Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

extranet access

  Asked By: Code    Date: Dec 08    Category: Sharepoint    Views: 1272

I've deployed sharepoint in an extranet environment, following the white
paper downloaded from
www.microsoft.com/.../Extranet.asp (the
document was published on May 2002).
My problem is that if I try to access the server from the Internet typing
http://<external_FQDN> or if I try to access my workspace at
http://<external_FQDN>/<workspace_name>, I'm prompted for a username
/password/domain but when I supply my credential (my username and password
and specify the domain name, which is the internal domain name, where my
account is defined) I get an error 401 message (unauthorized).
I didn't specified Anonymous access on my workspace but Basic Authentication
and I'm coordinator of the workspace and administrator of the SPS server.
I'm also member of the domain admins group.
Everything works fine from the intranet; if I type
http://<external_FQDN>/<workspace_name>, I'm prompted for my credentials and
after having supplied them I'm authenticated.
My scenario is the following:
Windows 2000 domain, Isa server 2000 with service pack 1and two nic, SPS
server with service pack 1. By the way there is something wrong in the
Microsoft Deploying sharepoint across an Extranet white paper. When it comes
to mapping an external IP address to an Internal Address, in the chapter
Configure Proxy Server, the white paper states that one have to open the
'ISA Management Console', expand 'Publishing', click on 'Server Publishing
Rules' and follow the wizard for the new server publishing rule. this won't
work, first because when one comes to 'Apply the rule to this protocol' and
tries to select HTTP Server, having not enabled SSL, there is not such a
protocol defined. I properly defined the HTTP Server protocol by myself and
proceded with the forementioned server publishin rule. After enabling this
rule, the applicationlog of the ISA Server shows a warning telling that
another application is using port 80 on the external interface (the ISA
Server is hosting our web site). So I disabled the rule and proceeded to
create a new 'Web Publishing rule' just as I did when I published our web



8 Answers Found

Answer #1    Answered By: Sydney Lewis     Answered On: Dec 08

a client of mine asked me to implement the extranet  access (with basic
authentication) for his Sharepoint server. I've done this a cople of time
before without to much effort. This time things are a bit different, because
I need to use only the IP address and not an external FQDN. I've read some
messages on newsgroups telling that you couldn't publish a SPS server only
with the IP address and others telling that there is no problem doing so.
I tried to publish the server only with the IP address, but without success.
The SPS server is behind an ISA server and I did the following:
* configured the proxy server
* created a new web site on IIS and modified the security settings according
to Microsoft white paper. On this point in the new web site I specified as
'Host Header Name' the external IP address of SPS server
* on the ISA server I created a destination set with the external Ip address
of the SPS server
published  the SPS server with the wizard of 'Web Publishing Rules',
specifing to send the original host header name to the publishing server.
* created a index.htm, for testing purpose, that say 'hello world'
* added the external IP address of the SPS server to the ISA server external
NIC (i.e. the NIC connected to Internet)
Then a tested SPS server from the Internet. I can see the 'hello world'
typing http://<IP_address>, but I receive a dashboard error -2147217895 if I
type http://<IP_Address>/<workspacw_name>/

Answer #2    Answered By: Jayme Raymond     Answered On: Dec 08

SPS V1, only use FQDN, no workaround for this

Answer #3    Answered By: Devika Bellad     Answered On: Dec 08

From the Esdtranet White paper:

Important You cannot access  the sharepoint  Portal Server computer by typing
its IP address and port number. For example, you cannot use
http:// /workspace_name or

Answer #4    Answered By: Diego Paul     Answered On: Dec 08

I've configured the extranet  access for my SPS server using the extranet
tool you find in sharepoint  resource kit, but when I try to access  the site
from extranet I get the host non found message.
My environment  is as follow:
a windows 2000 domain behind an ISA server; the ISA server has two nic
installed, one connected to the internal Lan and the other connected to
Internet. I've published  the SPS server on the ISA server following the
wizard of 'Web Publishing rule' (I know that Microsoft white paper says
that to map the external IP address of the SPS server to its internal IP
address you should use 'Server publishing rule' but that doesn't apply to
ISA server) and I added the external IP address of SPS server to the
external nic of the ISA server, the one connected to Internet. I also added
an entry in the Hosts file of the SPS server that points the internal IP
address of the server to its external FQDN.
The authentication in the extranet site is set to Basic. the proxy settings
are the following

Proxy Server = ISA_internal _IP_address:8080
Bypass List = *domain.local;external_FQDN;<local>
where external_FQDN is the external name of the SPS server and domain.local
is the internal FQDN of my windows 2000 domain.

An entry in the DNS panel had been added a long time ago (our DNS is managed
by our ISP) so that the FQDN could be rosolved to an IP address and if I do
a nslookup search the FQDN is resolved correctly to its public IP address.
So everything seems correct. My SPS server has windows 2000 service pack 3
and SPS service pack 2 installed.

Answer #5    Answered By: Denis Cantrell     Answered On: Dec 08

We have our share point open via internet.

We don't allow anonymous access  so everyone needs to login.

Now on most internet connections this works, but some external people at
specific sites don't get access. The get the login but whatever they
try, they can't get connected.

I suppose this has to do with the firewall at these sites, but I wonder,
is there anything I can do at our site?

I didn't do anything special on our site apart from setting up the
router to forward the port 80.

Answer #6    Answered By: Sarita Patel     Answered On: Dec 08

What type of authenitcation are you using - NTLM (Windows Integrated) or HTTP
Basic? If it's the former, it is probably being blocked by the firewalls of
those external folks as you suspected. Only way to fix is to either switch to
Basic (make sure you use SSL if you go this route to avoid sending credentials
in the clear) or talk the network administrators at each site that fails to
allow NTLM.

Answer #7    Answered By: Elias Cannon     Answered On: Dec 08
Answer #8    Answered By: Kartik Athani     Answered On: Dec 08

This is the firewall.. it has to do with NTLM authentication not being
carried. Your solutions are either HTTPS or basic authentication (basic
can be set on the sharepoint  site)

Didn't find what you were looking for? Find more on extranet access Or get search suggestion and latest updates.