Forum Discussion
NimbostratusHow do I configure SharePoint 2010 portal access through APM?
We have a BIG-IP LTM VE running 11.4.1 configured with SSL VPN using APM.
Currently we are authenticating using AD and RADIUS (for OTP) and have been able to publish RDP resources with SSO working.
What we would like to do now is provide 'Portal' access to SharePoint 2010 and OWA leveraging SSO.
After reading as much documentation as I could find, I've ended up trying to configure a Portal access webtop with a corresponding portal access resource.
I'm able to publish this on the APM web page but upon clicking the link a TCP dump shows the following:
--->
I would expect to see:
--->
Otherwise this could introduce routing issue?
Is this the best way to implement SSO portal access to SharePoint? Is there something I'm missing?
Cheers,
Chris
6 Replies
Hi Chris, I can't see your tcpdump data.
There are instructions for setting up an APM portal for SharePoint on page 21 of this guide:
http://www.f5.com/pdf/deployment-guides/microsoft-forefront-tmg-dg.pdf
The v10 SharePoint guide also has this info:
http://www.f5.com/pdf/deployment-guides/f5-sharepoint-2010-dg.pdf
thanks
Mike
Chris_Denham_13Thanks Mike, I've followed the instructions in the forefront-tmg guide, it is still not working however I'm not sure if I've used the right URI's for our particular setup?
We access SharePoint internally using the URL: "https://extranet.contoso.com:987"
I have used "https://extranet.contoso.com" as the Portal Access and Webtop URI and "extranet.contoso.com" as the hostname for the Portal access resource with "https" as the scheme and "987" as the port.
With this setup I am still seeing requests appear on the BIG-IP from the public IP of the client sent directly to the SharePoint server on port 987.
Is there something I'm doing wrong?
The client requests should go client>portal VIP>self-IP>SharePoint server. If they are going directly from the client to the server, then we have a routing problem.
You don't have any pool attached to this VIP, so it sounds like it's working. APM still needs to send requests to SharePoint so it can rewrite and proxy the content.
Thanks for the question. I realized that we don't actually mention the settings for the rewrite profile in the TMG guide, so we'll get that corrected.
- Chris_Denham_13
Thanks Mike, does our SharePoint server have to be configured and referenced as a pool from the APM config or should it be sufficient to point APM straight to the internal SharePoint host?
You don't need a pool, since client traffic is never forwarded directly to SharePoint. The portal resource destination determines where APM (as a client) will send its requests for content.
- Chris_Denham_13
Thanks for your help Mike, I discovered I had source address translation set to none on the APM virtual server...started working after that :)
Are you able to post the correct rewrite profile settings for SharePoint 2010?
Cheers,
Chris
