Thursday, September 10, 2009

Install SharePoint to share port 80

I decided that I wanted my Sharepoint site and my MediaWiki site on the same server. MediaWiki was already installed and using port 80, but I don't want my users having to type in an address with a port on it (they would simply just not use the site if they had to remember the port). Unfortunately websites can't share ports on the same ip address. Plus, I didn't want to move the wiki site off port 80 either.

I did the following on Windows 2008 IIS.

  1. Install SharePoint to port 80 (in my case as the non-default website)
  2. Open Manage network connections (ncpa.cpl from run)
  3. For your network connection go into properties
  4. Go into IPv4 properties
  5. Assumtion is that you already have it set to Static IP address
  6. Click Advanced
  7. Click add and add in another unused IP address (ex: for main and add in
  8. Ok out
  9. In IIS click the default website
  10. On the right side click Bindings
  11. Edit and change the IP address from * to the main IP address ( in our example)
  12. Okay out
  13. Click the new Sharepoint site (Default name is SharePoint - 80)
  14. Click Bindings and change IP address to the secondary IP (ex

From here you can access the original website normally and the Sharepoint site via the new IP address. This brings up some new issues though...

DNS Entry to make the site "friendly"

  1. Open your domain DNS and add a new Host (A). Make the Name what you want your users to type in to reach the site, then enter the second ip address (SharePoint site address)
  2. Try to ping the name you just entered. It should pingback as the ip address you just set.
  3. Try to navigate to the site (ex: http://example/)

Next issue... Authentication loopback check doesn't like this setup much. At this point you'll find that credentials fail. After a lot of searching I found the solution here:

  1. Click Start, click Run, type regedit, and then click OK
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value
  4. Type DisableLoopbackCheck, and then press ENTER
  5. Right-click DisableLoopbackCheck, and then click Modify
  6. In the Value data box, type 1, and then click OK
  7. Exit Registry Editor
  8. Restart the computer.

Note that the auther includes the following: "The security is reduced when you disable the authentication loopback check, and you open the Windows Server 2003 server for man-in-the-middle (MITM) attacks on NTLM."

No comments:

Post a Comment