Këtë javë, I’ve struggled a bit with my team to get MOSS installed in a simple two-server farm. Having gone through it, I have a greater appreciation for the kinds of problems people report on the MSDN forums and elsewhere.
The final farm configuration:
- SQL/Index/Intranet WFE inside the firewall.
- WFE in the DMZ.
- Some kind of firewall between the DMZ and the internal server.
Before we started the project, we let the client know which ports needed to be open. During the give and take, back and forth over that, we never explicitly said two important things:
- SSL means you need a certificate.
- The DMZ server must be part of a domain.
Day one, we showed up to install MOSS and learned that the domain accounts for database and MOSS hadn’t been created. To move things along, we went ahead and installed everything with a local account on the intranet server.
Në këtë pikë, Ne kemi zbuluar konfuzionin mbi certifikatë SSL dhe, trishtim, decided to have our infrastructure guy come back later that week to continue installing the DMZ server. Në kohë të thotë, ne arkitektë zgjidhje lëvizur përpara me sende të biznesit.
Një fundjavë shkon nga dhe klienti merr certifikatën.
Djalë ynë infrastruktura tregon dhe zbulon se serveri DMZ nuk është i bashkuar për çdo domain (ose një domain rrethues me besim të kufizuar ose domain intranet). We wasted nearly a 1/2 ditë në të cilat. If we hadn’t let the missing SSL certificate bog us down, we would have discovered this earlier. Oh well….
Another day passes and the various security committees, interested parties and (not so) innocent bystanders all agree that it’s OK to join the DMZ server with the intranet domain (this is a POC, në fund të fundit, not a production solution).
Infrastructure guy comes in to wrap things up. This time we successfully pass through the the modern-day gauntlet affectionately known as the "SharePoint Configuration Wizard." We have a peek in central administration and … yee haw! … DMZ server is listed in the farm. We look a little closer and realize we broke open the Champaign a mite bit early. WSS services is stuck in a "starting" status.
Long histori e shkurtër, it turns out that we forgot to change the identity of the service account via central administration from the original local account to the new domain account. We did that, re-ran the configuration wizard and voila! We were in business.
</fund>
Abonohen në blogun tim.