Solved

Cannot log in to Sharepoint 2010 from external locations

Posted on 2011-03-16
10
905 Views
Last Modified: 2012-05-11
I recently install Sharepoint 2010 on a Windows Server 2008 R2 domain member computer that is dedicated for this use.  I can connect to and use the site from any computer on the lan, but if I try to hit it from outside I am prompted for credentials.  I tried my username and password in UNC format as well as username@domain.tld but it just keeps re-prompting me.  I know the credentials are right and my firewall has both 80 and 443 forwarded to the sharepoint server.

Any advice on how to get this working?  I do have an Active Directory domain set up and I was under the impression that Sharepoint would automatically configure itself to work with AD if it is installed on a member computer but that does not seem to be the case, nor can I find where to sync the userbase up with AD.  

I did add the DisableLoopbackCheck entry into the registry but that did not help.
0
Comment
Question by:arstacey
  • 5
  • 4
10 Comments
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 400 total points
ID: 35149632
You may want to make sure that the external host that you are using to access the Sharepoint server is listed as an alternate access mapping in the Sharepoint Central Config. You'll also want to check the authentication methods you are using for the Website in IIS. If Basic Authentication is enabled, you'll want to disable that. Sharepoint does integrate with AD automatically, and as you mention users can access it internally, so the problem isn't AD integration, but is instead a misconfiguration on the server somewhere.
0
 

Author Comment

by:arstacey
ID: 35150346
I checked the Alternate Access Mappings and the correct address is listed for the internet zone.  

In IIS, under sites I have SharePoint - 80, SharePoint Central Administration v4, and SharePoint Web Services (and Default Web Site but it is stopped).  When I go to Authentication for SharePoint - 80, only ASP.NET Impersonation and Windows Authentication are enabled.  All the rest are disabled including Basic.
0
 

Author Comment

by:arstacey
ID: 35153842
Ok, I may have figured this out but need some additional assistance. :)

We use a Squid reverse proxy to handle our incoming web requests.  Apparently, the incoming request first hits squid, then is forward to Sharepoint, which forwards to AD for authentication.  Then it tries to reload through port 80 but squid does not allow this type of redirect.  I verified this by forwarding port 80 on my firewall directly to the sharepoint server and it works fine.

So my next question would be, how do I change the default port that Sharepoint is listening on?  I would like to run it on something like 8080 but do not see where to make this change.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 14

Assisted Solution

by:KoenVosters
KoenVosters earned 100 total points
ID: 35154770
SharePoint doesnt have a specific port it listens to. You define it when you create the web application.
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 400 total points
ID: 35156353
Once you have a web application created, you can't change the port it is on. You can, however, extend the web application to a new IIS site, which you can use to add an additional listening port for the web application. You do this under Sharepoint Central Administration -> Application Management -> Manage Web Applications -> Select site from the list -> click Extend in the upper left. This will create an additional site that listens to whatever port you configure in the extension. I would recommend setting it to 443 and enabling SSL for your Internet Facing setup.
0
 

Author Comment

by:arstacey
ID: 35156727
Ok, to make this easy, could I just create a new web application and give it whatever port I want?  This was just installed and we have not done anything to the first site it created so there is no risk of losing data.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 35156947
Absolutely. Just note that whatever port you use will be used internally and externally. 443 is HTTPS, so that should work best with your firewall. You'll also probably want to delete the site that was created already.
0
 

Author Comment

by:arstacey
ID: 35160644
Ok, so I created a new site on port 8181 and a new site collection and deleted the original.  On my internal DNS, I made an entry to point sharepoint.ourdomain.net to the internal lan address of the sharepoint server. In AAM  I made two entries, one for the default zone with server:8181 as the public url and another with sharepoint.ourdomain.net:8181 as the public url.

If I open IE8 on the sharepoint server and type sharepoint.ourdomain.net:8181 in the address bar, the site opens fine.  If I try to do the same from another lan computer OR a computer outside the lan, I am getting a page cannot be found.  I made sure port 8181 is forwarded on our firewall correctly.  Are there any other ports I need to forward?  

I doubt this is a firewall issue because lan pc's should be hitting the dns server and going straight to sharepoint.
0
 

Author Comment

by:arstacey
ID: 35160662
Nevermind lol.  After I said "I doubt this is a firewall issue.." I cocked my head and looked at it again realizing that it could be the windows firewall.  Sure enough, disabling the windows firewall fixed the issue.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 35160683
Alrighty then. Glad you got it sorted.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question