• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Will upgrade simplify SBS Sharepoint access?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> Will upgrade simplify SBS Sharepoint access? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Will upgrade simplify SBS Sharepoint access? - 27.Dec.2006 1:17:01 PM   
SyberWizard

 

Posts: 18
Joined: 24.Mar.2006
Status: offline
I have been totally unsuccessful  in publishing SBS 2003 Sharepoint through a standalone ISA 2004 server.  I have SBS connected via a single NIC to the internal network, the intent being to avoid the server having to deal with Internet traffic from the clients.  I have followed instructions from multiple books and sources, but nothing I have done has allowed me to access the first page from the Internet.  I have changed settings on both SBS server and ISA server so many times I have difficulty in remembering the current configuration! My last effort was to obtain a SSL for the ISA server and generate a private SSL for the SBS server.  What I would like to know is:

As I now have ISA 2006, should I go ahead and load it, and will it help my efforts at publishing SBS Sharepoint?

Can you direct me to a guide for setting up SBS Sharepoint access through a separate ISA server? I believe that everything I have seen so far assumes that ISA is running on the same server, although I saw several articles that says installing both on the same server is not ideal, either for security or performance.

Should I activate the second NIC on the SBS and separate the internal LAN from its current direct connection to the ISA server?

As far as that goes, I also have the SBS 2003 R2 now.  Should I go ahead and load it also?

Too many questions, but I have been working on this for weeks, to no avail.  I need a new direction!

Jerry
Post #: 1
RE: Will upgrade simplify SBS Sharepoint access? - 19.Jan.2007 1:37:32 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jerry,

No need to put a second NIC in the SBS box. Just put the ISA Firewall in front of the SBS box and publish it. Better support in ISA 2006.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to SyberWizard)
Post #: 2
RE: Will upgrade simplify SBS Sharepoint access? - 19.Jan.2007 3:31:37 PM   
SyberWizard

 

Posts: 18
Joined: 24.Mar.2006
Status: offline
I saw that you had started explaining the process of publishing SBS through ISA, but was never finished, or I simply could not find it.  I have purchased several of your books (besides liking your writing style, I believe in proper support of those that help me), and have attempted to use that knowledge to get this working.  No luck in publishing the secure portion, which is what I really need.  I even purchased a certificate, but still no joy.  I will delete ISA 2004 and load ISA 2006.  Did you ever complete a tutorial, or publish a book that I am unaware of that will assist me?  I suspect it is something quite simple that I am overlooking, but that is small comfort.

Thanks for your time, I can only imagine how spread out you must stay!

Jerry

(in reply to tshinder)
Post #: 3
RE: Will upgrade simplify SBS Sharepoint access? - 21.Jan.2007 12:12:11 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jerry,

I never finished that series because the SBS MVPs were harassing me beyond recognition with dumb questions and inflammatory commentary. It wasn't worth it to me, so I bagged the project, which made them happy since they seem to prefer to keep the SBS community in the dark

Anyhow, what kind of problems are you having with publishing SPS? I've published a few SPS machines (including my own) and haven't run into a issues, although there were all just single machine deployments, not the complex stuff you see in larger orgs.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to SyberWizard)
Post #: 4
RE: Will upgrade simplify SBS Sharepoint access? - 10.Feb.2007 2:59:00 PM   
SyberWizard

 

Posts: 18
Joined: 24.Mar.2006
Status: offline
Sorry about taking so long to get back to you.  I installed ISA 2006 last night, just finished getting all the adjustments done so the business can actually get some work completed! After that, I went ahead and completed the Publish SharePoint Sites wizard, and have made a few adjustments, as it did not work. When I enter https://office.the-wizards.com, I get a Microsoft Internet Security & Accelerator Server 2006 sign in screen. I sort of expected the normal SBS remote sign in screen, but this is going through ISA, so I guess this is normal. The problem is, I cannot sign in. Here are the properties for this rule:
From: Anywhere
To: https://prime.hq-noc.computerwizards.local/Remote
"Forward original host header" and "Requests appear to come from original client" are both checked on.
Traffic: HTTPS nothing else is checked.
Listener: named Prime Remote Access
   networks on External and Local Host
   Port HTTP disabled
   Port HTTPS is set to 443. I also tried 444, no screen at all then.
   I have a certificate for office.the-wizards.com from GoDaddy.
   Authentication Methods: FBA with AD
   Always Authenticate: No
   Domain for Authentication: hq-noc.computerwizards.local not sure if this is correct.
   Single Sign On is checked.
Public Name: office.the-wizards.com
Paths: defaults made by wizard
Authentication Delication: NTLM
Application Settings: defaults made by wizard
Bridging: Web Server checked, redirect requests to SSL Port 444
Link Translation is checked on, no other link translations selected.

I hope this is enough information for you to steer me in the right direction!

Jerry

(in reply to tshinder)
Post #: 5
RE: Will upgrade simplify SBS Sharepoint access? - 13.Feb.2007 4:01:58 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jerry,

Is the ISA Firewall a member of the domain? That needs to be done for authentication delegation.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to SyberWizard)
Post #: 6
RE: Will upgrade simplify SBS Sharepoint access? - 13.Feb.2007 4:54:47 PM   
SyberWizard

 

Posts: 18
Joined: 24.Mar.2006
Status: offline
No, it is not.  My understanding (what there is) is that the ISA Server being a member of the domain would be a security issue.  Is this incorrect? Or if correct, what should I do to alliviate the security issues? The TechNet article Publishing Windows SharePoint Services with Microsoft Internet Security and Acceleration (ISA) Server 2004 links to http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stse10.mspx?mfr=true  for a discussion on Configuring Authentication and does not mention that being a domain member is required, which may be why I could never get it to work!  I am not going to make the ISA Server a member of the domain as an experiment until I hear from you.  You've got tons more experience than I on maintaining security!

(in reply to tshinder)
Post #: 7
RE: Will upgrade simplify SBS Sharepoint access? - 14.Feb.2007 11:10:24 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
What???? Where did you get that false impression? Beware of ABM'ers bringing gifts.

Domain membership makes the ISA Firewall more secure -- only dumbass "hardware" guys think it makes it less secure, and they actually have no idea, but it's an effective way for them to reduce the level of security the ISA Firewall can provide, which makes their products look better.

For the real information and the only thoughtful analysis ever done on this subject check out:

http://isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html

Next time you hear someone tell you bunk about domain membership, get the following pieces of information about the commentator:

1. IQ
2. Blood Alcohol Level
3. Blood THC Level



HTH,
Tom

< Message edited by tshinder -- 14.Feb.2007 11:11:51 AM >


_____________________________

Thomas W Shinder, M.D.

(in reply to SyberWizard)
Post #: 8
RE: Will upgrade simplify SBS Sharepoint access? - 14.Feb.2007 8:21:57 PM   
SyberWizard

 

Posts: 18
Joined: 24.Mar.2006
Status: offline
OK, great, I can make that happen. Now my problem is that, for the life of us, we cannot get the Windows Update or Windows Activation to work.  I realize that this is not a huge problem for most folks, but we repair computers on a twenty-station bench and do reloads all day long!  I have opened up everything I can imagine to the repair bench, and it still will not work.  The weird thing is however, that it was!  It seems like it decided to "break" on its own.  I am about ready to go back to ISA 2004 until I can figure this out.

(in reply to tshinder)
Post #: 9
RE: Will upgrade simplify SBS Sharepoint access? - 15.Feb.2007 12:29:10 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jerry,

I've seen that happen from time to time. Try using the proxycfg tool to unload and reload your Web proxy settings. Also make sure that you're not requiring authentication for those sites.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to SyberWizard)
Post #: 10
RE: Will upgrade simplify SBS Sharepoint access? - 20.Feb.2007 7:58:17 PM   
SyberWizard

 

Posts: 18
Joined: 24.Mar.2006
Status: offline
I have made so many changes that I am concerned that I have lost track.  I still cannot get the perimeter network to perform Windows updates.  I did try the proxycfg, but am unfamiliar with it so I am not sure of what, if anything, I accomplished. I am having to unplug the switch on the perimiter network and plug it into the internal network during the day so that we can get work accomplished. I am so puzzled about ISA 2004 seeming to work so smoothly and ISA 2006 seeming to be so buggy.  Is it just me? Are there significant advantages to ISA 2006 that I do not see?

Second part, I did get external access to my SBS, sort of.  When I log in from outside the firewall, I get the SharePoint companyweb page, instead of the "Welcome to Windows Small Business Server 2003" screen that I expected.  I figured out that was due to my redirecting to port 444, so I changed it to 443.  Now when I try it, I get ISA 2006 login, then I get the SBS login screen. When I try to log into it, it sends me back to ISA 2006 login.  I rememer something about "using up authentications" from reading your materials, but I certainly do not remember.  So, am I warmer?

(in reply to tshinder)
Post #: 11
RE: Will upgrade simplify SBS Sharepoint access? - 28.Feb.2007 4:19:39 PM   
SyberWizard

 

Posts: 18
Joined: 24.Mar.2006
Status: offline
While waiting for responses, I keep experimenting, looking for the magic fix.  I now have External access to the SBS Remote Web Workspace page!

Always a catch, though.  I have to do three logins to get to it.  While annoying, I can at least get work done. I changed the access rule "Authentication Method" to No delegation, but client may authenticate directly. I changed the listener "Authentication" to HTTP Authentication with Basic and Windows (Active Directory) checked.

So now when I type in the public address, I get the typical Windows sign-in block, in which I have to enter both domain and user name. That brings up the Remote Web Workspace login screen, which in turn immediatly brings up another Windows sign-in block.  After all three, I finally get a real Remote Web Workspace screen. I am hoping that there are changes that can be made to reduce this to a single log-in, but no combination I tried would allow it. Suggestions?

(in reply to SyberWizard)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> Will upgrade simplify SBS Sharepoint access? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts