Esta semana, I’ve struggled a bit with my team to get MOSS installed in a simple two-server farm. Having gone through it, Teño unha maior valoración para os tipos de problemas que as persoas relatan foros MSDN e noutros lugares.
A configuración final granxa:
- SQL / Index / Intranet WFE dentro do firewall.
- WFE na DMZ.
- Algún tipo de devasa entre o servidor interno e DMZ.
Antes de comezar o proxecto, we let the client know which ports needed to be open. During the give and take, adiante e cara atrás ao longo dese, nunca dixo explícitamente dúas cousas importantes:
- SSL significa que precisa dun certificado.
- The DMZ server must be part of a domain.
O primeiro día, we showed up to install MOSS and learned that the domain accounts for database and MOSS hadn’t been created. To move things along, we went ahead and installed everything with a local account on the intranet server.
Neste punto, descubrimos a confusión sobre o certificado e SSL, tristemente, decided to have our infrastructure guy come back later that week to continue installing the DMZ server. Nese medio tempo, nós, arquitectos de solucións avanzou co material de negocios.
Un fin de semana pasa e que o cliente obtén o certificado.
Nosa infraestrutura cara aparece e descobre que o servidor DMZ non está asociado a calquera dominio (ou un dominio de perímetro con confianza limitada ou o dominio intranet). We wasted nearly a 1/2 día en que. If we hadn’t let the missing SSL certificate bog us down, we would have discovered this earlier. Oh well….
Outro día pasa e as distintas comisións de seguridade, partes interesadas e (non tan) inocentes todos coinciden en que non hai problema en unirse ao servidor DMZ co dominio intranet (este é un POC, ao final, non é unha solución de produción).
Infrastructure guy comes in to wrap things up. This time we successfully pass through the the modern-day gauntlet affectionately known as the "SharePoint Configuration Wizard." We have a peek in central administration and … Yee haw! … DMZ server is listed in the farm. We look a little closer and realize we broke open the Champaign a mite bit early. WSS services is stuck in a "starting" Estado.
Longa historia curta, it turns out that we forgot to change the identity of the service account via central administration from the original local account to the new domain account. We did that, re-foi o asistente de configuración e listo! We were in business.
</final>
I can almost beat your SSL certificate issue. We had everything created and were ready to extend the web app with SSL (logo redireccionar a porta 80 en IIS). The administrator had a .cer file ready to go. But NONE of the options or crazy contortions to apply it in IIS will work–o sitio web sempre amosa unha páxina en branco, como o conxunto de sitios web non existe.
Despois de moito bater de cabezas, we learned this was caused by the cert request not coming from that server. The administrator simply Pregunta for a cert and was emailed the resulting key. With no private key, the SSL tunnel could not get built between the WFE and the browser. We wasted 1/2 día en que.