Sa linggong ito, I’ve struggled a bit with my team to get MOSS installed in a simple two-server farm. Having gone through it, Mayroon akong isang mas malawak na pagpapahalaga para sa mga uri ng mga problema sa mga tao na mag-ulat sa MSDN mga forum at sa ibang lugar.
Ang huling configuration bukid:
- SQL / Index / intranet WFE sa loob ng firewall.
- WFE sa DMZ.
- Ang ilang mga uri ng firewall sa pagitan ng DMZ at ang panloob na server.
Bago kami makapagsimula ng proyekto, we let the client know which ports needed to be open. During the give and take, pabalik-balik na sa paglipas ng, kami ay hindi kailanman tahasang sinabi ng dalawang mahahalagang bagay:
- SSL ay nangangahulugan na kailangan mo ng certificate.
- The DMZ server must be part of a domain.
Araw ng isa, we showed up to install MOSS and learned that the domain accounts for database and MOSS hadn’t been created. To move things along, we went ahead and installed everything with a local account on the intranet server.
Sa puntong ito, nadiskubre namin ang pagkalito sa ibabaw ng SSL certificate at, sadly, decided to have our infrastructure guy come back later that week to continue installing the DMZ server. Sa Pansamantala, kami solusyon arkitekto inilipat maaga gamit ang mga bagay na negosyo.
Ang isang weekend napupunta sa pamamagitan ng client at ang kukunin ang certificate.
Ang aming imprastraktura ng tao ay nagpapakita up at nadiskubre na ang DMZ server ay hindi sumali sa anumang domain (alinman sa perimeter domain na may limitadong tiwala o intranet ng domain). We wasted nearly a 1/2 day on that. If we hadn’t let the missing SSL certificate bog us down, we would have discovered this earlier. Oh well….
Isa pang araw pass at ang iba't-ibang seguridad komite, interesadong partido at (hindi gaano) inosenteng bystanders ang lahat ng sumang-ayon na ito ay ang OK upang sumali sa DMZ server gamit ang mga domain intranet (ito ay isang POC, sa wakas, hindi isang produksyon na solusyon).
Infrastructure guy comes in to wrap things up. This time we successfully pass through the the modern-day gauntlet affectionately known as the "SharePoint Configuration Wizard." We have a peek in central administration and … yee haw! … DMZ server is listed in the farm. We look a little closer and realize we broke open the Champaign a mite bit early. WSS services is stuck in a "starting" katayuan.
Long kuwento maikli, it turns out that we forgot to change the identity of the service account via central administration from the original local account to the new domain account. We did that, muling tumakbo ang configuration wizard at voila! We were in business.
</dulo>
I can almost beat your SSL certificate issue. We had everything created and were ready to extend the web app with SSL (then redirect port 80 in IIS). The administrator had a .cer file ready to go. But NONE of the options or crazy contortions to apply it in IIS will work–the site always displays a blank page like the site collection doesn’t exist.
After much banging of heads, we learned this was caused by the cert request not coming from that server. The administrator simply asked for a cert and was emailed the resulting key. With no private key, the SSL tunnel could not get built between the WFE and the browser. We wasted 1/2 day on that.