Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cannot log in to Sharepoint 2010 from external locations

Posted on 2011-03-16
10
Medium Priority
?
948 Views
Last Modified: 2012-05-11
I recently install Sharepoint 2010 on a Windows Server 2008 R2 domain member computer that is dedicated for this use.  I can connect to and use the site from any computer on the lan, but if I try to hit it from outside I am prompted for credentials.  I tried my username and password in UNC format as well as username@domain.tld but it just keeps re-prompting me.  I know the credentials are right and my firewall has both 80 and 443 forwarded to the sharepoint server.

Any advice on how to get this working?  I do have an Active Directory domain set up and I was under the impression that Sharepoint would automatically configure itself to work with AD if it is installed on a member computer but that does not seem to be the case, nor can I find where to sync the userbase up with AD.  

I did add the DisableLoopbackCheck entry into the registry but that did not help.
0
Comment
Question by:arstacey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 1600 total points
ID: 35149632
You may want to make sure that the external host that you are using to access the Sharepoint server is listed as an alternate access mapping in the Sharepoint Central Config. You'll also want to check the authentication methods you are using for the Website in IIS. If Basic Authentication is enabled, you'll want to disable that. Sharepoint does integrate with AD automatically, and as you mention users can access it internally, so the problem isn't AD integration, but is instead a misconfiguration on the server somewhere.
0
 

Author Comment

by:arstacey
ID: 35150346
I checked the Alternate Access Mappings and the correct address is listed for the internet zone.  

In IIS, under sites I have SharePoint - 80, SharePoint Central Administration v4, and SharePoint Web Services (and Default Web Site but it is stopped).  When I go to Authentication for SharePoint - 80, only ASP.NET Impersonation and Windows Authentication are enabled.  All the rest are disabled including Basic.
0
 

Author Comment

by:arstacey
ID: 35153842
Ok, I may have figured this out but need some additional assistance. :)

We use a Squid reverse proxy to handle our incoming web requests.  Apparently, the incoming request first hits squid, then is forward to Sharepoint, which forwards to AD for authentication.  Then it tries to reload through port 80 but squid does not allow this type of redirect.  I verified this by forwarding port 80 on my firewall directly to the sharepoint server and it works fine.

So my next question would be, how do I change the default port that Sharepoint is listening on?  I would like to run it on something like 8080 but do not see where to make this change.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 14

Assisted Solution

by:KoenVosters
KoenVosters earned 400 total points
ID: 35154770
SharePoint doesnt have a specific port it listens to. You define it when you create the web application.
0
 
LVL 42

Accepted Solution

by:
Adam Brown earned 1600 total points
ID: 35156353
Once you have a web application created, you can't change the port it is on. You can, however, extend the web application to a new IIS site, which you can use to add an additional listening port for the web application. You do this under Sharepoint Central Administration -> Application Management -> Manage Web Applications -> Select site from the list -> click Extend in the upper left. This will create an additional site that listens to whatever port you configure in the extension. I would recommend setting it to 443 and enabling SSL for your Internet Facing setup.
0
 

Author Comment

by:arstacey
ID: 35156727
Ok, to make this easy, could I just create a new web application and give it whatever port I want?  This was just installed and we have not done anything to the first site it created so there is no risk of losing data.
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 35156947
Absolutely. Just note that whatever port you use will be used internally and externally. 443 is HTTPS, so that should work best with your firewall. You'll also probably want to delete the site that was created already.
0
 

Author Comment

by:arstacey
ID: 35160644
Ok, so I created a new site on port 8181 and a new site collection and deleted the original.  On my internal DNS, I made an entry to point sharepoint.ourdomain.net to the internal lan address of the sharepoint server. In AAM  I made two entries, one for the default zone with server:8181 as the public url and another with sharepoint.ourdomain.net:8181 as the public url.

If I open IE8 on the sharepoint server and type sharepoint.ourdomain.net:8181 in the address bar, the site opens fine.  If I try to do the same from another lan computer OR a computer outside the lan, I am getting a page cannot be found.  I made sure port 8181 is forwarded on our firewall correctly.  Are there any other ports I need to forward?  

I doubt this is a firewall issue because lan pc's should be hitting the dns server and going straight to sharepoint.
0
 

Author Comment

by:arstacey
ID: 35160662
Nevermind lol.  After I said "I doubt this is a firewall issue.." I cocked my head and looked at it again realizing that it could be the windows firewall.  Sure enough, disabling the windows firewall fixed the issue.
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 35160683
Alrighty then. Glad you got it sorted.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
When using a search centre, I'm going to show you how to configure Sharepoint's search to only return results from the current site collection. Very useful when using Office 365 with multiple site collections.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question