On This PageThis chapter provides the procedures for deploying Microsoft® SharePoint™ Portal Server 2001 across an extranet. This chapter defines an extranet as intranet resources that are accessible from the Internet, usually through a firewall. These procedures apply to a SharePoint Portal Server computer with one network interface card (NIC). The extranet deployment is not supported for dual-homed servers. This chapter also defines the key terms used to describe deploying SharePoint Portal Server in an extranet environment, the various ways to access a workspace on your SharePoint Portal Server computer, and the tasks necessary to deploy SharePoint Portal Server in an extranet environment. Deployment Tasks 
The chapter organizes this procedure into multiple sections according to the tasks in the following list. Optional tasks are labeled as such. | • | Configure proxy settings on the server. Configure the proxy setting on the SharePoint Portal Server computer. | | • | DNS entry creation. Create a Domain Name System (DNS) entry. | | • | Web Site creation. Create a new Web site in Internet Information Services (IIS). | | • | Enable Web discussions. Enable discussions on the new Web site. | | • | Modify security settings. Modify the security settings on the new Web site. | | • | Configure proxy server settings. Configure the proxy server settings. | | • | Extranet testing from the Intranet. Test the extranet from the intranet. | | • | Extranet testing from the Internet. Test the extranet from the Internet. | | • | E-mail notifications. Specify the server URL to use in e-mail notifications. | | • | Secure Sockets Layer. Optionally, enable Secure Sockets Layer (SSL). | | • | Internal FQDN mapping. Optionally, specify an internal Fully Qualified Domain Name (FQDN) for the SharePoint Portal Server computer. | | • | Settings for crawling Web sites on the Internet. Optionally, enable SharePoint Portal Server to crawl sites on the Internet. | | • | Settings for crawling another SharePoint Portal Server site on the Internet. Optionally, enable SharePoint Portal Server to crawl another SharePoint Portal Server computer across the Internet. |
In addition to the tasks specified previously, the following sections are provided: | • | Troubleshooting. Includes information to assist you in diagnosing any configuration problems. | | • | Extranet features. Describes SharePoint Portal Server features available when you deploy the server across an extranet. |
Understanding Key TermsThis chapter uses following terms: | • | NetBIOS name. The network basic input/output system (NetBIOS) name is the computer name of your server. You can find the computer name on the Properties page of My Computer. Right-click My Computer, and then click Properties. On the Network Identification tab, click Properties. You can view the computer name of the server in Computer name. In this chapter, examples use a NetBIOS name of AdvWks. | | • | Internal domain name. The internal domain name is the domain name you use on your intranet. It can be the same as the external domain name, or it can be different. In this chapter, examples use an internal domain name of corp.adventure-works.com. | | • | Internal Fully Qualified Domain Name (FQDN). The internal FQDN is the name you want to use for the server on your intranet. It is in the form NetBIOS_name.internal_domain_name. Users must use the internal FQDN to access the server if you do not enable your network for Microsoft Windows® Internet Name Service (WINS) resolution, or if you do not configure the Domain Name System (DNS) to support NetBIOS throughout the domain. In this chapter, examples use an intranet FQDN of AdvWks.corp.adventure-works.com. | | • | External server name. The external server name (host name) is the name you use for the server on the extranet. If your internal and external domain names are the same, the external server name must be different from the NetBIOS name. Add this name to the external domain name to form the external FQDN. In this chapter, examples use an external server name of AdventureWorks. | | • | External domain name. The external domain name is the domain name you use on the extranet. It can be the same as the internal domain name, or it can be different. In this chapter, examples use an external domain name of adventure-works.com. | | • | External FQDN. The external FQDN is in the form external_server_name.external_domain_name. In this chapter, examples use an external FQDN of AdventureWorks.adventure-works.com. |
Internal and external FQDNs must be unique, as described here: | • | If the internal and external domain names are the same, for example, adventure-works.com, the external server name must differ from the NetBIOS name. For example, you could have AdventureWorks.adventure-works.com and AdvWks.adventure-works.com as the external and internal FQDNs, respectively. | | • | If the internal and external domain names are different, the external server name can be the same as the NetBIOS name. For example, you could have AdvWks.adventure-works.com and AdvWks.corp.adventure-works.com as the external and internal FQDNs, respectively. |
Accessing SharePoint Portal ServerThe following table shows different ways to access a workspace on your SharePoint Portal Server computer. Examples use a workspace name of Marketing. Workspace Access Points NetBIOS (computer name for the server) | http://server_name/workspace_name This is the way that you access SharePoint Portal Server out of the box. For example, use http://AdvWks/Marketing to access the workspace | Internal FQDN | http://NetBIOS_name.internal_domain_name/ workspace_name Example: http://AdvWks.corp.adventure-works.com/Marketing | External FQDN | http://external_server_name.external_domain_name/ workspace_name Example: http://AdventureWorks.adventure-works.com/Marketing | Internet Protocol (IP) address and port | Important You cannot access the SharePoint Portal Server computer by typing its Internet Protocol (IP) address and port number. For example, you cannot use http://10.0.0.X/ workspace_name or http://10.0.0.X:8080/workspace_name. |
Proxy Settings on the Server
The dashboard site uses a special server-side object called ServerXMLHTTP to make Hypertext Transfer Protocol (HTTP) requests. These requests are necessary to return the correct page to the client. The ServerXMLHTTP object has its own proxy settings. If the dashboard site is behind a proxy server, you must configure the ServerXMLHTTP object with the proxy server name to access data that is located beyond the intranet. The proxy settings are important when the dashboard site must access resources on a different server, such as when you use the Content management page to import new Web Parts. Note For more information about changing proxy settings on the server, see Chapter 11, "Installing SharePoint Portal Server." Specifying the Bypass ListWhen you configure the proxy settings on your server, you can specify a bypass list. This section reviews the most common options that you can choose. If the virtual directory for the workspace has NTLM enabled, you must set the proxy server and bypass list. The ServerXMLHTTP object attempts NTLM authentication against the virtual directory for the workspace. You can separate multiple bypass addresses with a semicolon. A bypass address is an address for which you do not want to use the specified proxy server. If You Are Using a Proxy ServerIf you are using a proxy server, run:
proxycfg –d –p proxy_name:port_number "root_domain_name;<local>"
In the preceding line, root_domain_name is the bypass address. Root_domain_name is the FQDN of the base root domain in which the computer is a member, with a wildcard exception prefixed to the root_domain_name. The bypass address is in the form *domain, such as *adventure-works.com. Include the brackets <> around local when you type the command. Example. If your proxy server name is Proxy1, the port number is 80, and you want to bypass the proxy server for the SharePoint Portal Server computer in the domain adventure-works.com, type proxycfg –d –p Proxy1:80 "*adventure-works.com;<local>" If You Are Not Using a Proxy ServerIf are not using a proxy server in your environment, you must specify a fake proxy server to force SharePoint Portal Server to use integrated Windows 2000 authentication. Integrated Windows 2000 authentication is most commonly used in an intranet environment. If you do not specify a fake proxy server, network components on your SharePoint Portal Server computer default to Basic authentication. As a result, SharePoint Portal Server does not work correctly. To configure a fake proxy server, you must configure both the dashboard site and Microsoft Internet Explorer. Note If you are using Basic or Anonymous authentication methods, you do not need to specify the proxy settings. To configure the proxy settings on your SharePoint Portal Server computer, run:
proxycfg -d -p fake_proxy_name:80 "*;<local>"
Example. If you do not have a proxy, specify any non-existent proxy and bypass for all addresses by using the wildcard (*). To do so, type:
proxycfg –d –p FakeProxy1234:80 "*;<local>"
Testing has indicated that this option works for most customers and that the preceding syntax should be used first, if you are not using a proxy. However, further options are provided later in this section. To configure the proxy settings for Internet Explorer:1. | Open Internet Explorer. | 2. | On the Tools menu, click Internet Options. | 3. | Click the Connections tab, and then click LAN Settings. | 4. | Select the Use a proxy server check box. | 5. | Type fake_proxy_name in Address. | 6. | Type 80 in Port. | 7. | Select the Bypass proxy server for local addresses check box. | 8. | Click Advanced. | 9. | In Exceptions, type one of the following:
"*root_domain_name" or "internal_FQDN"
For example, for a server with a NetBIOS name of AdvWks, you would type one of the following:
*adventure-works.com
or
AdvWks.corp.adventure-works.com
| 10. | To close the Proxy Settings dialog box, click OK. | 11. | To close the Local Area Network (LAN) Settings dialog box, click OK. | 12. | To close the Internet Options dialog box, click OK. | 13. | Restart the computer. |
Note You must configure the proxy settings for Internet Explorer on all client computers that access the server by using an FQDN (not the computer name) and integrated Windows 2000 authentication. You can configure all your client computers to use these proxy settings by using the Internet Explorer Administration Kit. If you do not configure each client computer, each user will be prompted for authentication for each session. If you are not using a proxy server, and if the configuration specified earlier does not work for you, you can run one of the following configurations as an option: | • | To prevent downloading of Web Parts from any site, including the Microsoft Web Part Gallery, run:
proxycfg –d –p fake_proxy_name:80 "<local>"
This setting enables NTLM on the computer and on the subnet mask. This setting has no known security issues because all traffic is local. | | • | To allow downloading of Web Parts from the Microsoft Web Part Gallery, run:
proxycfg –d –p fake_proxy_name:80 "*microsoft.com;<local>"
With this option, you can download Web Parts from the Microsoft Web Part Gallery. You cannot download Web Parts from any other site. This setting enables NTLM on the computer and on the subnet mask. This setting may increase the security vulnerability because traffic going to www.microsoft.com may send NTLM packets. This depends on the Internet service provider (ISP) configuration. In addition, it depends on whether the ISP enables ports to send and receive NTLM packets. | | • | To download Web Parts from any Web site, run:
proxycfg –d –p fake_proxy_name:80 "*;<local>"
This setting enables NTLM on the computer and on the subnet mask. With this option, you can send NTLM traffic to any site on the Internet. This depends on the ISP configuration. In addition, it depends on whether the ISP enables ports to send and receive NTLM packets. | | • | To run the computer directly on the extranet, run:
proxycfg –d
You cannot download Web Parts from any Web site. This setting enables NTLM only on the computer, not on the subnet mask. Some SharePoint Portal Server functionality may be disabled. You must create a new Web site in IIS that uses Basic authentication. NTLM remains enabled on the Default Web Site in IIS. For more information about creating a new Web Site in IIS, see the section, "Web Site Creation" later in this chapter. |
Caution Running a computer directly on the extranet with no proxy server has inherent security vulnerabilities, and is therefore not recommended. However, using Basic authentication with SSL enabled on the new Web site in IIS is the most secure SharePoint Portal Server configuration available when the computer runs directly on the extranet. Configuring the Proxy Settings on the ServerDuring the SharePoint Portal Server installation, the setup process automatically configures the proxy settings for ServerXMLHTTP by using the proxy settings specified for the server. If you need to change these proxy settings at some time after installation, or if you want to use SharePoint Portal Server across the extranet without a proxy server, use the following procedure. To configure the proxy settings:1. | On the Start menu, point to Programs, point to Accessories, and then click Command Prompt. | 2. | Change to the SharePoint Portal Server \Bin directory. For example, if you installed SharePoint Portal Server in the Installation directory on drive E, change to E:\Installation\Bin. If you installed SharePoint Portal Server on drive D under Program Files\SharePoint Portal Server, change to the following directory:
D:\Program Files\SharePoint Portal Server\Bin.
| 3. | To see the current proxy settings, type proxycfg. | 4. | To configure the proxy appropriately, type one of the options specified in the preceding section. | 5. | Restart the computer. |
Important SharePoint Portal Server does not support direct Internet connectivity out of the box. By default, SharePoint Portal Server is initially configured for use with a proxy server. DNS Entry Creation
You must create a DNS entry for the external server name. The procedure for this varies, depending on the DNS server software. If DNS is running on a computer running Windows 2000 Server, use the following procedure. For more information about DNS, see Appendix B, "For More Information." Before performing the following procedure, you must have a static external IP address that you can assign to your SharePoint Portal Server computer. This is not the same IP address as the static internal IP address for the server. You receive a range of static external IP addresses when you first establish Internet access through Network Solutions or through another company authorized by the Internet Corporation for Assigned Names and Numbers (ICANN). The external static IP address is used when you map the external static IP address to the internal static IP address on the proxy server to create a "server publish." For more information, see the "Proxy Server Settings" section later in this chapter. Note You should not need to create a DNS entry if the SharePoint Portal Server computer is on the Internet with no proxy server. If the server is directly on the Internet, the domain controller should already have an entry for the NetBIOS name. In this case, the NetBIOS name is also the external (host) name. To create a DNS entry on a Windows 2000 server:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click DNS. | 2. | Expand the node for one of the external DNS computers. | 3. | Expand the node for Forward Lookup Zones. | 4. | Right-click the correct zone file, and then click New Host. For example, if you are creating a DNS entry for the external server name of your SharePoint Portal Server computer, right-click adventure-works.com. | 5. | In Host, type the external server name. For example, if the external server name is AdventureWorks, type AdventureWorks. | 6. | In IP address, type the external static IP address of the SharePoint Portal Server computer. This is not the same as the static internal IP address for your server. | 7. | Select the Create associated pointer (PTR) record check box. | 8. | Click Add Host. | 9. | Click OK, and then click Done. | 10. | Replicate to all DNS computers or wait 15-30 minutes for replication. |
Web Site Creation
You must create a new Web site for each authentication model that you want to use. For example, if you want to have both Anonymous access and Basic authentication, you must create two Web sites. On one Web site, you specify Anonymous access, and on the other site, you specify Basic authentication. Note You should not modify settings on the Default Web Site. Specifically, SharePoint Portal Server requires the Default Web Site to use port 80 as the TCP port. Do not change the port to an alternative HTTP port (such as 8000 or 8080) after installation. Ensure that you specify port 80 and that it remains the primary port for the server. To create a new Web site:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Right-click the name of the SharePoint Portal Server computer, point to New, and then click Web Site. The Web Site Creation Wizard appears. | 4. | Click Next, and then follow the instructions in the wizard. | 5. | On the Web Site Description page, type a description of the Web site, and then click Next. The description appears in the tree view of the console. For example, if you want to use this Web site to provide Anonymous access, you could type AdventureWorksAnon as the description. | 6. | On the IP Address and Port Settings page, complete the following steps: | • | Select the IP address. Do not select (All Unassigned). | | • | Type 80 for the TCP port number. | | • | Type the external FQDN as the host header. The host header is of the form external_server_name.external_domain_name. For example, if the external server name for your SharePoint Portal Server computer is AdventureWorks, and the external domain name is adventure-works.com, you would type AdventureWorks.adventure-works.com as the host header. | | • | Click Next. |
| 7. | On the Web Site Home Directory page, complete the following steps: | • | Type the path for your home directory. Important It is strongly recommended that the home directory be under the Inetpub directory. For example, the path can be C:\Inetpub\AdventureWorks. For more information about creating a default Web page, see the section "Extranet Testing from the Intranet" later in this chapter. | | • | If you do not want to allow Anonymous access to SharePoint Portal Server, clear the Allow anonymous access to this Web site check box. For detailed information about specifying security on the new Web site, see the section "Security Settings" later in this chapter. | | • | Click Next. |
| 8. | On the Web Site Access Permissions page, click Next. Do not change the default access permissions. | 9. | Click Finish. The new Web site appears. | 10. | Expand Default Web Site, and then note the following five virtual directories (nodes on the tree): Exchweb, SharePoint Portal Server, Public, MSOffice, and YourWorkspace, where YourWorkspace represents the name of the virtual directory for your workspace. Write down the local path for each virtual directory, or use copy and paste while performing the steps. You need this path to complete the following steps. For example, if you name your workspace Marketing, look at the Marketing virtual directory. | 11. | Note To find the local path, complete these steps for each of the five virtual directories. | • | Right-click the virtual directory, and then click Properties. | | • | On the Virtual Directory tab, note or copy the path shown in Local Path. | | • | Close the Properties page. |
| 12. | Right-click the new Web site that you created in steps 3 through 9, point to New, and then click Virtual Directory. The Virtual Directory Creation Wizard appears. | 13. | Click Next, and then follow the instructions in the wizard. | 14. | On the Virtual Directory Alias page, type Exchweb in Alias, and then click Next. | 15. | On the Web Site Content Directory page, type or paste the path for Exchweb from step 10 in Directory, and then click Next. | 16. | On the Access Permissions page, click Next. Do not change the default access permissions. | 17. | Click Finish. | 18. | To create a virtual directory for SharePoint Portal Server, Public, MSOffice, and YourWorkspace, where YourWorkspace represents the name of the virtual directory for your workspace, repeat steps 11 through 16. Important The names of the new virtual directories must exactly match the names of the original virtual directories under the Default Web Site. Do not rename the virtual directories. | 19. | After creating the virtual directories, for the Public and YourWorkspace virtual directories on the new Web site that you created, use the following procedure: | • | Right-click the virtual directory, and then click Properties. | | • | Click the Virtual Directory tab. | | • | In Application Protection, select Low (IIS Process). | | • | On the Virtual Directory tab, click Configuration. | | • | On the App Mappings tab, click Add. | | • | In Executable, type the path to the msdmisap.dll file. You can also browse to the msdmisap.dll file. By default, this file is located in the SharePoint Portal Server \Bin directory. For example, if you installed SharePoint Portal Server to Program Files\SharePoint Portal Server, this file is in Program Files\SharePoint Portal Server\Bin. Important In Executable, ensure that path entered follows the 8.3 naming convention. For example, if the msdmisap.dll file is in the Program Files\SharePoint Portal Server\Bin directory on drive D, type the path in Executable as the following:
D:\Progra~1\ShareP~1\Bin\msdmisap.dll
| | • | In Extension, type * and then click OK. | | • | Clear the Check that file exists check box. | | • | To close Application Configuration, click OK. | | • | To close the Properties page, click OK. |
| 20. | For the YourWorkspace virtual directory on the Web site that you created, use the following procedure: | • | Right-click the virtual directory, and then click Properties. | | • | On the Virtual Directory tab, select the Write check box. | | • | Click the HTTP Headers tab, and then click Add. | | • | In Custom Header Name, type MicrosoftTahoeServer. | | • | In Custom Header Value, type 1.0. | | • | Click OK. | | • | To close the Properties page, click OK. |
| 21. | For the MSOffice virtual directory on the Web site that you created, complete the following steps: | • | Right-click the virtual directory, and then click Properties. | | • | Click the Virtual Directory tab. | | • | In Execute Permissions, click Scripts and Executables. | | • | To close the Properties page, click OK. |
| 22. | Right-click YourVirtualWeb, where YourVirtualWeb is the name of the new Web site you just created, and then click Start. Note If the computer already started YourVirtualWeb, omit this step. | 23. | Restart the server. |
Web Discussions
To use Web discussions on your SharePoint Portal Server computer from the extranet, you must modify the registry. You can use Web discussions to discuss a document with other users. Web discussions allow users to add remarks about a document without modifying the document. Discussions are threaded, which means that replies to a discussion remark appear directly underneath the original remark. In addition, multiple discussions about the same document can occur simultaneously. SharePoint Portal Server consolidates comments in a single location, allowing you to review them easily. For detailed information about using Web Discussions with SharePoint Portal Server, see Chapter 10, "Planning for Web Discussions." To enable discussions on the new Web site:1. | On the Start menu, click Run. | 2. | Type regedit and then click OK. Caution Incorrectly editing the registry may severely damage your system. Back up the current version of the registry before making any changes. You should also back up any valued data on the computer. | 3. | In Registry Editor, move to HKEY_LOCAL_MACHINE \SOFTWARE Microsoft\Office\9.0\Web Server\1. | 4. | On the Registry menu, click Export Registry File. | 5. | Save the file as EnableDiscussions on your desktop. | 6. | Move to HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Office \9.0\Web Server\1. | 7. | Right-click 1, and then click Rename. | 8. | Type number and then press ENTER. Number is determined from the following procedure: | • | On the Start menu, point to Programs, point to Accessories, and then click Command Prompt. | | • | Move to the directory where adsutil.vbs is located. Typically, this is in the Inetpub\AdminScripts directory on the operating system drive. | | • | Type cscript adsutil.vbs enum W3SVC/number, where number is 1, 2, etc. Type each number in order until the properties display the name of the new Web site. Typically, W3SVC/1 is the Default Web Site, W3SVC/2 is the Administration Web Site, and W3SVC/3 is the new Web site. If W3SVC/3 is the new Web site, type 3 as number when renaming the registry key in this step. |
| 9. | Click Web Server. | 10. | On the Registry menu, click Import Registry File. | 11. | Import EnableDiscussions that you saved to the desktop previously. | 12. | Click OK. | 13. | Click 3, right-click Server Root Url in the right pane, and then click Modify. | 14. | In Value data, type the external FQDN of the server, and then click OK. For example, type http://AdventureWorks.adventure-works.com. | 15. | Close Registry Editor. | 16. | Restart the server. |
Security Settings
By default, SharePoint Portal Server uses NTLM authentication (on the Default Web Site in IIS). To use SharePoint Portal Server on the extranet, you must modify the security settings on the new Web site to Basic authentication or Anonymous access. Caution Do not specify both Basic authentication and Anonymous access on the same Web site. If you want Basic authentication and Anonymous access, create two Web sites. If you want to use Basic authentication and Anonymous access, configure the security settings as follows: | • | For the Default Web Site in IIS, leave the default of NTLM authentication. | | • | Create a new Web Site in IIS and specify Basic authentication access. | | • | Create a second new Web Site in IIS and specify Anonymous access. |
SharePoint Portal Server does not support both NTLM and Anonymous authentication on the same Web site. If you modify the security setting to Anonymous access, users cannot create subscriptions from the dashboard site. Caution Do not run the Windows 2000 Internet Server Security Tool after installing SharePoint Portal Server. Running this tool may disable the dashboard site. To modify the security settings on the new Web site:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Right-click YourVirtualWeb, where YourVirtualWeb is the name of the new Web site you created, and then click Properties. | 4. | Click the Directory Security tab. | 5. | In Anonymous access and authentication control, click Edit. | 6. | In Authentication Methods, select the authentication method you want for the new Web site: | • | To enable Anonymous access, select the Anonymous access check box. Clear all other check boxes. Do not specify both Anonymous access and Basic authentication on the same Web site. | | • | To enable Basic authentication, select the Basic authentication (password is sent in clear text) check box, and then click Yes when prompted. Clear all other check boxes. Do not specify both Basic authentication and Anonymous access on the same Web site. Note All information, including passwords, sent over the Internet is in a readable format. To secure your transmissions, use SSL. For more information about SSL, see the section "Secure Sockets Layer" later in this chapter. |
| 7. | Click OK. | 8. | To close the Properties page, click OK. |
If you use Anonymous access, you must also assign the Internet Guest Access account to the reader role on each workspace for which you want Anonymous access. If you are configuring Basic authentication only, you do not need to assign the Internet Guest Access account to the reader role. To assign the Internet Guest Access account to the reader role:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click SharePoint Portal Server Administration. | 2. | In the console tree, click to expand the server, and then select the workspace. | 3. | On the Action menu, click Properties. You can also right-click the workspace name, and then click Properties on the shortcut menu. | 4. | Click the Security tab. | 5. | Click Add. | 6. | From Select Users or Groups, select the name of your server from Look in. | 7. | From the list of names, select the name IUSR_server_name, where server_name is the NetBIOS name of your server. | 8. | Click Add, and then click OK. | 9. | Click Apply. SharePoint Portal Server adds the account to the Reader role. |
If you close the Properties page, open it, and then click the Security tab, SharePoint Portal Server lists the account you just entered as Internet Guest Account. Important SharePoint Portal Server licensing requires that all devices accessing the server have a valid license. Nothing in this chapter waives or modifies any rights or requirements under the end user license agreement or other applicable license agreement for SharePoint Portal Server. Proxy Server Settings
If you want to use SharePoint Portal Server across the extranet and you have a proxy server, you must: | • | Ensure that you add the external IP address of your SharePoint Portal Server computer to the proxy server. | | • | Map the internal static IP address of the server to an external static IP address. Microsoft Internet Security and Acceleration (ISA) Server 2000 calls this server publishing. The proxy server must pass permissions through and must not modify the host header file. |
If you are not using ISA Server, you must configure your proxy server as follows: | • | The proxy server must allow password and authentication information to pass through to the SharePoint Portal Server computer inside the firewall. | | • | The host header name must stay intact when passing through. | | • | Do not use SSL bridging. |
Before performing the following procedures, you must know the static external IP address that is assigned to your SharePoint Portal Server computer. This is not the same IP address as the static internal IP address for the server. You must also have a subnet mask. You receive a range of static external IP addresses and a subnet mask when you first establish Internet access through Network Solutions or through another company authorized by the ICANN. The following procedures apply if you are using ISA Server as your proxy server. Note that the following steps assume that you have already enabled the firewall and reverse proxy for ISA Server. Additionally, your ISA Server must allow internal users to access the Internet by using the proxy server without authentication. If you have a proxy server that requires a server to provide authentication to access the Internet from your intranet, you cannot download a Web part from the Internet. This is because the ServerXMLHTTP object cannot access the Internet if authentication is required. To ensure that the external static IP address of your server is added to the proxy server:1. | On the desktop on the proxy server, right-click My Network Places, and then click Properties. | 2. | Right-click the NIC that is connected to the Internet, and then click Properties. | 3. | Under Components checked are used by this connection, click Internet Protocol (TCP/IP), and then click Properties. | 4. | Click Advanced. | 5. | Under IP addresses, scroll through the list of IP address to ensure that it lists the external static IP address for the SharePoint Portal Server computer. This external static IP address is the same one used to create the DNS entry for the server. | 6. | If the IP address appears in the list, no further action is required. If the external static IP address does not appear in the list of IP addresses, you must complete steps 7 through 12. | 7. | Click Add. The TCP/IP Address dialog box appears. | 8. | In IP address, type the external static IP address. | 9. | In Subnet mask, type the subnet mask for the IP address. | 10. | Click Add to close the TCP/IP Address dialog box, and then click OK. | 11. | Click OK, and then click OK again to close the Properties page. | 12. | Restart the server. |
You have now successfully added the external static IP address of your server to the proxy server. To map an external IP address to an internal IP address:1. | On the Start menu, point to Programs, point to Microsoft ISA Server, and then click ISA Management. | 2. | Expand Servers and Arrays. | 3. | Expand the name of your proxy server. | 4. | Expand Publishing. | 5. | Right-click Server Publishing Rules, point to View, and then click Taskpad. | 6. | Click Publish a Server. The New Server Publishing Rule Wizard appears. | 7. | In Server publishing rule name, type a name to identify the new publishing rule, and then click Next. | 8. | On the Address Mapping page, type the internal static IP address of the server in IP address of internal server. | 9. | On the Address Mapping page, type the external static IP address in External IP address on ISA Server. | 10. | Click Next. | 11. | On the Protocol Settings page under Apply the rule to this protocol: | • | Select HTTP Server if you have not enabled SSL. | | • | Select HTTPS Server if you have enabled SSL. Note You must enable these protocols on the proxy server. For procedures used to enable the protocols, see the documentation for your proxy server. |
| 12. | Click Next. | 13. | On the Client Type page, click Any request, and then click Next. | 14. | Click Finish. | 15. | Double-click the rule you just created, and on the General tab, ensure that you select the Enable check box. Note It may take up to 15 minutes for the mapping to be effective. If the mapping has not become effective after 15 minutes, perform steps 16 through 24. | 16. | On the Start menu, point to Programs, point to Microsoft ISA Server, and then click ISA Management. | 17. | Expand Servers and Arrays. | 18. | Expand the name of your proxy server. | 19. | Expand Monitoring. | 20. | Right-click Services, point to View, and then click Taskpad. | 21. | Select the Web proxy service, and then click Stop a Service. | 22. | Select the Firewall service, and then click Stop a Service. | 23. | Select the Web proxy service, and then click Start a Service. | 24. | Select the Firewall service, and then click Start a Service. |
If the mapping has not taken effect within 30 minutes after this procedure, restart the proxy server. Extranet Testing from the Intranet
Use this procedure to confirm that you have set up your server correctly to access it from the extranet. Important Perform the following procedure from the server. To test the extranet from your intranet:1. | Create a test file in the home directory for the new Web site: | • | Create default.htm and place it in the home directory. Your home directory should be under the Inetpub directory. For example, the home directory can be C:\Inetpub\AdventureWorks. | | • | Type some text in default.htm and save the file. For example, type <H1>some text, such as the external FQDN</H1>. |
| 2. | Create an entry in the hosts file on the server: | • | Move to the hosts file. Typically, this file is located in WINNT\system32\drivers\etc on the operating system drive. | | • | Open the hosts file in Microsoft Notepad. | | • | Add the SharePoint Portal Server computer (internal static) IP address along with the external name of your server to the hosts file. For example, add 10.0.0.X AdventureWorks.adventure-works.com. | | • | Save the file. |
| 3. | Modify the proxy settings for Internet Explorer on the server: | • | Open Internet Explorer. | | • | On the Tools menu, click Internet Options. | | • | Click the Connections tab, and then click LAN Settings. | | • | Select the Use a proxy server and Bypass proxy server for local addresses check boxes. | | • | Type the address and port number for the proxy server, and then click Advanced. | | • | In Do not use proxy server for addresses beginning with, type *root_domain_name and then click OK. For example, if the root domain is adventure-works.com, you type *adventure-works.com. | | • | Click OK, and then click OK to close Internet Options. |
| 4. | In Internet Explorer, type http://external_server_name.external domain name in Address. You should see the text that you typed in default.htm. For example, if you typed AdventureWorks in default.htm, AdventureWorks displays. |
If you can access the server, you have specified the external FQDN correctly. If you cannot access the server, ensure that the Web site started. To ensure that the Web site started:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Right-click YourVirtualWeb, where YourVirtualWeb is the name of the new Web site you created, and then click Start. |
If you still cannot access the server, see the section "Troubleshooting" later in this chapter. After you successfully access the extranet from your intranet, you should test access from the Internet. Extranet Testing from the Internet
Use this procedure to confirm that you have set up your server correctly to access it from the Internet. Important Perform the following procedures from a computer that is not connected to your corporate LAN or WAN, either directly or by dialing in to the network. To test the extranet from the Internet: 1. | From the computer connected to the Internet through an ISP, type http://external_FQDN. For example, type http://AdventureWorks.adventure-works.com. The default Web page (default.htm) that you created in the previous section should appear. | 2. | If the default Web page appears, type http://external_FQDN/workspace_name For example, type http://AdventureWorks.adventure-works.com/Marketing. The dashboard site for the Marketing workspace appears. |
If you cannot access the dashboard site, see the section "Troubleshooting" later in this chapter. E-Mail Notifications
SharePoint Portal Server sends e-mail notifications for document approval requests and subscription notifications. The URLs in the notification mails can use the NetBIOS name, the internal FQDN, or the external FQDN of the server. If you are using FQDN without WINS, SharePoint Portal Server cannot automatically choose which form of the server name is appropriate for a particular e-mail recipient. For example, assume you are in one domain and you approve a document by accessing the document through the NetBIOS name. The next person to receive the approval e-mail is in another domain (either a parent domain or another domain entirely). The link this person receives in the approval e-mail contains the NetBIOS name for the link (href). Because the recipient is in another domain, the name used in the link does not resolve and the recipient cannot access the document by clicking the link. SharePoint Portal Server allows administrators to control the form of the name by adding a property to the folder that contains all the workspaces on the server. You can edit this property by using Web Storage System Explorer in the Web Storage System Software Development Kit (SDK). For more information about the Web Storage System SDK, see Appendix B, "For More Information." The administrator can specify that the URL use the internal FQDN or the external FQDN. | • | If you specified the external FQDN, users on both the intranet and the extranet need to use Basic authentication or SSL, depending on how you configure the server. In addition, each user must modify the hosts file on her computer, or the network infrastructure must be able to resolve the external name and force the user out to the Internet and back into the intranet through the proxy. | | • | If you specified the internal FQDN, everyone on the intranet can click any links sent. However, users on the extranet receive an error when they attempt to click the link in the subscription or approval e-mail. If you have a small percentage of extranet users, you might choose to specify the internal FQDN so that the majority of your users do not need to modify the hosts file. |
To specify the URL of the server name:1. | Open Web Storage System Explorer. | 2. | Connect to http://NetBIOS_name/SharePoint Portal Server/workspaces: | • | Type username. | | • | Type password. | | • | In Web Storage System URL, type http://NetBIOS_name/SharePoint Portal Server/workspaces. For example, to connect to a server named AdvWks, type http://AdvWks/SharePoint Portal Server/workspaces. |
| 3. | Click the node for http://NetBIOS_name/SharePoint Portal Server/workspaces to display its schema detail view. | 4. | Right-click in Detail View, and then click Add Property. | 5. | In Add Property: | • | In Name, type urn:schemas-microsoft-com:publishing:ServerUrl Important The property name is case-sensitive. Type the property name exactly as specified. | | • | In Datatype, select string. | | • | If you always want to use the NetBIOS name in e-mail, in Value, type http://NetBIOS_name. If you always want to use the internal FQDN in e-mail, type http://internal_FQDN. If you always want to use the external FQDN in e-mail, type http://external_FQDN. | | • | Click OK. |
| 6. | Close Web Storage System Explorer. | 7. | Restart MSSearch. To do so: | • | On the Start menu, point to Programs, point to Administrative Tools, and then click Services. | | • | Right-click Microsoft Search, and then click Restart. |
|
Secure Sockets Layer
If you want to secure your transmissions over the extranet, you must enable SSL. After enabling SSL, you must access the workspace by using https://external_server_name.external_domain_name/workspace_name. You should ensure that http:// is working properly before enabling SSL. Enabling SSL requires several steps: | • | Request a new certificate, and then submit the text file that you generated to your SSL vendor. | | • | Install the certificate file that you receive from your vendor. | | • | Assign a certificate. | | • | Specify the secure bindings value. | | • | Remove port 443 from multiple SSL identities. | | • | Require SSL. |
The following procedures provide the steps for completing this process. To request a new certificate:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Right-click YourVirtualWeb, where YourVirtualWeb is the name of the new Web site you created, and then click Properties. | 4. | Click the Directory Security tab, and then click Server Certificate under Secure communications. The Welcome to the Web Server Certificate Wizard appears. | 5. | Click Next. | 6. | Click Create a New Certificate, and then click Next. | 7. | Click Prepare the request now, but send it later, and then click Next. | 8. | In Name, type YourVirtualWeb where YourVirtualWeb is the name of your new Web site. | 9. | In Bit length, select 512 or 1024. For server performance, it is recommended that you select 512. | 10. | If required, select the Server Gated Cryptography (SGC) certificate (for export versions only) check box. Important It is recommended that you do not change the default (the check box is not selected). | 11. | Click Next. | 12. | Type your organization's information on the Organization Information page, and then click Next. | 13. | In Common name, type the external FQDN of your server (which includes the domain name), and then click Next. For example, type AdventureWorks.adventure-works.com. | 14. | Type your geographical information on the Geographical Information page, and then click Next. | 15. | Specify a file name for the certificate request, and then click Next. | 16. | On the Request File Summary page, click Next. | 17. | Click Finish. | 18. | Click OK to close the Properties page. |
You have now completed the certificate request process. Submit the text file that you generated to your SSL vendor. After you receive the certificate file from your vendor, you must install the certificate. To install the certificate that you receive from your vendor:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Right-click YourVirtualWeb, where YourVirtualWeb is the name of the new Web site you created, and then click Properties. | 4. | Click the Directory Security tab, and then click Server Certificate under Secure communications. The Welcome to the Web Server Certificate Wizard appears. | 5. | Click Next. | 6. | Click Process the pending request and install the certificate, and then click Next. | 7. | Specify the path and file name for the certificate file on the Process a Pending Request page, and then click Next. | 8. | On the Certificate Summary page, click Next. | 9. | Click Finish. | 10. | Click OK to close the Properties page. |
To assign a certificate to the Default Web Site:This step enables you to remove port 443 from Multiple SSL identities for this Web Site in a later step. If you do not remove port 443, SharePoint Portal Server may experience unexpected behaviors because the Default Web Site and any new Web sites you create are trying to use port 443. 1. | Right-click Default Web Site, and then click Properties. | 2. | Click the Directory Security tab, and then click Server Certificate under Secure communications. The Welcome to the Web Server Certificate Wizard appears. | 3. | Click Next. | 4. | Click Assign an existing certificate, and then click Next. | 5. | On the Available Certificates page, select a certificate, and then click Next. | 6. | On the Certificate Summary page, click Next. | 7. | Click Finish. | 8. | To close the Properties page, click OK. |
To specify the secure bindings value to include the host header for the new Web site:1. | On the Start menu, point to Programs, point to Accessories, and then click Command Prompt. | 2. | Move to the directory where adsutil.vbs is located. Typically, this is in the Inetpub\AdminScripts directory on the operating system drive. | 3. | Type cscript adsutil.vbs set W3SVC/number/securebindings "IP_address_of_the_server:443:external_FQDN_in_lowercase" where number is the number for YourVirtualWeb. Typically, W3SVC/1 is the Default Web Site, W3SVC/2 is the Administration Web Site, and W3SVC/3 is the new Web site. To find the number, you can type cscript adsutil.vbs enum W3SVC/number until you find the number for YourVirtualWeb. Type each number in order until the properties display the name of YourVirtualWeb. |
If you do not remove port 443 from Default Web Site, SharePoint Portal Server may experience unexpected behaviors because the Default Web Site and any new Web sites you create are trying to use port 443. To remove port 443 from Multiple SSL identities for this Web Site on the Default Web Site:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Right-click Default Web Site, and then click Properties. | 4. | On the Web Site tab, click Advanced. The Advanced Multiple Web Site Configuration dialog box appears. | 5. | In Multiple SSL identities for this Web Site, click the IP address for SSL port 443, and then click Remove. | 6. | To close the Advanced Multiple Web Site Configuration dialog box, click OK. | 7. | To close the Properties page, click OK. |
To require SSL:You must choose to require SSL before you can access SharePoint Portal Server by using https://. 1. | Right-click YourVirtualWeb, and then click Properties. | 2. | On the Directory Security tab, under Secure communications, click Edit. | 3. | Select the Require secure channel (SSL) check box, and then click OK. | 4. | To close the Properties page, click OK. Important After completing these procedures, restart the server. |
You should now test access to the extranet from your intranet by using https:// instead of http://. Internal FQDN Mapping
If you want to use SharePoint Portal Server on your intranet with an internal FQDN, you must map the internal FQDN of the server to an IP address. If you do not want to enable internal FQDN support, you can skip this section. To map the SharePoint Portal Server computer name to an IP address:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Right-click Default Web Site, and then click Properties. | 4. | On the Web Site tab, click Advanced. The Advanced Multiple Web Site Configuration dialog box appears. Important Do not remove (All Unassigned) from port 80 under Multiple identities for this Web Site. | 5. | Map the internal FQDN for the server to an IP address: | • | Click Add. The Advanced Web Site Identification dialog box appears. | | • | Select your IP address from IP Address. Do not select (All Unassigned). | | • | Type 80 in TCPPort. | | • | Type the internal FQDN for the server in Host Header Name, and then click OK. The internal FQDN is of the form NetBIOS_name.internal_domain_name. For example, if the NetBIOS name for your SharePoint Portal Server is AdvWks, and the internal domain name is corp.adventure-works.com, you would type AdvWks.corp.adventure-works.com as the host header name. |
| 6. | To close the Advanced Multiple Web Site Configuration dialog box, click OK, and then to close the Properties page, click OK. |
If your network does not natively support FQDN, you are running WINS, or users experience errors navigating to the dashboard site by using FQDN, each user and the server administrator must perform an additional step. | • | Users must configure proxy server settings for the browser to bypass the proxy server for local addresses on each client computer accessing the dashboard site. | | • | The server administrator must configure the proxy settings for Internet Explorer on the SharePoint Portal Server computer to include the domain of the local computer on the bypass list. |
Each user and the server administrator can configure the proxy server settings by using the following procedure. This procedure applies when your browser is Internet Explorer 5. To do this on other browsers, consult the browser documentation. To configure Internet Explorer 5 to bypass the proxy server for local addresses:1. | Close all current Internet Explorer 5 windows and Microsoft Windows Explorer windows. | 2. | On the SharePoint Portal Server computer, Start menu, point to Settings, and then click Control Panel. | 3. | Double-click Internet Options. The Internet Properties dialog box appears. | 4. | On the Connections tab, click LAN Settings. | 5. | Select the Use a proxy server and Bypass proxy server for local addresses check boxes. | 6. | Specify the address and port number of the proxy server, and then click Advanced. | 7. | In Do not use proxy server for addresses beginning with, type *domainwhere domain is the domain of your SharePoint Portal Server. For example, if the domain is adventure-works.com, type *adventure-works.com | 8. | Click OK, and then to close the remaining dialog boxes, click OK again. |
Settings for Crawling Web Sites on the Internet
If you want SharePoint Portal Server to crawl Web sites on the Internet, it is recommended that you modify the time-out settings both for connecting to a Web site or server and for waiting for request acknowledgment. Specify 60 seconds for the wait time for connecting to a Web site or server, and specify 30 seconds for the wait time for request acknowledgment from a Web site or server. You can modify these settings from SharePoint Portal Server Administration. If you have a proxy server that requires authentication to access the Internet from your intranet, SharePoint Portal Server cannot crawl sites on the Internet. To modify the time-out settings:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click SharePoint Portal Server Administration. | 2. | In the console tree, select SharePoint Portal Server computer. | 3. | On the Action menu, click Properties. You can also right-click the server name, and then click Properties on the shortcut menu. | 4. | Click the Load tab. | 5. | In Number of seconds to wait for a connection, type 60. | 6. | In Number of seconds to wait for request acknowledgment, type 30. | 7. | Click Apply. |
Depending on the connection speed and other factors, such as Internet loss, Internet latency, and Internet jitter, you may need to increase the previous settings. Settings for Crawling Another SharePoint Portal Server Site on the Internet
There may be instances when you want to expose your server, by using HTTP, to the Internet to allow other sites to crawl your server. The instructions in this section enable a SharePoint Portal Server computer with access to the Internet to crawl another SharePoint Portal Server computer across the Internet. Currently, SharePoint Portal Server only supports HTTP crawling. HTTPS crawling is not supported. SharePoint Portal Server cannot use the default content access account to access another SharePoint Portal Server over the Internet. You can only specify an NTLM trusted domain account as the default content access account, and you cannot use NTLM for Internet crawls. You must specify an access account for the site path to the SharePoint Portal Server you want to crawl. Important If the workspace you want to crawl has enabled Anonymous access (the Internet Guest Account is assigned to the reader role on the workspace), you do not need to use Basic authentication and do not need to perform the following procedure. You need only create a content source to the workspace on the other server. For information about assigning the Internet Guest Account to the reader role on a workspace, see the section, "Security Settings" earlier in this chapter. To configure the server to crawl another SharePoint Portal Server computer across the Internet:1. | Navigate to the Content Sources folder located in the Management folder in the workspace. | 2. | Double-click Additional Settings. | 3. | On the Rules tab, click Site Paths. | 4. | Click New. The Create New Site Path Rule dialog box appears. | 5. | In Path, type the URL to the SharePoint Portal Server to be crawled. The URL must be the external FQDN of the server. | 6. | Click Include this path, and then click Options. The Options dialog box appears. | 7. | Click Account. The Account Information dialog box appears. | 8. | Under Account, specify the account information for the account that is valid for Basic authentication. | 9. | Under Authentication type, click Basic authentication (password is sent in clear text). | 10. | To close the Account Information dialog box, click OK, and then to close the Options dialog box, click OK. | 11. | To close the Create New Site Path Rule dialog box, click OK, and then, to close the Site Paths dialog box, click OK. | 12. | If prompted to start a full update, click Yes. | 13. | Click OK. |
After completing the preceding steps, create a content source to the workspace on the SharePoint Portal Server computer that you want to crawl. Troubleshooting
This section describes specific error messages or issues you may encounter when deploying SharePoint Portal Server across an extranet. It also provides suggestions for how to address each issue. Features Do Not FunctionFor a table showing features of SharePoint Portal Server that are available when you deploy the server across an extranet, see the section "Extranet Features" earlier in this chapter. Server Access DeniedIf you cannot access the server, ensure that you have specified security on the new Web site. Until you specify either Anonymous access or Basic authentication, you cannot access the server from the extranet. Error 401If you have specified Anonymous access on the new Web site, you may receive error 401 (Unauthorized) when attempting to access the dashboard site. If this happens, ensure that the Internet Guest Access account is a reader on the hidden Portal folder in the workspace. For the procedure to add the Internet Guest Account as a reader on the workspace, see the section "Security Settings" earlier in this chapter. Note If the Portal folder in the workspace does not inherit the security settings of the parent folder, you must add the Internet Guess Access account as a reader on the Portal folder. Error 424If you receive error 424 when attempting to access the dashboard site, try the following: | • | Restart IIS Admin Service or restart the SharePoint Portal Server computer. Possible cause: you did not restart the server after configuring the proxy settings. | | • | Ensure that you are typing http://external_FQDN/workspace_name (or https:// if you enabled SSL). Possible cause: from the server, you are typing http://localhost/workspace_name for the URL. By default, SharePoint Portal Server does not support localhost out of the box. |
You may receive error 424 when trying to navigate to the dashboard site by using HTTPS, but you might not receive the error when using HTTP. In this case, on the new Web site, ensure that you specify IIS Application Protection as low for the virtual directory for the workspace. To specify IIS Application Protection:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Expand YourVirtualWeb, where YourVirtualWeb is the name of the new Web site you created. | 4. | Right-click YourWorkspace under YourVirtualWeb, where YourWorkspace represents the name of the virtual directory for your workspace, and then click Properties. | 5. | Click the Virtual Directory tab. | 6. | In Application Protection, select Low (IIS Process). | 7. | Click OK. |
Error 500If you receive error 500 (internal server error) on the dashboard site, ensure that you have not selected the Check that file exists check box when configuring the Public and YourWorkspace virtual directories on the new Web site. If the Check that file exists check box is selected, clear the check box, and then restart IIS Admin Service. To restart the IIS Admin Service:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Serve computer. | 3. | Expand the node for the new Web site that you created. | 4. | For the Public and YourWorkspace virtual directories on the new Web site that you created: | • | Right-click the virtual directory, and then click Properties. | | • | On the Virtual Directory tab, click Configuration. | | • | On the App Mappings tab, select the entry for the * extension displaying the path to msdmisap.dll, and then click Edit. | | • | Clear the Check that file exists check box. | | • | Click OK, and then to close Application Configuration, click OK again. | | • | To close the Properties page, click OK. |
| 5. | Restart IIS Admin Service. |
Error 503If you attempt to access the dashboard site and you receive error 503 (Service Unavailable), the server is restarting and the services have not yet started. Wait several minutes and try accessing the dashboard site again. Error 519If you receive error 519 when attempting to discuss a document, ensure that you have enabled discussions on the new Web site. To use Web discussions on your SharePoint Portal Server computer from the extranet, you must modify the registry. For the procedure to modify the registry, see the section "Web Discussions" earlier in this chapter. For detailed information about using Web discussions with SharePoint Portal Server, see Chapter 10, "Planning Web Discussions." Unable to Map Web Folder to WorkspaceIf you are unable to map a Web folder to the workspace, ensure that you have not selected the Check that file exists check box when configuring the Public and YourWorkspace virtual directories on the new Web site. If the Check that file exists check box is selected, clear the check box and restart IIS Admin Service. To restart the IIS Admin Service:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Serve computer. | 3. | Expand the node for the new Web site that you created. | 4. | For the Public and YourWorkspace virtual directories on the new Web site that you created: | • | Right-click the virtual directory, and then click Properties. | | • | On the Virtual Directory tab, click Configuration. | | • | On the App Mappings tab, select the entry for the * extension displaying the path to msdmisap.dll, and then click Edit. | | • | Clear the Check that file exists check box. | | • | Click OK, and then to close Application Configuration, click OK again. | | • | To close the Properties page, click OK. |
| 5. | Restart IIS Admin Service. |
Discussion ErrorIf you see a server execution or server unavailable error inside a discussion panel, ensure that the execute permissions are set to Scripts and Executables on the virtual directory for MSOffice on the new Web site. To set permissions on the virtual directory:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Expand the node for YourVirtualWeb, where YourVirtualWeb is the name of the new Web site you created. | 4. | Right-click the MSOffice virtual directory, and then click Properties. | 5. | Click the Virtual Directory tab. | 6. | In Execute Permissions, select Scripts and Executables. | 7. | To close the Properties page, click OK. |
Script Execution ErrorIf you receive a script execution error, the custom header name (MicrosoftTahoeServer) for the new Web site is either not specified or specified incorrectly. For information about specifying the custom header name, see the section "Web Site Creation" earlier in this chapter. No Access ExternallyIf you cannot access the SharePoint Portal Server computer from the extranet, try the following: | • | Shut down the SharePoint Portal Server computer. | | • | Attempt to access the server from the Internet. The proxy server should return a message that the host is not available. This validates that access from the Internet to the proxy server is operating correctly. |
If this test succeeds, the problem is possibly in the proxy server configuration for server publishing. For more information about server publishing, see the section "Proxy Server Settings" earlier in this chapter. Host Not FoundIf you receive error 11004 (host not found), ensure that your DNS server has an entry for the host you are trying to access. If the entry exists, check the spelling of the URL that you are typing in the browser. Page Cannot Be DisplayedIf SSL is enabled and you receive this error, run adsutil.vbs. For more information, see the section "Secure Sockets Layer" earlier in this chapter. Dashboard Site Settings Cannot Be SavedIf you cannot save settings on the dashboard site, you may not have write permissions on the workspace. To specify write permissions:1. | On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager. | 2. | Expand the node for the SharePoint Portal Server computer. | 3. | Expand the node for the new Web site you created. | 4. | For the YourWorkspace virtual directory on the Web site that you created, where YourWorkspace represents the name of the virtual directory for your workspace, do the following: | • | Right-click the virtual directory, and then click Properties. | | • | On the Virtual Directory tab, select the Write check box. | | • | Click Apply. | | • | To close the Properties page, click OK. |
|
Blank Page DisplaysIf a blank page displays when attempting to access the dashboard site from the extranet: | • | The proxy server may be offline. | | • | You may need to map the internal static IP address and the external static IP address on the proxy server. For more information, see the section "Proxy Server Settings" earlier in this chapter. |
Crawling a Web Site FailsIf you cannot crawl a Web site on the Internet, you may need to reconfigure the time-out settings or the proxy settings. For more information, see the sections, "Settings for Crawling Web Sites on the Internet" and "Proxy Server Settings" earlier in this chapter. Subscriptions Do Not Function ProperlyYou cannot subscribe to folders by using the collaboration toolbar from Microsoft Office or Internet Explorer in the extranet scenario. You must subscribe to the folder from the dashboard site. Server URL in E-Mail Notifications Is IncorrectYou can modify the URL that SharePoint Portal Server uses in e-mail notifications by following the procedure shown in the section "E-mail Notifications" earlier in this chapter. If SharePoint Portal Server does not display the modified URL as expected, ensure that you have: | • | Typed the property name correctly. The property name is case-sensitive. Type the property name exactly as specified in the procedure shown in the section "E-mail Notifications." | | • | Restarted MSSearch. |
Access Problems When Using HTTPS – Client Certificate IssuesIf you have enabled SSL and are accessing the dashboard site of SharePoint Portal Server by using https://external_FQDN/workspace_name, you might experience sporadic functionality failure such as navigation failures or access violations. This indicates a possible problem with the security certificate—specifically, you may need to install the full certificate chain. You may need to install the full certificate chain on the client computers if either of the following applies: | • | You are using an internal certificate server to generate your own certificates. | | • | You are using a certificate that is not distributed with a Microsoft operating system. |
To confirm that the security certificate is the problem:1. | When attempting to access the dashboard site, you receive a Security Alert dialog box stating that the security certificate was issued by a company you have not chosen to trust. | |
|
