Can get to SharePoint 2013 site from the outside only if I change IE setting.

I have to change the IE setting on a domain-joined machine only when off the corporate network.
Only then can I get to the SharePoint site (Pictured BEFORE & AFTER):

BEFORE (DOESN'T WORK)
Security-Settings-Local-Intranet-Zone-Si
AFTER (WORKS)
AFTER-Security-Settings-Local-Intranet-Z
LVL 8
K BAsked:
Who is Participating?
 
Rainer JeschorCommented:
Hi,
yes, at least in IIS they are both enabled according to the screenshot.
0
 
Rainer JeschorCommented:
Hi,
this could be a simple reason:
You call the same URL. This url is part of the local intranet zone (in IE, configured e.g. through GPO). The SharePoint site behind this url expects Kerberos authentication. The browser tries to create a Kerberos ticket, but as it is outside the domain it could not contact the KDC (who issues the Kerberos tickets) and therefore Negotiation fails. When you set it to manually, there is no Kerberos try and the NTLM fallback directly takes over.
Just my 2ct.
HTH
Rainer
0
 
K BAuthor Commented:
Could this be the cause?

IIS-PORTAL-AUTHENTICATION.png
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

 
Rainer JeschorCommented:
Hi K.B.,
no - these two settings are fine and correct.
But you cannot have both Windows AND Forms activated on the same web app.
HTH
Rainer
0
 
K BAuthor Commented:
Does it appear from this picture that I have windows AND forms activated on the same web app?
Thank you,
K.B.
0
 
K BAuthor Commented:
I see.. this seems promising right?

From Central Administration..

1.  I click "Manage web applications"
2.  Next I highlight the Web Application named, "Portal"
3.  Click "Authentication Providers".
4. Authentication-Providers-of-Single-Web-A5. I see Default AND Extranet
6. Default is using Negotiate and Extranet is using Forms-Based authentication.
7. The URL (both internal and public) for "Extranet" under,  "Alternate Access Mappings" is something that I have never used and it comes up as a forms-based authentication page (obviously).

The site associated with the zone "Extranet" (let's call it ABC-Portal.contoso.com) is completely different than the site I am trying to remediate (let's call it Portal.contoso.com).

Also, ABC-Portal.contoso.com is a completely different site in IIS, pointing to a completely different path as Portal.contoso.com.  Also, I do not see a web app that mentions, ABC-Portal.contoso.com

Do you think I should remove the Extranet authentication provider's zone from the Portal.contoso.com Web App?

Thank you very much for your assistance!
I really do appreciate it!

K.B.
0
 
K BAuthor Commented:
How does a URL become associated with a web app to begin with?

If I look at Alternate Access Mapping Collection: Portal(Portal being my web app), ABC-Portal.contoso.com is listed!
Alternate-Access-Mappings.png
0
 
K BAuthor Commented:
Okay I see where Add Internal URLs and Edit Public Urls answers my question above. :-)
Could all of this be the reason for my issue?

Thanks again!
K.B.
0
 
K BAuthor Commented:
I am awaiting a change request in a couple weeks.. I would like to post results..

removing Forms Authentication from IIS as you see both are enabled in the picture (below)

2015-05-26-1043.png
0
 
K BAuthor Commented:
I haven't forgotten about this question.   Waiting on a change window.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.