Publishing SharePoint with IAG 2007 – Part 2: Common Questions


SharePoint publishing with IAG is a very popular scenario. Here is a list of common SharePoint publishing questions and issues I was frequently asked about during the last months:


·        I can’t edit SharePoint datasheets / explorer view / other SharePoint functionality when it is published by IAG.

You have to install IAG 2007 SP1 update 2 or above on your IAG server. This update will also be incorporated into IAG 2007 SP2.


·        I installed IAG 2007 update 2 and it still has the old limitations

Just installing the update is not enough. By default, after the update installation, existing SharePoint applications use the “backward compatibility” template to ensure that we don’t break anything until AAM is configured. After configuring the SharePoint server’s AAM settings, updating the trunk’s SSL certificate, and registering the new entry in DNS, you should remove from your portal trunk the old SharePoint application and publish it again by using the new template.


·        Does such an update exist for the e-Gap v3.6 appliance?

Yes, e-Gap 3.6 update 2 has almost the same functionality as IAG 2007 SP1 update 2. Look here for more details.


·        I see no difference between the “old” and the “new” templates

The two templates look almost the same. The main difference is two new fields in the Web Servers tab (highlighted in the screenshot):

·        Public host name – Defines the external domain name that would be used for publishing this SharePoint application. See here which domains could be selected.

·        Replace host header – Used for advanced scenarios as will be explained in part 3 of this blog post.

 Web servers configuration screen  


·        Do I need a new SSL certificate?

An IAG trunk with a SharePoint application that is published using AAM has new external domains. These domains should be covered by the trunk’s SSL certificate. See this TechNet article about which type of SSL certificates should be used.


·        Can I publish SharePoint without AAM?

Yes. If there are problems with getting certificates or DNS registration for the new domain names you can still use the “Backward Compatibility” template, though you should expect some SharePoint functionality will not work.


·        Can I access the new SharePoint domains directly without going through the portal?

Yes!  When publishing SharePoint by using the new application template and leveraging AAM, the SharePoint domains (e.g. can be accessed directly without going first via the portal. In this case IAG will prompt the user for login and then, after successful authentication, return the user to the requested page. IAG will present the trunk’s customized version of the login pages, so no special customization is required.

·        If I start a session with one of the SharePoint domains, can I continue to other applications without logging in again?

Yes! You can start a session by accessing directly one of the SharePoint servers (e.g. “”) and then follow a link to another application that is published via the same IAG trunk without logging in again. The IAG single sign-on (SSO) experience still works.


·        What additional functionality is provided by the IAG SharePoint application template?

As with the other application templates, the IAG SharePoint application template allows the administrator to enable or disable the following SharePoint functionality based on the health of client endpoints:

·        Uploading, checking in files, and saving files from Microsoft Office applications

·        Downloading files, exporting to a spreadsheet, or editing datasheets

·        Access to sensitive areas of the application

·        Access from the SharePoint Web application to third-party applications


Comments (4)
  1. Anonymous says:

    196 Microsoft Team blogs searched, 100 blogs have new articles in the past 7 days. 243 new articles found

  2. GDST_Admin says:

    We have been testing IAG2007 for Sharepoint apps.  We have encountered a very strange problem where all but one sharepoint application would allow its document to be edited in Office.  

    All of the other apps shows documents in Office as Read Only when you try to edit them.

    The even stranger behaviour is that this one sharepoint application that works would only work when it is in a particular trunk.   When this application is placed on a different trunk, we get a similar problem the where when you try to save you see a message "Unable to connect to web server" or document shows its in read only status.

    Please can you advise on this.  many thanks

  3. Jonathan says:

    I have accomplished publishing anonymous public MOSS using IAG. Now I have ran into a problem where I can’t get internet crawlers to work. If I publish the site via ISA the crawlers work. The crawlers don’t work with the way the IAG does redirection/cookies. Has anyone ran into this problem?

  4. guy says:

    We have been testing IAG 2007 and have encountered problems where the integration between Sharepoint document libraries and Word 2007 does not work properly. Inside the firewall, you get prompted to read or checkout to your local drafts folder, which works fine. When going in via IAG, the user is not prompted and there is not easy way to check out the document locally to the Sharepoint drafts folder and then check it back in. We get the read only status that GDST_Admin mentions above. Anyone have a fix?

Comments are closed.

Skip to main content