SharePoint 2013, F5 and SSL Offload

Question

I have been struggling to get SharePoint Search to index the content of my SharePoint site using the F5 guide http://www.f5.com/pdf/deployment-guides/sharepoint-2010-iapp-dg.pdf.&nbsp;
We have split DNS environment&nbsp;
My set up is as follows:&nbsp;
SharePoint Enterprise Server 2013 (SP1)&nbsp;
Multi-tenant environment using host header site collections. The default "SharePoint - 80" web application URL is for arguments sake is https://company.com&nbsp;
2 sharepoint app servers &amp; 2 sharepoint web servers&nbsp;
The SharePoint Web Application was set up on default port 80&nbsp;
I have set up the SharePoint Alternative Access Mappings as the guide suggests:&nbsp;

Internal URL:https://company.com&nbsp;
Zone:Default&nbsp;
Public URL:https://company.com&nbsp;

Internal URL:http://company.com&nbsp;
Zone:Default&nbsp;
Public URL:https://company.com&nbsp;

The search content access (crawl account) has read access to the web application.&nbsp;
We are using the F5 SharePoint 2013 iApp template RC3 found here:
https://devcentral.f5.com/wiki/iApp.Microsoft-SharePoint-2013-iApp-Template.ashx&nbsp;
In DNS we have an A record for company.com pointing to F5 virtual server IP address (no host file additions on SharePoint servers)&nbsp;
In the search content sources I have used the default "Local SharePoint sites" content source and have just one "start address" which is:&nbsp;
https://company.com&nbsp;
I have performed an index reset and full crawl but get messages like:&nbsp;
"This item could not be crawled because the repository did not respond within the specified timeout period. Try to crawl the repository at a later time, or increase the timeout value on the Proxy and Timeout page in search administration. You might also want to crawl this repository during off-peak usage times."&nbsp;
This is still a test environment so no real load of any concern on servers.&nbsp;
Does any have any ideas what migh be going wrong?  ALSO... I have disabled the Minimal Download Strategy feature but still have problems with some functionality when accessing the site using https.&nbsp;
e.g &nbsp;
Cannot modify list views&nbsp;
Cannot view eclipse drop down menu on list items, documents and so on.&nbsp;
All a bit baffling. Any help greatly appreciated!&nbsp;

mikeshimkus_111 · Answer

Hi Andrew, IIRC it took some work to get search crawling up and running.  I'll check my test lab here and get back to you on it.&nbsp;
Your other issues may or may not be related to AAMs.  You say you are using split DNS-are you using two VIPs, one for each DNS zone?  Have you tried configuring the iApp to not use any caching, compression, or OneConnect profiles to see if that helps (not that we'd do that permanently, but it would help identify the issue).&nbsp;
BTW, the SharePoint RC3 iApp was promoted to downloads.f5.com.  I recommend using that one because it's officially supported.  &nbsp;

andrew_joyce_14 · Answer

Thanks Mike. I will ask our F5 guru here to check the iApp template we are using but am sure it is RC3, though was downloaded before the promotion to downloads.f5.com, has it changed from that original release? As for the split DNS, my understanding is that clients access site from public URL that maps to external IP, and that external IP is NAT'd to internal virtual IP ... I think this is how it works.

mikeshimkus_111 · Answer

Looking at my lab, I see that I had set up an internal virtual server to load balance requests from the SharePoint servers themselves to the SharePoint FQDN, using host entries on the web front-ends to point to that VIP.  I configured that internal deployment for SSL offloading using the iApp, disabling all caching, compression, and OneConnect.  I used the https:// FQDN of my SharePoint site(s) in the content sources in the search service configuration.

If you can configure that, let me know if it helps, and also if disabling optimization on the client-side VIP helps with the functionality issues.  I recommend opening a support case if they continue (if you PM me with the case number, I can track it as well).

andrew_joyce_14 · Answer

Hi Mike, sorry for late response to your suggestions. I managed to get SSL Offload working and search working by using the new SharePoint 2013 cmdlet (Post March 2013 PU) Set-SPSiteURL on all host named site collections.&nbsp;
http://technet.microsoft.com/en-us/library/jj219633%28v=office.15%29.aspx&nbsp;
I was able to add an "internet" zone URL mapping by doing the following:&nbsp;
Example only:&nbsp;
Set-SPSiteURL -identity http://hostnamedsite.contoso.com -Url https://hostnamedsite.contoso.com -Zone Internet&nbsp;
Our default zone URL was HTTP&nbsp;
I then followed the F5 guide, adding the Web Application's default Public HTTPS url into the search content source address list.&nbsp;
It now appears to work.&nbsp;
Thanks for your help.&nbsp;

Forum Discussion

SharePoint 2013, F5 and SSL Offload

4 Replies

Recent Discussions

Help with URL Masking

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Microsoft SharePoint 2013/2010 iApp template

Enabling SharePoint 2013 Hybrid Search with the BIG-IP

APM Sharepoint authentication

APM Sharepoint authentication v2

iRule for migrating to Sharepoint Online