none
External/Internet access to SharePoint Server 2010

    Question

  • Hey folks,

    I am running server 2008 r2 and installed SharePoint server 2010. After installation I found my default web site was stopped and took down the sites I was hosting so I changed SharePoint onto port 8080 in IIS manager. I then changed the port for "SharePoint - 80" in SharePoint central admin then manage web ser

    My SharePoint looks like this

    Central Admin - http://<servername>:123

    SharePoint - 80 - http://<servername>:8080

    2 sites collections - /sites/share and /sites/sharepoint which accessible on my server using http://<servername>:8080/sites/share

    I can access my sites on my server browser but I cannot access the sites externally. I have tried following guides to add "internet zones" and "alternate address mappings" but no luck. I have been poking around this for a while now to see if I need to add DNS records/other server changes to allow access but no luck. I also tried extending the SharePoint - 80 to another port in the 30xxx range and again no access. I have opened the ports on my server firewall router is in DMZ - other remote access services are working.

    Any advise on testing folks would be greatly appreciated :)

    John

    Monday, August 05, 2013 4:49 PM

Answers

  • Hey Folks, Victory :)

    I have now made my SharePoint Server accessible over the internet. The problem was that I had no binding on my default website in IIS so I was getting the default IIS website. Here is my config if it helps anyone.

    Alternate Address mapping (AAM)
    http://server <> Default <> http://server
    http://server:36545 <> Intranet <> http://server:36545
    http://sharepoint.domain.co.uk <> Extranet <> http://sharepoint.domain.co.uk

    IIS 7 config

    domain1 <> port 80 <> binding=www.domain1.co.uk
    DNS entry www.domain1.co.uk <> Server internal IP

    domain2 <> port 80 <> binding=www.domain2.co.uk
    DNS entry www.domain2.co.uk <> Server internal IP

    Default site <> Port 80 <> binding=default.domain.co.uk
    DNS entry default.domain.co.uk <> Server internal IP

    Sharepoint 90 <> port <> sharepoint.domain.co.uk
    DNS entry sharepoint.domain.co.uk <> Server internal IP

    **When creating DNS entries - Open DNS from administrative tools > right click server domain > add host A or AAA with above details.

    I can now access my test site collections using - http://sharepoint.domain.co.uk/sites/sharepoint

    Thanks all for your time having a look and hope this helps someone in the future.

    John

    • Marked as answer by John_McA Friday, August 09, 2013 6:33 PM
    Friday, August 09, 2013 6:33 PM

All replies

  • What do you mean by external?

    If you're trying to address an internal server through an internet connection you'll have trouble.

    If you're just trying to get there from other computers on your company network then there's hope.

    Monday, August 05, 2013 5:44 PM
  • What do you mean by external?

    If you're trying to address an internal server through an internet connection you'll have trouble.

    If you're just trying to get there from other computers on your company network then there's hope.

    Unfortunately it is the trouble option - trying to access my SharePoint sites through the internet. Any advice mate?
    Monday, August 05, 2013 6:34 PM
  • If you can access sites only from the SharePoint server, you are most likely having DNS and Alternate Access Mapping issues. A quick test is by adding the hostnames to your hosts file and when testing from a client, adding it to the clients hostfile as well. If you don't know what this means, let me know. Also, if you want to receive the best solutions, try to give us something more detailed than "no luck". 

    For example, how did you verify DNS is setup correctly? are you able to perform an nslookup on the Web address of the web application? If you can Ping and/or nslookup to the web application name (don't worry about the site collections below, if you can communicate with the web app, the site collections below it are good as well)

    Did you verify you are able to ping and NSlookup from outside the SharePoint server to verify name resolving and connectivity?What was the result? 

    If you're trying to access your sites from the internet, make sure you have included the external site address (such as http://[server or web application name]) in the internet or extranet section of your Alternate Access Mappings. Also, you have to register the external website address on an internet DNS server as well to be able to resolve from the internet. 

    Please share with us if you have basic networking knowledge and try to be fair with what you know and what you've done so we are not assuming the wrong. 


    I am a SharePoint Infrastructure Engineer, focussed on Administration and Installation of SharePoint Server environments.MCITP SP2010 Administration



    Monday, August 05, 2013 8:22 PM
  • Thanks mate,

    The SharePoint Alternate Address mappings is as follows:

    Internal URL Zone Public URL for Zone
    http://rooster:8080 Default http://rooster:8080
    http://rooster:36545 Intranet http://rooster:36545
    http://<serverIP>:8080 Internet http://<serverIP>:8080

    *Server name = rooster
    **The 3rd entry was created when I added the "Internet" used "edit public URLs". I don't think this right?
    ***To confirm the web address of the web application - http://<serverIP>:8080

    At present I can RDP, VPN and access the websites I host so I don't think I have a problem getting to my server across the internet. I have been wondering if there was some DNS configuration to do on my server to route traffic to the SharePoint or should I use a domain rather than IP i.e. create portal.domain.com and point to my server and use that as my Internet zone address.

    I didn't try editing the host file as I am not sure I have configured my SP server correctly in the AAM. I ran a port check for 8080 and it is showing as closed but I assume I haven't configured SharePoint/DNS role correctly to listen?

    My background is that I am currently working on my server qualifications and find in order to practice what I am learning is to work on a project like settings up websites to host, emails, GPO for test PC's, etc. So I have a good networking knowledge working IT for a number of years but a little green in a server environment. This projects inspiration came about following some database work I had been doing so I installed my copy of SharePoint Server 2010 and SQL server but feeling I have fallen at the gate with no amount of forums/tutorials/videos to get up. So to answer your question, I installed SP 2010 and setup the config above and plucked up the courage to post for advice to check i configured SP correctly so I could begin to breakdown the routing issue from the net.

    Thanks in advance,

    John

    Monday, August 05, 2013 9:52 PM
  • My AAM didn't display to well 

    http://rooster:8080 <> Default <> http://rooster:8080
    http://rooster:36545 <> Intranet <> http://rooster:36545
    http://<serverIP>:8080 <> Internet <>http://<serverIP>:8080


    • Edited by John_McA Monday, August 05, 2013 9:55 PM
    Monday, August 05, 2013 9:55 PM
  • Hi John,

    You can edit AAM for your web application with port 8080, click the "Edit Public URLS" link and input "http://portal.domain.com:8080" in on zone (e.g. Extranet), then go to IIS manager to add a binding for this SharePoint site and input the "portal.domain.com" in host name in binding, then go to your DNS server and create an A record to map "portal" to an ip, then you can try accessing your SharePoint site with http://portal.domain.com:8080 in IE browser, and here is an article about publishing a SharePoint site to internet, you can read.

    http://www.bybugday.com/Lists/Posts/Post.aspx?ID=7

    Thanks


    Daniel Yang
    TechNet Community Support

    Tuesday, August 06, 2013 9:18 AM
    Moderator
  • Hi, 

    Thanks for explaining where you're coming from and what you've done so far.

    If you're using VPN to access your internal network, you don't have to think about external IP-connectivity from the Internet. However, you have to keep in mind your sites will only be accessible if you have fired up a VPN connection first. 

    Second, as someone stated earlier, make sure the bindings for the web application on the web front end correspond with your AAM setting for the web application in SharePoint, Daniel Yang gave you an article that could help you further setting it up

    USing your host file is only necessary when you're using DNS names (e.g. portal.domain.com) instead of IP addresses and to process name resolving locally instead of using a DNS server. 

    When using a DNS server for name resolving of the web application where working with, the A-record or Alias, should point to your Web Front end server.Port 8080 shouldn't be closed it should be open in your case to allow traffic, just make sure your firewall is setup correctly so you're not allowing unnecessary traffic, but communication is possible for the port you're using (8080).

    I would recommend using DNS-names instead of IP-addresses. Let us know how far you came or where you got stuck in the process


    I am a SharePoint Infrastructure Engineer, focussed on Administration and Installation of SharePoint Server environments.MCITP SP2010 Administration


    Tuesday, August 06, 2013 2:40 PM
  • Thanks folks, appreciate the help.

    I setup sharepoint.domain.co.uk and set the records with my host to forward to my server. Checked nslookup and finds my server ok. I then set IIS binding as sharepoint.domain.co.uk with the port 8080. Next was the DNS and created a record by right clicking xxxxx.local then new A or AAA host.
    name - sharepoint.domain.co.uk
    FQDN - sharepoint.domain.co.uk.xxxxxx.local.
    IP - server fixed IP

    This is how I setup hosting multiple sites on my server and believe i followed Daniels's advice. Unfortuntely when updateing the SharePoint AAM it didn't work. My SharePoint AAM now reads:
    Internal URL <> Zone <> Public URL for Zone
    http://server:8080 <> Default <> http://server:8080
    http://server:36545 <> Intranet <> http://server:36545
    http://sharepoint.domain.co.uk:8080 <> Internet <> http://sharepoint.domain.co.uk:8080

    Questions:
    1) http://sharepoint.domain.co.uk:8080 is the internal external domain. On videos and forums I hae read there have been cases where the Public URl is the same for different internal URLs?
    2) The internal http://server:8080 not gives "Bad Request - Invalid Hostname" HTTP Error 400. The request hostname is invalid.?
    2) Should I have done something different configuring the DNS to use the port 8080? 

    Obeservations:
    1) The port 8080 is showing as closed using www.ping.eu. I am guessing i don't have my routing setup correctly yet, therefore nothing is listening.
    2) http://server:36545 is working on the server but this is because I used the extend option in Web applications - hosts the same site multiple times for setting different access configs.

    I have been checking and still can see my mistake and hoping it isn't too obivious as I will feel like a plank for the hours wasted here. Anyway any advice is always welcome as the VPN isn't an option.


    Tuesday, August 06, 2013 8:57 PM
  • Hi John.

    Sometimes the best thing to do is going back to the basics.
    I would suggest you do the following:
    1. Temporarely change the Port for your SP webapp you are to use for the external access(any other than the 8080 you are using).
    2. In IIS create a basic website with Anonymous access and listening on port 8080 and add a simple default.html page with some text.
    3. Try to access the site externally(over internet) with your external DNS http://yourfqdn:8080.
    4. If you end up with Page cannot be found your clearly have some Network configuration issue and i would start of checking that your external DNS is pointing to your external IP.
    5. Then check your intrnal FW configuration and make sure the rule from: ext-ip to:int-ip is good and that the port 8080 is open for that rule:
    6. As a temporary action you could open all ports for the "specific rule" and see if get a ping reply by pinging the ext-ip adress, assuming that you havent any local fw rule that blocks ICMP packages.
    This would at least give you an idea that you can communicate with the server at its most basic level.
    It will hopefully narrow it all down.

    When you can access the temporary site, you should switch back to using port 8080 for the SP webapp and you can see if your specified AAM's is correctly configured.

    Hope this helps.

    Best regards.
    Philip
    Tuesday, August 06, 2013 10:24 PM
  • Plan Philip,

    I created a simple html site for your suggestion and created a folder (added permissions for everyone) for the temp in the inetpub folder. Then:

    > Moved SP to port 45451
    > Created new IIS site on port 8080 and added binding www.domain.co.uk pointing to the folder I created.
    > Added DNS A record for www.domain.co.uk to server IP
    Result - unable to access site on server or externally

    Next:
    > Added IP address under advanced for ther server network card x.x.x.102
    > Bound IP to new IIS site (tried both port 80 and 8080)
    Result - unable to access site on server or externally

    Folks, it seems something has gone wrong on my server as I am not geting to sites by using the browser on the server itself except, the default IIS always available. The 2 sites I had setup for my server to host are not working either. As a consequence I am going to roll back to getting the 2 sites accessible from the internet, stopp all IIS sites except these 2. Once working i will stat the sharepoint sites again.

    HUGE THANKS to you that took the time to post and I will come back to this thread and post the answer to my problem . . . even if it was my blunder :)

    John
    Wednesday, August 07, 2013 8:01 PM
  • Hey folks, progress!

    I went back to my oriiginal websites and checked the A records and all resolve to the my server. So Checked my IIS config for each site:

    domain1 <> port 80 <> binding=www.domain1.co.uk
    **The website works with no issue

    domain2 <> port 80 <> binding=www.domain2.co.uk
    **The website works with no issue

    Default site <> Port 80 <> binding=none
    **The default IIS site works as expected

    Sharepoint 90 <> port <> sharepoint.domain.co.uk
    **The website gives the following error when accessed locally on server
    HTTP/1.1 200 OK
    Server: Microsoft-IIS/7.5
    Date: Wed, 07 Aug 2013 23:53:56 GMT
    Connection: close

    Therefore my server is working correctly and only the Sharepoint falls to loads when configured the same as every other site? I have been back into the sharepoint and changed it to port 80 and the AAM looks like:
    Internal URL
    http://server <> Default <> http://server
    http://server:36545 <> Intranet <> http://server:36545
    http://sharepoint.domain.co.uk <> Extranet <> http://sharepoint.domain.co.uk

    So next I changed the port number for domain2 site to 8080 and the domain2 site fell over. RESUYLT - there are routing problems on port 8080 and will have a look at tackling this but will need to do some reading as I haven't seen anything like this in my studying for server qualification. There has been mention on forums of a http listener . . . 

    Next I am thinking if the other sites are on port 80 and work when my DNS is configured  with the correct bindings. Then why does my Sharepoint site not work when configured the same way?

    This is startig to get to me so I changed the the ISS binding for the Sharepoint 80 site to an IP address and updated my DNS but still the same problem - the error above. This means that my routing is correct and the issue the Sharepoint configuration. To check this I used the http://server:36545 and got my sharepoint unsername/password prompt.

    I don't see how my AAM is wrong? Any advice?

    John
    • Edited by John_McA Friday, August 09, 2013 6:34 PM
    Thursday, August 08, 2013 12:20 AM
  • Hey Folks, Victory :)

    I have now made my SharePoint Server accessible over the internet. The problem was that I had no binding on my default website in IIS so I was getting the default IIS website. Here is my config if it helps anyone.

    Alternate Address mapping (AAM)
    http://server <> Default <> http://server
    http://server:36545 <> Intranet <> http://server:36545
    http://sharepoint.domain.co.uk <> Extranet <> http://sharepoint.domain.co.uk

    IIS 7 config

    domain1 <> port 80 <> binding=www.domain1.co.uk
    DNS entry www.domain1.co.uk <> Server internal IP

    domain2 <> port 80 <> binding=www.domain2.co.uk
    DNS entry www.domain2.co.uk <> Server internal IP

    Default site <> Port 80 <> binding=default.domain.co.uk
    DNS entry default.domain.co.uk <> Server internal IP

    Sharepoint 90 <> port <> sharepoint.domain.co.uk
    DNS entry sharepoint.domain.co.uk <> Server internal IP

    **When creating DNS entries - Open DNS from administrative tools > right click server domain > add host A or AAA with above details.

    I can now access my test site collections using - http://sharepoint.domain.co.uk/sites/sharepoint

    Thanks all for your time having a look and hope this helps someone in the future.

    John

    • Marked as answer by John_McA Friday, August 09, 2013 6:33 PM
    Friday, August 09, 2013 6:33 PM