About "Alternate access ing"

Source: Internet
Author: User
Tags configuration settings fully qualified domain name
ArticleDirectory
    •  
    • Reverse proxy publishing
    • Alternate access ing and Identity Authentication provider Integration
    • Standby access ing and web application policy integration
    • Backup access ing and external resource ing
    • Troubleshooting of alternate access ing

Standby access ing allows you to receive Web applications that request internal URLs (in one of the five authentication regions)ProgramReturns a page containing a link to a public URL in the region. You can associate a web application with a ing set between an internal URL and a public URL. An internal URL is the URL of a Web request received by Windows SharePoint Services 3.0. A public URL is the URL of a website that can be accessed externally. A public URL is the base URL used by Windows SharePoint Services 3.0 on the page it returns. If the reverse proxy device has modified the internal URL, it is different from the public URL.

Note:

The website set named after the host cannot use the standby access ing. The website set named after the host is automatically considered in the default region, and the requested URL cannot be modified between the end user and the server.

Multiple internal URLs can be associated with a public URL. A ing set can contain up to five authentication regions, but each region can have only one public URL. The ing set corresponds to the following authentication areas:

    • Default

    • Intranet

    • Internet

    • Custom

    • Exists

Reverse proxy publishing

Reverse Proxy is a type of device between the end user and the web server. All requests to the Web server are first received by the reverse proxy device. If these requests are filtered by the proxy, the proxy forwards the requests to the web server. Reverse proxy can perform advanced functions, such as receiving Web requests over the Internet through HTTPS (Hypertext Transfer Protocol on the Secure Sockets Layer), but forwarding requests to the server through HTTP. This is called "external SSL termination ". The reverse proxy can forward the request to the port number, instead of the port on which the request was originally received. The reverse proxy can also change the HTTP Host header field.

Windows SharePoint Services 3.0 is compatible with many reverse proxy servers, but in the following example, publishing rules are provided by Microsoft Internet Security and Acceleration (ISA) server 2006, the reverse proxy software. ISA Server 2006 contains a Publishing Wizard that helps you create publishing rules for Windows SharePoint Services 3.0. After creating a rule, you can modify the rule at any time.

Note:

Some reverse proxy devices can modify the Request Path (the URL section after the host name and port number) so that requests sent by users to the http://www.contoso.com/sharepoint/default.aspx are forwarded to the Web server as a http://sharepoint.perimeter.example.com/default.aspx.

This is called an asymmetric path. Windows SharePoint Services 3.0 does not support asymmetric paths. The URL path must be symmetric between the public URL and the internal URL. In the previous example, this means that the reverse proxy device cannot modify the "/SharePoint/default. aspx" section of the URL.

Configure Reverse Proxy Server

The first two images in this example demonstrate the Modified Release rules, where the "forward original Host Header" option is disabled to help demonstrate the flexibility of standby access ing. If you have selected the forward original host header option, the public host name will also be used as the internal host name When configuring the backup access ing.

Demonstrate the listener tab and public name tab on the Attribute Table of the rule. These attributes define the URLs used to access web applications. This URL is actually the URL of the reverse proxy server, which forwards the request to the server running Windows SharePoint Services 3.0.

The end user URL contains the public protocol, public host name, and public port number, as shown in the following table.

Public Agreement
Public Host Name
Public port number
Public URL

HTTPS

+ ": //" +

Www.contoso.com

+ ":" +

443

=

Https://www.contoso.com

The forward to tab and bridge tab on the property page of the demo rule. These attributes define the URL that the reverse proxy server uses to forward requests to a server running Windows SharePoint Services 3.0.

The URL of the server running Windows SharePoint Services 3.0 contains the internal protocol, internal host name, and internal port number, as shown in the following table.

Internal Protocol
Internal Host Name
Internal port number
Internal URL

HTTP

+ ": //" +

Sharepoint.perimeter.contoso.com

+ ":" +

80

=

Http://sharepoint.perimeter.contoso.com

At this point, the reverse proxy server is configured to receive Web requests from end users on the https://www.contoso.com and forward these requests to servers running Windows SharePoint Services 3.0 on the http://sharepoint.perimeter.contoso.com.

Configure SharePoint Web Applications

After configuring the reverse proxy server publishing rule, configure the web application and the standby access ing to match the publishing rule. You can perform this operation by extending an existing web application to an additional IIS website dedicated to publishing rules for reverse proxy servers. You can also create a new Web application for this publishing rule. The value to be input is the same in any case.

Use the following procedure to expand existing web applications.

Extend existing Web Applications
    1. Open the SharePoint Administration Center website from administrative tools.

    2. On the Management Center homepage, click Application Management ".

    3. On the Application Management page, in the SharePoint Web Application Management Section, Click create or expand web application ".

    4. On the create or expand web application page, click expand existing web application ".

    5. On the "extend web applications to other IIS websites" Page, select a web application. After the web application is selected, enter the port, Host header, and SSL fields based on the internal URL attributes defined in "Configure reverse proxy server" in the previous section. In the URL field, enter the public URL defined in "Configure reverse proxy server", as shown in.

    6. Select the standby access ing area for which you want to allocate the extended web application. Each web application can use up to five regions. In this example, the Internet region is used. All regions provide the same feature, although the default region is always used for specific features (such as sending administrative emails to the site set owner ).

    7. To create an IIS website, click OK ".

After completing these steps, verify that the public URL has been correctly created in the standby access ing and add an internal URL. Unless the internal URL is the same as the public URL, this step is an additional step that must be performed manually.

Use the following procedure to view the alternate access ing page.

View the alternate access ing page
    1. Open Management Center from administrative tools ".

    2. On the Management Center homepage, click operations ".

    3. In the global configuration section on the Operations page, click Backup access ing ".

    4. On the "Alternate access ing" Page, select the web application to be published through the reverse proxy server.

In this case, view the alternate access ing URL assigned to the web application, as shown in.

The public URL in the reverse proxy publishing rule has been assigned to the Internet region of the Web application. Use the following procedure to add the internal URL in the reverse proxy publishing rule to the Internet area of the Web application.

Add the internal URL in the reverse proxy publishing rule to the Internet area of the Web Application
    1. On the "Alternate access ing" page, click "add internal URL ".

    2. Enter the name of the internal URL and select the same region for the public URL. In this example, the Internet region is used.

    3. Click Save ".

In this case, view the additional URLs allocated to the Web application (located in the same region as the public URL of the reverse proxy publishing rule), as shown in.

When the user browses the https://www.contoso.com, the reverse proxy server receives Web requests and forwards them to the http://sharepoint.perimeter.contoso.com. Windows SharePoint Services 3.0 then receives a Web request and you can see that the request URL is a http://sharepoint.perimeter.contoso.com, which is allocated to the contoso web application and returns content from that web application. In addition, Windows SharePoint Services 3.0 uses the public URL http://sharepoint.perimeter.contoso.com for this region to generate a link on the page because the https://www.contoso.com URL has been assigned to the Internet zone. This will ensure that the end user will go to the correct URL when clicking the link on the webpage.

Server Load balancer works in a similar way, especially when they rewrite the original URL of an end user using the URL of a single web server that balances the request load. To describe these rewritten URLs, you only need to add a standby access ing (same as an internal URL) for the URLs of each individual web server ), associate it with the same region as the public URL of the end user. If they retain the original URLs, you only need to make the original URLs public URLs.

Alternate access ing and Identity Authentication provider Integration

With standby access ing, web applications can be published in up to five different regions, and each region has a different auxiliary IIS website.

Note:

Some people mistakenly think that they can have up to five different Web applications that share the same content database. In fact, there is only one web application.

Using these regions not only allows you to use multiple URLs to access the same web application, but also allows you to use multiple authentication providers to access the same web application.

When you expand a web application to a region, you must use Windows authentication provided by IIS. After you expand a web application to a region, you can modify the region to use different types of authentication.

Use the following procedure to modify the authentication configuration for the region.

Modify the authentication configuration of a region
    1. Open Management Center from administrative tools ".

    2. On the Management Center homepage, click Application Management ".

    3. In the Application Security Section on the Application Management page, click Verify provider ".

    4. On the "verify providers" Page, select the Web applications listed in the "Web Applications" box.

    5. Click the name of the region for which you want to modify the authentication configuration.

      Note:

      You can only select from a region with a secondary IIS website. The IIS website will be assigned to these regions during the "extend existing Web Applications" process.

    6. On the Edit verification page, in the verification type section, select the verification type you want to use in the region:

      • Windows

      • Form

      • Single Web login

    7. Modify any other authentication configuration settings and click Save ".

In this case, you can change the authentication configuration settings for any other region. You can configure completely independent Authentication Settings for different regions that access the same content. For example, you can configure some content to be accessed anonymously, while others must be accessed by creden. You can configure an area to enable Anonymous Access and disable all other forms of authentication to ensure that only anonymous content can be accessed. Additionally, you can disable anonymous access and enable NTLM authentication for another region to ensure that only authenticated access is allowed. In addition, you can have different types of accounts used to access the same content: You can configure a region to use Windows Active Directory accounts, configure another region to use both the non-active directory account and ASP.. Net form.

Standby access ing and web application policy integration

By using web application policies, administrators can grant or cancel accounts and security groups with permissions to all sites published through the region. This is useful for various solutions.

For example, like other programs, the Windows SharePoint Services 3.0 search crawling program must also authorize the infrastructure: it can only crawl accessible content. However, you still want to search for content restricted by crawling so that authorized users can search for the content in the search results. The Search Service uses the "full read" policy on the Web application to allow its crawler to read all the content on the web application. In this way, it can crawl and index all existing and future content, or even content that the website administrator has not explicitly provided for it.

In another example, the support staff needs to manage the Windows SharePoint Services 3.0 website so that they can help users. Therefore, you can create a web application policy, this policy grants full control permissions to all support accounts so that they have full management permissions for all current and future websites on Web applications.

Because the policy has been bound to the Web application and its region, you can ensure that the policy applied to one region does not affect other regions. This is useful when publishing content on both the enterprise network and the Internet. For example, assume that all support staff accounts have been granted full control permissions for the areas of Web applications that have been assigned to the enterprise network. If someone tries to use this account to access the website on the Internet, this "Full Control" policy is not applied because the system recognizes that the URL is located in a different region. Therefore, the account will not be automatically granted the management permissions for the website.

Backup access ing and external resource ing

With Windows SharePoint Services 3.0, you can extend the standby access ing feature for unhosted content in the Windows SharePoint Services 3.0 farm. To configure this function, go to the "Alternate access ing" Page and click "ing to external resources ". The system then asks you to create an external resource item, which can be considered as another web application. You can assign different URLs and regions to external resources in the same way as Web applications. Windows SharePoint Services 3.0 does not use this function, but it can be used by third-party products built on Windows SharePoint Services 3.0.

For example, the search technology in Office Sharepoint Server 2007 can crawl external content to the site (for example, file sharing and websites ). If the content is available on different URLs on different networks, you may want to use the corresponding URL of the user's current network for search to return results. By using the external resource ing technology of the standby access ing, the search can remap the external URLs in the search results to match the user's region.

Troubleshooting of alternate access ing

Refer to the following guidelines to avoid six slave access ing errors that are easily handled by administrators.

Error 1: it is assumed that no standby access ing is required unless Sharepoint is being deployed in special mode

The most common cause of the problem related to the standby access ing is that the Administrator does not realize that the standby access ing must be configured first. This is understandable because the standby access ing is a new requirement in Windows SharePoint Services 3.0. Every Windows SharePoint Services 3.0 administrator must make sure that the standby access ing is correctly configured, even if only simple deployment is configured.

If you encounter any of the following problems, it may be because the standby access ing is incorrectly configured.

    • The damaged image is displayed on the website.

    • If you encounter a DNS error message or an error message indicating that the server cannot be found when you browse the website without specifying a file name (for example, http: // computer name/website name, however, when you directly browse to a specified file in the website (for example, http: // computer name/website name/default. aspx) can access the website, the backup access ing configuration error may be the cause of this problem.

    • When you browse a website, it is redirected to http: // computer name. If Windows SharePoint Services 3.0 receives a request from an unknown URL (or a URL with no backup access ing configured) and you have installed Windows SharePoint Services 3.0 infrastructure update, windows SharePoint Services 3.0 will attempt to determine the correct web application, and then respond to the request by using the same base URL in the link on the page. If the request comes from a URL that has not yet configured a standby access ing and you have installed Windows SharePoint Services 3.0 infrastructure update, windows SharePoint Services 3.0 will also create a severe error in the Windows event log and Windows SharePoint Services ULS log to notify the Windows SharePoint Services administrator to configure a backup access ing for an unknown URL.

Note:

Use the backup access ing on a Windows SharePoint Services 3.0 server farm (for example, exclaim deployment) combined with reverse proxy or Network Load balancer) installing the infrastructure Update for Windows SharePoint Services 3.0 in may cause some public URLs to not respond. Microsoft has noticed this problem and is developing a solution. Before installing the infrastructure Update for Windows SharePoint Services 3.0, customers who use this configuration should use the test environment to verify that the public URL is still accessible after the update is installed.

To enable Windows SharePoint Services 3.0 to provide stable and reliable APIs that can work on multiple computers (even on computers without web applications, the URL directed to the website by resolution cannot depend on host files, DNS, or IIS binding. On the contrary, when Windows SharePoint Services 3.0 receives a request, it will only use the standby access ing to perform URL resolution. Make sure that the host, DNS, and IIS are correctly configured to ensure that Web requests can reach the Windows SharePoint Services 3.0 server, and configure the URL of the standby access ing, as shown in the following example.

Fully Qualified Domain Name (FQDN)

If you want to use the fqdn url to reach the web application, you must configure this domain name in DNS. You must also configure a matching URL for the standby access ing. If this is the URL used by the end user to arrive at the website, it becomes a public URL. If this is the URL that the reverse proxy server uses to forward requests to the website, it becomes an internal URL.

Note:

If this URL is an internal URL, make sure that the end user's URL is configured as a public URL in the same region.

Localhost

Localhost is a specific host name that enables you to type http: // localhost in your browser and reach the website hosted on your local computer. However, because localhost can be used to access host files on a computer, Windows SharePoint Services 3.0 cannot be used automatically. To make http: // localhost a valid URL of Windows SharePoint Services 3.0, you must use http: // localhost as the backup access ing input.

IP address

If you are in an environment without DNS or host name resolution and are using URLs with IP addresses, you must still use these URLs as the backup access ing input.

Error 2: assume you can use the reverse proxy server link conversion function instead of the standby access ing function.

Although some administrators know that the standby access ing will fix links on the page and ensure that end users are directed to the correct public URL, they may assume that: because the link conversion function of its reverse proxy server can execute a similar function, you may not need to use alternate access ing. The following are some reasons why this assumption is incorrect:

    • In the compatibility test, you can fix all Windows SharePoint Services 2006 links to use public URLs without using the link conversion feature from any reverse proxy server (including ISA Server 3.0. Windows SharePoint Services 3.0 embeds its URL into multiple locations and various encodings. Currently, the reverse proxy server cannot find and repair all URLs.

    • Some Windows SharePoint Services 3.0 features do not use reverse proxy server publishing rules, such as email notification. You only need to use the standby access ing to ensure that the link in the email notification will use the correct URL for the user.

      Important:

      If you publish a rule to publish the "Management Center", make sure that the link conversion function is disabled for the rule. If link conversion is not disabled, it may prevent you from configuring Alternate access mappings.

Error 3: Try to reuse the same URL in the standby access ing or not associate the URL with the same region

This error is often encountered when you configure Windows SharePoint Services 3.0 to make Web applications public to both the internal network and the Internet. For example, when you configure a web application on an enterprise network, Use http: // SharePoint as the default region URL and want to expose it as a http://www.contoso.com on the Internet, you may configure the reverse proxy server to forward requests to http: // Sharepoint, and then add the http://www.contoso.com as a public URL to the Internet region. This is an error. Although Website access from the Enterprise Network will continue to work as expected, it may find that access from the Internet cannot work normally and there will be several links pointing to http: // Sharepoint. This is because the two URLs have been entered into different standby access ing regions, so they are not associated with each other.

A URL can only be used once in the standby access ing. In the previous example, http: // SharePoint URL is used on the enterprise network. To forward Internet-based requests to the same web application, use other internal URLs (for example, http://sharepoint.perimeter.contoso.com) for reverse proxy publishing rules ). Http: // SharePoint can be retained in the standby access ing and the http://www.contoso.com is still added as a public URL in the Internet region. The http://www.contoso.com must be added as an additional internal URL in the same region (Internet region) as the http://sharepoint.perimeter.contoso.com public URL. By using both in the same region, Windows SharePoint Services 3.0 can generate a correct link to the public URL in the region.

Note:

We recommend that you extend your web application to a new IIS website in each region you want to use. This will provide a secondary IIS website. We do not recommend that you reuse the same IIS website for multiple regions unless Microsoft explicitly notifies you to do so.

Error 4: assuming that the Updates generated in the standby access ing will automatically update the IIS binding

Windows SharePoint Services 3.0 does not attempt to modify its IIS binding after a web application is extended to a region. If you modify these bindings in IIS by adding Host Header bindings, changing port numbers, or adding SSL ports, Windows SharePoint Services 3.0 does not notice the changes, the standby access ing URL will not be updated. Similarly, the update of the alternate access ing URL to add the ssl url will not automatically update the IIS binding to match.

If you need to change the web application in IIS binding, remove the web application from the region by using the "Remove SharePoint from IIS website" link on the "Application Management" page.

Note:

This operation only removes the IIS website and its region from the Web application. It does not delete the content database of the Web application itself or the web application.

Then, you can use the updated binding to re-expand the web application to this region. You can also add an SSL port. We do not recommend that you use the same IIS website for HTTP and SSL hosts. Instead, expand a dedicated HTTP and a dedicated SSL website, and allocate the two to their respective standby access ing regions and URLs.

Error 5: forgot to configure the environment to enable search to crawl the website

If you have configured a backup access ing and network to enable end users to reach your website, you must configure a backup access ing and network for the Windows SharePoint Services 3.0 search. The Windows SharePoint Services 3.0 search service browses a web application to crawl its content and must be able to access a public URL. Make sure that the computer running the search index service can reach these public URLs. This is especially important for computers that use NTLM authentication. If necessary, configure the proxy settings for the Windows SharePoint Services 3.0 search service account to use the proxy server. You can do this by logging on to the computer that acts as the account and editing LAN connection settings in Internet Explorer.

Use the following procedure to edit LAN connection settings in Internet Explorer.

Edit LAN connection settings in Internet Explorer
    1. Open Internet Options from control panel ".

    2. On the "connection" tab on the "Internet Options" property page, click "LAN Settings ".

    3. In the "LAN Settings" dialog box, edit the LAN connection settings, and click "OK ".

Error 6: A print error occurs.

Make sure that the URL in the standby access ing is entered correctly. If you are using a reverse proxy server, verify that the URL in the standby access ing matches the URL in the publishing rule.

 

 

 

This article from: http://technet.microsoft.com/zh-cn/library/cc288609.aspx

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.