joe_edmond
asked on
Sharepoint Ports To Open? Can't access My Company's Internal Website
There's a problem accessing My Company's Internal Website on SBS 2003, not just remotely but also from inside the network. When I go to click it, it pops up a login credientials box, and when I put in my credientials, it does nto work and will eventually pop up with a "You are not authorized to view this page". RWW works internally, and I'm completely stumped on the issue. Also, on the site, it was created to go through port 80 with SSL port 444.
We have an ASA firewall and I went into the configuration and added a nat statement to forward the port 444 to the IP address and even put in a Access List statement to allow the traffic through. Is there something that I'm missing not just on the firewall side, but in general? What makes me wonder is the fact that its a problem internally as well. This just started happening a few days ago... Any help would be appreciated.
We have an ASA firewall and I went into the configuration and added a nat statement to forward the port 444 to the IP address and even put in a Access List statement to allow the traffic through. Is there something that I'm missing not just on the firewall side, but in general? What makes me wonder is the fact that its a problem internally as well. This just started happening a few days ago... Any help would be appreciated.
What are you inputting as your user name? MUST be in the form of domain\username.
ASKER
yes i did that right
When you created the web application, did you choose Kerberos as the authentication method? You can check via Central Admin - Manage Web Applications. Highlight the right one and look at the Authentication Providers button in the ribbon.
ASKER
Update: I haven't changed a thing, but when I tried to access this through the web on the server that hosts the site, this happens. But if I try to access this through a workstation on the domain, then it works....This is really confusing me.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I went into Central Administration> Application Management> Authentication Providers> Edit Authentication. Under IIS Authentication Settings, it was NTLM. I can change it to Kerberos.
ASKER
@Ach1lles, the registry issue worked on the local host. THanks for the heads up. will this solve the problem on remotely accessing the site? I'm about to test on a remote workstation...
If internally works and you are loosing the connection after entering credentials externally it sounds like port 444 is blocked. Authentication takes place over 443, and then Sharepoint is displayed ove 444, no need at all for 80.
I have bloged about configuring an ASA5505 for SBS 2008. Same applies to 2003 only 2008/201 do not use 444. Just follow the instructions for port 987 (but use 444).
http://blog.lan-tech.ca/2012/01/22/configure-cisco-asa-for-sbs-20082011-network/
I have bloged about configuring an ASA5505 for SBS 2008. Same applies to 2003 only 2008/201 do not use 444. Just follow the instructions for port 987 (but use 444).
http://blog.lan-tech.ca/2012/01/22/configure-cisco-asa-for-sbs-20082011-network/
ASKER
Ok I will try this now and give an update. Do I need to change the authentication to Kerberos?
No, friend. The loopback alone will solve your issue.
ASKER
@RobWill, I put this in there....It's running off of 6.2 so I dont think your commands worked.
object network obj-SharePoint444
host 192.168.1.250
access-list outsidein extended permit tcp any any eq 444
object network obj-SharePoint444
nat (inside,failover) static interface service tcp 444 444
object network obj-SharePoint444
host 192.168.1.250
access-list outsidein extended permit tcp any any eq 444
object network obj-SharePoint444
nat (inside,failover) static interface service tcp 444 444
Joe. I can assure you, the problem you face is the loopback.
ASKER
ACH1LLES, you're saying the Loopback can cause the issue from a remote workstation as well? If so, then I'll verify that as well.
Loopback is for fixing site access FROM the server. Above you said from a remote workstation it was working, but from the server it was not.
ASKER
No, it was working for a workstation on the domain, which is not remotely. It's in the internal network. I don't know if it is working on a workstation outside the network yet, I am verifying that now. But as far as the server itself, the Loopback issue solved that portion. Thanks Ach1lles!
Ok. Do users inside and outside the firewall use the same URL?
ASKER
no, they use different ones. The URL's seem to work. its just the issue accessing the companys internal website.
If you test port 444 from the server using www.canyouseeme.org , does it show as successful?
ASKER
yes it does show successful.
Then at least your router config should be correct.
And you have an Alternate Access Mapping set for each URL on the web app?
ASKER
Ok this is weird, The site came up (I'm assuming from the port forwarding). But when i go to any link inside the website, it will ask for credientials and then they will not take. I know for a fact I am typing them correctly. As for Alternate Access Mapping, idk what that is. Do I need to change the authentication to Kerberos?
ASKER
Alright, I'm sorry for the confusion and lack of complete information everyone. Please bear with me. On the remote workstation, The site does come up and it says I'm logged in as the credential that I am on the workstation. When I go to sign as a different user as choose my domain credential( remember this is a remote machine) it continues to pop up as if it doesn't work. I'm trying to use domain credentials.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here's the current issue now: I can get to the site, but I am now presented with an access denied page, which I didnt before, so progress is made. When I click the link "Sign in as a different user", I'm presented with credentials pop up. I am absolutely sure that I am using the correct credentials. It then does not take the credentials and continues to pop them up as if they are not correct. As far as App Management, I can't seem to find this anywhere. I'm extremely lost.