SharePoint extranet & ISA 2004

[Myke 0]

We've recently replaced our intranet with SharePoint Services 3.0 and are trying to allow external access to the site. ISA Server 2004 is also used.

 

Originally, the old intranet had a separate site on the host server using port 79, which granted limited access while still requiring credentials. The rule in ISA was created to allow this access, which worked flawlessly (using http://board.'>http://board.'>http://board.'>http://board.domainname). However, only one site is used for SharePoint (port 80), so the original rule was altered to point to the new server and to use port 80.

 

We thought this worked at first, as access to the site was granted, but through testing, we found that any subfolders that were attempted to be accessed were not being able to be displayed. The user was still entering http://board.domainname, which was showing the initial page (and each tab's initial page) as http://board.domainname/tab_name. But when going to a subfolder, it would display as http://sharepoint_servername.domainname/default.aspx?RootFolder?yadda_yadda_yadda. This is why the page wasn't being able to be displayed, because the access is granted for http://board.domainname.

 

I've tried adding link transalation entries into the ISA server, using http, http with port, https, and https with port, but I'm still coming up with the same errors. It's definitely a name translation issue, because if you maunally replace sharepoint_servername with board, the correct pages display as they are supposed to, so access to the pages isn't the issue; it's more that board becomes replaced with sharepoint_servername when clicking those subfolders. In addition, if board is manually inserted, any files located in that subfolder (which is now being displayed properly) can be opened without any issue. It looks like it specifically deals with how SharePoint uses addresses to open up subfolders.

 

I've also fooled with the Alternate Access Mappings in SharePoint, but those haven't helped at all, unless I'm not doing that right either.

 

I've poured over documents and forums, but nothing has seemed to work as of yet. Most deal with either it's fully working or not, whereas my issue is that it's insanely close to working, but not fully.

 

Anyone have any experience trying to toy with this? As always, any help is greatly appreciated. If I figure it out on my own, I'll make sure to post here so that if anyone else runs into this problem, they'll at least see a solution or hints.

[Myke 0]

Finally got it working, although it wasn't the exact way that I wanted to go about doing it. We registered sharepoint_server.domainname with the IP of the original board.domainname; this part took a while to activate (4 hours at least), as the world DNS servers had to receive this change. We then made sure that both of those entries were put into the Public Name tab on the ISA rule and changed the listener (although that doesn't seem to have a real affect on anything).

 

Originally, I just wanted to continue using board.domainname, but was having issues when connecting to a subfolder. Board.domainname still works, but if you click on a subfolder, you have to re-enter the credentials again, because it then spits you over to sharepoint_server.domainname. Afterwards, everything works like it's supposed to. Instead, we're asking users to use sharepoint_server.domanname instead, which will prevent them from getting confused when it asks for credentials again.

 

However, there is still an issue that isn't important, but I know users will get both confused and annoyed with it, which means they'll be calling me to fix it. Upon the initial connection, the user is asked three separate times to enter in the credentials. Each time it's entered in, it's correct, but still asks. After the third time (which you would then expect to get an access denied page), the user has proper access to SharePoint. Anyone know how to get rid of this so that it only takes one credentials entry to get in? Before anyone asks, the "remember password" box is definitely checked, and the username/password are present when it prompts on the 2nd and 3rd attempt.