Sharepoint Extranet Configuration and ports

Similar Messages

• SharePoint Extranet configuration

  We are in process of building out an Extranet for our Internal SharePoint environment primarily targeting External Partners (Non domain users) for now. We have few specific requirements  for the scenario which includes setting 2-Factor authentication,
  routing internal users to WFE's and external via a Reverse Proxy. We are considering to use ACS/WAAD to hold external user related credentials in cloud and use proxy and ADFS to relay information to ACS for authentication and utilize built-in 2-Factor authentication
  offered by AAD-Premier option. My questions are more on the implementation here:-
  1. What Reverse Proxy servers might work along with ACS (Azure Control Service) -UAG seems deprecated and i'm not too sure about F5 compatibility here
  2. We plan to follow edge topology (keep all SP servers internal) and maintain a proxy server in DMZ to perform pre-auth and then relay information to WFE's after authentication. Do you see any challenges in this scenario?
  3. I assume we need to open up TCP 443 only on my perimeter firewall and probably do SSL termination at Reverse Proxy and relay information via port 80 to internal servers. Do you see any issues in this scenario?
  4. I'm wondering about setting trust in this scenario. Do we need to setup one-way trust between AAD on cloud and our Internal Corp ad. Please share you thoughts in regards to azure ad and internal SharePoint in terms of setting up trust
  We don't want to consider split or perimeter topologies as this increases upkeep and also adds up the server as well. 
  Thanks in advance!

  1. Windows Server 2012's Web Application Proxy role is the successor to the reverse proxy functionality of ISA/TMG/UAG. There are other third party applications and devices that can also be used. Some F5 devices do have this capability.
  2. Usually organizations I work with have a security policy that says the external user's connection must terminate on a machine in the DMZ. In this case they would expect SharePoint WFE servers to exist in the DMZ while application servers and database
  servers can exist on the LAN. Some organizations are challenged by the reverse proxy world view and don't consider this the end point. What you are asking will work if you're OK with this arrangement.
  3. If you're terminating SSL at the reverse proxy then any traffic between it and your SharePoint servers will be unencrypted. Depending on the types of content you are storing in SharePoint this may not be acceptable to your organization. From a technical
  perspecitve, if external users are using an https:// URL and internal users are using an http:// URL it could get confusing. You should redirect http to https on the reverse proxy and if possible either router internal users through it or have them use SSL
  via some other method.
  4. A typical resource domain that was built in your DMZ would trust your internal domain with a one-way trust. This would allow your internal users to authenticate on the servers in the resource domain and not vice versa. If you're building the SharePoint
  farm internally and wanting to trust an external authentication provider, this can be a security risk. To be honest I'm not super familiar with the Azure AD options available to make any recommendation.
  Jason Warren
  @jaspnwarren
  jasonwarren.ca
  habaneroconsulting.com/Insights

• NAT configuration and Port Mapping for xBox

  I'm looking for help with port mapping to open up the NAT for an xBox One. I'm working with the following network devices:
  xBox One
  DSL Modem: Embarq (ZyXEL) 660R series
  Airport Extreme version 7.7.3
  I understand the following from researching the issue:
  The default settings for both devices block the ports needed for xBox Live.
  Airport Extremes are not on the compatible list for xBox.
  Port Mapping is better then creating a DMZ for the xBox.
  The xBox needs its own manually set IP address.
  I switched my Network>Router Mode from Off (Bridge Mode) to DHCP and NAT. I then created a DHCP Reservation and the Port Settings for that IP.
  After doing this, the Airport would restart and display a warning - Double NAT. I figured this was because the 660 settings showed the NAT Mode to be SUA Only. The Edit Details link displayed an empty table where you edited the SUA/NAT Server Set. I switched from NAT Mode>SUA Only to None. So there was my Double NAT and I would have thought that would have removed one.
  I also disabled the Firewall and Enabled the UPnP.
  After restarts the Airport continued to display the Double NAT error. However, with the 660's NAT Mode set to None, the Internet was not there. Web browsers and email accounts replied with server not found.
  Only with the 660 set to SUA Only and the Airport in Bridge Mode is the Internet accessible. I now have the details for the SUA filled out for the xBox's IP address and ports.
  Hypothesis
  Since both devices are acting as DHCP servers the port mapping is not working. Rather then have the 660 distribute IP addresses and then having the Airport distribute another range of numbers, I need to have both devices bridge and distribute one range of numbers. Currently the 660 is using the 192.168 range and the Airport is using the 10.0 range.
  Am I correct? Any thoughts and suggestions are welcome.

  Port forwarding through a double NAT.. is near impossible.. !!
  And the xbox is so attuned to using UPNP it is very hard not to.. even port mapping is not a great fix. Since apple decided gamers did not count as users for Airports.. I think honestly it is best to bypass the airport and stick to upnp from the modem router.
  What method of authentication does your ISP use? Because it is really better to use one router.
  And in fact the router should be the Zyxel. If you plug the Xbox to the Zyxel running in full router mode, with the airport removed from the network does it work and open NAT??
  If not replace the Zyxel with a modern listed router that is xbox compatible and bridge the airport to it.

• Coherence::net::messaging::ConnectionException: could not establish a connection to one of the following addresses: {10.242.152.242/10.242.152.242:8088}; make sure the "remote-addresses" configuration element contains an address and port of a running TcpA

  Hi
  I have installed coheI have installed coherence server "fmw_12.1.3.0.0_coherence_Disk1_1of1.zip" along with Examples on windows machine and C++ client coherence-cpp-12.1.3.0.0b51709-windows-x86-vs2012.zip on the same machine.
  I have built the "contacts" C++ Example successfully and while I execute this "contacts" using run I am facing TcpAcceptor error.
  On my coherence server the TcpAcceptor is listening on port 8088, so I have modified the extend-cache-config.xml file with values "ip address of my windows machine" and port as "8088".
  All the time I am getting below error,
  coherence::net::messaging::ConnectionException: could not establish a connection to one of the following addresses: {10.242.152.242/10.242.152.242:8088}; make sure the "remote-addresses" configuration element contains an address and port of a running TcpAcceptor
      at class coherence::lang::TypedHandle<class coherence::component::net::extend::PofConnection> __thiscall coherence::component::util::TcpInitiator::openConne
  ction(void)(TcpInitiator.cpp:307)
      at coherence::component::util::TcpInitiator::openConnection
      at coherence::component::util::Initiator::ensureConnection
      at coherence::component::net::extend::RemoteCacheService::openChannel
      at coherence::component::net::extend::RemoteService::doStart
      at coherence::component::net::extend::RemoteService::start
      at coherence::component::util::SafeService::startService
      at coherence::component::util::SafeService::restartService
      at coherence::component::util::SafeService::ensureRunningServiceInternal
      at coherence::component::util::SafeService::start
      at coherence::net::DefaultConfigurableCacheFactory::configureService
      at coherence::net::DefaultConfigurableCacheFactory::ensureService
      at coherence::net::DefaultConfigurableCacheFactory::ensureRemoteCache
      at coherence::net::DefaultConfigurableCacheFactory::configureCache
      at coherence::net::DefaultConfigurableCacheFactory::ensureCache
      at coherence::net::CacheFactory::getCache
      at unsigned __int64 coherence::lang::class_spec<class coherence::lang::Managed<class ContactId>,class coherence::lang::extends<class coherence::lang::Object,class coherence::lang::Void<class coherence::lang::Object> >,class coherence::lang::implements<void,void,void,void,void,void,void,void,void,void,void,void,void,void,void,void> >::sizeOf(bool)
      at _onexit
      at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
      at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
      at BaseThreadInitThunk
      at RtlInitializeExceptionChain
      at RtlInitializeExceptionChain
      on thread "main"
  Caused by: coherence::net::messaging::ConnectionException: coherence::component::util::TcpInitiator::TcpConnection@029EAD78{Id=NULL, Open=1, LocalAddress=NULL,
  RemoteAddress=10.242.152.242/10.242.152.242:8088}: socket disconnect
      at class coherence::lang::TypedHandle<class coherence::net::messaging::Response> __thiscall coherence::component::net::extend::AbstractPofRequest::Status::g
  etResponse(void)(AbstractPofRequest.cpp:203)
      at coherence::component::net::extend::AbstractPofRequest::Status::getResponse
      at coherence::component::net::extend::AbstractPofRequest::Status::waitForResponse
      at coherence::component::util::Initiator::openConnection
      at coherence::component::net::extend::PofConnection::open
      at coherence::component::util::TcpInitiator::openConnection
      at coherence::component::util::Initiator::ensureConnection
      at coherence::component::net::extend::RemoteCacheService::openChannel
      at coherence::component::net::extend::RemoteService::doStart
      at coherence::component::net::extend::RemoteService::start
      at coherence::component::util::SafeService::startService
      at coherence::component::util::SafeService::restartService
      at coherence::component::util::SafeService::ensureRunningServiceInternal
      at coherence::component::util::SafeService::start
      at coherence::net::DefaultConfigurableCacheFactory::configureService
      at coherence::net::DefaultConfigurableCacheFactory::ensureService
      at coherence::net::DefaultConfigurableCacheFactory::ensureRemoteCache
      at coherence::net::DefaultConfigurableCacheFactory::configureCache
      at coherence::net::DefaultConfigurableCacheFactory::ensureCache
      at coherence::net::CacheFactory::getCache
      at unsigned __int64 coherence::lang::class_spec<class coherence::lang::Managed<class ContactId>,class coherence::lang::extends<class coherence::lang::Object
  ,class coherence::lang::Void<class coherence::lang::Object> >,class coherence::lang::implements<void,void,void,void,void,void,void,void,void,void,void,void,void
  ,void,void,void> >::sizeOf(bool)
      at _onexit
      at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
      at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
      at BaseThreadInitThunk
      at RtlInitializeExceptionChain
      at RtlInitializeExceptionChain
      on thread "main"
  Caused by: coherence::io::IOException: socket disconnect
      at unsigned int __thiscall coherence::net::Socket::readInternal(unsigned char *,unsigned int)(Socket.cpp:333)
      at coherence::net::Socket::readInternal
      at coherence::net::Socket::SocketInput::read
      at coherence::io::BufferedInputStream::fillBuffer
      at coherence::io::BufferedInputStream::read
      at coherence::component::util::TcpInitiator::readMessageLength
      at coherence::component::util::TcpInitiator::TcpConnection::TcpReader::onNotify
      at coherence::component::util::Daemon::run
      at coherence::lang::Thread::run
      on thread "ExtendTcpCacheService:coherence::component::util::TcpInitiator:coherence::component::util::TcpInitiator::TcpConnection::TcpReader"

  We are facing same issue.    Could you please provide us any working .Net sample code for the version 12.1.2.0.
  <ssl>
                <protocol>Tls</protocol>
                <local-certificates>
                  <certificate>
                    <url>c:\Cert\</url>
                    <password>password</password>
                    <flags>DefaultKeySet</flags>
                  </certificate>
                </local-certificates>
              </ssl>
  thanks
  Bala

• How to configure a port channel with VLAN trunking (and make it work..)

  We're trying to configure a port channel group with trunked ports to connect a NetApp HA pair. We want to create two data LIFs and connect them to the switch stack.  We are trying to create 2 data lifs, one for cifs and one for nfs that are on different vlans.
  We want the same ports to be able to allow multiple vlans to communicate. (trunked)
  These data lifs should be able to fail over to different nodes in the HA pair and still be able to communicate on the network.
  What this means is that we have to connect 4 ports each for each node in the NetApp HA Pair to the switches and create a port channel of some type that allows for trunked vlans. When we configure the ports, the configuration is as follows (below):
  We are only able to configure an IP on one of the vlans.
  When we configure an IP from another vlan for the data lif, it does not respond to a ping.
  Does anyone have any idea what I'm doing wrong on the Cisco switch?
  interface GigabitEthernet4/0/12
  description Netapp2-e0a
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet4/0/13
  description Netapp2-e0c
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet6/0/12
  description Netapp2-e0b
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet6/0/13
  description Netapp2-e0d
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface Port-channel20
  description Netapp2-NFS
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  spanning-tree portfast
  spanning-tree bpduguard enable
  end

  Our problem was fixed by the storage people.  They changed the server end to trunk, and the encapsulation / etherchannel.
  I like all the suggestions, and they probably helped out with the configuration getting this to work.
  Thanks!
  interface Port-channel20
  description Netapp2-NFS
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  interface GigabitEthernet4/0/12
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet4/0/13
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet6/0/12
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet6/0/13
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active

• How can we transport the partner profiles and Port configurations

  Hi everybody,
  How can we transport the partner profiles and Port configurations. While creating these , system will not ask for Dev class and we cant assign any Transport request number. Then How can we transport these settings?
  Your replies are really apreciable.
  Thanks and Regards,
  Vijay.

  Hi,
  please have a look of the OSS note: 182172
  >>
  The partner profiles are stored in the following tables:
  Table EDPP1: General partner profile
  Table EDP12: Partner profile outbound, additional data NAST
  Table EDP13: Partner profile outbound
  Table EDP21: Partner profile inbound
  Table EDIPHONE: Connection to SAP telephony (optional)
  You can use R3TR TABU to manually set the tables into a Customizing request (as of Release 46, into a SYST-type request).
  <<
  Rgd
  Frédéric

• Change/Configure Host and Port for the Web Service Proxy with Server

  Hi,
  Is there a way to configure Host and Port in generated proxy for Web service depending upon server. (ADF 11g)
  Scenario:
  We are consuming Credit Card web service from a service provider and have different Host and Port details for development, QA and Prod.
  So we created proxy classes using wsdl for development and things work fine, but when deploying code to QA or Prod we need to change the Host
  and Port details.
  Is their a way we could user variable's for Host and Port which looks to some configuration file to evaluate their values
  based on server.
  I am a bit new to this web service .. will appreciate if someone could provide an example.
  Thanks.

  Are you using Web Service Proxy or Web Service Data Control?
  If you are using Web Service Proxy. Right click on your Proxy --> Properties --> Port Endpoints. Here you can change the IP & Port details for each port.
  Venkat

• Configuring server name and port number through action links - obiee11g

  Is it possible to configure host name and port when using action links ?
  Say some session variables hold these values. Is there any way to use these values ?
  Thanks
  SM

  Any pointers ?

• Agentry Transmit Configuration - address and port

  Hi experts,
  I'm trying to setup a new Transmit configuration in the Agentry SDK for SMP 3.0 and I have a question - why the "Server Address Settings"  for Address and Port are grayed out and set to Default?
  Am I missing something in the configuration or there is a new logic? What if I have to go through a firewall and reverse proxy with a specific address and port?
  Regards,
  Denis

  Hi Steve,
  Thanks for the reply! So, from now on, the address and port will be only configurable on the Agentry client? I guess it will be enough just to configure it once in the beginning for each user and then only login in the client will be sufficient?
  Regards,
  Denis

• Cisco switch 300 configure vlan and ports

  Hi i need help
  i cant see the vlan on port vlan membership
  i did create the vlan and i did configure the port the access
  but when i try to port vlan membership to tell which port to wich vlan i cant see the vlan i have created in the list
  thanks to help

  Hi,
  This forum is focusing on the issues related Windows Server.
  To get better help, please post your question on the forum of cisco.
  Here is the address,
  https://supportforums.cisco.com/
  Best Regards.
  Steven Lee
  TechNet Community Support

• How to configure the sort and port of a SOAP address dynamically

  Hi All,
  In the “wsdl” we have the SOAP Address defined but in practice we would like to configure the host and the port. As the server on which the service resides may/will change.
  For example:
  http://usciq74.wdf.sap.corp:50077/sap/bc/srt/rfc/sap/CPM_PLANNING_HISTORY?sap-client=003
  We would like to configure the proxy to point to say:
  http://<host>:<port>//sap/bc/srt/rfc/sap/CPM_PLANNING_HISTORY?sap-client=003
  What we see in the Proxy Code is:
  port.setSOAPAddress(new com.sap.flex.ws.runtime.SOAPAddress("http://usciq74.wdf.sap.corp:50077/sap/bc/srt/rfc/sap/CPM_PLANNING_HISTORY?sap-client=003"));
  How could this be achieved.
  Please help.

  Hi Sumit,
  Thanks for the quick response. However, I do not want to change the host and the port in the wsdl. I want it to be so, that it will pick the host and port dynamically(as you have mentioned). However, in out case, the web service has the SOAP address hardcoded as <b>http://usciq74.wdf.sap.corp:50077</b>.
  We would want to write something as http://host:port and then let it pick the host and port dynamically. How is that possible.
  Best Regards,
  Debashree.

• What's the difference between SharePoint configuration and farm configuration

  As the title shows, I feel confused on this two concepts. Could someone please give me an easy understanding answer? I am writing a report about SharePoint assessment. A lot of new things to learn to such a fresh hand as me.

  When I look at it, they're one in the same. It is a "SharePoint Farm Configuration".
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Open and configure serial port

  Hi,
  when i use the function configured serial port, i can work with it.
  for which case i need the function open port. do i need both an in which order?
  thanks florian 

  Hi florian
  check the help examples
  Attached png file shows  the example.
  chow
  xseadog
  Attachments:
  serial.PNG ‏39 KB

• Idoc configuration,rfc and port

  whenwe are sending data  from file to idoc then in the receiver communication channel do we have to write the rfc destinations and ports of r/3(Receiver systems)  i.e created in the r/3 systems or that created ion the sender system

  Hi,
  On XI create an RFC destination in Sm59 pointing to the R3 system
  On XI create a port in IDX1 pointing to the R3 system
  and then use these in the Idoc comm channel.
  Also, on the R3 system you would just need the partner profile with an Inbound Idoc in we20.
  Regards,
  Bhavesh

• Sharepoint 2013 AAMs and IIS 7 bindings

  Hi everybody,
  I have a server running Sharepoint Foundation 2013 and IIS7.
  On the IIS7 there was already a website running on port 80. Now I have configured a sharepoint site running at port 31600. From internal network everything is working fine. But from the internet only the website on port 80 is working, I cannot reach the
  SP site. I assume I made some mistake between IIS bindings and Sharepoint AAMs, but I don't know whats wrong. 
  This is the current configuration:
  Website Bindings in IIS
  http:*:80:webapp.company.com,http:10.10.40.4:80:
  Sharepoint site bindings in IIS
  http:10.10.40.4:31600:,http:*:31600:webapp.company.com
  (10.10.40.4 is the internal IP address)
  AAM settings in Sharepoint
  InternalURL:Zone:PublicURL
  http://servername:31600:default:http://servername:31600
  http://webapp.company.com:31600:Internet:http://webapp.company.com:31600
  As I said: internal access is fine to both sites, from external the SP site is is not reachable. Any help is appreaciated. 

  Do you have TCP/31600 open on your firewall/router and mapped correctly to your SharePoint server? Is the 'webapp' A record registered in the DNS zone 'company.com' externally?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.