As a couple of service applications required the NT Auth in default zone of the web application, i.e., the search is big of them. you setup a Web App with two zones

  1.  Default Zone with NTLM
  2.  Intranet zone with FBA/ADFS authentication


Now we encounter an issue, When you setup a document library and configure the Alerts on it. you get the welcome email which is using the correct zone(intranet) URL but once you upload / delete /edit documents you got the alert but, this time, it is using the default zone URL. Even workflows using the same default zone URL.

This is the expected behavior for SharePoint alerts and has been the behavior since Alternate Access Mappings was introduced. Because SharePoint doesn't know the appropriate zone context for the user receiving the alert, it defaults to using the Default zone.


Configure the dual authentication in default zone, it will just give an extra click for the user, or you can customize the login URL to bypass the NT auth. Or use some custom code etc. But in this case, these did not work.


Finally, you found an article on the TechNet about Configure external access for mobile devices in SharePoint 2013. This article talks about the how to make SharePoint sites available for mobile devices when the devices are used outside the corporate firewall.  But we are in the same Intranet Zone, but how can this benefit for us,

A cross-firewall access zone is used to generate external PC and mobile URLs in mobile alert messages and enables users to send an externally available URL when they click the E-mail a link or Alert Me button on the ribbon.

So the easy steps are:

Configure a cross-firewall access zone

  1. Verify that you have the following administrative credentials:
    • You must be a member of the Farm Administrators group.
  2. In Central Administration, click System Settings.
  3. On the  System Settings page, under Farm Management, click  Configure cross firewall access zone.
  4. On the Cross Firewall Access Zone page, in Web Application , in the Web Application list, select the web application that is published across the firewall.
  5. In  Cross Firewall Access Zone, in the  Zone selection for cross firewall access list, select the zone that is published across the firewall.