After configured SharePoint 2016 with
FP2, we have seen "Sorry, we are
having trouble connecting to the server" error in many places using Chrome
and Edge. This error does not happened when you are using Firefox or IE. Here are the findings and workaround.
1. Here are some functions but not limited to you
will receive this error.
- Add users to any permission groups like administrator, the error displayed when you typing the user but could not resolve the name. (See picture #1)
- Unable to add any list item to the list (See picture #2)
- Unable to delete any list item from list view
- Unable to share documents with anyone
- Unable to add list template to list template gallery
- Unable to delete list template from list template gallery
- Constantly getting error "Sorry, we are having trouble connecting to the server".
2. Debugging error from fiddler.
If you debug the issue through
Fiddler, you will find the “403” error and the “Origin” under Security of the
request Header is dropping the port number like this below.
“Origin: myprojectsite.mycompany.com”
3. Steps to reproduce the issues.
We did further debugging with
Microsoft and identified this is new security “feature” implemented in
SharePoint 2016 that is causing this issue. This is impacting any web
applications with SSL that is not in default 443 port number. Here is the step
to reproduce the issue.
In SharePoint
2016 create two web applications with root site collections and then enable for
SSL
One web
applications use default port number and another is something like 51000.
In central admin
go to alternate access mapping settings and add internal URL mapping to the
second new web application. Use the same name and append a port number.
Example map:
Internal URL
|
Zone
|
Public URL
|
https:\\myprojectsite.mycompany.com
|
Default
|
https:\\ myprojectsite.mycompany.com
|
https:\\myprojectsite.mycompany.com:51000
|
Default
|
https:\\ myprojectsite.mycompany.com
|
Go to IIS on the
WFE and edit binding, change 443 to port 51000 and apply SSL cert to binding.
On load balance
device configure for port redirection and SSL offload
Configure device
to listen for https:\\myprojectsite.mycompany.com
Configure device
to send traffic to WFE node as https:\\myprojectsite.mycompany.com:51000
Browse to the
site as https:\\myprojectsite.mycompany.com
Site
settings -> People and Groups ->New ->Add user, people picker
should be present now. Type a user name and press to activate name resolution.
Error message "Sorry, we are having trouble connecting to the
server" will be displayed
We have tied to
add a Custom Rule in the fiddler like below and the issue can be resolved.
static function OnBeforeRequest(oSession: Session) {
if ( oSession.HostnameIs("myprojectsite.mycompany.com")
&& oSession.uriContains("/ProcessQuery")) {
oSession["ui-bold"]="true";
oSession.oRequest["Origin"]="https://myprojectsite.qualcomm.com:51000";
}
// …
}
4. Multiple options to work around this issue.
Now we have few options to work around
this issue. Here are the options confirmed with Microsoft.
- Option 1 - Create a rule in the Load balancer
- Option 2 - Use the same SSL certificate on all the web applications in the farm using a SAN configuration and configure all the web applications to use port 443 and a host header
- Option 3 - Configure all the VIPs in the LB to forward to the SharePoint servers on port 443 instead of the port the web applications is actually listening on
- Option 4 - Configure the SharePoint servers to have multiple IP addresses for each web applications so they all can use port 443.
We have implemented the option one
by adding the following rule to the Load balancer.
IF the hostname = "myprojectsite.mycompany.com "
&& the URI contains "/ProcessQuery”
THEN redirect to https://myprojectsite.mycompany.com:51000
You might try other options that
should also resolve the issue.
No comments:
Post a Comment