Office Online Server with SharePoint 2016
I am in the process of deploying Office Online Server (OOS) with SharePoint 2016. Had a ticket open with support where it was suggested that I look at https://www.f5.com/pdf/deployment-guides/microsoft-office-web-apps-dg.pdf as an option. I cannot install this iApp on my system as I am running 14.1.0.2 and it seems that AAM is no longer an option. Being that OOS alongside SharePoint should be a pretty standard deployment, is there some documentation that describes how to properly deploy the two solutions together with LTM?
APM + SharePoint 2013
We're trying to deploy SP2013 externally through an APM portal (with rewriting), which so far has been pretty decent. However, I've noticed that one thing SharePoint does is return content with URLs that are have some Unicode encoding (e.g. http:\u002f\u002fwww.example.com\u002fsomepath ), so the rewrite profile does not catch those and rewrite them appropriately. I'm sure I can "fix" this with a stream profile, but wanted to see if anyone else had dealt with this and whether there's ever been a RFE or something submitted regarding this issue. Thanks, Michael
Sharepoint 2013 Login redirect iRule problems
Hi, I'm having a problem with a Irule applied to a VS loadbalancing a sharepoint site. when HTTP_REQUEST { switch [HTTP::host] { sh.domain.com { if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} } if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8]) } { HTTP::redirect "https://sh.domain.com/_windows/default.aspx?ReturnUrl=/" } pool SHAREPOINT_2013_HTTPS_pool } sh.domain2.com { if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} } if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) } { HTTP::redirect "https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/" } pool SHAREPOINT_2013_HTTPS_pool } } } What happens: Internal users: User wants to access URL: https://sh.domain.com/testguy Without the irule, internal clients connects to the sharepoint site from a ip in the 10.0.0.0/8 subnet, and are automaticly redirected to a sharepoint login page. The user then has to click a link to log inn. Clicking this link does nothing but redirect to https://sh.domain.com/_windows/default/.aspx?ReturnUrl=/testguy With the iRule, internal clients buypass the login screen correctly, but they are riderected to the home page of sharepoint (another redirect that happens when you request https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/) Trying to access the original URL : https://sh.domain.com/testguy again within the same browser now works correctly because the user is never redirected to login page, and therefor just sent straight to the pool. External users: Is currently working as expected. They are sent to login page, and have to click the login button and present credentials, and then redirected to the correct page. How can I have my internal users buypass the login page, and automaticly redirected to the requested URI? Is there a way to append the original URI to https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/[HTTP::uri] without causing a redirection loop? I have tried the above statement, but it creates a loop because the HTTP:uri is now the login page. Appreciate all input!SharePoint - Bypass APM for Office and PowerBI
After implementing APM on SharePoint, users are unable to edit documents directly in Office or PowerBI. Workaround is to bypass APM when the User Agent string matches "microsoft office" for all Mirosoft Office applications and also bypass APM when the User Agent string matches "microsoft.data.mashup" for the PowerBI desktop client using the below iRule. Included bypass for the url "/_vti_pvt/service.cnf" to allow PowerBI to connect to SharePoint Lists. priority 1 when HTTP_REQUEST { set is_disabled 0 switch -glob [string tolower [HTTP::header "User-Agent"]] { "*microsoft.data.mashup*" { set is_disabled 1 set path [HTTP::path] ACCESS::disable HTTP::path _disable-$path pool /Common/sp2013_pool } "*microsoft office*" { set is_disabled 1 set path [HTTP::path] ACCESS::disable HTTP::path _disable-$path pool /Common/sp2013_ext_pool } } switch -glob [string tolower [HTTP::path]] { "/_vti_pvt/service.cnf" { set is_disabled 1 set path [HTTP::path] ACCESS::disable HTTP::path _disable-$path pool /Common/sp2013_pool } } } when HTTP_REQUEST_RELEASE { if { [info exists is_disabled] && $is_disabled == 0 } { return } if { [info exists path] } { HTTP::path $path unset is_disabled unset path } }
SharePoint Redirect To New Path Using Public Name
Hello, I'm trying to use the following code to redirect public traffic over a secure link (https://) to a SharePoint 2013 server that's listening on port "33230" at "/sites/BI/". I did this before with a SharePoint 2010 server listening on port "80" at "/" without a problem, but this time I'm just getting text from the site in one long column instead of text on top of graphics with the proper formatting (Browsers don't make a difference and I have the same problem with-in the company unless I access the server with the server name in the URL with-in our company and then it looks fine). Firewall has port 80 and 443 open to accept incoming connections to the Virtual IP. Here's the iRule: "dashboards.domain.com" { switch [TCP::local_port] { 80 { HTTP::redirect "https://[HTTP::host]/sites/BI/" } 443 { if { [HTTP::uri] != "/sites/BI/" } { HTTP::redirect "https://[HTTP::host]/sites/BI/" } pool SharePoint_Dashboards_pool } } } I have the following SharePoint Alternate Access Mappings setup in this order: http://SERVER[Default]http://SERVER http://SERVER:33230[Default]http://SERVER:33230 https://dashboards.domain.com:33230[Internet]https://dashboards.domain.com:33230 http://dashboards.domain.com:33230[Internet]https://dashboards.domain.com:33230 Thanks, Brian
APM Sharepoint
We are attempting to migrate a Sharepoint Site that has 2 virtual servers from a Netscaler to F5. There are 3 separate user authentication domains. When I test directly to the Sharepoint site, I can successfully log in w/o domain notation. Is it possible to setup a F5 Logon Page that does not authenticate the user but only collects the username and password and passes to it the Sharepoint server?Migrating Sharepoint on-premise systems from Cisco ACE to BIG-IP LTM
I am migrating services from our old Cisco ACE to BIG-IP LTM, using the iApp f5.microsoft_sharepoint_2010_2013.v1.2.2. We have several sites (hub, network, projects, search, user and workspace)for 3 environments (test, pre-production, production).The ACE isn't configured for service checking for the Sharepoint sites, no probes are configured. So far migration has been reasonable and several services that worked on the ACE work on the LTM.All sites are built with the BIG-IP passing through SSL traffic, certificates are nt loaded onto LTM. I'm seeing all of the "search" instances marked offline due to a failed HTTPS monitor.The monitor consists of the iApp default send string: GET / HTTP/1.1\r\nHost: searchtest.domain.com\r\nConnection: Close\r\n\r\n for searchtest GET / HTTP/1.1\r\nHost: searchpreprod.domain.com\r\nConnection: Close\r\n\r\n for searchpreprod GET / HTTP/1.1\r\nHost: search.domain.com\r\nConnection: Close\r\n\r\n for searchprod The same defaults for projectstest, projectspreprod and projects work without errors. Where do I go next to resolve the monitor errors, please? Many thanks! KevSharePoint Server Farm F5 LoadBalancer with SSL
Hi All, First off i should let you know that i am not managing the F5, I am posting here to maybe find out if error is caused from f5 config, if so steer the customer to fix their f5 config with regards to specific sharepoint settings. I have a 2x2 MinRole HA SharePoint Server Farm. 2 App servers, 2 WFE servers. I have had the customer set up F5 LoadBalancer with SSL being handled with F5. I have setup my alternate access mapping as follows. public url is the dns set up for f5. and in internal urls i have added http/s version of app server, and the two web servers. https://i.hizliresim.com/CiSVLD.png As for problems I have faced, I found out when i want to pick a date from calendar the widget is not loaded from server. It throws a x-frame set to deny error. https://i.hizliresim.com/ezYNAZ.png One other problem i found out is that workflows dont work and throw an ssl connection can not be established error. https://i.hizliresim.com/Djt61R.png How should the customer set up f5 load balancing with ssl handled in f5? Thanks in advance.Sharepoint+AD+DUO
Hi all, I have created an APM policy for sharepoint which is AD + DUO. This works correctly, the problem I have is that when I enter sharepoint it has embedded applications that all respond to the same virtual IP. This causes that every time I change the application, it redoes the entire authentication process. Has it happened to someone? Do you know if there is some way of not asking for authentication if we have already authenticated once? Thank you very much, Regards Marta Marcos