Solved

Sharepoint 2010 External Facing

Posted on 2012-03-20
12
540 Views
Last Modified: 2012-03-20
Don't we all love sharepoint, there are always questions. I have a couple about setting up for External Access to all employees so this can be used outside the local network.
But first I was doing this on local dns to check and make sure the external names would work when selecting links on different pages.  
Then my second question would be do I need one certificate for each site name or one certificate with both site names?

Things that have been Done

IIS manager the sites are set for windows Authenication.

I have alternate mapping setup in sharepoint
Default http://mysite.local.org   Internet http://mysite.domain.org
Default http://intranet.local.org  Internet  http://sharepoint.domain.org

In IIS manager
The each local site has a binding for mysite.domain.org  

In Local DNS Forward Zone
Both local Sites have A records for local.org attached to Server IP (which work)
PTR records created for mysite.domain.org pointing to ip.local.org
CNAME record created for mysite.domain.org connecting to mysite.local.org
CNAME record created for sharepoint.domain.org connecting to intranet.local.org

When I use nslookup mysite.local.org shows Server IP and the website works
nslookup on mysite.domain.org resolves mysite.local.org, ip, and aliases same results with intranet site
but when entering mysite.domain.org in the browser it doesn't show the site same with sharepoint.domain.org

It's pointing to the correct local DNS , I've done dnsflush & register, IISreset on Sharepoint, deleted temp content/cookies from internet, added to trusted sites.

Any help is appreciated. What steps am I missing.
0
Comment
Question by:thomasdavis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 8

Author Comment

by:thomasdavis
ID: 37743107
To add to this I configured the cross-firewall access zone in central admin so in Site information under either site is shows the correct external site
0
 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 500 total points
ID: 37743858
To answer your second question.....you aren't using https, so you don't need certificates period.

I'm not clear on what your first question is.

I will say, when you add an AAM to a web app, you have to go into IIS and manually add the corresponding binding.  DId you do this?  Each of your sites in IIS should have two bindings.
0
 
LVL 8

Author Comment

by:thomasdavis
ID: 37743918
My first question is I'm trying to get the AAM names to work on the local network sharepoint.domain.org and mysite.domain.org but nether will display the site in a browser.

Yes the bindings in IIS are added to each site
mysite.local.org  = host name - mysite / port 80 / host name - mysite.domain.org / port 80

intranet.local.org = host name - intranet.local.org / port 80  / host name - sharepoint.domain.org / port 80
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 38

Expert Comment

by:Justin Smith
ID: 37743940
When you ping the domain.org names, you get the correct internal IP address?
0
 
LVL 8

Author Comment

by:thomasdavis
ID: 37743955
When using a Ping i don't the internal IP from domain.org sites
0
 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 500 total points
ID: 37743965
I don't understand your response.  Are you saying when you ping the address, it doesn't resolve an IP at all?

I'm 99% sure this problem resides outside of SharePoint.  EIther DNS or network/routing.
0
 
LVL 8

Author Comment

by:thomasdavis
ID: 37744141
Right when i ping the external site address i don't receive an IP, i figured it had to do with both sharepoint and dns. I wanted to make sure everything in sharepoint was set up correctly first.
Now i need to figure out what type record in DNS needs to be created to send sharepoint.domain.org to internal.local.org or sharepoint.domain.org to 0.0.0.0.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 37744164
Just make them CNAMES and point them to  your internal server name (not internal sp name).
0
 
LVL 8

Author Comment

by:thomasdavis
ID: 37744199
The only problem is when I create a CNAME in local dns the alias name is sharepoint.domain.org.local.org.  So do i create a sub domain in DNS called domain.org then create a cname pointing to local.org
0
 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 500 total points
ID: 37744224
Do you have two forward zones in DNS?  One for domain.local, and one for domain.org?

If so, you add a CNAME to the domain.org zone called sharepoint and point it to servername.domain.local.  You do the same thing for mysite.
0
 
LVL 8

Author Comment

by:thomasdavis
ID: 37744246
I only have one for local.org .  So do I need create a sub zone with domain.org
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 37744256
You need another forward lookup zone, for domain.org.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Resolve DNS query failed errors for Exchange
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question