Tuesday, October 23, 2012

Setup Multiple SharePoint Web Applications on Port 80 with Https Binding on Port 443

Approach described here involves Host Header names to host multiple sites from one IP address in IIS server.
Create Web Applications using Host headers
Create a SharePoint web application with the host header devint-wtu.navantis.com in port 80. So the URL for this web application will be http:// devint-wtu.navantis.com. Also I specified a name ‘WTU’ for the IIS web site as shown below.

Create another SharePoint web application with the host header devint-cpl.navantis.com in port 80.

So my web application listing in the central admin will look like as:

Update Host file
Then we have to map above web application URLs to the local loopback address. For that we need to update host file (C:\Windows\System32\drivers\etc\hosts) as below.

Create HTTPS binding
In order to enable Https browsing for these web applications on the default port 443, we have to add https bindings. For that we need a SSL certificate. We can create a self-signed certificate in the IIS by IIS Server -> Server Certificates -> Create Self-Signed Certificate. In my case I creates a certificate called *.navantis.com
Select the IIS Web site; select Bindings… from the action pane and use Add option to create an https site binding by specifying host name and SSL certificate as below.
Repeat the same procedure for each web application. Specify the correct host name of the web application.

Configure alternate access mappings
Go to ‘Application Management’ -> ‘Configure alternate access mappings’ in SharePoint central administration and use ‘Add Internal URLs’ option to create alternate access mappings for each web application. Map the correct https Url as below.


So the alternate access mappings listing will look like:

That’s it!
Note: Still you might not be able to browse these web applications (after creating site collections). In that case follow this article: Unable to browse SharePoint web site (http://onlinecoder.blogspot.com/2012/10/unable-to-browse-sharepoint-web-site.html)

Tuesday, October 2, 2012

Unable to Browse SharePoint Web Site from within the Server

I came across this scenario where I cannot browse my SharePoint web application; it asks for my credentials 3 times but doesn't render the site and also doesn't show any errors. Basically I had 3 web applications in the same server; setup using host names to run on port 80. The host file (C:\Windows\System32\drivers\etc\hosts) is modified to map my web application URLs to the local loopback address.

Host file
127.0.0.1       website1.myserver.com
127.0.0.1       website2.myserver.com
127.0.0.1       website2.myserver.com

When I check the Event Viewer of the SharePoint server, I found set of Audit Failure logs which seems to be relevant to this scenario.

General
Log Name:      Security
Source:          Microsoft-Windows-Security-Auditing
Date:             9/27/2012 11:39:15 PM
Event ID:        4625
Task Category: Logon
Level:            Information
Keywords:      Audit Failure
User:             N/A
Computer:      DERDEV02.domainx.local
Description:    An account failed to log on.

Subject:
          Security ID:             NULL SID
          Account Name:         -
          Account Domain:       -
          Logon ID:                0x0

Logon Type:                      3

Account For Which Logon Failed:
          Security ID:                      NULL SID
          Account Name:                  prasadw
          Account Domain:                DOMAINX

Failure Information:
          Failure Reason:         An Error occured during Logon.
          Status:                   0xc000006d
          Sub Status:             0x0

EventData
  SubjectUserSid S-1-0-0
  SubjectUserName -
  SubjectDomainName -
  SubjectLogonId 0x0
  TargetUserSid S-1-0-0
  TargetUserName prasadw
  TargetDomainName DOMAINX
  Status 0xc000006d
  FailureReason %%2304
  SubStatus 0x0
  LogonType 3
  LogonProcessName 
  AuthenticationPackageName NTLM
  WorkstationName DERDEV02
  TransmittedServices -
  LmPackageName -
  KeyLength 0
  ProcessId 0x0
  ProcessName -
  IpAddress 127.0.0.1
  IpPort 62970

Then I found that when we use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer that is running Microsoft Internet Information Services (IIS) 5.1 or a later version, we may receive this error. It says that this issue occurs when the Web site uses Integrated Authentication and has a name that is mapped to the local loopback address. Also if we browse the Web site from a client computer, we will receive this error message.

There are 2 workarounds proposed for this error in the Microsoft Support Article ID:896861 (http://support.microsoft.com/kb/896861)
Method 1: Specify host names
  1. Set the DisableStrictNameChecking registry entry to 1.
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  4. Right-click MSV1_0, point to New, and then click Multi-String Value.
  5. Type BackConnectionHostNames, and then press ENTER.
  6. Right-click BackConnectionHostNames, and then click Modify.
  7. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  8. Quit Registry Editor, and then restart the IISAdmin service.

Method 2: Disable the loopback check
  1. Set the DisableStrictNameChecking registry entry to 1.
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  4. Right-click Lsa, point to New, and then click DWORD Value.
  5. Type DisableLoopbackCheck, and then press ENTER.
  6. Right-click DisableLoopbackCheck, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Quit Registry Editor, and then restart your computer.