Publishing SharePoint 2010 with UAG – Cannot Check Out Documents and They May Be Read-Only

  • Article

 

Some of the more frustrating issues I come across when supporting UAG are encountered when publishing SharePoint. It seems as though SharePoint 2010 is particularly vulnerable to oddities when publishing it through UAG or any reverse proxy for that matter.  Ben Ari has a great blog that goes a long way to explaining why it can be challenging.

https://blogs.technet.com/b/ben/archive/2010/12/29/sharepoint-publishing-concepts-and-considerations.aspx

I used the concepts Ben laid out but I wanted to show you exactly what I did to solve this particular problem.

Note: In the resolution below I am making an assumption that you are using SSL on your UAG trunk to publish SharePoint. I highly recommend using SSL for security reasons.

Problem

You have SharePoint 2010 published through Unified Access Gateway 2010 but external users are unable to check out documents. Also, when choosing to Edit them they are “Read-Only”.

As you can see in Figure 1 below that the client is going to try to Check Out a document that is in the Shared Documents area.

image

Fig. 1

The user gets the below error which states “This document could not be checked out. You may not have permission to check out the document or it is already checked out or locked for editing by another user.” (Figure 2)

image

Fig. 2

You may also see an issue if you click on the document link and try to Edit it through the “Open Document” interface.  (Figure 3)

image

Fig. 3

The document opens up in Word or Excel but on the header bar is says “Read-Only”. (Figure 4)

 

image

Fig. 4

 

Resolution

To resolve this issue I have documented the exact steps I went through in my test lab.  The figure below shows the only existing Alternate Access Mappings that existed before we started steps to resolve. (Figure 5).

image

Fig. 5

 

1.) From the SharePoint 2010 Central Administration click on Manage Web Applications (Figure 6).

image

Fig. 6

2.) Highlight the application you are publishing through UAG and click Extend to extend the web application. (Figure 7)

image

Fig. 7

3.) You will need to change the port to 80 (or 443 if you are set up for SSL) and you will also set a host header. Make up something unique but remember it for later. In this case I just called it “spexternal”. (Figure 8)

image

Fig. 8

4.) Scroll down on this same step and set the URL to be what your external users will use to access the application from outside your company. In this case I used https://sp2010.fabrikam.com  (Figure 9)

Set your zone to one that is not already being used. In this case I used Internet. (Figure 9)

 

image

Fig. 9

5.) Go back to the main page of your SharePoint Central Administration and click on “Configure Alternate Access Mappings” (Figure 10).

image

Fig. 10

6.) You will notice that there is now an new AAM for the Internet Zone (Figure 11).

image

Fig. 11

7.) Click on the right hand side where it says Alternate Access Mapping Collection and choose “Change Alternate Access Mapping Collection”. (Figure 12)

image

Fig. 12

8.) Again select the application you are publishing. In this case it is SharePoint – 80 (Figure 13).

image

Fig. 13

9.) Now you should see the AAMs that pertain only to that application. (Figure 14). Click Add Internal URLs.

image

Fig. 14

10) Under the URL protocol, host and port are you will need to put the name you came up with in Step 3. In my case it was “spexternal” and since the application is published on 80 I would use “http” as the protocol. Figure 15 shows that combined it would be https://spexternal 

You also want to make sure that the Zone you chose in Step 4 is the one selected in the Zone dropdown box.

Click Save.

image

Fig. 15

11.) You should have something similar to Figure 16 now in your AAMs. It shows that the request that will be coming to SharePoint from the UAG Server will be https://spexternal and the URL that “Internet” users will utilize is https://sp2010.fabrikam.com

 

image

Fig. 16

12.) The last step is to edit the publishing rule on UAG to reflect the changes you made on SharePoint. In this case I went in to the “Web Servers” tab of the publishing rule and made sure that 80 is in the “HTTP Port:” field and that the “Replace the host header with the following” is checked and that it is using the name we chose in Step 3. In this case “spexternal”. (Figure 17). Click OK and then Activate in UAG and wait until it is synchronized.

image

Fig. 17

Congratulations! If you did everything correctly you should now be able to Checkout documents and editing them will not show “Read-Only”.

 

Conclusion

Publishing SharePoint 2010 can be tricky especially through UAG 2010. In this article I explained how to properly configure AAMs in SharePoint and the changes you needed to make in UAG to get certain functions working correctly for external users.

Cheers!

Note: If the information contained here was useful please let me know in the comments below. Also, if there are any corrections needed or you would like to see future content on a particular subject please let me know that as well. Thanks!