hi all,
we have a path based SP2013 setup - its pretty simple (comparatively)
we have two front end servers and a Db server
curently we have some Alternative Access Mappings setup (perhaps badly?)
a DNS entry that has a hostname entry for "intranet" => "sharepoint01"
however this seems to cause some authentication (or somethign) issues when users recieve emails that contain links that are like:
http://sharepoint01(or 02)/mylink instead ofhttp://intranet/mylink
this is mostly causing issues in direct document links and infopath forms (eg: infopath opened via "sharepoint01" but submitting to "intranet" seems to lock files for some users, also users get messages about saving files rather than opening in place depending on the link that is send int eh emails.
anyway we have tried to correct the AAM to make this better, but its causing other issues - eg: now we seem to be unable to get to the CA site via "servernaem:12355" and can ONLY access it via "intranet:12355" where as we used to be able to do either... its also as if accessing via "servernaem" now doesn't use AD/NTLM security and so often you get "not permitted" even though we are admins/farm admins... sounds like impersonation is busted...
Anyone have any ideas on how to fix this - one person here has suggested we change to "hostname" or "named hosts" but I can't find any doco (other than this is now the recommended way because of the azure direction), and I can't find any information if changing to this setup has any gotchas or if its going to help us resolve this issue at all?
Things that might be relevant:
- we aren't (currently) using self service site creation
- we have one health analyser warning about "classic authentication" on our central admin site and we are a little scared to try to play with this (since its the CA site)
- one health analyser error "services are currently running as accounts in the machine Administrators group: SharePoint Central Administration v4 (Application Pool)
FIMSynchronizationService(Windows Service)
SPTimerV4(Windows Service)" - I've been led to believe this is acceptable... - we really only have "primary site" and "mysites" setup (server01) - plus all the various SERVER services (server02 - excel,visio,bi, etc) and we have ("/" (with all our subsites), "/sites/search", "/mysites","/mysites/sites/...")
- since we (generally) prefer using CA perhaps hostnames aren't for us, but we are a small org and so while we aren't likely to want selfservice, the "www.domain.com","teams.domain.com","my.domain.com", structure outlined in the https://technet.microsoft.com/en-us/library/cc424952.aspx?f=255&MSPPError=-2147217396#section1 doco is somewhat appealing.
- AFAIK the SPNs are set correctly, but perhaps we are missing something.
- I also note that all our sites are using "Windows" rather than "Claims based" and have been contemplating changing this, but am unsure of teh full ramifications/prerequisites.
- sure I'm noJedi but that's no reason to stop trying to make stuff levitate! -