the domain. OWA also works correctly. Therefore the only thing that is not working within RWW is the company web.
Is it something to do with the addition of the port at the end of the name? i.e :987
Following are the main DNS records I have in use:
An SRV record for outlookanywhere autodiscovery:
_autodiscover._tcp port 443 remote.domainname.com
An A record of to map remote.domainname.com to the server public IP:
remote xxx.xxx.xxx.xxx
Also as I said, the outlook anywhere is working.
Also I can access the RDP over SSL to control systems within the internal network connected to the domain. OWA also works correctly. Therefore the only thing that is not working within RWW is the company web.
Is it something to do with the addition of the port at the end of the name? i.e :987
well 987 is not ssl , ssl is on port 443 , what are you extacly trying to do ? are doing a nat from 987 to 443 from outside ?
ASKER
port 987 is the default port used for sharepoint.
ssl won`t work on that port if you type https:// plus :987 it will just not work , only if you have nat on your firewall.
ASKER
Yes I am NATing; I route this port straight to my SBS servers internal IP. This is why it works when I enter https://xxx.xxx.xxx.xxx:987.
But why doesn't it work when I enter https://remote.domainname.com:987?
But why doesn't it work when I enter https://remote.domainname.com:987?
are you able to ping remote.domainname.com ? i mean when you ping it do you get the right ip back from oustide ?
ASKER
Yeah the dns resolves correctly but due to My firewall blocking icmp packets to this address nothing is sent back.
But yeah the dns must be right as I can use: https://remote.domainname.com/owa for instance.
But yeah the dns must be right as I can use: https://remote.domainname.com/owa for instance.
did you try adding host headers on the iis site ? you can have more than 1 SSL site on your IIS server, but you may be better off binding a secondary IP address to your server and enabling SSL traffic to uniquely to each IP address. This allows for your URL's to not have a port designation. Since host headers are not supported on IIS for SSL sites. you can try this if it works.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It looks promising, I will have a read and give that a go.
also does the host on the certificate match remote.domainname.com ?
the reason why you get certificate error when you type https://xxx.xxx.xxx.xxx:987 is that it is not a FQDM and it does not match the name on the certificate .