{"id":26,"date":"2008-09-02T19:06:17","date_gmt":"2008-09-03T03:06:17","guid":{"rendered":"http:\/\/sharepoint.bryanfriedman.com\/index.php\/2008\/09\/02\/alphabet-soupssl-aam-f5-oh-my\/"},"modified":"2009-01-29T23:01:05","modified_gmt":"2009-01-30T07:01:05","slug":"alphabet-soupssl-aam-f5-oh-my","status":"publish","type":"post","link":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/2008\/09\/02\/alphabet-soupssl-aam-f5-oh-my\/","title":{"rendered":"Alphabet Soup…SSL, AAM, F5, Oh My!"},"content":{"rendered":"

As much as I thought I understood how Alternate Access Mappings work in SharePoint, it turns out I that pretty much had no idea. At work, we have been trying trying to configure a SharePoint web application to sit behind a load balancer (BIG-IP F5 Local Traffic Manager<\/a>) with SSL enabled on the front side but terminated at the load balancer. We set up the F5 with an SSL profile and certificate on the client side but not on the server side. Basically we want HTTPS (port 443) on the front side, and HTTP (port 80) on the back side. The virtual server configuration looks like this:<\/p>\n

\"f5setup\"<\/a><\/p>\n

As for the SharePoint configuration, we were trying to just create the web application as follows:<\/p>\n

\"wrongway\"<\/a><\/p>\n

Well, the worst part about this is that it mostly<\/em> worked. At first I thought everything was all good, but as we started to use the application, we noticed three things, the third of which was the most troubling:<\/p>\n

    \n
  1. Response never returning from Ctrl-K user lookup<\/li>\n
  2. Warnings around going to and from non-secure content<\/li>\n
  3. Failure when creating lists!!<\/li>\n<\/ol>\n

    So, it was back to the drawing board. First, I found this discussion post<\/a> which ultimately led me to the Holy Grail of Alternate Access Mappings postings. Without finding Troy Starr’s post entitled What every SharePoint administrator needs to know about Alternate Access Mappings (Part 1 of 3)<\/em><\/a>, I don’t think we ever would have been able to get the web application configured correctly. (His second<\/a> and third<\/a> parts are pretty helpful in general as well.)<\/p>\n

    So following his instructions, and his fabulous Alternate Access Mappings screenshots, we created a web application, extended it, and added the additional AAM so the table ended up looking something like this:<\/p>\n\n\n\n\n\n
    Internal URL<\/strong><\/td>\nZone<\/strong><\/td>\nPublic URL for Zone<\/strong><\/td>\n<\/tr>\n
    http:\/\/bryanfriedman<\/font><\/td>\nDefault<\/font><\/td>\nhttp:\/\/bryanfriedman<\/font><\/td>\n<\/tr>\n
    https:\/\/portal.bryanfriedman.com<\/font><\/td>\nInternet<\/font><\/td>\nhttps:\/\/portal.bryanfriedman.com<\/font><\/td>\n<\/tr>\n
    http:\/\/internal.dmz.bryanfriedman.com<\/font><\/td>\nInternet<\/font><\/td>\nhttps:\/\/portal.bryanfriedman.com<\/font><\/td>\n<\/tr>\n<\/table>\n

    It felt like overkill to me, but it ended up working like a charm. There was just one more step…the load balancer.<\/p>\n

    Now instead of an F5 load balancer, Troy’s article described how to use a reverse proxy (ISA Server 2006) configuration in front of the web application. However, I knew this could work the same way as long as we could rewrite the host header value at the F5. Being that I am not exactly a network engineer, I had to poke around a little to find out how to do this, but I eventually found the following code for an iRule<\/a>:<\/p>\n

    when HTTP_REQUEST {
    \nif { [HTTP::host] equals \"portal.bryanfriedman.com\" }
    \n<\/tt> {
    \nHTTP::header replace Host \"internal.dmz.bryanfriedman.com\"
    \n}
    \nelse { }
    \n}<\/tt><\/p><\/blockquote>\n

    Once I had the network guys plug this iRule into the F5 configuration, everything started working like magic. The three problems we saw before disappeared and all requests and responses appeared to be working as expected. Three cheers for Alternate Access Mappings!<\/p>\n

    Now I can’t say I fully understand how AAMs work, but I definitely understand it better than I did before, and now I have more knowledge of F5s than I ever really wanted to. Anyway, hopefully the next person who tries to do something like this won’t run into the same problem because they will find this post (or Troy Starr’s post) and avoid my initial mistakes.<\/p>\n","protected":false},"excerpt":{"rendered":"

    As much as I thought I understood how Alternate Access Mappings work in SharePoint, it turns out I that pretty much had no idea. At work, we have been trying trying to configure a SharePoint web application to sit behind a load balancer (BIG-IP F5 Local Traffic Manager) with SSL enabled on the front side […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-26","post","type-post","status-publish","format-standard","hentry","category-administration"],"_links":{"self":[{"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/posts\/26","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/comments?post=26"}],"version-history":[{"count":0,"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/posts\/26\/revisions"}],"wp:attachment":[{"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/media?parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/categories?post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.bryanfriedman.me\/sharepoint\/index.php\/wp-json\/wp\/v2\/tags?post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}