Aste honetan, I’ve struggled a bit with my team to get MOSS installed in a simple two-server farm. Having gone through it, Arazo mota estimua handiagoa txostena MSDN foroak eta beste nonbait daukat.
Azken baserriko konfigurazio:
- SQL / Index / Intranet WFE firewall barruan.
- DMZ, WFE.
- Mota batzuk suebaki DMZ eta barne-zerbitzariaren arteko.
Proiektuaren aurretik hasi ginen, we let the client know which ports needed to be open. During the give and take, atzera eta aurrera baino gehiago, esplizituki inoiz ez dugu esan bi gauza garrantzitsu:
- SSL esan nahi du ziurtagiri bat behar duzu..
- The DMZ server must be part of a domain.
Egun bat, we showed up to install MOSS and learned that the domain accounts for database and MOSS hadn’t been created. To move things along, we went ahead and installed everything with a local account on the intranet server.
Puntu honetan, nahasmena aurkitu dugu ziurtagiria SSL eta gehiagoko, zoritxarrez, decided to have our infrastructure guy come back later that week to continue installing the DMZ server. Batez besteko denbora, dugu konponbidea arkitektoek mugitu aurretik enpresa stuff.
Asteburuan A doa eta bezeroaren ziurtagiria lortzen.
Gure azpiegitura lasaia erakusten du eta deskubritzen DMZ zerbitzaria ez da edozein domeinu sartu (bai konfiantza mugatua edo intranet domeinu domeinu perimetroa). We wasted nearly a 1/2 duten egunean. If we hadn’t let the missing SSL certificate bog us down, we would have discovered this earlier. Oh well….
Beste egun batean pasatzen du, eta segurtasun-batzordeak hainbat, interesatuek eta (beraz, ez) errugabeen bystanders guztiak bat datoz dela OK intranet domeinu zerbitzaria DMZ sartu (hau da poc, azken finean, ez da ekoizpen irtenbide bat).
Infrastructure guy comes in to wrap things up. This time we successfully pass through the the modern-day gauntlet affectionately known as the "SharePoint Configuration Wizard." We have a peek in central administration and … Yee HAW! … DMZ server is listed in the farm. We look a little closer and realize we broke open the Champaign a mite bit early. WSS services is stuck in a "starting" egoera.
Long Narrazio laburren, it turns out that we forgot to change the identity of the service account via central administration from the original local account to the new domain account. We did that, re-ran konfigurazio morroia eta voila! We were in business.
</amaiera>
I can almost beat your SSL certificate issue. We had everything created and were ready to extend the web app with SSL (gero, ataka berbideraketa 80 IIS-en). The administrator had a .cer file ready to go. But NONE of the options or crazy contortions to apply it in IIS will work–gune beti bistaratzen gune bilketa bezalako orri huts bat ez da existitzen.
Askoz ere buru banging ondoren, we learned this was caused by the cert request not coming from that server. The administrator simply galdetu for a cert and was emailed the resulting key. With no private key, the SSL tunnel could not get built between the WFE and the browser. We wasted 1/2 duten egunean.