Tuesday, November 24, 2009

Search Server 2008, ISA 2006, AAM, and why All Sites wasn't showing up externally

So I've had my WSS 3.0 SP2 site running for quite some time now and had all the publishing in place for ISA Server 2006 so my guys could get access to it remotely. I finally decided to try out Search Server 2008 Express which took a few tries to get installed correctly. (Thank heaven for virtual machines and snapshot rollback!). So now all my sites have an extra drop down under Search for "All Sites" and I now have a search center site collection for users to hit directly as well. Problem is, that it wasn't showing up externally and the search center site completely barfed for my external users.

At this point I was pretty sure AAM (Alternate Access Mapping) was involved but I just wasn't sure why Search was so special. It took a couple of hours but I figured it out. There's a ton of good websites out there that show you how to set up sharepoint and ISA server so I'm just going to focus on what I missed and skip the basics.

1. I had never 'Extended' the Web Application. I only had a Default Zone Web Application.
2. My ISA publishing rule was using the Intranet Zone name for the server. Which means that all external users were being seen by the Sharepoint server as using the Intranet Zone even thought they were using the Internet address. (i.e. They typed in sharepoint.yourdomain.com and the ISA server sent on sharepoint.intranet.yourdomain.com). This was never a problem before search but it became one afterwards.

Warning: I am by no means an expert on Sharepoint, I just play one at work. The following comprises the most critical things I had to change to get mine to work. Always back up your systems before making changes to production environments.

So to fix it, I first went into Central Administration, Application Management and then "Create or Extend Web Application"

Then "Extend an Existing Web Application"

Then click the drop down for Web Application and make sure the right website is selected. Then fill in the port (in almost all cases its 80) and the Host Header (REQUIRED - since we'll be stacking onto the same Port as other Sites on the same server). I use Kerberos but if you haven't set up your SPNs then choose something else. Make sure to choose the Intranet zone (or whatever yours corresponds to)

Now either Restart IIS manually, or iisreset /noforce, or if you're bored reboot the whole server.
When it comes back you should be done. Test it from an external location.

For reference, here's my AAM settings (modified of course.) And I wouldn't worry if yours don't match exactly, sharepoint is just weird that way.

Note: If you had anything published on the original Default site, you'll need to duplicate it into the new Host Header site. i.e. /images or other static content, etc using the IIS Manager. It is, for all intents and purposes, a completely different site.

Useful References:
Microsoft reference - at the bottom talks about Extending Web Applications

Tutorial on publishing sharepoint through ISA


More on extending

And more AAM

1 comment:

Jeff Rasmussen said...

I took a look at this and was able to recreate the same results by just adding the Alternate Access Mapping for http://sharepoint.external.com as well as the https://sharepoint.external.com

This meant we didn't have to extend the website and search started working externally. I don't know why but it does...I like it.