1

I have a server here that has 2 roles. One is Exchange 2007 and the other is MOSS 2007. In IIS i have a site, go.domain.com which has our OWA. The other is internal.domain.com which is the MOSS site. I have given the NIC local IPs and each site is using host headers. The GO site has an SSL cert from NetSol, and the MOSS site has a self signed. Right now going to either shows the NetSol site, which browsers complain about when going to the internal.domain.com site, obviously, since they are on the same IP in IIS.

Both sites have always run off the original IP of 10.0.0.3 in IIS. When i added the second IP to the NIC, (10.0.0.6) and changed the Sharepoint site in IIS to use this for http and https access, I now get this message in a browser when trying to connect.

Directory Listing Denied
This Virtual Directory does not allow contents to be listed.

Changing the IP back to 10.0.0.3 and the internal site is back up. What am I missing here? Do i need to fool around with Alternate Access Mappings in Central Admin? Am i completely missing the point with multiple SSL certs and host headers?

DanBig
  • 11,393
  • 1
  • 28
  • 53

2 Answers2

0

Going to just answer this so it stops floating around. I ended up running everything off the same IP with host headers and a UC cert.

DanBig
  • 11,393
  • 1
  • 28
  • 53
0

The key thing to do if at all possible (and it sounds possible for you) is to use a dedicated IP per site. Then you don't need to mess with host headers for SSL. The host headers in IIS Manager are just for HTTP and not for HTTPS. While SSL and host headers are possible to do using adsutil (and other conditions are met), it's not preferred if you have 2 IPs available to you.

So, with 2 IPs at your disposal, just set HTTP and HTTPS to use 10.0.0.3 for OWA and 10.0.0.6 for SharePoint. Make sure to set both HTTP and HTTPS on each site.

Since you got a directory listing denied, which is not what you expected, it's possible that when you made your last change there were duplicate bindings on your Sharepoint site, causing the site to stop. If that occurred, then likely a 3rd site is picking up the sharepoint site now.

To sum up: - set unique IPs per site, make sure that they are set for http and https both - make sure that the sharepoint site is started right now - try the 'break' test. Turn off the sharepoint site for a minute for testing and if you get a different type of message then you know that the bindings are correct, which would mean that something unrelated to the bindings is wrong with the site.

Scott Forsyth
  • 16,339
  • 3
  • 36
  • 55
  • Setting both http and https in the SP site gives me the directory listing message. However, 'stopping' the site in IIS gives me the same message. – DanBig Nov 05 '09 at 22:00
  • It sounds likely that the binding isn't working as expected. Make sure that 10.0.0.6 really is resolving to that server and that there isn't an IP Conflict with another server on the network. Check the other sites on the server and see if any of them give the same message if you test against them. If so, they're likely the ones that are catching the site instead. Also check on any previous sites and make sure that you don't have any bindings for 'internal.domain.com'. If you do, they are more specific and will catch rather than the IP. Leftover bindings might be getting in your way here. – Scott Forsyth Nov 05 '09 at 22:05