Sharepoint authenticates fine on the inside but on the outside forced to change from "Automatic logon only in Intranet Zone"

Outside fails unless on VPN:
Outside---Fails-unless-on-VPN.png
Outside Authentication:
 Outside-Authentication.png
Inside Authentication:
Inside-Authentication.png
Outside Attempts to use the site:
 The-Page-cant-be-Displayed.png
Fiddler from Outside (attempts):
Fiddler-401-Unauthorized-Outside-Only.pn
Security Settings (Local Intranet Zone) Site is properly defined in Intranet Zone in GPO:
Security-Settings-Local-Intranet-Zone-Si
Please let me know if I can provide any additional information.
Thank you for your assistance in advance!

K.B.
LVL 9
K BAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rainer JeschorCommented:
Hi,
question: have you extended the web application?
ASP.NET supports only one authentication provider per web application - therefore the normal process is to extend the web app (which creates a second web app) but using the same content as the existing (intranet) web app. Then you configure the zones and authentication settings.

HTH
Rainer
K BAuthor Commented:
Rainer,

Thank you very much for the reply!  
I believe you see can see the web application has been extended in the first two images.
The second zone is the Outside or "Extranet" Zone and the authentication methods is the next image.

Via PowerShell, there does not seem to be a Get-SPWebApplicationExtension command and Get-SPWebApplication | FL does not seem to show much.  If you want me to run a PowerShell command or send additional information/screenshots please do not hesitate to ask.

K.B.
K BAuthor Commented:
I am realizing that there is only one Claims Based Authentication type being used (WIA / Negotiate)
and only one URL that comes into play (thus only one zone)
So the forms based image above does not come into play.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Rainer JeschorCommented:
Hi K.B.,
that sounds reasonable (in regards to the behavior).
Can you explain your SharePoint configuration in regards to
- Farm structure (number of Web Frontends, App Server, Database server, (network) load balancer ...)
- Web Applications
- URLs
- Zones and
- Alternate Access mappings?
An intranet/extranet setup with different authentication provider is always tricky - especially when it comes to Kerberos configuration ...
HTH
Rainer

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
K BAuthor Commented:
Rainer,

Would you have the PowerShell commands that might be able to provide us the information that you ask?
I cannot be positive.

Thank you
K.B.
K BAuthor Commented:
2 APPS servers
2 Web servers
1 SQL server
Rainer JeschorCommented:
Hi,
will have to grab them from my library tomorrow (as its quite late here in Germany). But thanks for the first info.
KR
Rainer
K BAuthor Commented:
I am awaiting a change request in a couple weeks.. I would like to post results..

removing Forms Authentication from IIS as you see both are enabled in the picture (below)
2015-05-26-1043.png
K BAuthor Commented:
I haven't forgotten about this question.   Waiting on a change window.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.