Publishing Sharepoint through ISA

 Making Companyweb available via RWW with ISA installed.

NOTE: If ISA isn’t installed, it all works through the CIECW, no further
configuration required.

NOTE: Run the CEICW first to create a certificate.

1. Create a new protocol definition for Inbound TCP/444

Go to ISA -> Policy Elements -> Protocol Definitions. Create a protocol
definition called “Companyweb Inbound” (Port number: 444, Type: TCP,
Direction: Inbound)

2. Create a Server Publishing rule to publish the new protocol.

Go to ISA -> Server Publishing Rules, create a rule called “Publish
Companyweb”. Specify the internal and external IP, set it to apply to
“Companyweb Inbound” and Any Request.

3. Assign the FQDN cert to the companyweb with SSL port set to 444

Go to IIS -> Companyweb Properties. Directory Security tab. Click Server
Certificate -> Assign an existing certificate. Next, you should have 2
different certs available. One is the FQDN, the other is
Publishing.domain.local. Pick the FQDN and continue. Set the SSL port to 444
and next all the way.

4. Do the regedits for the sharepoint links you want to display in RWW.

HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\KWLinks\STS to
1
HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\AdminLinks\STS
to 1
HLKM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\AdminLinks\Help
Desk to 1

5. Type “iisreset” at a command prompt.
6. Restart ISA Server Control.
7. From a remote location, verify you can telnet to FQDN on port 444.

So if you created your certificate server.domain.com, then server.domain.com
must be reachable from the internet. If all you have is a fixed ip address,
then create your certificate using the ip. “123.456.789”. Then telnet to
123.456.789 444 to verify. If this doesn’t work, go back to the top and try
again, starting with the ciecw to create a certificate.

8. Connect to RWW and you should see the SharePoint links.

NOTE: If your remote client happens to also be behind an ISA server, you’re
not done.

ISA does not allow HTTPS traffic on port 444 by default. Opening the packet
filters should not change the behavior since that only affects server based
communications. Your client is behind ISA and will be using the protocol
rules and if the HTTP Redirector is enabled it will also use the
site&content rule for its HTTPS requests. You need to follow the
instructions on the following article (change the port range to 444,444) on
the ISA server.

283284 Blank Page or Page Cannot Be Displayed When You View SSL Sites

http://support.microsoft.com/?id=283284
Now officially documented here:
838304 – How to publish http://Companyweb to the Internet by using ISA Server 2000 on a server that is running Windows Small Business Server 2003, Premium Edition: 
http://support.microsoft.com/?kbid=838304

6 Thoughts on “Publishing Sharepoint through ISA

  1. Skip Shean on February 24, 2004 at 5:34 pm said:

    one typo: on step 5, type "iisreset", not "iireset".

  2. Fixed! Thanks!

  3. Paul Mac on August 29, 2004 at 8:42 pm said:

    Hi Susan,

    After following very similar instructions which I think were re-posted on a NG, I now only have one Server Certificate (publishing.fqdn.local). I’ve tried re-running the IECW again and again and all I can see is the single cert.

    Could the publishing rules be causing this to happen?

    How can I re-create the certificate outside the IECW?

  4. Paul Mac on August 29, 2004 at 8:43 pm said:

    Sorry, forgot to say thanks.

    P.

  5. Terry COle on June 11, 2005 at 11:57 am said:

    Can sharepoint services be exposed to the outside on SBS 2003 box that does not have ISA running?

  6. Oh yeah, just run the Connect to Internet wizard

Post Navigation