Solved

Cannot log in to Sharepoint 2010 from external locations

Posted on 2011-03-16
10
881 Views
Last Modified: 2012-05-11
I recently install Sharepoint 2010 on a Windows Server 2008 R2 domain member computer that is dedicated for this use.  I can connect to and use the site from any computer on the lan, but if I try to hit it from outside I am prompted for credentials.  I tried my username and password in UNC format as well as username@domain.tld but it just keeps re-prompting me.  I know the credentials are right and my firewall has both 80 and 443 forwarded to the sharepoint server.

Any advice on how to get this working?  I do have an Active Directory domain set up and I was under the impression that Sharepoint would automatically configure itself to work with AD if it is installed on a member computer but that does not seem to be the case, nor can I find where to sync the userbase up with AD.  

I did add the DisableLoopbackCheck entry into the registry but that did not help.
0
Comment
Question by:arstacey
  • 5
  • 4
10 Comments
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 400 total points
ID: 35149632
You may want to make sure that the external host that you are using to access the Sharepoint server is listed as an alternate access mapping in the Sharepoint Central Config. You'll also want to check the authentication methods you are using for the Website in IIS. If Basic Authentication is enabled, you'll want to disable that. Sharepoint does integrate with AD automatically, and as you mention users can access it internally, so the problem isn't AD integration, but is instead a misconfiguration on the server somewhere.
0
 

Author Comment

by:arstacey
ID: 35150346
I checked the Alternate Access Mappings and the correct address is listed for the internet zone.  

In IIS, under sites I have SharePoint - 80, SharePoint Central Administration v4, and SharePoint Web Services (and Default Web Site but it is stopped).  When I go to Authentication for SharePoint - 80, only ASP.NET Impersonation and Windows Authentication are enabled.  All the rest are disabled including Basic.
0
 

Author Comment

by:arstacey
ID: 35153842
Ok, I may have figured this out but need some additional assistance. :)

We use a Squid reverse proxy to handle our incoming web requests.  Apparently, the incoming request first hits squid, then is forward to Sharepoint, which forwards to AD for authentication.  Then it tries to reload through port 80 but squid does not allow this type of redirect.  I verified this by forwarding port 80 on my firewall directly to the sharepoint server and it works fine.

So my next question would be, how do I change the default port that Sharepoint is listening on?  I would like to run it on something like 8080 but do not see where to make this change.
0
 
LVL 14

Assisted Solution

by:KoenVosters
KoenVosters earned 100 total points
ID: 35154770
SharePoint doesnt have a specific port it listens to. You define it when you create the web application.
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 400 total points
ID: 35156353
Once you have a web application created, you can't change the port it is on. You can, however, extend the web application to a new IIS site, which you can use to add an additional listening port for the web application. You do this under Sharepoint Central Administration -> Application Management -> Manage Web Applications -> Select site from the list -> click Extend in the upper left. This will create an additional site that listens to whatever port you configure in the extension. I would recommend setting it to 443 and enabling SSL for your Internet Facing setup.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:arstacey
ID: 35156727
Ok, to make this easy, could I just create a new web application and give it whatever port I want?  This was just installed and we have not done anything to the first site it created so there is no risk of losing data.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 35156947
Absolutely. Just note that whatever port you use will be used internally and externally. 443 is HTTPS, so that should work best with your firewall. You'll also probably want to delete the site that was created already.
0
 

Author Comment

by:arstacey
ID: 35160644
Ok, so I created a new site on port 8181 and a new site collection and deleted the original.  On my internal DNS, I made an entry to point sharepoint.ourdomain.net to the internal lan address of the sharepoint server. In AAM  I made two entries, one for the default zone with server:8181 as the public url and another with sharepoint.ourdomain.net:8181 as the public url.

If I open IE8 on the sharepoint server and type sharepoint.ourdomain.net:8181 in the address bar, the site opens fine.  If I try to do the same from another lan computer OR a computer outside the lan, I am getting a page cannot be found.  I made sure port 8181 is forwarded on our firewall correctly.  Are there any other ports I need to forward?  

I doubt this is a firewall issue because lan pc's should be hitting the dns server and going straight to sharepoint.
0
 

Author Comment

by:arstacey
ID: 35160662
Nevermind lol.  After I said "I doubt this is a firewall issue.." I cocked my head and looked at it again realizing that it could be the windows firewall.  Sure enough, disabling the windows firewall fixed the issue.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 35160683
Alrighty then. Glad you got it sorted.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now