tag:blogger.com,1999:blog-3889219616765973387.post9070656163822960465..comments2023-05-24T05:38:50.418-07:00Comments on <i>corinna</i>: SharePoint MOSS 2007 with SSL termination on Load BalancerCorinna Lohttp://www.blogger.com/profile/00900594161102942245noreply@blogger.comBlogger21125tag:blogger.com,1999:blog-3889219616765973387.post-57361635528386823482011-02-16T06:55:59.153-08:002011-02-16T06:55:59.153-08:00Corinna,
Would I be able to use this method with C...Corinna,<br />Would I be able to use this method with Citrix NetScaler load balancer? I have an existing SharePoint 2007 Farm which requires SSL. I am a newbie and will need all the help you can offer!!<br /><br />Thanks,<br />NeeUnknownhttps://www.blogger.com/profile/10001485266975210964noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-69937546585024034332011-01-25T12:27:25.957-08:002011-01-25T12:27:25.957-08:00Users are getting multiple prompts of NTLM login. ...Users are getting multiple prompts of NTLM login. The only person not getting that many was farm admin. Any advises? All users traffic are from Internet.JChttps://www.blogger.com/profile/16692579170895101778noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-60237821830491033592011-01-19T16:31:18.503-08:002011-01-19T16:31:18.503-08:00Corinna, Thank you for your sharing. It solved the...Corinna, Thank you for your sharing. It solved the issues that bothered me for days. Even I still don't fully understand why need to set up an unrelated web app first then extend to the port 80 one and the trick of AAM but it WORKS. Thank you!JChttps://www.blogger.com/profile/16692579170895101778noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-43808187387774728822010-11-10T20:24:45.540-08:002010-11-10T20:24:45.540-08:00hi, Michael
I'm glad to hear that fixed the p...hi, Michael<br /><br />I'm glad to hear that fixed the problem. Share the "wealth" you now have and <a href="http://www.imdb.com/video/screenplay/vi3617259801/" rel="nofollow">Pay it forward</a>!<br /><br />Cheers!Corinna Lohttps://www.blogger.com/profile/00900594161102942245noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-47046846390365034982010-11-10T09:25:54.522-08:002010-11-10T09:25:54.522-08:00You are amazing!!!! I added internal url https://b...You are amazing!!!! I added internal url https://business.mydomain.com:1443 and it fixed everything. Thanks a bunch!!! I want to give you a big hug!Unknownhttps://www.blogger.com/profile/04920174875239373456noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-13275602107732878872010-11-09T18:49:48.655-08:002010-11-09T18:49:48.655-08:00hi, Michael
I'm not sure why your latest comm...hi, Michael<br /><br />I'm not sure why your latest comment disappeared from this post. I got that via the from google. <br /><br />To answer your question:<br /><br />You need to have two entries in the **Internet Zone** in AAM. I believe it should look like this in your case:<br /><br />https://business.mydomain.com Internet https://business.mydomain.com <br /><br />http://Corinna Lohttps://www.blogger.com/profile/00900594161102942245noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-68671204888992005492010-11-09T11:26:57.473-08:002010-11-09T11:26:57.473-08:00Ok... So I guess I should explain our problem here...Ok... So I guess I should explain our problem here. We have many public faced sites in our SharePoint enviroment and we have once site that is using SSL on port 443 using a wildcard cert *.mydomain2.com. This is creating a problem because now we have a site that needs to be secured using our wildcard cert *.mydomain.com. This is a problem since we can't have both certs on port 443. We've Unknownhttps://www.blogger.com/profile/04920174875239373456noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-89269846245917880412010-11-04T23:58:42.569-07:002010-11-04T23:58:42.569-07:00hi, Michael
You can use either different port num...hi, Michael<br /><br />You can use either different port numbers, or host headers. <br /><br />In my case, I choose to use port number because it is clear to me. First, it is easy to test behind load balancer. When I specify the port number in the URL, I know exactly which IIS website should be serving my requests. And when I put that in the load balancing pool in load balancer, I again know Corinna Lohttps://www.blogger.com/profile/00900594161102942245noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-30146151671696896702010-11-04T05:41:18.516-07:002010-11-04T05:41:18.516-07:00I tested it on all the servers. I added an entry i...I tested it on all the servers. I added an entry in my machines host file. I tried each server and still nothing. For some reason, this extended web application isn't serving up any content. I see that you put the original site on port 8888... what was the specific reason for that? http://business-test.mydomain.com was already on port 80 and I assumed that I would be fine extending Unknownhttps://www.blogger.com/profile/04920174875239373456noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-24618912309250168562010-11-03T23:17:07.070-07:002010-11-03T23:17:07.070-07:00hi, Michael
I'm trying to understand your tes...hi, Michael<br /><br />I'm trying to understand your test environment.<br /><br />I suppose you mean http://business-test.mydomain.com is in the default zone. And you extend it to http://business.mydomain.com in the internet zone.<br /><br />What is the IP address this business.mydomain.com being resolved to? If it is resolved into the subnet that belongs to the external side of the load Corinna Lohttps://www.blogger.com/profile/00900594161102942245noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-89229138871689127572010-11-03T11:16:13.764-07:002010-11-03T11:16:13.764-07:00FYI, http://business-dev.mydomain.com is in a diff...FYI, http://business-dev.mydomain.com is in a different farm than http://business-test.mydomain.comUnknownhttps://www.blogger.com/profile/04920174875239373456noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-10742585018438242732010-11-03T11:14:03.026-07:002010-11-03T11:14:03.026-07:00Thanks,
Ok, so we are trying to prove this confi...Thanks, <br /><br />Ok, so we are trying to prove this configuration in our test environment. We are content deploying from http://business-dev.mydomain.com to http://business-test.mydomain.com and we are try to set up SSL termination on the F5. So far, I've extended the http://business-test.mydomain.com application as http://business.mydomain.com. Our guys have not configured the F5 yet but Unknownhttps://www.blogger.com/profile/04920174875239373456noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-14466391098998680192010-09-17T19:31:41.047-07:002010-09-17T19:31:41.047-07:00Hello
After looking at the code and applying it i...Hello<br /><br />After looking at the code and applying it in my Load Balancer, it seems to have the following effects.<br /><br />In my web browser, browsing to the URL on the load balancer, it "redirects" me to my MOSS App server (my iRule is HTTP::redirect "http://devext-server.server.com")<br /><br />After this it seems that all links in my web browser is displayed with Unknownhttps://www.blogger.com/profile/02167969981122879851noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-42153251115771434062010-09-17T01:18:25.554-07:002010-09-17T01:18:25.554-07:00Werid, my comments seems to have disappeared!Werid, my comments seems to have disappeared!Unknownhttps://www.blogger.com/profile/02167969981122879851noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-699009597902179882010-09-16T23:45:04.260-07:002010-09-16T23:45:04.260-07:00Hello
After looking at the code and tried using i...Hello<br /><br />After looking at the code and tried using it on our Load Balancer here it does not seems to work. <br /><br />What it did was that the HTTP::redirect, redirect to the MOSS App server, and my web browser displays links in non HTTP. I thought that they were all suppose to be HTTPS links.<br /><br />My AAM setup is as follows<br /><br />Internal -> Public URL<br />Default Zone<brUnknownhttps://www.blogger.com/profile/02167969981122879851noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-62373738811456765322010-09-16T23:09:55.575-07:002010-09-16T23:09:55.575-07:00Hello
I had a look at the code and coded somethin...Hello<br /><br />I had a look at the code and coded something similar to use on the Load Balancer for testing but I am getting "weird" results.<br /><br />Looking at the HTTP::redirect bits, after using them, I notice that my web browser is displaying the non http URLs, and it seems that the browser on my machine is now "talking" directly to the MOSS App server, without going Unknownhttps://www.blogger.com/profile/02167969981122879851noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-3762788758100376332010-09-16T18:16:11.394-07:002010-09-16T18:16:11.394-07:00Thanks for the info, I will look into the irules c...Thanks for the info, I will look into the irules coding.Unknownhttps://www.blogger.com/profile/02167969981122879851noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-42489099588285721362010-09-16T12:32:57.307-07:002010-09-16T12:32:57.307-07:00This is the iRule for the virtual server listening...This is the iRule for the virtual server listening on port 80. What it does is to redirect all traffic to port 443.<br /><br />ie. if users access our sharepoint site using http, load balancer always redirects it to https. And all subsequent traffic between client and load balancer are all https. <br /><br />But the traffic between load balancer and our sharepoint servers are always http.<br /Corinna Lohttps://www.blogger.com/profile/00900594161102942245noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-18334502145420468082010-09-15T23:55:46.746-07:002010-09-15T23:55:46.746-07:00Thanks for the reply, and to answer your question ...Thanks for the reply, and to answer your question when I Remote desktop to my Sharepoint application server, browse to the default zone, it works fine.<br /><br />I am trying to achieve what is describe in the article, using HTTPS from Client to the Load Balancer and only HTTP from the Load Balancer to the Sharepoint App Server.<br /><br />I have set up the AAM rules as required, the web Unknownhttps://www.blogger.com/profile/02167969981122879851noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-33801895416072342822010-09-15T23:31:32.687-07:002010-09-15T23:31:32.687-07:00I have two iRules, one listening on port 80. It r...I have two iRules, one listening on port 80. It redirects all traffic to the https 443 virtual server.<br />The other iRules listens on port 443. It only checks the host header to make sure it is calling our sharepoint web application by hostname (basically, screening out attacks/scannings that use IP address to connect to our server).<br /><br />I have SSL Profile (Client) enabled on the Corinna Lohttps://www.blogger.com/profile/00900594161102942245noreply@blogger.comtag:blogger.com,1999:blog-3889219616765973387.post-67943379266736449002010-09-15T20:49:45.826-07:002010-09-15T20:49:45.826-07:00Hello
I am in a similar situation, and after sett...Hello<br /><br />I am in a similar situation, and after setting the appropriate configuraitons, it still did not worked for me.<br /><br />May I ask if you have any iRules set on the load balancer, and if SSL Client side profile was enforced?<br /><br />The problem that I have having is that the authentication windows does not even popup (using Windows NTLM to access the sharepoint site)<br /><brUnknownhttps://www.blogger.com/profile/02167969981122879851noreply@blogger.com