A few weeks ago I switched from client and began a new mission at an International Bank. They have big SharePoint Platform with 2 DMZ zones. Here is the technical overview of the SharePoint Platform.

DMZ Zone

 

 

DMZ Zone

Clients, members and other people can connect to the public SharePoint Internet sites.

People connecting from the public cloud have to pass the firewall and they are going to be routed by the F5 (Physical Load Balancer) to the DMZ zone so they can check the internet site. The sites who are being hosted on the DMZ zones are all anonym sites and visitors don’t have to use a username or password to check the site.

But Site Administrators or Persons who fill data on the site have to connect to the site; so basically they have to get access so they can authenticate.

But we had a problem to authenticate peoples coming from the public cloud and also contributors from other Active Directory’s.

Problem 1: We search for a user from another Active Directory and we have to wait more than 1 minute before the user is displayed in the people picker or getting a user is not found. Normally with this little PowerShell script you can tell the People Picker to search multiple domains. If you have a 2-way trusted domains

Stsadm -o setproperty -pn peoplepicker-searchadforests -pv “domain:Hades.Corp.Pegasus;domain:Poseidon.Corp.Perseus” -url http://publicinternetsite/

Even when I executed this little PowerShell command I couldn’t find my user. So I had to check the SharePoint Logs but even there not an explicit error. Only one solution left and this was to use WireShark to sniff the network protocol.

WireShark SharePoint 1

WireShark SharePoint 1

You will notice that for the first time when you will begin capture all the traffic a million of record will be appearing and you can normally not follow. We have authentication errors so we have to search on query who’s containing LDAP. So on the Filter text box you can hit LDAP so only traffic about LDAP will appear.

WireShark SharePoint 2

WireShark SharePoint 2