Explaining the Use of Internal and External WOPI Zones for Office Web Apps

Last week, I had learned about an issue that popped up in a SharePoint 2013 farm where the WOPI Zone that had a reference to a Fully-Qualified Domain (FQDN) in the internal zone caused an issue after the installation of monthly security patches. It seems that the farm, which had the FQDN internal zone configured since the farm was commissioned, was looking for a NETBIOS name. So what had to be done was to change the “EXTERNAL HTTPS” WOPI zone to have a FQDN (URL) and then make the “EXTERNAL HTTPS” WOPI Zone to be the default zone. Ideally, you would want to set the “INTERNAL” HTTP/HTTPS zone to a NETBIOS value (ex. WEBSVR1) and then the have both the FQDN and the NETBIOS name in the certificate so that if you need to refer to the either, you do not need to go back and cut a new certificate in your farm.

I am still in the process of reproducing the issue to see what caused this value to cause a problem within the farm, but when you see where the OWA servers cannot render documents, this would be a good start to review. I have provided a link to the complete instructions on how to configure Office Web Apps so that you can fully understand some of the requirements needed to make OWA perform as you expect.

Remember, Internal HTTP/HTTPS = NetBIOS, External HTTP/HTTPS = FQDN, very important in the configuration of this SharePoint component. Also, as you will see in Steve’s article, all this is done through Windows PowerShell and is not exposed through a UI.

Reference to process to “ Configuring Office Web Apps ” by Steve Peschka