none
SharePoint 2013 - Office Web Apps - Internal and External Use

    Question

  • I have successfully installed SharePoint 2013 and Office Web Apps on Azure VMs inside an Azure Virtual Network (IaaS model). Everyting is working well. However, my testing has shown that external users and internal users can't use Office Web Apps at the same time.

    Office Web Apps, installed on its own vm, accomodates an external and internal URL quite well. However, SharePoint 2013 appears to only allow one setting for WOPI Zone, either internal or external but not both. I've set the WOPI zone to Internal-HTTPS (Set-SPWOPIZone –Zone “internal-https”). OWA works just fine if accessed from inside the Azure Virtual Network. However, if I try to access from outside the Virtual Network, from the Internet, Office Web Apps fails. The exact oppisite is also true. I can set WOPI Zone to External-HTTPS and accessing from the Internet works fine, but accessing inside the Virtual Network fails.

    Am I missing something? I, obviously, want Office Webs Apps to function properly for both internal and external users simultaneously.

    I appreciate any help anyone can provide here.

    Glenn

    Tuesday, January 08, 2013 5:56 PM

Answers

  • Hi Glenn,

    To have both the use of Internet and Internal available to your end-users, you first need to configure AAM setting. Open Central Administration > Application Management > Configure alternate access mappings. Let's say there is an existing web application named http://sharepoint and my end-users from local network are able to access it using the URL http://sharepoint (root site collection). Here you need to add the Internet URL by select the web application and click Edit Public URLs. Add the Internet domain to the web application, e.g http://sharepoint.abc.com. You don't necessarily have to edit binding setting in IIS. Before continuing next steps, make sure you are able to access http://sharepoint.abc.com from the Internet while being able to access http://sharepoint from local network (aka Internal).

    On the machine where Office Web App (OWA) Server 2013 is installed, open PowerShell to add OWA module and use the following command to re-create a new OWA server farm if you've completed configuring it previously.

    New-OfficeWebAppsFarm -InternalUrl "http://owa" -ExternalUrl "http://owa.abc.com" -EditingEnabled.

    In this case, I'm not using SSL certificate to encrypt data over the Internet. You can use Internet-public IP of the OWA server like -ExternalUrl "http://198.xxx.xxx.xx". Add CertifcateName parameter if you want to use whether CA-issued certificate or self-signed certificate.

    On your SharePoint machine, you need to re-bind all WFE machines to WAC farm using the cmdlet New-SPWOPIBinding. Next, you need to set the WOPI zone for both internal and external.

    Set-SPWOPIZone -zone "external-http"

    Note: I'm not all using certificate in my guidance. But the steps to have it configured is just to add more parameter. 

    I've recently successfully deployed OWA multi-server farm for both internal and internet uses for two big clients. In real-world scenario, ideally OWA should be published through firewall (Forefront UAG, TMG, F5...etc). Please let me know if you still have issues after following my steps. My email: thuan@outlook.com

    Regards,
    -T.s


    Thuan Soldier
    A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
    SharePoint Vietnam | Blog | Twitter


    Friday, August 02, 2013 11:30 AM
  • This article should help you guys (http://thuansoldier.net/?p=3278)

    Thuan Soldier
    A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
    SharePoint Vietnam | Blog | Twitter

    Saturday, August 03, 2013 7:48 PM

All replies

  • Hi Glenn

    Have you managed to work this out? I am having the exact same issue, it almost forces a situation to have a seperate SharePoint 2013 server just for external. Im not sure if this is how I want to 'solve' the problem.

    I am very interested to hear if you have found a solution or workaround. I could always force my internal traffic to go external to 'trick' it into thinking it's external-https and set that as the zone....

    Help!!

    Regards,

    Adam.

    Friday, February 01, 2013 5:32 AM
  • Glenn - were you able to resolve the problem? I am having the same issue.
    Thursday, April 04, 2013 4:44 AM
  • No joy, yet.

    Glenn Meyer

    Friday, April 05, 2013 12:09 AM
  • You can have multiple zones but the can only have one binding (either HTTP or HTTPS).  I assume you've already provisioned your WAC url's for internal and external?

    Hope This Helps!

    Friday, April 05, 2013 1:14 AM
  • Did you manage to sort this? i am going through the same issues (on premise), i have read and followed the details below (from technet). not sure if its going to need an split brain DNS config, so that the external URL can be reached internally.

    Step 4: Change the WOPI zone if it is necessary

    Depending on your environment, you might have to change the WOPI zone.  If you have a SharePoint farm that's internal and external, specify external. If you have a SharePoint farm that's internal only, specify internal.

    If the results from Step 3 show     internal-https   and the SharePoint farm is internal only, you can skip this step. If you have a SharePoint farm that’s internal and external, you must run the following command to change the zone to     external-https  .

    Set-SPWOPIZone –zone “external-https”

    Thursday, June 20, 2013 3:07 PM
  • Hello,

    I'm facing the same exact issue.

    Did you finally find a solution?

    BR,

    Friday, August 02, 2013 7:56 AM
  • Hi Glenn,

    To have both the use of Internet and Internal available to your end-users, you first need to configure AAM setting. Open Central Administration > Application Management > Configure alternate access mappings. Let's say there is an existing web application named http://sharepoint and my end-users from local network are able to access it using the URL http://sharepoint (root site collection). Here you need to add the Internet URL by select the web application and click Edit Public URLs. Add the Internet domain to the web application, e.g http://sharepoint.abc.com. You don't necessarily have to edit binding setting in IIS. Before continuing next steps, make sure you are able to access http://sharepoint.abc.com from the Internet while being able to access http://sharepoint from local network (aka Internal).

    On the machine where Office Web App (OWA) Server 2013 is installed, open PowerShell to add OWA module and use the following command to re-create a new OWA server farm if you've completed configuring it previously.

    New-OfficeWebAppsFarm -InternalUrl "http://owa" -ExternalUrl "http://owa.abc.com" -EditingEnabled.

    In this case, I'm not using SSL certificate to encrypt data over the Internet. You can use Internet-public IP of the OWA server like -ExternalUrl "http://198.xxx.xxx.xx". Add CertifcateName parameter if you want to use whether CA-issued certificate or self-signed certificate.

    On your SharePoint machine, you need to re-bind all WFE machines to WAC farm using the cmdlet New-SPWOPIBinding. Next, you need to set the WOPI zone for both internal and external.

    Set-SPWOPIZone -zone "external-http"

    Note: I'm not all using certificate in my guidance. But the steps to have it configured is just to add more parameter. 

    I've recently successfully deployed OWA multi-server farm for both internal and internet uses for two big clients. In real-world scenario, ideally OWA should be published through firewall (Forefront UAG, TMG, F5...etc). Please let me know if you still have issues after following my steps. My email: thuan@outlook.com

    Regards,
    -T.s


    Thuan Soldier
    A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
    SharePoint Vietnam | Blog | Twitter


    Friday, August 02, 2013 11:30 AM
  • Friday, August 02, 2013 1:42 PM
  • This article should help you guys (http://thuansoldier.net/?p=3278)

    Thuan Soldier
    A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
    SharePoint Vietnam | Blog | Twitter

    Saturday, August 03, 2013 7:48 PM
  • Thanks Thuan Soldier! Your article just helped me configure OWA for both internal and external use.
    Saturday, August 10, 2013 10:53 AM
  • Hey Thuan,

    I am having similar issue and difficulty setting up my OWA. Plenty of troubleshooting and still No-Go. I was hoping you can help.

    Background: The SP server 2013 is running on Win2012 Server The OWA Server is running on Win2012 R2 Server The public URL for SP is https://myaccount.cloud.DomainName.com (it works fine when accessed remotely) I have no internal url, but when installing a new OWA farm I used http://myaccount for InternalURL the machine name that the OWA is running on is “SSC”

    What I have done: On “SSC” the server running the OWA Application in PowerSell I ran the following command. New-OfficeWebAppsFarm –InternalURL http://myaccount –ExternalURl https://myaccount.cloud.DomainName.com –CertificatName “SP_SSL_Cert” –EditingEnabled

    All went fine up to that point. Now come testing time! In IE I try to go to http://myaccount/hosting/discovery  to see the XML, and it fails I got to https://myaccount.cloud.DomainName.com/hosting/discovery to see the XML page and it fails as well. If I go to https://ssc/hosting/discover I can see the XML page displayed in IE

    On the SharePoint server in SharePoint 2013 Management Shell I run the following command: New-SPWOPIBinding –ServerName “ssc” I get The Server did not respond five times I added –AllowHTTP ad the end, but I got same failed results I tried New-SPWOPIBinding –ServerName “myaccount” just out of desperation and same results. I turned the firewall off on the SSC machine and same results

    Can you please help

    Thanks

    Kal


    Wednesday, June 04, 2014 10:05 PM
  • Hope below article should help you all

    http://social.technet.microsoft.com/wiki/contents/articles/19039.sharepoint-2013-how-to-enable-office-web-apps-to-work-in-both-internal-and-external-environments.aspx


    If this helped you resolve your issue, please mark it Answered

    Friday, June 13, 2014 11:53 AM
    Moderator
  • Hi Ryan

    Is it confirmed by Microsoft regarding office web apps binding allows http or https but not both.

    I have a case where the intranet using http and extranet using https

    Regards

    Wednesday, January 28, 2015 5:53 AM
  • Hello,

    You seem very knowledgeable. I hope you can help me. I have read your article and it's helped me confirm I have Alternate Access Mappings set up correctly.

    My problem is after I create the Alternate Access Mappings. You have a picture displaying your internal and external site. Both are complete.

    My internal site is perfect, but my external site only shows links. No stylesheets or base images are showing. No scripts are running.

    When I look behind the scenes, at the items that are not loading and/or displaying, they have a path starting with "_layouts/15/images/..." , etc. When I type the complete public url before the _layouts..., I am able to see everything correctly.

    How do I change the "_layouts..." path to AUTOMATICALLY include our public url, so that the links are correct? 

    Monday, August 31, 2015 8:16 PM