Q: How do I configure a load balancer to accept only SSL requests for a SharePoint 2010 FQDNs?
After configuring a load balancer to accept only SSL requests for a SharePoint 2010 FQDNs, some URLs in SharePoint 2010 are not translated properly to https.
A common way to keep SharePoint data safe and still make internal content accessible to Internet users is to secure all transmissions to and from SharePoint with SSL. A simple option is to install SSL certificates into IIS on all of your SharePoint Web Front Ends (WFEs). Another option for better performance when you have a load balancer between users and multiple WFEs, is to place the burden of SSL encryption and decryption on a load balancer and allow your WFEs to simply send and receive unencrypted traffic to and from the load balancer. Dedicated load-balancer products, such as F5's Big-IP hardware, are designed for high-performance SSL encryption and decryption.
Problem: After configuring a load balancer to accept only SSL requests for a SharePoint 2010 FQDNs, such as https://portal.contoso.com, some URLs in SharePoint 2010 aren't translated properly to https. A common error is that SharePoint onclick events that call inplview.js and core.js fail with Access Denied.
Reason for this Behavior: The reason for this behavior is improperly configured SharePoint Alternate Access Mappings (AAMs). As a result, the client-side JavaScript fails because SharePoint sends to the client a URL that's not allowed through the load balancer. For example, the ListViewPageUrl parameter in the query string might contain a reference to http://portal.contoso.com rather than https://portal.contoso.com so the load balancer denies access and the JavaScript error will be something like access denied.
Solution: To resolve this issue in SharePoint 2010, follow this procedure. The example for this procedure has IIS for the WFEs configured to listen on port 80 for http://portal.contoso.com and the load balancer is listening on port 443 for https://portal.contoso.com.
1. Navigate to Central Administration > Configure alternate access mappings.
2. From the Alternate Access Mapping Collection, select the Web Application that you have exposed through your load balancer. For this example, the Web Application's FQDN is portal.contoso.com.
3. Click Edit Public URLs
4. If there are any URLs specified for the selected Web Application, remove all of them as you work to resolve this issue.
5. In the Default field, enter the FQDN of the Web Application. Be sure to use the HTTPS moniker. For this example, the Web Application's url is https://portal.contoso.com. Then, click Save.
6. Click Add Internal URLs
7. In the URL, protocol, host and port field, enter the FQDN of the Web Application. Be sure to use the HTTP moniker. For the example, the Web Application's url is http://portal.contoso.com. Verify that the Zone is set to Default and click Save.
For the example outlined here, the Alternate Access Mappings follow:
Internal URL: https://portal.contoso.com
Zone: Default
Public URL for zone: https://portal.contoso.com
Internal UR: http://portal.contoso.com
Zone: Default
Public URL for zone: https://portal.contoso.com
About the Authors
You May Also Like