Performing health check if SharePoint is up or running or not on site controlled by SiteMinder
Background
- Client has Load balancer which needs to perform health checks on port 80 to verify if SharePoint is serving pages on Port 80 or not. It not, then it needs to drop traffic to the specific WFE.
- SharePoint is protected by SiteMinder. Normal user traffic gets redirected with 302 to custom SiteMinder form to enter SiteMinder userid and password.
- Per SiteMinder requirement, authentication on specific port is set to Anonymous and ASP.Net only (specifically not set to Windows Auth).
- Load balancer (LB) being used for load balancing purposes but this LB could not handle re-direction.
Requirement
- LB needs to run a health check script to periodically check if SharePoint is serving pages through Port 80. This application is/can also extended on another port using Windows Auth, but the requirement is verify if SharePoint is serving pages on Port 80 (not on the extended port).
Issues
- As port 80 is controlled by SiteMinder, Health Check script cannot run against SharePoint 80 (due to re-direction) and verifying against extended port does not validate if SharePoint is serving pages through Port 80 or not.
Resolution
Credits go to Henry Winkler (a colleague of mine) for pointing me towards Anonymous option solution
Resolution was to turn on “Enable Anonymous Access” on the Central Administration/Application Management/Authentication Providers/Edit Authentication page for specific web application (Note: do not touch the authentication type).
Once enabled, perform steps listed below to enable anonymous access in the site.
- Return to your sites home page and navigate to the site settings page. In MOSS, this is under Site Actions – Site Settings – Modify All Site Settings. In WSS it’s under Site Actions – Site Settings.
- Under the “Users and Permissions” section click on “Advanced permissions”
- On the “Settings” drop down menu (on the toolbar) select “Anonymous Access”
- Select the option you want anonymous users to have (documents and lists only)
- Create a new doc lib called “HealthCheck” and put in the html page that will be tested.
- Change permissions of the doc lib to stop inheriting from parent
- Under Setting option (this will show up only after one stops inheriting security from the parent), click on “Anonymous Action”, and give View rights to the doc lib.
Within SiteMinder, a new rule will need to be created to allow uncontrolled access to the newly created doc lib and html page (for e.g. https://portal.mycompany.com/HealthCheck*). This will allow unrestricted access to anything under Healthcheck path.
This will allow the script run from LB to check if SharePoint is running under specific port or not.