Sharepoint 2010 SSL not working

joe2687

Hi all,

Scenario: I've setup a new VM with Sharepoint Foundation Services 2010. SP is configured and working/accessible over http - but I can't get it to work over https.

Steps I have performed:

1. Configured AAM in Sharepoint

2. Configured bindings in IIS (80 for HTTP, 1443 for SSL) - the reason I went on 1443 was that we have a seperate web server, hosting OWA on 443, and didn't know how the two would react coming on the same port.

3. Created a Self Signed Certificate for use with Https (plan to buy one when i get the SSL working)

4. Configured firewall (Fortinet 200B) to forward request to SP server on port 80 & 1443

5. Used PortQry to verifiy port is listening on server



Just to state, this is my first time working with IIS/SharePoint, and it was going well up until this. I have spent about 3 days on/off browsing through documents via Google on correct steps to configure, but can't get secure traffic to pass through.


Weirdly (and I think this is significant) - what I've noticed has happened since I started.

192.168.1.3 - Exchange Server with IIS 7.0 hosting OWA, https works fine at https://webmail.contoso.com/owa, but when I go to http://webmail.contoso.com/owa, it redirects to the SP site!!



I'm 99.99% sure I have AAM/IIS configured OK, what I'm thinking is that multiple IIS sites on one domain is causing confusion, could this be right? Any help would be greatly appreciated!

stevenmu

SharePoint and OWA don't always play nicely together, usually people recommend to run them on different servers. With SharePoint, if you do the basic/single-server install it will take over the default IIS website to create it's default web application. It sounds like this is what happened.

To run SharePoint and OWA on the same server, you need to install Exchange first. Then install SharePoint using the Advanced/Farm option (even if it's only going to be on one server), this gives you more control over the SharePoint web applications that get created. When you run the configuration wizard after installation, it will prompt you to create the Central Administration web application. Once the wizard has finished you then have to use Central Administration to create your normal SharePoint web application yourself. This way will stop it interfering with the default IIS site. It also has the added benefit that when you are creating the SharePoint web application you can add in your host header, port number and set it use SSL and it will configure AAM and the IIS site for you.

As long as OWA and SharePoint are in different web sites with different host headers (e.g webmail.contoso.com and sharepoint.contoso.com), they should be fine to be on the same domain (contosos.com) and the same port (e.g. 443). So you could for e.g. have https://webmail.contoso.com:443/owa and https://sharepoint.contoso.com:443 and both should play nice together.

The above should help with a new install, but may not help you very much right now. I don't really now enough about Exchange/OWA to help much. If you can easily restore back to a pre-SharePoint state without losing too much work/data that would be the easiest way out.

Also, I mentioned that the default SharePoint install can "interfere" with the default IIS site. Typically what it does is stop the existing default IIS site, then add in it's own. So if you can see the old default site stopped in IIS and that's your non-SSL OWA site, you can probably stop the SharePoint one, then start up the OWA one again. You can then either create a new SharePoint application which will create a new IIS site, or try and change the IIS site and start it up separately.

Hope some of that helps.

joe2687

Thanks for the reply - I figured this out this morning.

Built-in user account in IIS didn't have permissions on the root INET folder, and was throwing back errors. Testing of the connection autorization verified it failed. Expressed access permissions with domain admin account and https started working, and is also working on 443.