SharePoint Server - UAG - and the SSL offloading gotcha

I hit another nasty issue that is not very well documented so I wanted to get this out there.   This issue was regarding Microsoft UAG (Unified Access Gateway) and SharePoint Server only when using SSL Offloading on the UAG Server.

Before I start - this blog is what saved us, but it wasn't dedicated to our specific issue -  It was 'Scenario 4' that hurt us.

 

One of my customers is implementing a new SharePoint Farm using SharePoint Server 2010 and UAG so they can protect outside access on the permiter network, versus allowing authentication to happen on the internal SharePoint Server / network.    Everything was working great and was very seamless until we started to create different Alternate Access Mappings with SharePoint.  

 

As I said, our requirement was to have authentication done on the UAG Server and not SharePoint.  Scenario 4 (listed above) was what we needed as far as Host Header/AAM configuration.  In order to do scenario 4 you need to make sure IIS is configured to use HTTP and AAMs are set up to handle both HTTP and HTTPS traffic.  There is 1 minor catch to this when using UAG. 

First let me show you how this is typically done.

 

AAMs Standard Example - SSL Offloading

 

 

Now - let me show you how this is needed to be done while using UAG.

 

 

AAMs UAG Example - SSL Offloading

 

 

 Notice that the HTTP Internal URL has a 'dummy URL' that can be anything - It just cannot be the same as the Public Zones.   

 

You also have to change this inside of the UAG configuration (Remember: Modify URLs to match your setup)

 

Hope this helps!