locked
Major difficulties publishing Sharepoint 2010 through UAG RRS feed

  • Question

  • I'm having a very frustrating time trying to come up with an ideal and working topology for publishing a multi-WFE Sharepoint 2010 farm with UAG.  I would like to take advantage of WFLB in UAG, but each configuration I attempt fails in a unique but reproducible way.  Here are two scenarios and their modes of failure:

    Topology 1: WFLB/One IP Per WFE/HTTPS/Host Headers

    Sharepoint Site hosted at https://wfe1.ad.contoso.com and https://wfe2.ad.contoso.com with wildcard certificate and host header "site1.ad.contoso.com"
    AAMs: https://site1.contoso.com (default), https://site1.ad.contoso.com (intranet)

    UAG configured as follows (Application SITE1):
    Trunk public hostname: sptrunk.contoso.com
    Web Server Addresses: wfe1.ad.contoso.com, wfe2.ad.contoso.com
    Paths: /
    HTTPS Port: 443
    Replace the host header with the following: site1.ad.contoso.com
    Public host name: site1.contoso.com
    Use cookie-based affinity
    Authentication: Use KCD, SPN: http/site1.ad.contoso.com

    DNS configuration:
    site1.contoso.com = CNAME sptrunk.contoso.com

    Sharepoint Site hosted at https://wfe1.ad.contoso.com and https://wfe2.ad.contoso.com with wildcard certificate and host header "site2.ad.contoso.com"
    AAMs: https://site2.contoso.com (default), https://site2.ad.contoso.com (intranet)

    UAG configured as follows (Application SITE2):
    Trunk public hostname: sptrunk.contoso.com
    Web Server Addresses: wfe1.ad.contoso.com, wfe2.ad.contoso.com
    Paths: /
    HTTPS Port: 443
    Replace the host header with the following: site2.ad.contoso.com
    Public host name: site2.contoso.com
    Use cookie-based affinity
    Authentication: Use KCD, SPN: http/site2.ad.contoso.com

    DNS configuration:
    site2.contoso.com = CNAME sptrunk.contoso.com

    This topology appears to work correctly with regard to authentication/SSO--the KCD transition works correctly and the user is authenticated and allowed access when connecting to https://site1.contoso.com.  When connecting to https://site2.contoso.com, however, the user is redirected to https://site1.contoso.com every time.  There is no way to access the content at https://site2.contoso.com--UAG just changes the URL back to site1.contoso.com.  It seems like UAG is sending the wrong host header to the Sharepoint server, but I haven't been able to figure this out yet.  Is this expected behavior?

    Topology 2: WFLB/One IP Per WFE/HTTPS/Multiple Ports

    Sharepoint Site hosted at https://wfe1.ad.contoso.com:1234 and https://wfe2.ad.contoso.com:1234 with wildcard certificate
    AAMs: https://site1.contoso.com (default), https://site1.ad.contoso.com:1234 (intranet)

    UAG configured as follows (Application SITE1):
    Trunk public hostname: sptrunk.contoso.com
    Web Server Addresses: wfe1.ad.contoso.com, wfe2.ad.contoso.com
    Paths: /
    HTTPS Port: 1234
    Public host name: site1.contoso.com
    Use cookie-based affinity

    DNS configuration:
    site1.contoso.com = CNAME sptrunk.contoso.com

    Sharepoint Site hosted at https://wfe1.ad.contoso.com:1234 and https://wfe2.ad.contoso.com:1234 with wildcard certificate
    AAMs: https://site2.contoso.com (default), https://site2.ad.contoso.com:1234 (intranet)

    UAG configured as follows (Application SITE2):
    Trunk public hostname: sptrunk.contoso.com
    Web Server Addresses: wfe1.ad.contoso.com, wfe2.ad.contoso.com
    Paths: /
    HTTPS Port: 1234
    Public host name: site2.contoso.com
    Use cookie-based affinity

    DNS configuration:
    site2.contoso.com = CNAME sptrunk.contoso.com

    This topology doesn't seem to work at all.  When trying to browse https://site1.contoso.com the user is redirected to the UAG logon form to enter their credentials.  Upon submitting their credentials, the browser is redirected to https://site1.contoso.com:1234 which clearly doesn't work because UAG isn't listening on that port.

    Has anybody else encountered these issues?  Is there a best-practice method for publishing a farm of SP2010 servers?

    Wednesday, January 12, 2011 4:30 PM

All replies