From: Washington, DC
I would need some help / information in my proper configuration of https publishing through a server farm.
I have a website (xxx.domainname.com) hosted internally on 4 different servers with host names a1.domainname.internal, a2.domainname.internal, a3.domainname.internal, a4.domainname.internal.
The FQDN xxx.domainname.com is accessible only through ISA public IP (for internal and external users). Internally the adminstrators use the local hostname to access any individual machine.
Now in my ISA publishing rule, I configured all the internal servers in a server farm and configured a publishing rule. In the publishing rule I still used the external FQDN (xxx.domainname.com) as the internal site name.
The published site does a local FBA authentication (not through ISA) on the connections made to it.
Now when I initiate the connection to the website the traffic passes through ISA and am getting the login page. Upon logging in I am able to access the web pages. Now I am signing out from the webpage and trying to log back in. The connection keeps going on and I do not see any traffic in ISA for this access. ( During the first log in I do not get any errors in ISA ). I do not have this problem if I access the site directly with the hostname internally.
I was trying various combinations in the publishing rules and still could not make any breakthrough.
As one of my tests, I changed the internal site name in the publishing rule to hostname of one of the servers in server farm (a1.domainname.internal) and now I am able to access the website fine. I could also see the traffic going to all the 4 servers in the server farm.
Can some one throw some light on what's the mistake I have in this setup, and if my present config is good to keep.
I have multiple web sites published through server farm ( all configured with the external FQDN as the internal site name) and I have not got any issues with any of them.
My apologies if the description is too long / confusing. I can get you more information if you need.
From: United Kingdom
Present setup is good...
See this quote:
"Even if you do not need to make a Web farm available internally or account for link translation, the ISA Server rules engine may need to resolve the internal site name. Use a resolvable DNS name. We recommend that you use the name of one of the servers in the farm."