Sharepoint 2010 architecture question

Posted on 2014-01-27
Medium Priority
Last Modified: 2014-05-06
I have inherited a network with Sharepoint 2010, two FE's running behind a load balancer with SQL on a seperate server. Internal users access over http and sharepoint is a published application through ISA 2006 for external users who access over HTTPS.
I need to change everyone over to HTTPS but I am unsure what the best plan is and what impact this will have on the user experience. eg will internal users start to get prompted for credentials when opening an office document (persistent cookie issue)... what about cert names and how will I prevent internal users being routed externally as the URL will obviously change to https://sharepoint.mydomain.com so the SSL cert will check out. What about old http links will a simple redirect work.. as you can see I have quite a bit to cover

I have limited knowledge of Sharepoint so I am eager to see how other people are handling internal and external users and HTTPS access.
Question by:Sid_F
  • 4
  • 2
LVL 44

Expert Comment

by:Rainer Jeschor
ID: 39814237
how is the current setup configured? Is the ISA server doing the SSL stuff and talks then internally to SharePoint using HTTP?

Author Comment

ID: 39814334
Yes that's correct. Thanks
LVL 20

Expert Comment

ID: 39900962
I ironically I am in the process of cleaning up my sharepoint environment as well.

Which has two FE's 1 app server an a clustered DB. The 2 FE's are behind a hardware load balance.  The external / internal sites are access via https..

Here is what I have do in my environment to help correct things.

1) Create a test sharepoint environment in lab. You and do a sharepoint farm backup then do any alternate retore to you lab and test all settings before doing them live.

2) Do you have alternate Address mappings? Unfortunalty we do not which is not correct. If you could edit the mapping for your internal clients.

I already assume the certificate is on your sharepoint servers and imported into sharepoint under managed trust
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 39902729
I only have to understand the process and the elements involved. Implementation is handled by another person although I would like to get more up to speed using my test server. If I go back to basics for a moment and suppose I have a standard http Sharepoint 2010 setup. Should I be using AAM's to change this over to HTTPS for internal users or am I way off!
LVL 20

Accepted Solution

compdigit44 earned 2000 total points
ID: 39903510
I am not an expert in SharePoint by a long shot but I believe this all needs to be done in SharePoint.

See if this link helps: http://www.mssharepointtips.com/tip.asp?id=1102&page=2

Also in my environment our main sharepoint site uses https but redirects to other http sites without issue

THs is a good video on SharePoint 2010 AAM's : http://technet.microsoft.com/en-US/video/dn153778

Author Comment

ID: 39920150
Thanks I will see if the AAM's do the trick

Author Closing Comment

ID: 40044184

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question