UPDATE: Take a look HERE for an update.

I’m a blog stats junkie so I pay a lot of attention to what brings people to my site.  Currently one of the most popular posts is this one: SharePoint / ISA AAM and SSL Termination issue.  This really bothered me because I was never able to provide a solution.  It wasn’t important enough to burn a Microsoft support incident since it has a simple solution. 

This is a quick post to let you know that I gave up and went with the simple solution.  I no longer do SSL termination on ISA to SharePoint.  It is now completely SSL from the client browser, to ISA, and from ISA to the SharePoint front end servers.  Since we own the switch and the internal network between them, it isn’t necessary from a security standpoint.  The only reason we chose to terminate SSL at ISA is to save the administrative headache. 

We used multiple host headers on a single IP on the SharePoint frontends.  If we needed to add a new web application, it still had the same internal IP but SharePoint added in the new host header.  In the new, non-SSL termination world, each front end has a dedicated internal private IP for each web application as well as one external public IP covering all front ends.  As the envirnment grows, it is going to cause a few headaches.  We have a dedicated subnet for all our internal stuff but it is possible we would eventually hit some limits.  Especially as we begin moving other services behind ISA.

I feel bad that I wasn’t able to get this to work since my logs show other people are having this problem.  Hopefully I’ll be able to pick the brains of some experts here in a couple weeks.

UPDATE: Please click HERE for an update on this post.

UPDATE #2: Click HERE for another update.

I’m having a bit of a problem with Search on Microsoft Office SharePoint Server 2007.  I’m writing this blog for a few reasons.  First, it allows me to put to virtual paper, everything that is in my head before it gets replaced by useless baseball stats or what I have for dinner tonight.  Second, hopefully someone out there will have a solution.  Third, once (and if) I am able to solve it, other people experiencing this problem might stumble across this and use this information to fix it and eventually name their first born after me.  If you are here for number 3, you may want to use my nickname instead: Bada$$ SharePoint MoFo.

Now the main problem here is with the search drop-down box on a site collection.  Normally when you visit a list, the search drop-down will switch to “This List” for the search scope. 

Handy if all you want to do is search the list.  Unfortunately for me on both my production and test environments, it doesn’t work that way.  All I see is the “This Site” search scope.  It does correctly search the site but sometimes I want to narrow it down a bit more.

I believe the problem is related to the fact that we publish SharePoint behind ISA and we are using SSL termination.  That means that you access ISA via SSL and it talks to the SharePoint farm via standard http without SSL.  This was an architecture decision that we needed to make for a number of reasons. That means changing it isn’t an option.  Please take a look at the image below for an idea of our setup:

As you can see, we aren’t doing anything too drastic and you would expect this to work.  Unfortunately it doesn’t.  Our AAM settings are as follows:

From what I have read, this should all be correct.  One interesting thing is if I enable SSL on the SharePoint front end and browse to it locally, bypassing ISA, the drop-downs work.  If I use the exact same URL from outside and go through ISA, the drop-down no longer works!  I have been commenting on Matthew McDermott’s blog  about this and I’ve found one other person that appears to be having this problem as well.  My machines are patched with SP2 and the April 2009 cumulative update. 

Anyone have any thoughts before I escalate this to Microsoft?  If I come up with a solution, I will post it as an update here.