Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cannot log in to Sharepoint 2010 from external locations

Posted on 2011-03-16
10
Medium Priority
?
954 Views
Last Modified: 2012-05-11
I recently install Sharepoint 2010 on a Windows Server 2008 R2 domain member computer that is dedicated for this use.  I can connect to and use the site from any computer on the lan, but if I try to hit it from outside I am prompted for credentials.  I tried my username and password in UNC format as well as username@domain.tld but it just keeps re-prompting me.  I know the credentials are right and my firewall has both 80 and 443 forwarded to the sharepoint server.

Any advice on how to get this working?  I do have an Active Directory domain set up and I was under the impression that Sharepoint would automatically configure itself to work with AD if it is installed on a member computer but that does not seem to be the case, nor can I find where to sync the userbase up with AD.  

I did add the DisableLoopbackCheck entry into the registry but that did not help.
0
Comment
Question by:arstacey
  • 5
  • 4
10 Comments
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 1600 total points
ID: 35149632
You may want to make sure that the external host that you are using to access the Sharepoint server is listed as an alternate access mapping in the Sharepoint Central Config. You'll also want to check the authentication methods you are using for the Website in IIS. If Basic Authentication is enabled, you'll want to disable that. Sharepoint does integrate with AD automatically, and as you mention users can access it internally, so the problem isn't AD integration, but is instead a misconfiguration on the server somewhere.
0
 

Author Comment

by:arstacey
ID: 35150346
I checked the Alternate Access Mappings and the correct address is listed for the internet zone.  

In IIS, under sites I have SharePoint - 80, SharePoint Central Administration v4, and SharePoint Web Services (and Default Web Site but it is stopped).  When I go to Authentication for SharePoint - 80, only ASP.NET Impersonation and Windows Authentication are enabled.  All the rest are disabled including Basic.
0
 

Author Comment

by:arstacey
ID: 35153842
Ok, I may have figured this out but need some additional assistance. :)

We use a Squid reverse proxy to handle our incoming web requests.  Apparently, the incoming request first hits squid, then is forward to Sharepoint, which forwards to AD for authentication.  Then it tries to reload through port 80 but squid does not allow this type of redirect.  I verified this by forwarding port 80 on my firewall directly to the sharepoint server and it works fine.

So my next question would be, how do I change the default port that Sharepoint is listening on?  I would like to run it on something like 8080 but do not see where to make this change.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 14

Assisted Solution

by:KoenVosters
KoenVosters earned 400 total points
ID: 35154770
SharePoint doesnt have a specific port it listens to. You define it when you create the web application.
0
 
LVL 43

Accepted Solution

by:
Adam Brown earned 1600 total points
ID: 35156353
Once you have a web application created, you can't change the port it is on. You can, however, extend the web application to a new IIS site, which you can use to add an additional listening port for the web application. You do this under Sharepoint Central Administration -> Application Management -> Manage Web Applications -> Select site from the list -> click Extend in the upper left. This will create an additional site that listens to whatever port you configure in the extension. I would recommend setting it to 443 and enabling SSL for your Internet Facing setup.
0
 

Author Comment

by:arstacey
ID: 35156727
Ok, to make this easy, could I just create a new web application and give it whatever port I want?  This was just installed and we have not done anything to the first site it created so there is no risk of losing data.
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 35156947
Absolutely. Just note that whatever port you use will be used internally and externally. 443 is HTTPS, so that should work best with your firewall. You'll also probably want to delete the site that was created already.
0
 

Author Comment

by:arstacey
ID: 35160644
Ok, so I created a new site on port 8181 and a new site collection and deleted the original.  On my internal DNS, I made an entry to point sharepoint.ourdomain.net to the internal lan address of the sharepoint server. In AAM  I made two entries, one for the default zone with server:8181 as the public url and another with sharepoint.ourdomain.net:8181 as the public url.

If I open IE8 on the sharepoint server and type sharepoint.ourdomain.net:8181 in the address bar, the site opens fine.  If I try to do the same from another lan computer OR a computer outside the lan, I am getting a page cannot be found.  I made sure port 8181 is forwarded on our firewall correctly.  Are there any other ports I need to forward?  

I doubt this is a firewall issue because lan pc's should be hitting the dns server and going straight to sharepoint.
0
 

Author Comment

by:arstacey
ID: 35160662
Nevermind lol.  After I said "I doubt this is a firewall issue.." I cocked my head and looked at it again realizing that it could be the windows firewall.  Sure enough, disabling the windows firewall fixed the issue.
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 35160683
Alrighty then. Glad you got it sorted.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A while back, I ran into a situation where I was trying to use the calculated columns feature in SharePoint 2013 to do some simple math using values in two lists. Between certain data types not being accessible, and also with trying to make a one to…
Here's a look at newsworthy articles and community happenings during the last month.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question