Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 957
  • Last Modified:

Cannot log in to Sharepoint 2010 from external locations

I recently install Sharepoint 2010 on a Windows Server 2008 R2 domain member computer that is dedicated for this use.  I can connect to and use the site from any computer on the lan, but if I try to hit it from outside I am prompted for credentials.  I tried my username and password in UNC format as well as username@domain.tld but it just keeps re-prompting me.  I know the credentials are right and my firewall has both 80 and 443 forwarded to the sharepoint server.

Any advice on how to get this working?  I do have an Active Directory domain set up and I was under the impression that Sharepoint would automatically configure itself to work with AD if it is installed on a member computer but that does not seem to be the case, nor can I find where to sync the userbase up with AD.  

I did add the DisableLoopbackCheck entry into the registry but that did not help.
0
arstacey
Asked:
arstacey
  • 5
  • 4
3 Solutions
 
Adam BrownSr Solutions ArchitectCommented:
You may want to make sure that the external host that you are using to access the Sharepoint server is listed as an alternate access mapping in the Sharepoint Central Config. You'll also want to check the authentication methods you are using for the Website in IIS. If Basic Authentication is enabled, you'll want to disable that. Sharepoint does integrate with AD automatically, and as you mention users can access it internally, so the problem isn't AD integration, but is instead a misconfiguration on the server somewhere.
0
 
arstaceyAuthor Commented:
I checked the Alternate Access Mappings and the correct address is listed for the internet zone.  

In IIS, under sites I have SharePoint - 80, SharePoint Central Administration v4, and SharePoint Web Services (and Default Web Site but it is stopped).  When I go to Authentication for SharePoint - 80, only ASP.NET Impersonation and Windows Authentication are enabled.  All the rest are disabled including Basic.
0
 
arstaceyAuthor Commented:
Ok, I may have figured this out but need some additional assistance. :)

We use a Squid reverse proxy to handle our incoming web requests.  Apparently, the incoming request first hits squid, then is forward to Sharepoint, which forwards to AD for authentication.  Then it tries to reload through port 80 but squid does not allow this type of redirect.  I verified this by forwarding port 80 on my firewall directly to the sharepoint server and it works fine.

So my next question would be, how do I change the default port that Sharepoint is listening on?  I would like to run it on something like 8080 but do not see where to make this change.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
KoenVostersCommented:
SharePoint doesnt have a specific port it listens to. You define it when you create the web application.
0
 
Adam BrownSr Solutions ArchitectCommented:
Once you have a web application created, you can't change the port it is on. You can, however, extend the web application to a new IIS site, which you can use to add an additional listening port for the web application. You do this under Sharepoint Central Administration -> Application Management -> Manage Web Applications -> Select site from the list -> click Extend in the upper left. This will create an additional site that listens to whatever port you configure in the extension. I would recommend setting it to 443 and enabling SSL for your Internet Facing setup.
0
 
arstaceyAuthor Commented:
Ok, to make this easy, could I just create a new web application and give it whatever port I want?  This was just installed and we have not done anything to the first site it created so there is no risk of losing data.
0
 
Adam BrownSr Solutions ArchitectCommented:
Absolutely. Just note that whatever port you use will be used internally and externally. 443 is HTTPS, so that should work best with your firewall. You'll also probably want to delete the site that was created already.
0
 
arstaceyAuthor Commented:
Ok, so I created a new site on port 8181 and a new site collection and deleted the original.  On my internal DNS, I made an entry to point sharepoint.ourdomain.net to the internal lan address of the sharepoint server. In AAM  I made two entries, one for the default zone with server:8181 as the public url and another with sharepoint.ourdomain.net:8181 as the public url.

If I open IE8 on the sharepoint server and type sharepoint.ourdomain.net:8181 in the address bar, the site opens fine.  If I try to do the same from another lan computer OR a computer outside the lan, I am getting a page cannot be found.  I made sure port 8181 is forwarded on our firewall correctly.  Are there any other ports I need to forward?  

I doubt this is a firewall issue because lan pc's should be hitting the dns server and going straight to sharepoint.
0
 
arstaceyAuthor Commented:
Nevermind lol.  After I said "I doubt this is a firewall issue.." I cocked my head and looked at it again realizing that it could be the windows firewall.  Sure enough, disabling the windows firewall fixed the issue.
0
 
Adam BrownSr Solutions ArchitectCommented:
Alrighty then. Glad you got it sorted.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now